Research Compliance: The Research/Privacy Nexus

Slides:



Advertisements
Similar presentations
SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
Advertisements

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
The Department has declared itself to be a single covered entity. Thus, each and every one of our divisions is a covered entity and must comply with.
Minimum Necessary Standard Version 1.0
Open Library June 4, 2004 Informed Consent Process and Federal Regulations That Must Be Met to Waive Informed Consent Tracey Craddock Regulatory Compliance.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
HIPAA Minimum Necessary: Use/Disclosure & Role-based Access  Charlene Dunbar Madonna Rehabilitation Hospital  Sheila Wrobel Nebraska Health System.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Informed Consent and HIPAA Tim Noe Coordinating Center.
1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.
Health Insurance Portability and Accountability Act (HIPAA)
2012 VA IRB Administrators Meeting Stephania H. Griffin, JD, RHIA, CIPP/G VHA Privacy Officer Director, Information Access and Privacy Privacy Officer.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
HIPAA PRIVACY AND SECURITY AWARENESS.
1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
1 Defense Health Agency Privacy and Civil Liberties Office HIPAA Privacy Board Overview August 6, 2015.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
HIPAA and Research Basics for IRB Tim Atkinson Director, Research and Sponsored Programs Director, Institutional Review Board Research Privacy Officer.
HIPAA – How Will the Regulations Impact Research?.
NE SNIP PRIVACY WORKGROUP Use and Disclosure of Protected Health Information Regarding a Deceased Individual.
Privacy Officer Core Responsibilities for Human Research Protection Stephania H. Griffin, RHIA, CIPP/G VHA Privacy Officer.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
1 Role of the Privacy Officer on the IRB Stephania H. Griffin, RHIA, CIPP/G VHA Privacy Officer.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
06/20/03- revised1 Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research Administrators,
Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,
1 Role of the Privacy Office in VA Research Stephania H. Putt VHA Privacy Officer.
PwC Issues in HIPAA Research Compliance William R. Braithwaite, MD, PhD “Dr. HIPAA” HIPAA Summit 6 Washington, DC 27 March 2003.
Human Subjects Update E. Wethington, Chair, UCHS.
CAN THE CANNED FORMS: Practical Advice in Implementing HIPAA Privacy Policies and Forms Margaret Marchak, Esq. Rachel Nosowsky, Esq. HIPAA Summit West.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
HIPAA Training Workshop #2 Trainer: Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Main Line Hospitals Institutional Review Board HIPAA Policy Changes 2013 Anne Marie Hobson, BSN, JD, ORA Director.
HIPAA 2017 JHSPH IRB Clarifications and Changes
To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the screen changes and you.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The HIPAA Privacy Rule: Implications for Medical Research
Paul T. Smith Davis Wright Tremaine LLP
Disability Services Agencies Briefing On HIPAA
HIPAA Pros - Minimum Necessary
The HIPAA Privacy Rule and Research
Making Your IRBs and Clinical Investigators HIPAA-Ready
Issues in HIPAA Research Compliance
HQ Expectations of DOE Site IRBs
Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.
Presentation transcript:

Research Compliance: The Research/Privacy Nexus C. Brandi Hannagan, JD Senior Regulatory Specialist UC Davis Health Compliance

The Privacy Nexus in Research You are a member of the UCD Health Workforce UCD Health is a Covered Entity (CE) under Federal HIPAA Law All CEs (and its workforce) are responsible for complying with HIPAA The CE is required to ensure that access to its patient information is in accordance with the law PRIMARY ISSUE FOR RESEARCHERS: When can you access patient records?

When are We Able to Access Patient Records?

Access with Authorization

Authorization Issues

Access Without Consent: What are the Research-Related Exceptions?

Access Without Consent: Waiver of HIPAA Authorization Granted by IRB during submission process Access must match the brief description of the PHI for which use or access has been determined to be necessary by the IRB Must comply with Accounting of Disclosures (HIPAA Rule and UCD Health P&P)

Access Without Consent: Preparatory to Research Access available prior to IRB approval For preparatory purposes only Submit request to: https://ctscassist.ucdmc.uc davis.edu/redcap/surveys/? s=VRGYXq8PVW

Preparatory to Research Requests What do you need the data for? What information do you need to review? Whose PHI do you want to see? What is the desired data source? Have you considered cohort discovery?

Access Without Consent: Decedent Research Access available through compliance (must also get approval from IRB if access involves death certificate) Representation from the researcher that the use or disclosure being sought is solely for research on the protected health information of decedents, that the protected health information being sought is necessary for the research. Submit request to: https://ctscassist.ucdmc.ucdavis.edu/redc ap/surveys/?s=VqdaAG8o6M

For All Access Without Authorization: Must Account for Disclosures HIPAA requires covered entities (UCD Health) to maintain records of certain disclosures without authorization, including disclosures to researchers (not part of the covered entity) including disclosures pursuant to a waiver of authorization, preparatory to research reviews, and decedent research (45 CFR 164.528) UCD Health P&P 2446: Personnel who receive (view/disclose) protected health information (PHI) of the CE without a patient’s written authorization are responsible for accounting for this access

Online Database: https://disclose.ucdmc.ucdavis.edu UCD Health P&P 2446 Online Database: https://disclose.ucdmc.ucdavis.edu New Disclosure Document Upload Document Upload

EMR Surveillance Program Process by which we review EMR users’ access to patient records to determine if access in the EMR is for a legitimate purpose Do this to: Comply with HIPAA requirements that we have appropriate safeguards in place to ensure privacy Comply with HITECH Security rules to ensure we have appropriate monitoring activities Do this to mimic federal privacy audits & ensure compliance with P&Ps

Is this access appropriate? Hypothetical: Surveillance identifies access by CRC Homer to Patient Marge’s PCN encounter on 7/20/17. Homer BTG and entered protocol #123 as the reason. We know the following: Protocol #123 was approved on 10/30/16 IRB also approved a Waiver for Recruitment purposes on 10/30/16 Homer is listed on the RPL There is no signed consent, HIPAA Authorization, or disclosure tracking in Marge’s record Is this access appropriate?

Thank you! Compliance & Privacy Office UC Davis Health System 2300 Stockton Blvd., Sherman Building, Room 3100 Office: (916) 734-8808 HS-ResearchCompliance@ucdavis.edu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.