Presentation is loading. Please wait.

Presentation is loading. Please wait.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

Published byFrederick Bell Modified over 6 years ago

Similar presentations

Presentation on theme: "HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)"— Presentation transcript:

1 HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

2 HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
With regard to research use…. The effective date was April 14, 2003 The Act establishes the conditions under which Protected Health Information may be used or disclosed by covered entities for research purposes

3 COVERED ENTITY A health plan, a health care clearinghouse, or a health care provider who transmits health information in electronic form in connection with a transaction for which HHS has adopted a standard. (YU, MMC, HHC, & the offices of private physicians are all covered entities)

4 HEALTH INFORMATION Any information, whether oral or recorded, in any form or medium, that relates to past, present, or future physical or mental health or condition of an individual or to the provision of health care to an individual.

5 In the course of conducting research, researchers my obtain, create, use, and/or disclose individually identifiable health information. Under the Privacy Rule, covered entities are permitted to use and disclose protected health information for research with individual authorization, or without authorization under limited circumstances set forth in the Privacy Rule.

6 In providing authorization, individuals must be informed of the uses and disclosures of their health information (what information will be used, for what purpose, and by whom) and their rights, including their right to access information about them held by covered entities.

7 AUTHORIZATION FORM YU and MMC have agreed that, for the first year, a separate authorization form will be used. Consideration will be given in the future to combining the two documents. Generally, researchers will conduct the informed consent process and then explain the authorization form

8 CORE ELEMENTS OF AN INDIVIDUAL AUTHORIZATION
A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion. The name or other specific identification of the person or class of persons authorized to make the requested use or disclosure An expiration date or an expiration event (such as “never” or “end of research study”) that relates to the individual or the purpose of the use or disclosure

9 A statement of the individual’s right to revoke the authorization in writing and the exceptions to the right to revoke, together with a description of how the individual may revoke the authorization If authorization is revoked, information that was already collected may still be used and disclosed to others, if the researchers have relied on it to complete and protect the validity of the research.

10 A statement that information used or disclosed pursuant to the authorization may be subject to redisclosure by the recipient and no longer be protected by the privacy rule The informed consent lists all entities to whom information may be sent. These entities are asked to maintain confidentiality. However, if information is sent to a non-covered entity, it is no longer protected by the privacy rule.

11 If the authorization is signed by a personal representative of the individual, a description of such representative’s authority to act for the individual Only a legally appointed representative can provide authorization. This must be documented in the research record.

12 The Authorization Form on the AECOM CCI home page contains all the required core elements, including ‘help text.’ Modification or use of another model requires IRB review prior to use. The signature of the person obtaining the authorization does not need to be included. The research participant must be given a copy of the signed authorization form.

13 ACCOUNTING FOR RESEARCH DISCLOSURES
In general, the Privacy Rule gives individuals the right, on request, to receive an accounting of certain disclosures of protected health information made by a covered entity. This must include specified information regarding each disclosure. Researchers must be able to disclose what was sent, when it was sent, and to whom it was sent. A more general accounting is permitted for subsequent multiple disclosures to the same person or entity for a single purpose.

14 DELAYED ACCESS TO RESEARCH RECORDS
The Privacy Rule permits suspension of the participant’s access rights while a clinical trial is in progress, provided that the participant agrees to this denial of access when consenting to participate. The participant must be informed that the right to access information will be reinstated at the conclusion of the trial.

15 TRANSITION PROVISIONS
A covered entity may use and disclose protected health information that was created or received for research purposes, either before or after the compliance date, if the covered entity obtained any one of the following prior to the compliance date: An authorization or other express legal permission from an individual to use or disclose Protected Health Information for the research; The informed consent of the individual to participate in the research; or A waiver of informed consent by an IRB.

16 INDIVIDUALS ENROLLED IN RESEARCH BEFORE THE COMPLIANCE DATE
AUTHORIZATION MUST BE OBTAINED IF… The patient is to be reconsented A waiver of informed consent was obtained prior to the compliance date, but informed consent subsequently is sought after the compliance date.

17 RESEARCH USE/DISCLOSURE WITHOUT AUTHORIZATION

18 ALTERATION OR WAIVER OF RESEARCH PARTICIPANTS’ AUTHORIZATION
Documentation is required that the use or disclosure of information for research purposes has been approved by an IRB under normal or expedited review, with Identification of the IRB Statement by IRB that the alteration or waiver satisfies the three criteria in the Rule A brief description of the protected health information Signature of the IRB Chair or designee

19 ALTERATION OR WAIVER OF AUTHORIZATION
THE IRB MUST AGREE THAT THE FOLLOWING THREE CRITERIA HAVE BEEN MET: (1) The use or disclosure of protected health information involves no more than a minimal risk to the privacy of individuals, based on, at least, the presence of the following elements:

20 An adequate plan to protect the identifiers from improper use and disclosure;
An adequate plan to destroy the identifiers at the earliest opportunity consistent with conduct of the research, unless there is a health or research justification for retaining the identifiers or such retention is otherwise required by law; and

21 Adequate written assurances that the protected health information will not be reused or disclosed to any other person or entity, except as required by law, for authorized oversight of the research project, or for other research for which the use or disclosure of protected health information would be permitted by this subpart;

22 (2) The research could not practicably be conducted without the waiver or alteration; and
(3) The research could not practicably be conducted without access to and use of the protected health information.

23 USE OF DE-IDENTIFIED DATA
De-identified health information is not protected health information, and thus is not protected by the Privacy Rule A covered entity may always use or disclose for research purposes health information that has been de-identified, either by statistical verification or by removing certain pieces of information

24 ELEMENTS THAT MUST BE DELETED TO QUALIFY AS DE-IDENTIFIED DATA
Name Address Employer Relative’s names All elements of dates (year OK*) Telephone and fax numbers addresses Social Security Number Member or Account Number Certificate/license number Voice/fingerprints, photos, or other number, code, or characteristics *All ages over 89 must be recorded as “age 90 or older”

25 EXEMPTIONS FROM HIPAA AUTHORIZATION
Use of PHI preparatory to research Research on protected health information of decedents Use of a limited data set

26 USE OF PROTECTED HEALTH INFORMATION PREPARATORY TO RESEARCH
The use or disclosure is solely to review PHI as necessary to prepare a research protocol or for similar purposes preparatory to research (such as to aid study recruitment). The PHI cannot be removed from the covered entity. The PHI for which use or access is requested is necessary for the research.

27 RESEARCH ON PROTECTED HEALTH INFORMATION OF DECEDENTS
The use of disclosure is sought solely for research on the PHI of decedents. The use or disclosure is necessary for the research purposes. Documentation will be obtained, at the request of the covered entity, of the death of the individuals whose PHI is sought by the researchers.

28 LIMITED DATA SET A Limited data set is the same as a de-identified data set except that the following data elements ARE allowed: Zip code City, State Date of Birth, and other dates. A Data Use Agreement is required. It is the means by which covered entities obtain assurances that the recipient of the limited data set will use or disclose the PHI in the data set only for specified purposes.

29 DATA USE AGREEMENT Must contain the following provisions:
Include specific permitted uses and disclosures of the limited data set by the recipient consistent with the purpose for which it was disclosed (a data use agreement cannot authorize the recipient to use or further disclose the information in a way that, if done by the covered entity, would violate the Privacy Rule). Identify who is permitted to use or receive the limited data set.

30 DATA USE AGREEMENT Stipulates that the recipient will -
Not use or disclose the information other than permitted by the agreement or otherwise required by law. Use appropriate safeguards to prevent the use or disclosure of the information, except as provided for in the agreement, and require the recipient to report to the covered entity any uses or disclosures in violation of the agreement of which the recipient becomes aware. Hold any agent of the recipient (including subcontractors) to the standards, restrictions and conditions stated in the data use agreement with respect to the information. Not identify the information or contact the individuals.

Download ppt "HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)"

Similar presentations

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA Privacy Rule and Research

HIPAA Privacy Rule and Research
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.

NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.

National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
HIPAA Requirements for Patient Oriented Research

HIPAA Requirements for Patient Oriented Research
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Informed Consent.

Informed Consent.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.

University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
Informed Consent and HIPAA Tim Noe Coordinating Center.

Informed Consent and HIPAA Tim Noe Coordinating Center.

Similar presentations

Ads by Google