A model data use agreement (DUA) between a Health Insurance Portability and Accountability Act (HIPAA) covered entity and recipient of a limited data set, including required provisions. The HIPAA Privacy Rule defines limited data sets and permits covered entities to disclose them subject to a DUA for purposes of research, public health, and health care operations without having to first obtain a patient authorization or waiver. This Standard Document has integrated drafting notes with important explanations and drafting tips.