Geographic subdivisions below a state, including road address, city, county, district, zip code and their corresponding geocodes, with the exception of the first three digits of a postcode, when, according to current public data from the Census Bureau: (1), the geographic unit consisting of combining all postcodes with the same initial figures contains more than 20,000 people and (2) the first three digits of a postcode are modified for all geographic units of 20,000 or less. Information about the health of deceased persons is protected by federal and state laws. The need for verification by UCLA IRB depends on access to the PHI and/or access to files for state, county or local data death data, as federal and federal data protection laws apply. Although the PHI is not registered for research purposes, administrative safeguards include the use of signed confidentiality agreements and the publication of guidelines on the confidentiality and security of search data. In short, many of these agreements contain a language that needs to be negotiated! The technical security provisions apply to computer systems in which the PHI is stored and include the use of password-protected access, screen savers that have a time system, so that when a user moves away from the computer, access is blocked after a certain time and monitoring channels that record people who have created or modified PHI data in the system. Where possible, personal elements of computerized research data sets should be stored separately and, where possible, in an encrypted form. For more information, see access to UCLA Data Security`s search guides. An agreement on the use of data is the means by which the companies concerned receive satisfactory assurances that the recipient of the restricted data set will only use or disclose the PHI in the data set for specific purposes. Even if the person requesting a limited set of data from a seized unit is a staff member of the entity concerned or, in other ways, a staff member of the company concerned, there must be a written agreement between the entity entered and the recipient of a limited data set on the use of data in accordance with the requirements of the data protection rule.