1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

Slides:



Advertisements
Similar presentations
Presented to Second Annual Medical Research Summit Washington, D.C. by Mark Barnes ROPES & GRAY March 25, 2002 APPLICABILITY OF HIPAA TO RESEARCH AND CLIINICAL.
Advertisements

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
PRIM&R Privacy Panel II “Privacy/Confidentiality Challenges in the HIPAA Era” Pearl O’Rourke, Moderator Bartley Barefoot Oliver Johnson Lora Kutkat.
RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
HIPAA Requirements for Patient Oriented Research
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Informed Consent.
THE FOLLOWING SLIDES EXPLAIN THE REQUIRED ELEMENTS THAT MUST BE INCLUDED FOR A HIPAA AUTHORIZATION TO BE VALID HIPAA Authorizations.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
IRB 101: Informed Consent Columbia University Medical Center IRB September 22, 2005.
1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.
Health Insurance Portability and Accountability Act (HIPAA)
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
1 Defense Health Agency Privacy and Civil Liberties Office HIPAA Privacy Board Overview August 6, 2015.
Health Insurance Portability and Accountability Act (HIPAA)
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
Duke University Health System 1 The Sixth Annual HIPAA Summit March 28, 2003 The Washington Hilton and Towers Washington DC HIPAA Authorizations: A Necessity.
HIPAA and Research Basics for IRB Tim Atkinson Director, Research and Sponsored Programs Director, Institutional Review Board Research Privacy Officer.
HIPAA – How Will the Regulations Impact Research?.
NE SNIP PRIVACY WORKGROUP Use and Disclosure of Protected Health Information Regarding a Deceased Individual.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.
University of Pennsylvania Health System 1 Session 3.02: Case Studies in Clinical Research Compliance Russell M. Opland, M.P.H., EMT-P Chief Privacy Officer.
Health Insurance portability and Accountability Act (HIPAA)‏
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
06/20/03- revised1 Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research Administrators,
HIPAA The Health Insurance Portability and Accountability Act of 1996 (Public Law ) Impact on Pathologist Trina Shanks University Pathology Services,
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
PwC Issues in HIPAA Research Compliance William R. Braithwaite, MD, PhD “Dr. HIPAA” HIPAA Summit 6 Washington, DC 27 March 2003.
1 R & D Privacy Issues for Pharmaceutical Manufacturers Medical Research Summit III March 5-7, 2003 Washington, D.C. Carol A. Pratt, Ph.D., JD Davis Wright.
HIPAA TRIVIA QUEST December Edition. I’ll ask the questions - and you’ll give the answers.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
Main Line Hospitals Institutional Review Board HIPAA Policy Changes 2013 Anne Marie Hobson, BSN, JD, ORA Director.
HIPAA 2017 JHSPH IRB Clarifications and Changes
To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the screen changes and you.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA Administrative Simplification
The HIPAA Privacy Rule and Research
HIPAA Privacy & Security: Medical Research Context
Issues in HIPAA Research Compliance
Analysis of Final HIPAA Privacy Modification Rule
Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.
Presentation transcript:

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep track of these action items during your presentation In Slide Show, click on the right mouse button Select “Meeting Minder” Select the “Action Items” tab Type in action items as they come up Click OK to dismiss this box This will automatically create an Action Item slide at the end of your presentation with your points entered.

2 The Privacy Rule... Beginning on April 14, 2003, the Privacy Rule protects the privacy of certain individually identifiable health information by establishing conditions for its use and disclosure by health plans*, health care clearinghouses, and certain health care providers. *Small health plans not required to comply until April 14, 2004.

3 How Might the Privacy Rule Affect Research Recruitment? Depends on: What you do/where you work Type of information you use, collect, receive or release

4 Three Rules -- Privacy Rule, Common Rule, FDA Regulations Privacy Rule does not replace or modify the Common Rule or FDA regulations. Privacy Rule is in addition to privacy protections of these regulations. – Applies to covered entities regardless of funding. – Contains standards for de-identifying health information. – Requires Authorization for certain uses and disclosures of certain health information. – Applies to decedents’ information.

5 Who is Covered? A health care provider who transmits health information electronically in connection with a transaction for which the Secretary has adopted standards. Example: a physician who electronically bills for services A health plan. A health care clearinghouse.

6 Protected Health Information (PHI) = Covered Entity + Health information + Identifier Transmitted or maintained in any form (paper, oral, electronic, forms, web-based, etc.). Decedents’ information included. Does not include de-identified health information or biological tissue and certain other exceptions (e.g., employment records or education records covered by FERPA). What is Covered?

7 For research, the Privacy Rule permits covered entities to use and disclose PHI for research conducted: – with individual authorization, or – without individual authorization under limited circumstances. Not All Research Activities Need Authorization!

8 Use or Disclosure of PHI Without Authorization 1. De-identify PHI. 2. Limited Data Set with Data Use Agreement. 3. IRB or Privacy Board waiver of Authorization requirement. 4. Activity preparatory to research. 5. Research is on decedents’ information. 6. Research qualifies for the Transition Provisions. Covered entities do not always need to get Authorization for research-related activities.

9 Options for Identifying Eligible Research Participants Activity Preparatory to Research Authorization Waiver from IRB or Privacy Board Authorization

10 What kinds of activities are considered preparatory to research? Covered entities that obtain certain required representations from a researcher may use and disclose PHI for activities preparatory to research that include, but are not limited to, the following: – Preparing a research protocol – Assisting in the development of a research hypothesis – Aiding in research recruitment, such as identifying prospective research participants who would meet the eligibility criteria for enrollment into a research study Under this provision, no PHI may be removed from the covered entity during the course of the review.

11 Preparatory to Research Covered entity must obtain representation from the researcher that: The use or disclosure of PHI is sought solely to prepare a protocol or for a similar preparatory purpose. PHI will not be removed from the covered entity. AND PHI is necessary for research purposes.

12 Waiver of Authorization A covered entity is permitted to use or disclose PHI for research when it obtains required documentation of the IRB or Privacy Board approval of a waiver of Authorization. Note: A covered entity is also permitted to use or disclose PHI for research when it obtains an altered Authorization under the Privacy Rule and required documentation of the IRB or Privacy Board approval of an alteration of Authorization.

IRB/Privacy Board Criteria for Waiving or Altering Authorization 1.The use or disclosure involves no more than minimal risk because of an adequate plan/assurance: a. To protect identifiers from improper use or disclosure. b. To destroy identifiers at earliest opportunity, consistent with the conduct of the research. c.That PHI will not be inappropriately reused or disclosed. 2.The research could not practicably be conducted without the waiver or alteration. 3.The research could not practicably be conducted without access to and use of PHI. Yes No Signature of IRB/Privacy Board Chair Date (or Designee)

14 Options for Contacting Eligible Research Participants Health Care Operations “Health Care” Discussion with Individuals Authorization Waiver from IRB or Privacy Board Authorization

15 Contacting Subjects: Health Care Operations If the researcher is a workforce member of a covered entity, the researcher may contact the potential study participant, as part of the covered entity's health care operations, for the purposes of seeking Authorization. Alternatively, the covered entity may contract with a researcher as a business associate to assist in contacting individuals on behalf of the covered entity to obtain their Authorizations.

16 Contacting Subjects: Health Care Discussions Covered health care providers and patients may discuss the option of enrolling in a clinical trial without Authorization, regardless of whether the individual is a patient of the covered provider, and without a waiver of the Authorization. – A physician may for treatment purposes discuss treatment alternatives with the individual, which may include the option of enrolling in a clinical trial. – A physician may speak to the individual about a clinical trial as part of asking the individual to sign an Authorization to permit the covered provider to use or disclose the individual's PHI for the research study. – Also, the Privacy Rule generally permits a covered entity to communicate with individuals and to disclose their PHI to them. If a physician knows of a study in which his or her patient might enroll that is being conducted by others, the physician may: – Discuss such a trial with the patient and give the patient the researcher's contact information so the patient may contact the researcher directly. – Contact the researchers about the patient so long as de-identified information is disclosed, the individual's Authorization or IRB or Privacy Board waiver of Authorization is obtained, or other conditions that satisfy the Privacy Rule are met. – For example, it is acceptable to give a clinical summary of a patient to a researcher to determine if the patient might meet enrollment criteria, if such discussions omit the patient's name, address, medical record number, and any other identifying information set forth in section (a)-(c) of the Privacy Rule.

17 Contacting Subjects: Authorization Waiver If the covered entity obtains documentation that an IRB has partially waived the Authorization requirement to disclose PHI to a researcher for recruitment purposes, the covered entity could disclose to the researcher that PHI necessary for the researcher to contact the individual.

18 Summary: Research Recruitment Identify Subjects Contact Subjects Covered Entity Researcher (non-covered) Yes Preparatory to Research provision. Need representation from workforce member. Yes Preparatory to Research provision. Need representation from researcher. Yes Health care operation to get Authorization. Waiver of Authorization. Yes Waiver of Authorization. As a business associate of covered entity for the health care operation.

19 Identifying AND Contacting Subjects: Call Centers Call centers in many cases will not be part of a covered entity (health plan, health care clearinghouse, certain health care providers), and thus, are not required to comply with the Privacy Rule. If a call center is part of a covered entity, e.g., part of a covered health care provider that is also a researcher, it may speak with an individual without Authorization for purposes of communicating about the research study or obtaining the individual's Authorization to use or disclose his or her PHI for the study. However, any use or disclosure of the individual's PHI for the research study itself or other purposes is subject to the conditions set forth in the Privacy Rule.

20 Identifying AND Contacting Subjects: Authorization A covered entity may include an individual's PHI in a clinical research recruitment database and access to the recruitment database, provided the individual has given permission through a written Authorization. The Authorization must inform the individual of: – the purpose for which (e.g., for the pre-screening log for one or more clinical trials) and – what PHI will be used and meet the other requirements at section of the Privacy Rule. Unless otherwise permitted by the Privacy Rule, a subsequent Authorization must be obtained from the individual before a covered entity may use or disclose the individual's PHI for the clinical trial itself.

21 Authorizations for Research Must be for a specific research study – Authorization for future, unspecified research is NOT permitted but Authorization may be obtained to permit the use or disclosure of PHI to create or maintain a repository or database. Different from, but may be combined with, informed consent. Review/approval by IRB/Privacy Board NOT needed under Privacy Rule. (But other regulations would require IRB review when combined with informed consent documents.) Must contain “core elements” & “required statements,” and a signed copy must be given to the individual. Research Authorizations need not expire, but this must be stated.

Core Elements (signified by ) Description of PHI to be used or disclosed Person(s) authorized to make the requested use or disclosure. Person(s) to whom the covered entity may disclose PHI. Each purpose for the use or disclosure. Expiration date or event* (e.g. “end of the research study” or “none”). Participant SignatureDate Statements (signified by ) Right to revoke Authorization plus exceptions and process. Ability/Inability to condition treatment, payment, or enrollment/eligibility for benefits on Authorization. PHI may no longer be protected by Privacy Rule once it is disclosed by the covered entity. The authorization must be written in plain language, and the covered entity must provide the individual with a copy of the signed Authorization. Elements of an Authorization to Use or Disclose PHI

23 Privacy Rule Resources for Researchers Office for Civil Rights (OCR) Web sitehttp://

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.