Health information protection rules (the HIPAA data protection rule) allow for limited data sets for the use and disclosure of protected health information for research, health or health operations. Lead investigators who wish to exchange data or samples with protected personal data or protected EERs must comply with the following provisions: Confidentiality Agreements (NDAs) establish discussions on licensing, partnerships and commercialization of research results, protecting the confidential information exchanged to assess the technical and commercial potential of the information disclosed. The data recipient is responsible for meeting the IRB certification requirements for the proposed use of the data set. The data provider may request documentation of the IRB authorization before concluding the agreement. Note: The term “data” is used in the broadest sense and includes digital data files and qualitative materials such as interview transcripts, diaries and field notes.