Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.

Published byRandall Burke Modified over 4 years ago

Similar presentations

Presentation on theme: "Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability."— Presentation transcript:

1 Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability Act (HIPAA) This presentation provides an overview of how to be compliant with the Health Insurance Portability and Accountability Act (HIPAA) when conducting research. July, 2019

2 Health Insurance Portability and Accountability Act (HIPAA)
HIPAA provides for confidentiality of protected health information (PHI) and regulates how a covered entity may use individually identifiable health information for research. Because UConn Health is a covered entity researchers who use or disclose individually identifiable health information must comply with HIPAA. Individually identifiable health information is referred to as “protected health information” or PHI In order to be considered PHI the health information must be associated with one or more of the 18 identifiers defined by HIPAA.

3 Protected Health information (PHI)
Protected Health Information is identifiable health information. PHI Includes: Individual’s past, present, or future physical or mental health or condition information. The provision of health care to the individual. At least one of the 18 personal identifiers (see next slide). In any format: written, spoken, or electronic (including videos, photographs, and x-rays)

4 The 18 Identifiers Defined by HIPAA
1- Name 7- Account #s 13- Device Identifiers 2- 8- License #s 14- Vehicle Identifiers and serial # 3- URLs 9- Health Plan Beneficiary #s 15- Device Identifiers and their serial # 4- IP Address 10- Medical Record # 16- Biometric Identifiers (finger and voice prints) 5- Phone #s 11- Social Security # 17- Full face photo. 6- Fax #s 12- All elements of dates (except Year) 18- Any unique identifying #, characteristic or code.

5 Common Methods to Comply with HIPAA
The most common methods used to comply with HIPAA are: Obtaining Authorization Obtaining a Waiver or Alteration of Authorization Certifying PHI will be De-identified

6 Authorization to Use and Disclose Protected Health Information
A signed HIPAA Authorization represents an individual’s agreement to the use and disclosure of the individual’s PHI for the specified research purpose. A signed Authorization is typically required when interacting with subjects (in person or on-line) and collecting PHI Authorization must be obtained prior to the use and/or disclosure of PHI. To be valid, unless otherwise approved by the IRB, the Authorization must contain all elements and statements required by the regulation The Authorization template is available on the IRB website and contains the required statements and elements

7 Waiving or Altering Authorization
When it is not feasible for researchers to obtain a complete written Authorization from research participants HIPAA may allow for a waiver/alteration of authorization if certain criteria are met. The waiver/alteration may apply to the entire study or to only a certain phase of a study. The investigator must complete and submit the Request for Alteration or Waiver of Authorization form posted on the IRB website. The form addresses all of the criteria to be evaluated by the IRB in determining whether the alteration/waiver can be granted. A waiver/alteration is not granted for the convenience of the researcher. The researcher must justify, among other things, why obtaining a complete authorization is not practicable. Examples of when a Waiver of Authorization may be granted: A retrospective review of medical records with no subject interaction (Complete HIPAA Waiver) Collection of PHI during telephone screening (Partial HIPAA Waiver)

8 Alteration vs. Waiver of Authorization
HIPAA also allows for an alteration of authorization. With an alteration some required elements of the authorization are waived or altered, but authorization is not completely waived. Example: An alteration to request that the need for signature be removed if the subject is to be presented with the authorization on-line and the subject clicks a yes button to acknowledge have read the form and agree to the terms.

9 Certification of De-Identification
Research that involves the creation/use of de-identified protected heath information is exempt from HIPAA requirements. There are three ways to certify that data will be/is de-identified: (1) Removing all 18 identifiers defined within the HIPAA regulations from the data. (2) Obtaining a determination by a qualified statistician who reviews the abstracted data and indicates that risk of re-identification using that data is very small. (3) Not using, reviewing or recording identifiers during the course of the study. The investigator is required to sign and submit to the IRB the form titled HIPAA Certification of De-Identification available on the IRB website. All study team members performing the records review should sign and date the Certification of De-Identification Form.

10 Conclusion This presentation has reviewed the most common ways in which HIPAA is addressed in research. However there are also other mechanisms such as limited data sets and data use agreements, preparatory to research provisions and provisions for use of decedent information. For more information on any of the aforementioned contact the IRB Office as noted on the next slide.

11 Questions Mayra Grimaldo-Cagganello, M.D., M.P.H., C.H.E.S.
Education & Development Specialist

Download ppt "Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability."

Similar presentations

What is VA Research and Sensitive VA Research Data?

What is VA Research and Sensitive VA Research Data?
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA Privacy Rule and Research

HIPAA Privacy Rule and Research
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
1 HIPAA Enhancements to IRB Submissions John M. Falletta, MD Chairman, Institutional Review Board Duke University Health System Durham, NC.

1 HIPAA Enhancements to IRB Submissions John M. Falletta, MD Chairman, Institutional Review Board Duke University Health System Durham, NC.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
HIPAA Requirements for Patient Oriented Research

HIPAA Requirements for Patient Oriented Research
Informed Consent.

Informed Consent.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
Privacy and Information Security Essentials

Privacy and Information Security Essentials
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.

University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

Similar presentations

Ads by Google