Set of data that may be used for research, public health or health care operations without an authorization or waiver of authorization. The limited data set is defined as PHI that excludes the following direct identifiers of the individual or of relatives, employers or household members of the individual: names; postal address information, (other than town or city, State and zip code); telephone and FAX numbers; electronic mail addresses; SSN; medical record numbers; health plan beneficiary numbers; account numbers; certificate/license numbers; vehicle identifiers and serial numbers, including license plates; device identifiers and serial numbers; web universal resource locators (URLs); internet protocol (IP) address; biometric identifiers, including finger and voice prints; full face photos, and comparable images. A covered entity must enter into a data use agreement with the recipient of a limited data set. It should be noted that although a limited data set is subject to only select provisions of the HIPAA Privacy Rule, it might be covered by the Common Rule. Therefore, the Partners policy will be that a request for use or disclosure of a limited data set must be submitted to the IRB.