Presentation on theme: "HRPO HINT Does the word HIPAA scare you? Do you shudder at the thought of PHI? Does the term “covered entity” keep you up at night? If so, this HRPO."— Presentation transcript:
HRPO HINT Does the word HIPAA scare you? Do you shudder at the thought of PHI? Does the term “covered entity” keep you up at night? If so, this HRPO HINT is for you!
HRPO HINT: Does HIPAA Apply to Me? Following are a list of questions that may help you determine whether or not you are collecting Protected Health Information (PHI) and whether or not HIPAA applies to your research.
HRPO HINT But first… IF you are a Danforth Researcher and you ONLY collect data in your lab or classroom on the Danforth Campus, then you do NOT have to consider HIPAA rules and regulations because the Danforth Campus is NOT a HIPAA entity (except for the Psychological Services Center and Student Health Services ). IF, however, you obtain or collect data from another site that IS a HIPAA covered entity (e.g., a hospital or a mental health provider) continue reading!
Quick Definition So what is PHI? Protected health information (PHI) under HIPAA includes any individually identifiable health information. Identifiable refers not only to data that is explicitly linked to a particular individual (that's identified information). It also includes health information with data items which reasonably could be expected to allow individual identification.
HRPO HINT: Does HIPAA Apply to Me? Are any of the locations where your research will be taking place HIPAA covered entities? The HIPAA covered entities at Washington University are: The Medical School Campus in its entirety On the Danforth Campus, Student Health Services and the Psychological Services Center are the ONLY HIPAA covered entities. If your research involves a non-Washington University location, you will need to check with the location to see if they are a HIPAA covered entity. Research taking place at non-covered entities is HIPAA exempt no matter what information is collected!
HRPO HINT: Does HIPAA Apply to Me? Does your research involve Health Information? The past, present, or future information relating to an individual’s physical or mental health is considered Health Information. Remember- This includes Health Information created by your research (perhaps via questionnaires) and Health Information, not created by you, but that is shared with you for research purposes or if you share a participant’s Health Information with non-research team members.
HRPO HINT: Does HIPAA Apply to Me? Is the Health Information identifiable? Anything that could be used to identify the individual is considered an identifier. Remember- Coded data is still considered identifiable if there is a master list linking the code numbers to the participants’ information. Common identifiers include names, addresses, and birthdates. For a complete list of HIPAA identifiers, please see the HRPO website.
HRPO HINT: Does HIPAA Apply to Me? Will either of the following activities take place at the HIPAA covered entity? Collection of health information from participants’ medical records. Sharing health information you collect with the HIPAA covered entity (i.e., the health information you collect will be placed in the participants’ medical records). If the HIPAA covered entity is merely providing a location for the research to take place then HIPAA does not apply!
HRPO HINT: Does HIPAA Apply to Me? If you answered yes to all of the previous questions, you are probably collecting PHI and will need to include the applicable HIPAA language in your consent form(s). However, each application will be reviewed on a case by case basis. If you have any questions regarding the material in this month’s HRPO HINT you can contact either Abby Clements at or Gerri Fisher at