HIPAA and RESEARCH 5 th Thursday May 31, 2007. Page 2.

Slides:

Advertisements

Similar presentations

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

Advertisements

Open Library June 4, 2004 Informed Consent Process and Federal Regulations That Must Be Met to Waive Informed Consent Tracey Craddock Regulatory Compliance.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *

HIPAA Privacy Rule and Research

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA, Privacy & Confidentiality Local Accountability for Research Protection in VA Facilities VA Office of Research & Development Baltimore, February.

1 HIPAA Enhancements to IRB Submissions John M. Falletta, MD Chairman, Institutional Review Board Duke University Health System Durham, NC.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.

RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.

HIPAA Health Insurance Portability and Accountability Act.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

HIPAA Requirements for Patient Oriented Research

Informed Consent.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Privacy and Information Security Essentials

University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.

1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

Informed Consent and HIPAA Tim Noe Coordinating Center.

Human Investigation Committee  Is it research?  If yes, does it involve human subjects?  If yes, can it be exempt?  If no, will a Request for.

HIPAA Health Insurance Portability & Accountability Act of 1996.

Health Insurance Portability and Accountability Act (HIPAA)

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:

Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.

1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.

Revised February 4, Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research.

1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.

14 May Privacy Requirements Phoenix Ambulatory Blood Pressure Monitoring System © 2006 Christopher J. Adams Copying and distribution of this document.

HIPAA Privacy and Research August 21, 2015

1 Defense Health Agency Privacy and Civil Liberties Office HIPAA Privacy Board Overview August 6, 2015.

August 8, 2011 Leslie J. Pfeffer, BS, CHP. Health Insurance Portability and Accountability Act HIPAA Privacy Rule April 14, 2003 HIPAA Security Rule April.

Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.

PwC Tissue Banking and Repositories – Human Subject Protections Privacy Protections Medical Research Summit Tom Puglisi, Ph.D. Friday March 7 – 9:15 am.

HIPAA and Research Basics for IRB Tim Atkinson Director, Research and Sponsored Programs Director, Institutional Review Board Research Privacy Officer.

HIPAA – How Will the Regulations Impact Research?.

H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…

© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.

Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

University of Pennsylvania Health System 1 Session 3.02: Case Studies in Clinical Research Compliance Russell M. Opland, M.P.H., EMT-P Chief Privacy Officer.

Health Insurance portability and Accountability Act (HIPAA)‏

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.

06/20/03- revised1 Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research Administrators,

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

1 The Impact of HIPAA on US Biomedical Research Presented To The: HIPAA SUMMIT Washington, DC March 28, 2003 Oliver Johnson, Chief Privacy Officer Merck.

PwC Issues in HIPAA Research Compliance William R. Braithwaite, MD, PhD “Dr. HIPAA” HIPAA Summit 6 Washington, DC 27 March 2003.

Human Subjects Update E. Wethington, Chair, UCHS.

Office of Human Research (OHR) Quality Improvement Program Patrick Herbison Heather Krupinski.

Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:

HIPAA 2017 JHSPH IRB Clarifications and Changes

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

The HIPAA Privacy Rule: Implications for Medical Research

No No, Yes Yes: Simple Privacy & Information Security Tips Krista Barnes, J.D. Senior Legal Officer and Director, Privacy & Information Security, Institutional.

The HIPAA Privacy Rule and Research

HIPAA Privacy & Security: Medical Research Context

Issues in HIPAA Research Compliance

Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.

The Health Insurance Portability and Accountability Act

Presentation transcript:

HIPAA and RESEARCH 5 th Thursday May 31, 2007

Page 2

Page 3 HIPAA Privacy Regulation Concepts HIPAA does not regulate research HIPAA applies to the healthcare industry through the operations of covered entities such as the VCU ACE HIPAA does not override or replace regulations for human subject research such as 46 CFR 46 (OHRP) and 21 CFR 50 and 56 (FDA) HIPAA impacts research by regulating how covered entities may permit access to data that is “Protected Health Information” in their custody.

Page 4 Concepts Con’t HIPAA requires covered entities to obtain certain documents from researchers before allowing research access to or use of PHI. These may include:  Waiver of Authorization  Approval for access to PHI in preparation for research  Limited Data Set agreement

Page 5 Concepts Con’t Researchers who are also healthcare providers must provide the same HIPAA documents to use their patient’s PHI in research as researchers who are not healthcare providers. In other words, a physician’s right to access a patient’s PHI for healthcare purposes does not entitle that physician to access that same information for research purposes.

Page 6 What HIPAA Documentation is Required? The Requirements Are Based On the Identifiers In The Data : PHI that includes identifiers (beyond a limited data set) PHI Limited Data Set Decedents’ Data Reviews in Preparation for Research De-identified Data Set

Page 7 HIPAA De-identification Once data is de-identified it is no longer subject to HIPAA regulations. The HIPAA regulation does allow for using special codes for re-identification of such data, the VCU Health System requires specific approval by the Privacy Officer if codes for re-identification are to be used.

Page 8 The following identifiers for the patient and family Must be removed to create a de-identified data set: 1. Names2. Telephone Numbers 3. FAX numbers4. Addresses 5. All Dates 6. Medical Records # 7. Account # 8. Social Security # 9. Health Plan # 10. Vehicle # 11. Device/Serial #12. Certificate/License Web # 13. Identity (URL) 14. IP Address 15. Biometric Identifiers 16. Photos 17. Geographic Identifiers Smaller Than State 18. Any Other Identifying Number, Characteristic or Code

Page 9 PHI In Preparation For Research A review preparatory to research allows a researcher to examine PHI to determine the feasibility of performing a research protocol. During this period the researcher may not remove or record and remove any PHI from the the VCU Health System. HIPAA allows the researcher, if they are part of the VCU ACE to contact potential subjects. Such a practice should be approached with great caution unless the researcher is known to the patient.

Page 10 Decedent Data In Research A VCU Health System researcher may use decedent data by sending a signed statement to the Compliance Services Department that:  The information will be used solely for research  All PHI obtained is of decedent(s) This regulation is specific to research and for non- research, decedent PHI is protected the same as PHI for living individuals.

Page 11 LIMITED DATA SET A Limited Data Set includes PHI that is largely de-identified but may include certain identifiers The use of a Limited Data Set REQUIRES a signed “Data Use Agreement”

Page 12 Limited Data Set (con’t) A Limited Data Set as defined by HIPAA may contain no “identifiers”from the list of identifiers previously shown except it may contain:  Elements of dates including birth date, admission date, dates of procedures, date of death, etc.  Geographic information such as state, city, town, census tract, precinct, and ZIP code. May not include street name, address or post office box number.

Page 13 Limited Data Set (con’t) Data Use Agreement

Page 14 Research Data Includes Identifiers Beyond A Limited Data Set Required HIPAA documentation:  Authorization signed by the subject (or legally authorized representative); or  Waiver of Authorization

Page 15 Research Authorization Subject’s signed permission to disclose or use PHI for research. This is not a blanket permission and must be specific:  What PHI? What purpose? By whom? How long? And other requirements as shown.  A research authorization is in addition to the IRB Informed Consent and usually signed at the same time as the IC.  The Research Authorization does not require a specific expiration date.

Page 16 Waiver of Authorization No more than minimum risk Adequate plan to protect identifiers Destruction of identifiers as soon as possible Assurance the PHI will not be disclosed for purposes other than approved Research could not practicably be carried out w/o the waiver Waiver will not adversely affect the subject’s welfare or rights Subjects, if appropriate will be provided information at a later date

Page 17 Subject Rights Under HIPAA Access to research PHI (NOTE: Access to PHI can be temporarily suspended in order to legitimize the research – This must be explained in the Authorization Request an amendment to the PHI Get an accounting of the disclosures (any disclosure not in the authorization) Request restrictions on uses and disclosures Withdraw the authorization (NOTE: If a subject withdraws authorization the researcher may use the information gathered

Page 18 Subject Rights (con’t) A researcher can disqualify the potential subject from the protocol upon refusal to sign the authorization.

Page 19 HIPAA LINK

COMPLIANCE HELPLINE Confidential reporting Operated by Global Compliance Available 24 hours a day, 7 days a week Helpline web-based reporting: Helpline web-based reporting: