Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Compliance: The Research/Privacy Nexus

Published byBritton Logan Modified over 5 years ago

Similar presentations

Presentation on theme: "Research Compliance: The Research/Privacy Nexus"— Presentation transcript:

1 Research Compliance: The Research/Privacy Nexus
C. Brandi Hannagan, JD Senior Regulatory Specialist UC Davis Health Compliance

2 The Privacy Nexus in Research
You are a member of the UCD Health Workforce UCD Health is a Covered Entity (CE) under Federal HIPAA Law All CEs (and its workforce) are responsible for complying with HIPAA The CE is required to ensure that access to its patient information is in accordance with the law PRIMARY ISSUE FOR RESEARCHERS: When can you access patient records?

3 When are We Able to Access Patient Records?

4 Access with Authorization

5 Authorization Issues

6 Access Without Consent: What are the Research-Related Exceptions?

7 Access Without Consent: Waiver of HIPAA Authorization
Granted by IRB during submission process Access must match the brief description of the PHI for which use or access has been determined to be necessary by the IRB Must comply with Accounting of Disclosures (HIPAA Rule and UCD Health P&P)

8 Access Without Consent: Preparatory to Research
Access available prior to IRB approval For preparatory purposes only Submit request to: davis.edu/redcap/surveys/? s=VRGYXq8PVW

9 Preparatory to Research Requests
What do you need the data for? What information do you need to review? Whose PHI do you want to see? What is the desired data source? Have you considered cohort discovery?

10 Access Without Consent: Decedent Research
Access available through compliance (must also get approval from IRB if access involves death certificate) Representation from the researcher that the use or disclosure being sought is solely for research on the protected health information of decedents, that the protected health information being sought is necessary for the research. Submit request to: ap/surveys/?s=VqdaAG8o6M

11 For All Access Without Authorization: Must Account for Disclosures
HIPAA requires covered entities (UCD Health) to maintain records of certain disclosures without authorization, including disclosures to researchers (not part of the covered entity) including disclosures pursuant to a waiver of authorization, preparatory to research reviews, and decedent research (45 CFR ) UCD Health P&P 2446: Personnel who receive (view/disclose) protected health information (PHI) of the CE without a patient’s written authorization are responsible for accounting for this access

12 Online Database: https://disclose.ucdmc.ucdavis.edu
UCD Health P&P 2446 Online Database: New Disclosure Document Upload Document Upload

13

14 EMR Surveillance Program
Process by which we review EMR users’ access to patient records to determine if access in the EMR is for a legitimate purpose Do this to: Comply with HIPAA requirements that we have appropriate safeguards in place to ensure privacy Comply with HITECH Security rules to ensure we have appropriate monitoring activities Do this to mimic federal privacy audits & ensure compliance with P&Ps

15 Is this access appropriate?
Hypothetical: Surveillance identifies access by CRC Homer to Patient Marge’s PCN encounter on 7/20/17. Homer BTG and entered protocol #123 as the reason. We know the following: Protocol #123 was approved on 10/30/16 IRB also approved a Waiver for Recruitment purposes on 10/30/16 Homer is listed on the RPL There is no signed consent, HIPAA Authorization, or disclosure tracking in Marge’s record Is this access appropriate?

16 Thank you! Compliance & Privacy Office UC Davis Health System
2300 Stockton Blvd., Sherman Building, Room 3100 Office: (916)

Download ppt "Research Compliance: The Research/Privacy Nexus"

Similar presentations

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.

The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
Open Library June 4, 2004 Informed Consent Process and Federal Regulations That Must Be Met to Waive Informed Consent Tracey Craddock Regulatory Compliance.

Open Library June 4, 2004 Informed Consent Process and Federal Regulations That Must Be Met to Waive Informed Consent Tracey Craddock Regulatory Compliance.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.

NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
HIPAA Minimum Necessary: Use/Disclosure & Role-based Access  Charlene Dunbar Madonna Rehabilitation Hospital  Sheila Wrobel Nebraska Health System.

HIPAA Minimum Necessary: Use/Disclosure & Role-based Access  Charlene Dunbar Madonna Rehabilitation Hospital  Sheila Wrobel Nebraska Health System.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy.

HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.

Similar presentations

Ads by Google