Health Insurance Portability and Accountability Act (HIPAA)

Slides:



Advertisements
Similar presentations
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
Advertisements

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA Privacy Rule and Research
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
HIPAA, Privacy & Confidentiality Local Accountability for Research Protection in VA Facilities VA Office of Research & Development Baltimore, February.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.
HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
HIPAA Requirements for Patient Oriented Research
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Informed Consent.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
Privacy and Information Security Essentials
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.
HIPAA Health Insurance Portability & Accountability Act of 1996.
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.
Revised February 4, Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
HIPAA Privacy and Research August 21, 2015
1 Defense Health Agency Privacy and Civil Liberties Office HIPAA Privacy Board Overview August 6, 2015.
August 8, 2011 Leslie J. Pfeffer, BS, CHP. Health Insurance Portability and Accountability Act HIPAA Privacy Rule April 14, 2003 HIPAA Security Rule April.
PwC Tissue Banking and Repositories – Human Subject Protections Privacy Protections Medical Research Summit Tom Puglisi, Ph.D. Friday March 7 – 9:15 am.
HIPAA and Research Basics for IRB Tim Atkinson Director, Research and Sponsored Programs Director, Institutional Review Board Research Privacy Officer.
HIPAA – How Will the Regulations Impact Research?.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.
University of Pennsylvania Health System 1 Session 3.02: Case Studies in Clinical Research Compliance Russell M. Opland, M.P.H., EMT-P Chief Privacy Officer.
Health Insurance portability and Accountability Act (HIPAA)‏
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
06/20/03- revised1 Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research Administrators,
1 The Impact of HIPAA on US Biomedical Research Presented To The: HIPAA SUMMIT Washington, DC March 28, 2003 Oliver Johnson, Chief Privacy Officer Merck.
Copyright © 2002 PricewaterhouseCoopers LLP 1 HIPAA Privacy Modification Rule - Final Harvard Colloquium August 21, 2002 Tom Hanks Director Client Services.
PwC Issues in HIPAA Research Compliance William R. Braithwaite, MD, PhD “Dr. HIPAA” HIPAA Summit 6 Washington, DC 27 March 2003.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
Privacy: HIPAA Emerson Murphy-Hill. Rosie Callender, RHIA, web.msm.edu/hipaa/An%20Introduction%20to%20HIPAA.ppt What is HIPAA? A Federal Law Created in.
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA 2017 JHSPH IRB Clarifications and Changes
Institutional Review Board and Research Education
Winter 2008 HIPAA, Privacy & Confidentiality.
To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the screen changes and you.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The HIPAA Privacy Rule: Implications for Medical Research
The HIPAA Privacy Rule and Research
HIPAA Privacy & Security: Medical Research Context
Issues in HIPAA Research Compliance
Analysis of Final HIPAA Privacy Modification Rule
Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.
The Health Insurance Portability and Accountability Act
Presentation transcript:

Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule Education Module for Institutional Review Boards Copyright (c) University of California

Copyright (c) University of California HIPAA is federal law that applies to health care providers, health plans, and health care clearinghouses. These are covered entities (CEs). The University of California is a hybrid Covered Entity with both covered and non-covered functions. All UC covered entities constitute a single health care component (SHCC). Copyright (c) University of California

Copyright (c) University of California The HIPAA Privacy Rule protects the privacy and security of an individual’s health information held by a Covered Entity. 45 CFR sections 160, 164 The HIPAA Privacy Rule supplements the Common Rule and the FDA’s protections for human subjects. Copyright (c) University of California

Protected Health Information - PHI Pertaining to an individual’s past, present, or future: Physical or mental health Diagnosis and/or treatment Payment for health care That includes personal identifiers, and That is created, used, or disclosed by a Covered Entity. Copyright (c) University of California

Personal identifiers under HIPAA are: Name Address including city and zip code Telephone number Fax number E-mail address Social security number Date of birth Medical record number Health plan ID number Dates of treatment Account number Certificate/license number Device identifiers and serial number Vehicle identifiers and serial number URL IP address Biometric identifiers including finger prints Full face photo and other comparable image Copyright (c) University of California

Covered Entity’s Responsibility The CE is responsible for protecting PHI The CE must ensure that PHI: Is only used or released for treatment, payment or operations (TPO) and as permitted or required by law; or If not used for TPO, is released only with the patient’s authorization; or If not used for TPO, is released only under an exception to the authorization requirement. Copyright (c) University of California

Copyright (c) University of California HIPAA and Research Individually identifiable health information that is collected and used solely for research is NOT PHI. Researchers obtaining PHI from a CE must obtain the subject’s authorization or must justify an exception to the authorization requirement: Waiver of authorization Limited Data Set De-identified Data Set Copyright (c) University of California

Conditions under which the CE may release PHI for research purposes Authorization by subject or subject’s representative Waiver of authorization by IRB or Privacy Board Decedent research Limited data set De-identified data set Disclosures related to FDA-regulated product Otherwise, you can’t touch it! Copyright (c) University of California

Impact of HIPAA on University Researchers To obtain PHI from a CE, a researcher must provide the CE with a Letter of Approval from an IRB or Privacy Board and one of the following: Subject’s Authorization to release PHI, or Certification of Waiver of Authorization by IRB or Privacy Board, or Request for Limited Data Set or De-identified Data Set The researcher may request from the CE only the minimum information necessary to conduct the research Copyright (c) University of California

Copyright (c) University of California IRB’s Responsibility Assure the CE that all research-related HIPAA requirements have been met: Provide letter of approval to the researcher to conduct research with PHI Certify and document that waiver of authorization criteria are met Review and approve all authorizations and data use agreements Retain records documenting HIPAA actions for six years Copyright (c) University of California

Subject’s Authorization The authorization must include specific elements The authorization may be part of or attached to the research consent form An IRB or a Privacy Board must approve the language of the authorization The original signed authorization is retained by the CE; the subject gets a copy Copyright (c) University of California

Authorization elements required by HIPAA Description of information to be used Name or class of persons authorized to disclose information Name or class of recipients of the information Description of research purpose Expiration date of authorization Right to revoke authorization That HIPAA protections may not apply to redisclosed information Consequences of a refusal to sign an authorization Signature and date Copyright (c) University of California

Authorization expiration If the research has no expiration date, the authorization must state “no expiration date” Expiration may be a specific date or relate to the individual or to the purpose “February 25, 2006” “End of the research study” “5 years after last patient is enrolled” After the stated date or event, researcher can no longer use the PHI Copyright (c) University of California

Waiver of Authorization Investigator provides IRB approval of Waiver of Authorization to CE IRB approval provides: IRB name, date of approval, brief description of PHI; and Statement that IRB has approved Waiver of Authorization under normal or expedited review per Common Rule; and Statement that IRB or Privacy Board has determined that research could not practicably be conducted without waiver and without PHI. Copyright (c) University of California

Waiver of authorization (cont.) IRB approval also states that: IRB or Privacy Board has determined that research poses no more than minimal risk to subject’s privacy based on written assurance that the PHI will not be reused or disclosed, and Researcher has provided adequate plan to: Protect identifiers from improper use or disclosure; and Destroy the identifiers unless retention is justified or required by law IRB or Privacy Board must retain documentation of waiver criteria for six years NOTE – the CE is responsible for providing an accounting to the subject of release of PHI under a research waiver Copyright (c) University of California

Copyright (c) University of California Limited Data Set (LDS) LDS may include: Zip code Full dates of birth or death Full date(s) of service Geographic subdivision (city) LDS may not include other personal identifiers of subject, relatives, employer, or household members NOTE – the CE does not have to account to the subject for disclosures using a limited data set Copyright (c) University of California

De-identification – Two Methods Remove all eighteen personal identifiers of subject, relatives, employer, or household members; or Biostatistician confirms that individual cannot be identified. NOTE –the CE does not have to account to the subject for disclosures using de-identified data Copyright (c) University of California

Use and Disclosure of PHI for Decedents Research Provide representation to the CE that the use or disclosure is solely for research on decedents’ protected health information. Similar to Waiver of Authorization Requires approval by an IRB or a Privacy Board or a UC Privacy Officer Copyright (c) University of California

Copyright (c) University of California Transition Rules for Research Protocols that Require the Subject’s Consent and Authorization and that Use, Create or Disclose PHI Copyright (c) University of California

Protocol approved before April 14, 2003 If a study is active before April 14th, 2003, subjects enrolled before April 14th do not have to sign a HIPAA authorization or be re-consented If a study is active before April 14th, new subjects entered after April 14th must sign a HIPAA authorization addendum to the consent form UC authorization addendum language is provided by the IRB or Privacy Board The IRB or Privacy Board need not re-review the protocol so long as it is unchanged but for the authorization addendum Copyright (c) University of California

Protocol modified or first approved after April 14, 2003 If a study is modified or first approved after April 14th, 2003, subjects must sign a consent form containing HIPAA authorization language or a HIPAA authorization addendum to the consent form HIPAA authorization language that is embedded within a consent form must have a separate signature line from the informed consent signature line Cal.Civil Code 56.11 Copyright (c) University of California

Conclusion - HIPAA Privacy Rule Places responsibility on the Covered Entity to meet HIPAA requirements for disclosing PHI to a researcher Places responsibility on the IRB to assure the Covered Entity that health information will be protected under the research protocol. Does not replace Common Rule or FDA human subject protection regulations Does not override any California Law that provides greater protection for the privacy of health information. If you have questions regarding the Privacy Rule, contact your campus’ Privacy Officer or IRB Director Copyright (c) University of California

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.