What does this form mean? HIPAA Authorization means prior written permission for use and disclosure of protected health information (PHI) from the information’s.

Slides:



Advertisements
Similar presentations
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
Advertisements

HIPAA Privacy Rule and Research
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA, Privacy & Confidentiality Local Accountability for Research Protection in VA Facilities VA Office of Research & Development Baltimore, February.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.
HIPAA Health Insurance Portability and Accountability Act.
HIPAA Requirements for Patient Oriented Research
Informed Consent.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Privacy and Information Security Essentials
Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center
ORO Findings on Privacy, Confidentiality, and Information Security Peter N. Poon, JD, MA, CIPP/G Office of Research Oversight Initially presented June.
Office of Research Oversight. Working Group Report Slide 2.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
Office of Research Oversight. Challenges & Opportunities Related to “Collaborative” Research with Affiliates Challenges –Federal Records Retention Requirements.
1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
SPECIAL DIABETES PROGRAM FOR INDIANS Competitive Grant Program Special Diabetes Program for Indians Competitive Grant Program SPECIAL DIABETES PROGRAM.
HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
HIPAA Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
2012 VA IRB Administrators Meeting Stephania H. Griffin, JD, RHIA, CIPP/G VHA Privacy Officer Director, Information Access and Privacy Privacy Officer.
2012 VA Human Research Protection Program Patricia L. Christensen, MS, RHIA, CIPP/G, CHPS, CHPC VHA Privacy Office Common Privacy Findings in Research.
Data Security and Research 101 Completing Required Forms Kimberly Summers, PharmD Assistant Chief for Clinical Research South Texas Veterans Health Care.
Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:
University of Miami1 Privacy, Confidentiality & Security Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.
Revised February 4, Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
HIPAA Privacy and Research August 21, 2015
Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.
HIPAA (health insurance portability and accountability act)
PwC Tissue Banking and Repositories – Human Subject Protections Privacy Protections Medical Research Summit Tom Puglisi, Ph.D. Friday March 7 – 9:15 am.
HIPAA and Research Basics for IRB Tim Atkinson Director, Research and Sponsored Programs Director, Institutional Review Board Research Privacy Officer.
HIPAA – How Will the Regulations Impact Research?.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
06/20/03- revised1 Health Insurance Portability and Accountability Act (HIPAA) HIPAA Privacy Rule: UCSF Education Module for Researchers, Research Administrators,
EHR & BIG DATA – RISKS AND ADVANTAGES OF AMASSING MEDICAL DATABASES Sandra Gardiner Technology Law Section October 24, 2014.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
1 Role of the Privacy Office in VA Research Stephania H. Putt VHA Privacy Officer.
Teaching & POEMs and DOEs in an Online Classroom Jacob Reider, MD David C Ross Albany Medical College.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
Privacy: HIPAA Emerson Murphy-Hill. Rosie Callender, RHIA, web.msm.edu/hipaa/An%20Introduction%20to%20HIPAA.ppt What is HIPAA? A Federal Law Created in.
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
Reviewed by: Gunther Kohn Chief Information Officer, UB School of Dental Medicine Date: October 20, 2015 Approved by: Sarah L. Augustynek Compliance Officer,
ELECTRONIC HEALTH RECORD PRIVACY TRAINING
Winter 2008 HIPAA, Privacy & Confidentiality.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
No No, Yes Yes: Simple Privacy & Information Security Tips Krista Barnes, J.D. Senior Legal Officer and Director, Privacy & Information Security, Institutional.
Transfer of Materials, Confidential Information, and Data
The Health Insurance Portability and Accountability Act
HIPAA & PHI TRAINING & AWARENESS
The Health Insurance Portability and Accountability Act
Case Study Template Kerecis Aurora Awards
Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.
The Health Insurance Portability and Accountability Act
Presentation transcript:

What does this form mean? HIPAA Authorization means prior written permission for use and disclosure of protected health information (PHI) from the information’s source person, research subject, or legally authorized personal representative, as required under law, including HIPAA. (simple definition: This form is a release of information, signed by the subject, authorizing you to use/disclose their data outside of the VA) What are the correct and incorrect ways this form would be completed? All elements of the HIPAA Authorization form must be filled out by the investigator and will be consistent with the informed consent and HawkIRB application. All forms are required to be filled out completely and signed by the subject, to whom the information pertains too. Failure to complete and have the subject sign the HIPAA Authorization, will be reported to the Privacy Officer, Office of Research Oversight (ORO), Research Compliance Officer and the IRB as a privacy violation

Which sections of the form are the investigators vs. the subject responsible for understanding? Investigators are responsible for ensuring that no human being is involved as a subject in research unless the investigator or a designee has obtained legally effective HIPAA Authorization for use and disclosure of the subjects PHI, or has obtained IRB-approved waiver of HIPAA Authorization Subject or legally authorized representative are responsible for understanding and consenting to the use and disclosure of their PHI on the HIPAA Authorization form Where is the HIPAA authorization located? HIPAA Authorization form will be located within the HawkIRB application under “approval” tab. Click on “PO review”, then “other review screen”, then “VA HIPAA”. It is not located under “attachments” because the IRB does not approve HIPAA documents. Will the HIPAA Authorization need to be included in the HawkIRB application? The HIPAA Authorization form is required to be part of the HawkIRB application, when applicable

How would the new authorization form affect the content of the current informed consent document? The Principal Investigator will be responsible for ensuring the HIPAA Authorization, informed consent and protocol are consistent with each other to include: use of data or specimens for other research as described within HIPAA Authorization and who the information pertaining to the subject is disclosed too outside of the VA Where does this document get filed after it is signed? The original HIPAA Authorization should be kept with the research team and a copy of the HIPAA Authorization will be sent to the VA Scanning department (mail code 136c) to be scanned into the subjects medical record What are the retention requirements for this new form? The National Archives and Records Administration (NARA) currently have not set retention requirements for ANY research records, therefore nothing should be destroyed at the time. All Research records including the HIPAA Authorization must be kept until NARA provides guidance for destroying research records.

What is individually-identifiable health information? Health information that does not identify an individual and to which there is no reasonable basis to believe that the information can be used to identify an individual. 18 HIPAA identifiers. Note: Retinal Scans and audio recordings are considered individual-identifiable identifiers What is de-identified data? For purposes of VA research, de-identified data are data that have been de- identified in accordance with both HIPAA Privacy Rule and the Common Rule (18 HIPAA identifiers) Scrambling of names and social security numbers is not considered de-identifying health information Coded data is data identifiable by the individual(s) who has access to the code. Therefore, coded data are not considered to be de-identified or anonymous. When disclosing de-identified data to non-VA entities this code needs to be removed

Other information: Use of the new HIPAA Authorization, Form begins immediately for all new protocol applications All existing IRB approved projects will not be required to revise the consent process at the point of CR or modification to use the new HIPAA Authorization, unless you are making changes to your HIPAA Authorization or as directed by the IRB

*New section

*Need to insert your information here

*This part of the form is new

Miscellaneous Research Privacy information: Record retention language will be used for all protocols involving the VA “The required records, including the investigator’s research records, will be retained until disposition instructions are approved by the National Archives and Records Administration and are published in VHA’s Records Control Schedule (RCS 10-1)” Original audio recordings cannot be deleted/destroyed even after transcribed (upload to a VA server) Research Identifiers cannot be deleted/destroyed If you are storing VA information on a University server this language needs to be documented in the informed consent “Transfer of your information to an affiliate server constitutes “disclosure” under HIPAA. After transfer of your information to the University affiliate server, VA no longer owns the transferred information and VA cedes control over the information”. A HIPAA Authorization will also need to be completed if storing information to the University server. If the investigator is not getting the subjects written consent/HIPAA Authorization, but storing information on the University server you must have a waiver from the VA Chief Information Officer prior to storing information outside of the VA. A prior written HIPAA Authorization signed by the subject must be obtained prior to disclosing PHI to an academic affiliate

All employees will follow “clean desk” practices to protect VA sensitive information (in any form) in uncontrolled environments and all VA sensitive information on printouts and other media will be kept in locked files or cabinets when not in use VA Authorization to transport data outside of VA property will be filled out and signed by all parties before any VA sensitive information is transported, transmitted, accessed, or removed from VA property. *Privacy Practice Notice Handbook indicates “VHA must provide a copy of its VHA Notice of Privacy Practices to all non-Veteran research subjects enrolled in an approved VHA research study with clinical trials” The non veteran patient must acknowledge receipt of the VHA Notice of Privacy Practices during first episode of care on VA form After the non-Veteran has signed the acknowledgement form the principal investigator for the research study will send an encrypted to the facility Privacy Officer with the full name of the non-Veteran and the non-Veteran’s last four of social security number

Privacy Practice Notice continue: If an acknowledgement of VHA Notice of Privacy Practices is not received from the non-Veteran patient, an administrative note must be entered into CPRS or the research subjects record indicating the good faith efforts made to obtain the written acknowledgement and the reason(s) why the acknowledgement was not received Legally Authorized Representative(LAR) Is an individual who is qualified to provide informed consent on behalf of a prospective research subject but may not always qualify as a personal representative for the purposes of consent to use or disclose a human subject’s PHI (HIPAA authorization) Examples of LAR: Health Care agent Legal or special guardian Next of kin in this order: spouse, child, parent, sibling, grandparent, grandchild, or A close friend

If an investigator wants a copy of the research data, a request must be submitted to the Privacy Officer prior to receiving a copy of the data All research data is the property of the VA and is required to stay with the VA, even after the research study is closed

18 HIPAA Identifiers: The following identifiers of the individual or of relatives, employers, or household members of the individual are removed: (1)Names (2) All geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: (a) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (b) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000

(3) All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older (4) Telephone numbers (5) Fax numbers (6) Electronic mail addresses (7) Social Security Numbers (8) Medical record numbers (9) Health plan beneficiary numbers (10) Account numbers (11) Certificate and/or license numbers

(12) Vehicle identifiers and serial numbers, including license plate numbers (13) Device identifiers and serial numbers (14) Web Universal Resource Locators (URLs) (15) Internet Protocol (IP) address numbers (16) Biometric identifiers, including finger and voice prints (17) Full-face photographic images and any comparable images (18) Any other unique identifying number, characteristic, or code

Amber Smith VA Privacy Officer (319) , ext Sara Miller Research Compliance Officer (319) , ext