Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA and RESEARCH 5 th Thursday May 31, 2007. Page 2.

Published byLynne Thornton Modified over 7 years ago

Similar presentations

Presentation on theme: "HIPAA and RESEARCH 5 th Thursday May 31, 2007. Page 2."— Presentation transcript:

1 HIPAA and RESEARCH 5 th Thursday May 31, 2007

2 Page 2

3 Page 3 HIPAA Privacy Regulation Concepts HIPAA does not regulate research HIPAA applies to the healthcare industry through the operations of covered entities such as the VCU ACE HIPAA does not override or replace regulations for human subject research such as 46 CFR 46 (OHRP) and 21 CFR 50 and 56 (FDA) HIPAA impacts research by regulating how covered entities may permit access to data that is “Protected Health Information” in their custody.

4 Page 4 Concepts Con’t HIPAA requires covered entities to obtain certain documents from researchers before allowing research access to or use of PHI. These may include:  Waiver of Authorization  Approval for access to PHI in preparation for research  Limited Data Set agreement

5 Page 5 Concepts Con’t Researchers who are also healthcare providers must provide the same HIPAA documents to use their patient’s PHI in research as researchers who are not healthcare providers. In other words, a physician’s right to access a patient’s PHI for healthcare purposes does not entitle that physician to access that same information for research purposes.

6 Page 6 What HIPAA Documentation is Required? The Requirements Are Based On the Identifiers In The Data : PHI that includes identifiers (beyond a limited data set) PHI Limited Data Set Decedents’ Data Reviews in Preparation for Research De-identified Data Set

7 Page 7 HIPAA De-identification Once data is de-identified it is no longer subject to HIPAA regulations. The HIPAA regulation does allow for using special codes for re-identification of such data, the VCU Health System requires specific approval by the Privacy Officer if codes for re-identification are to be used.

8 Page 8 The following identifiers for the patient and family Must be removed to create a de-identified data set: 1. Names2. Telephone Numbers 3. FAX numbers4. Email Addresses 5. All Dates 6. Medical Records # 7. Account # 8. Social Security # 9. Health Plan # 10. Vehicle # 11. Device/Serial #12. Certificate/License Web # 13. Identity (URL) 14. IP Address 15. Biometric Identifiers 16. Photos 17. Geographic Identifiers Smaller Than State 18. Any Other Identifying Number, Characteristic or Code

9 Page 9 PHI In Preparation For Research A review preparatory to research allows a researcher to examine PHI to determine the feasibility of performing a research protocol. During this period the researcher may not remove or record and remove any PHI from the the VCU Health System. HIPAA allows the researcher, if they are part of the VCU ACE to contact potential subjects. Such a practice should be approached with great caution unless the researcher is known to the patient.

10 Page 10 Decedent Data In Research A VCU Health System researcher may use decedent data by sending a signed statement to the Compliance Services Department that:  The information will be used solely for research  All PHI obtained is of decedent(s) This regulation is specific to research and for non- research, decedent PHI is protected the same as PHI for living individuals.

11 Page 11 LIMITED DATA SET A Limited Data Set includes PHI that is largely de-identified but may include certain identifiers The use of a Limited Data Set REQUIRES a signed “Data Use Agreement”

12 Page 12 Limited Data Set (con’t) A Limited Data Set as defined by HIPAA may contain no “identifiers”from the list of identifiers previously shown except it may contain:  Elements of dates including birth date, admission date, dates of procedures, date of death, etc.  Geographic information such as state, city, town, census tract, precinct, and ZIP code. May not include street name, address or post office box number.

13 Page 13 Limited Data Set (con’t) Data Use Agreement

14 Page 14 Research Data Includes Identifiers Beyond A Limited Data Set Required HIPAA documentation:  Authorization signed by the subject (or legally authorized representative); or  Waiver of Authorization

15 Page 15 Research Authorization Subject’s signed permission to disclose or use PHI for research. This is not a blanket permission and must be specific:  What PHI? What purpose? By whom? How long? And other requirements as shown.  A research authorization is in addition to the IRB Informed Consent and usually signed at the same time as the IC.  The Research Authorization does not require a specific expiration date.

16 Page 16 Waiver of Authorization No more than minimum risk Adequate plan to protect identifiers Destruction of identifiers as soon as possible Assurance the PHI will not be disclosed for purposes other than approved Research could not practicably be carried out w/o the waiver Waiver will not adversely affect the subject’s welfare or rights Subjects, if appropriate will be provided information at a later date

17 Page 17 Subject Rights Under HIPAA Access to research PHI (NOTE: Access to PHI can be temporarily suspended in order to legitimize the research – This must be explained in the Authorization Request an amendment to the PHI Get an accounting of the disclosures (any disclosure not in the authorization) Request restrictions on uses and disclosures Withdraw the authorization (NOTE: If a subject withdraws authorization the researcher may use the information gathered

18 Page 18 Subject Rights (con’t) A researcher can disqualify the potential subject from the protocol upon refusal to sign the authorization.

19 Page 19 HIPAA LINK www.vcu.edu/hipaa

20 COMPLIANCE HELPLINE Confidential reporting Operated by Global Compliance Available 24 hours a day, 7 days a week Helpline web-based reporting: https://www.compliancehelpline.com/welcomePageVCUHS.jsp https://www.compliancehelpline.com/welcomePageVCUHS.jsp Helpline web-based reporting: https://www.compliancehelpline.com/welcomePageVCUHS.jsp https://www.compliancehelpline.com/welcomePageVCUHS.jsp

Download ppt "HIPAA and RESEARCH 5 th Thursday May 31, 2007. Page 2."

Similar presentations

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
Open Library June 4, 2004 Informed Consent Process and Federal Regulations That Must Be Met to Waive Informed Consent Tracey Craddock Regulatory Compliance.

Open Library June 4, 2004 Informed Consent Process and Federal Regulations That Must Be Met to Waive Informed Consent Tracey Craddock Regulatory Compliance.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA Privacy Rule and Research

HIPAA Privacy Rule and Research
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA, Privacy & Confidentiality Local Accountability for Research Protection in VA Facilities VA Office of Research & Development Baltimore, February.

HIPAA, Privacy & Confidentiality Local Accountability for Research Protection in VA Facilities VA Office of Research & Development Baltimore, February.
1 HIPAA Enhancements to IRB Submissions John M. Falletta, MD Chairman, Institutional Review Board Duke University Health System Durham, NC.

1 HIPAA Enhancements to IRB Submissions John M. Falletta, MD Chairman, Institutional Review Board Duke University Health System Durham, NC.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.

National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.
RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.

RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
HIPAA Requirements for Patient Oriented Research

HIPAA Requirements for Patient Oriented Research
Informed Consent.

Informed Consent.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Similar presentations

Ads by Google