![]() ![]() These federal standards complement states’ and accreditation bodies’ requirements. IRBs may have the responsibility for addressing HIPAA’s additional requirements in their reviews when those apply or some responsibilities may be given to another kind of body that HIPAA permits (a Privacy Board) or to an institutional official that HIPAA requires (a privacy officer). Institutional Review Board (IRB) protocol reviews using Common Rule and FDA criteria remain as before, including aspects related to data protection. HIPAA’s relatively new data-focused protections, which took effect starting in 2003, supplement Common Rule and FDA protections they are not a replacement. Under HIPAA, a “disclosure accounting” is required:Īnswer: For all human subjects research that uses PHI without an authorization from the data subject, except for limited data sets. HIPAA’s protections for health information used for research purposes…Īnswer: Supplement those of the Common Rule and FDA. Do not assume that a representative of the funder will know all the rules, or that the generic advice of a professional association will be applicable to your organization’s particular rules. Consulting with an experienced colleague can always be helpful, but their advice is not authoritative. For data security issues, consult with your organization’s security official. ![]() If you are unsure about the particulars, consult with your organization’s IRB, Privacy Board, or privacy official. If you’re unsure about the particulars of HIPAA research requirements at your organization or have questions, you can usually consult with:Īnswer: An organizational IRB or Privacy Board, privacy official (“Privacy Officer”), or security official (“Security Officer”), depending on the issue. Only a “limited data set” is used, under an approved “data use agreement.” It is “grandfathered” research where all legal permissions were in place before HIPAA took effect. Only deceased persons’ information is used. The research is used solely for activities preparatory to research. However, HIPAA provides several alternatives that can bypass such authorizations: The research involves only minimal risk. If the data in question meet the definition of PHI and are being used for purposes that fall within HIPAA’s definition of research, HIPAA generally requires explicit written authorization (consent) from the data subject for research uses. However, remember that you generally cannot proceed on your own without some approval from an IRB, Privacy Board, or other designated governing entity.Ī covered entity may use or disclose PHI without an authorization, or documentation of a waiver or an alteration of authorization, for all of the following EXCEPT:Īnswer: Data that does not cross state lines when disclosed by the covered entity. HHS has reiterated in its guidance that use or disclosure of PHI for retrospective research studies may be done only with patient authorization - or with a waiver, alteration, or exception determination from an IRB or Privacy Board. Under HIPAA, “retrospective research” (a.k.a., data mining) on collections of PHI generally …Īnswer: is research, and so requires either an authorization or meeting one of the criteria for a waiver of authorization.Īnswer: Is research, and so requires either an authorization or meeting one of the criteria for a waiver of authorization. PHI includes:Īnswer: identifiable health information that is created or held by covered entities and their business associates. HIPAA protects a category of information known as protected health information (PHI). HIPAA includes in its definition of “research,” activities related to …Īnswer: development of generalizable knowledge.Īnswer: can qualify as an activity “preparatory to research,” at least for the initial contact, but data should not leave the covered entity. When required, the information provided to the data subject in a HIPAA disclosure accounting …Īnswer: must be more detailed for disclosures that involve fewer than 50 subject records. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |