HIPAA 2017 JHSPH IRB Clarifications and Changes

Slides:



Advertisements
Similar presentations
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
Advertisements

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA Privacy Rule and Research
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
HIPAA Requirements for Patient Oriented Research
Informed Consent.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Informed Consent and HIPAA Tim Noe Coordinating Center.
1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.
Health Insurance Portability and Accountability Act (HIPAA)
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.
Revised February 4, Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
HIPAA Privacy and Research August 21, 2015
Health Insurance Portability and Accountability Act (HIPAA)
PwC Tissue Banking and Repositories – Human Subject Protections Privacy Protections Medical Research Summit Tom Puglisi, Ph.D. Friday March 7 – 9:15 am.
HIPAA and Research Basics for IRB Tim Atkinson Director, Research and Sponsored Programs Director, Institutional Review Board Research Privacy Officer.
HIPAA – How Will the Regulations Impact Research?.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
University of Pennsylvania Health System 1 Session 3.02: Case Studies in Clinical Research Compliance Russell M. Opland, M.P.H., EMT-P Chief Privacy Officer.
Health Insurance portability and Accountability Act (HIPAA)‏
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
06/20/03- revised1 Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research Administrators,
HIPAA Health Insurance Portability and Accountability Act.
1 The Impact of HIPAA on US Biomedical Research Presented To The: HIPAA SUMMIT Washington, DC March 28, 2003 Oliver Johnson, Chief Privacy Officer Merck.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
PwC Issues in HIPAA Research Compliance William R. Braithwaite, MD, PhD “Dr. HIPAA” HIPAA Summit 6 Washington, DC 27 March 2003.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
HIPAA Privacy Rule Training
To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the screen changes and you.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA Update J. T. Ash University of Hawaii System
Disability Services Agencies Briefing On HIPAA
The HIPAA Privacy Rule and Research
The Health Insurance Portability and Accountability Act
HIPAA Privacy & Security: Medical Research Context
Issues in HIPAA Research Compliance
Analysis of Final HIPAA Privacy Modification Rule
Research Compliance: The Research/Privacy Nexus
Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.
The Health Insurance Portability and Accountability Act
Presentation transcript:

HIPAA 2017 JHSPH IRB Clarifications and Changes Accessing protected health information from Johns Hopkins Medicine

Quick Review of Hipaa & research Protected Health Information (PHI): Individually identifiable health information that is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates

“covered entity” Health Care Provider: Doctor, Hospital, Clinic, Pharmacy, Chiropractor, Dentist, Psychologist, Nursing Home - but only if they transmit any information in an electronic form in connection with a transaction for which HHS has adopted a standard. Health Plan: Health Insurance Companies, HMOs, Company Health Plans, Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs Health Care Clearinghouse: Entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa

Clarifications for JHM Some People Think Clarifications for JHM PHI “once disclosed” for research is still PHI IRB must grant a waiver to access medical records for recruitment Researchers may access medical records, with permission from clinicians PHI properly disclosed for research is no longer covered by HIPAA HIPAA permits access to medical records for recruitment “Preparatory to Research” without authorization or waiver Only “HIPAA Workforce Members” may access medical records

What is “Proper disclosure” for research? Disclosure of PHI after obtaining signed HIPAA Authorization from research participant Disclosure of PHI “Preparatory to Research” Disclosure of PHI via HIPAA Waiver approved by the IRB Disclosure of PHI via Limited Data Set created by JHHS Workforce Member (likely an Honest Broker) Disclosure of PHI for Research on Decedents Only

HIPAA Privacy Authorizations Are usually combined with informed consent document and are signed Specific regulatory requirements are included in JHSPH consent/authorization template Data disclosed via authorization for research are no longer “PHI” under HIPAA, but are “sensitive private information” requiring appropriate data security protections

Preparatory to research REQUIREMENTS FOR JHM RECRUITMENT Access to PHI only by a “JHHS HIPAA Workforce Member” Access to PHI must be to identify potential participants “within the covered entity” Clinician with treatment relationship must first contact potential participant to get permission for disclosure Clinicians must record patient permission to disclose PHI to researcher in patient medical record Disclosure to researcher is limited to “minimum necessary” information for eligibility and contact

Jhm HIPAA WORKFORCE MEMBERS Credentialed JHHS-privileged professional or staff who have access to EPIC for patient care (credentialed JHHS Workforce Member) Students in health care professions (SON, SOM, SPH) who access PHI under direction of credentialed JHHS Workforce Member and who have signed a HIPAA Workforce Agreement JHU Research Personnel (faculty, staff) working under direction of credentialed JHHS Workforce Member who have signed HIPAA Workforce Agreement JHU Research Personnel serving as JH Privacy Office credentialed “Honest Brokers”

Preparatory to research Recruitment mechanism #1 Contacting the potential participant within the covered entity: Clinician with treatment relationship must ask patient for permission to disclose PHI to researcher Clinician must document permission to disclose “minimum necessary” PHI (name, eligibility criteria) to researcher in medical record Researcher contact with potential participant must occur in the covered entity PHI cannot leave the covered entity

PREPARATORY TO RESEARCH RECRUITMENT MECHANISM #2 Contacting the potential participant outside the covered entity Clinician with a treatment relationship must contact potential participant (by mail, phone, etc.) to ask permission to disclose PHI to researcher Clinician must be added to study as co-investigator and must document permission to disclose in the patient’s medical record Researcher may use the PHI to contact the potential participant outside the covered entity The IRB must waive/alter the signature requirement for consent/authorization, allowing record of patient permission in medical record to serve as documentation Researcher must obtain a signed consent/authorization from participants if the research involves access/use of additional PHI

HIPAA Waiver: Regulatory Requirements The use or disclosure of PHI must pose no more than minimal risk to privacy of individuals because: Researcher provides adequate plan to protect identifiers Researcher provides adequate plan to destroy identifiers Researcher provides written assurance that the PHI will not be reused or disclosed, with a few exceptions The research could not practicably be conducted without the Waiver The research could not practicably be conducted without the PHI Disclosures of JHM PHI under HIPAA Waiver must be tracked

When is HIPAA Waiver likely to be approved? For recruitment in circumstances for which it is impracticable to have a clinician with a treatment relationship contact potential participants (expected to be rare at JHM) Most likely cases: For secondary data analysis of existing, identifiable data For broad program evaluation

Tracking for approved JHM HIPAA waivers Patients have the right to an accounting for all disclosures of PHI under an IRB approved HIPAA Waiver, up to 6 years post-disclosure Researchers with fewer than 50 JHM participants must track the disclosures in the SPH JH Compliance Tracking System (https://cfapps.jhsph.edu/SPH-JH-HIPAA- Compliance/) Researchers with 50 or more JHM participants will have their studies reported by the IRB to the JHM Privacy Office

Limited data set and de-identified data set Must be created by credentialed JHHS Workforce Member May include: Admission, discharge, service dates DOB, DOD Age, including 90 and over Five digit zip code or any other geographic subdivision, such as state, county, city, precinct, census tract and equivalent geocodes except street address

Use of decedents’ information Deceased individuals are not “human subjects” under the DHHS Common Rule, but are protected under HIPAA Researchers seeking to use Decedent PHI must be JHHS Workforce Members Researchers must obtain IRB permission to use PHI of deceased individuals by completing HIPAA Form 5, “Representations Form for Research Involving Only Decedents’ Information” http://www.hopkinsmedicine.org/institutional_review_ board/hipaa_research/forms.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.