Office of Research Oversight. Challenges & Opportunities Related to “Collaborative” Research with Affiliates Challenges –Federal Records Retention Requirements.

Slides:

Advertisements

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

Advertisements

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

ORD Common Questions K. Lynn Cates, MD Assistant Chief Research & Development Officer Director, PRIDE December 5, 2012.

ORO Findings on Privacy, Confidentiality, and Information Security Peter N. Poon, JD, MA, CIPP/G Office of Research Oversight Initially presented June.

What does this form mean? HIPAA Authorization means prior written permission for use and disclosure of protected health information (PHI) from the information’s.

Office of Research Oversight. Working Group Report Slide 2.

Recently Issued OHRP Documents: Guidance on Subject Withdrawal and Draft Revised FWA Secretary’s Advisory Committee on Human Research Protections October.

VHA Handbook K. Lynn Cates, M.D. Assistant Chief Research & Development Officer Director, PRIDE HRPP 201 March 24, 2011.

Developing a Records & Information Retention & Disposition Program:

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

NIH Proposed Use of a Central IRB (C-IRB) for NIH-funded multi-site studies Committee on Clinical Research January 26,

Informed Consent and HIPAA Tim Noe Coordinating Center.

Office of Research Oversight VHA Handbook Research Conducted by VHA Program Office Employees Effective May 1, 2012 October 28, 2011.

Data Repositories - Anticipated Policy VHA Handbook Research Accountability Meeting Dr. Joan P. Porter Office of Research Oversight ORO Human Subject.

Health Insurance Portability and Accountability Act (HIPAA)

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Office of Research Oversight Update VA IRB Chair Meeting Baltimore, Maryland August 14-15, 2012 August 14, 2012.

2012 VA IRB Administrators Meeting Stephania H. Griffin, JD, RHIA, CIPP/G VHA Privacy Officer Director, Information Access and Privacy Privacy Officer.

Reality vs Urban Myth: The Truth About Regulations

Credentialing for Research Staff Engaged in Human Research Projects at the Atlanta VAMC 1.

2012 VA Human Research Protection Program Patricia L. Christensen, MS, RHIA, CIPP/G, CHPS, CHPC VHA Privacy Office Common Privacy Findings in Research.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.

Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.

International Research & Research Involving Children K. Lynn Cates, MD Assistant Chief Research & Development Officer Office of Research & Development.

Responsible Conduct of Research (RCR) Farida Lada October 16, 2013

ORO Reviews: Frequent Findings Related to IRBs Bob Brooks Associate Director Research Compliance Education and Policy VHA Office of Research Oversight.

Office of Research Oversight ORO Reporting Adverse Events in Research to ORO Paula Squire Waterman, MS, CIP Department of Veterans Affairs Office of Research.

1 Defense Health Agency Privacy and Civil Liberties Office Data Sharing Program Overview Ms. Rita DeShields DHA Data Sharing Compliance Manager August.

HIPAA and Research Basics for IRB Tim Atkinson Director, Research and Sponsored Programs Director, Institutional Review Board Research Privacy Officer.

Developing Solutions - Specific ISO & Privacy Officer Responsibilities for Review of Human Research Projects K. Lynn Cates, M.D. Assistant Chief Research.

ORO Reviews: Frequent Findings Bob Brooks Associate Director Research Compliance Education and Policy VHA Office of Research Oversight May, 2012.

Privacy Officer Core Responsibilities for Human Research Protection Stephania H. Griffin, RHIA, CIPP/G VHA Privacy Officer.

H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…

HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.

VA Central IRB Annette Anderson, MS, CIP VA Central IRB Administrator Updated: September 21, 2015.

AUDIT REQUIREMENTS, FINDINGS & BASICS RESEARCH COMPLIANCE.

VHA Handbook What’s new. General Requirements for Informed Consent A Legally Authorized Representative may not always qualify as a ‘personal representative’

1 Role of the Privacy Officer on the IRB Stephania H. Griffin, RHIA, CIPP/G VHA Privacy Officer.

Continuing Review Presented by: Karen Jeans, PhD, CCRN, CIP Program Analyst, COACH.

VA Central IRB Annette R. Anderson, MS, RHIA, CIP VA Central IRB Administrator Local Accountability Meeting June 2011.

Policy and Implementation Plan for Public Access to Scientific Publications and Digital Data from VA-Funded Research Tom Puglisi, PhD, ORO Executive Director.

HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.

Office of Research Oversight 1 Core Responsibilities for Human Research Protection Research Compliance Officers Robert Brooks, MD, PhD, MBA Associate Director,

Office of Research Oversight 1 Office of Research and Development Local Accountability Meeting January 2009.

Paul Kelly Facility Research Compliance Officer for the Ralph H. Johnson VA Medical Center.

1 Overview of the Report Holly H. Birdsall, MD, PhD Acting Deputy Chief of Research & Development Officer, ORD.

1 Role of the Privacy Office in VA Research Stephania H. Putt VHA Privacy Officer.

Policy and Implementation Plan for Public Access to Scientific Publications and Digital Data from VA-Funded Research Tom Puglisi, PhD ORO Executive Director.

INVESTIGATOR RESPONSIBILITIES C. Karen Jeans, MSN COACH Project Analyst.

VETERANS HEALTH ADMINISTRATION SLIDE 0 New Requirements for VA ORD Investigators: Implementation of Data Management and Access Plans.

FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.

Office of Research Oversight What’s New in VHA Handbook Dated November 15, 2011 December 1, 2011.

VA Central IRB K. Lynn Cates, MD Assistant Chief Research & Development Officer Office of Research & Development Department of Veterans Affairs.

VA Central IRB K. Lynn Cates, MD Assistant Chief Research & Development Officer Office of Research & Development Department of Veterans Affairs September.

Informed Consent Presented by Marian Serge, RN. Goals Informed consent process and form Title 38 CFR , Common Rule required elements and additional.

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:

Working Group on IT Security and Privacy in VA and NIH Sponsored Research Joel Kupersmith, MD Chief Research & Development Officer.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

The HIPAA Privacy Rule: Implications for Medical Research

Multisite Human Subjects Research

The HIPAA Privacy Rule and Research

HIPAA Policy & Procedure Strategies

Making Your IRBs and Clinical Investigators HIPAA-Ready

Presentation transcript:

Office of Research Oversight

Challenges & Opportunities Related to “Collaborative” Research with Affiliates Challenges –Federal Records Retention Requirements –Privacy/Confidentiality Requirements –Privacy Act, HIPAA Privacy Rule, etc –Data Ownership Issues –VA Data Security Requirements –Dual Appointment Investigator Issues Slide 2

Office of Research Oversight Challenges & Opportunities Related to “Collaborative” Research with Affiliates Opportunities –AAMC Working Group on Information Technology Security and Privacy in VA and NIH-Sponsored Research The Working Group report describes: –Disclosure of PHI –Pursuant to a request from the affiliate –For use in non-VA research conducted by the affiliate ORO’s Interim Guidance –Assumes (pending clarification in VA policy) that the Working Group report also applies to “collaborative” research in which VA data are combined with affiliate data Slide 3

Office of Research Oversight Working Group Report Slide 4

Office of Research Oversight Record Retention Requirements VA research data must be maintained per Federal records retention and other requirements A Records Control Schedule approved by National Archives and Records Administration (NARA) is required to destroy Federal records Records Control Schedule for VA facility-level research records is currently under development VA facilities must retain data from VA research pending approval of an applicable Records Control Schedule Slide 5

Office of Research Oversight Working Group Report – Disclosure Under HIPAA Authorization (Appendix A) Slide 6

Office of Research Oversight Disclosure Under HIPAA Authorization Subject’s HIPAA authorization permits VA to disclose subject’s data for research as described in the authorization No Data Use Agreement required per Working Group Authorization, informed consent document, study protocol, and CRADA (where applicable) must be consistent as to data and purpose Authorization and consent must include all required elements and permit informed decision by subject Research data repository (per VHA Handbook ) must be established if use or disclosure by VA for future research (ie, outside study for which the data were collected) is anticipated Slide 7

Office of Research Oversight Disclosure Under HIPAA Authorization – Data Ownership & Information Security Valid informed consent and HIPAA authorization are required –Informed consent and HIPAA authorization requirements apply to all VA PHI and individually identifiable private information that are used/disclosed for research –Includes clinical data used in research for “control” or “comparison” groups VA must retain a complete record (original or copy) of the disclosed data Slide 8

Office of Research Oversight Disclosure Under HIPAA Authorization – Data Ownership & Information Security The record retained by VA is: –Owned by VA –Subject to VA information security requirements Once the disclosed copy is held by the Affiliate, VA may no longer be able to: –Control the disclosed copy –Enforce VA information security requirements Slide 9

Office of Research Oversight Disclosure Under HIPAA Authorization – Policy Clarification Desirable Working Group describes disclosure pursuant to a request from the affiliate vs “collaborative research” Not clear that disclosure under a HIPAA authorization necessarily transfers ownership Without a DUA or other legal agreement, it would seem problematic, for VA to exert ownership of the disclosed copy of any data provided to the affiliate/collaborator A DUA or other legal agreement would seem to be advisable if VA wishes to exercise ownership or control of disclosed data Slide 10

Office of Research Oversight Working Group Report – Disclosure without Authorization and Consent (Appendix A) Slide 11

Office of Research Oversight “Working Group” Report Disclosure Without HIPAA Authorization and/or Informed Consent Requirements are fact-specific ORO strongly recommends consulting ORD, the VHA Privacy Office, and Regional Counsel prior to such disclosures Slide 12

Office of Research Oversight VA Information Security Requirements Apply to all research data owned by VA If maintained electronically and containing VA Sensitive Information (VASI) must reside on VA-owned equipment unless: –A waiver has been approved by the VA CIO or –A valid Memorandum of Understanding / System Interconnection Agreement (MUA/SIA) has been approved or –Where appropriate, a valid contract with VA’s security clause and security requirements has been established to permit alternate arrangements. Slide 13

Office of Research Oversight Investigators Holding Dual Appointments Critical to separate and document: –VA activities on VA time vs –Affiliate activities on affiliate time Documentation should clarify: –VA duties –VA duty locations –VA tours of duty or time allocations –Data ownership issues –Data security requirements Separation of VA activities/research from affiliate activities/research is critical for studies combining VA data with affiliate data Slide 14

Office of Research Oversight Combining VA Data with Affiliate Data for “Collaborative” Studies Slide 15 VA data are data collected: –By a VA investigator –On VA time –Under a protocol approved by the VA IRB of Record and the VA R&D Committee Affiliate data are data collected: –By an Affiliate investigator –On affiliate time –Under a protocol approved by the affiliate IRB

Office of Research Oversight Combining VA Data with Affiliate Data for “Collaborative” Studies -- Separate Activities Defined for Each Site Slide 16 The “collaborative” study should be implemented as a multi-site study with activities clearly defined for each site Critical factors: –Data collection should typically take place at the VA site on VA time and at the affiliate/collaborator site on affiliate/collaborator time as separate activities that can be clearly distinguished by the IRB and the R&DC –The status “off-site” VA research taking place at an affiliate site on VA time should be clarified through a written agreement with the affiliate addressing data ownership and responsibility for research-related injury –The R&D Committee must only approve the VA research

Office of Research Oversight Combining VA Data with Affiliate Data for “Collaborative” Studies When Affiliate IRB is VA IRB of Record Slide 17 Each facility exercises latitude in administrative management of its research projects If the Affiliate IRB serves as the VA IRB of Record, the IRB may either: –Approve two separate “protocols” – one for the VA research and one for the Affiliate research or –Approve a single “protocol” under which the VA research activities are clearly separated from the affiliate research activities

Office of Research Oversight Combining VA Data with Affiliate Data for “Collaborative” Studies When Affiliate IRB is VA IRB of Record Slide 18 For existing “collaborative” studies with a single “protocol,” ORO suggests: –Separation of VA vs Affiliate research at applicable continuing reviews occurring after December 31, 2011 –By appropriately amending the informed consent documents and HIPAA authorizations

Office of Research Oversight Combining VA Data with Affiliate Data for “Collaborative” Studies When Affiliate IRB is VA IRB of Record Slide 19 For new “collaborative” studies with a single “protocol,” ORO suggests: –Separation of VA vs Affiliate research at initial reviews occurring after December 31, 2011 –In addition to informed consent documents and HIPAA authorizations, relevant areas of separation may include: – Recruitment procedures/strategies/advertisements – Research related procedures – Data collection/storage/uses/disclosures – VA researchers/personnel/staff – VA Clinics/Units/Labs/Locations involved – Results of VA ISO and PO reviews

Office of Research Oversight Combining VA Data with Affiliate Data for “Collaborative” Studies Slide 20 Protocols, consent documents, and authorizations for both sites must include: –Use of data in a multi-site study combining VA data and affiliate data –Data will be disclosed to study Coordinating Center –Location of Coordinating Center

Office of Research Oversight Combining VA Data with Affiliate Data for “Collaborative” Studies Slide 21 If Coordinating Center is at the VA site, the VA research described in the “protocol” must include: –Interaction/intervention and data collection activities at VA –Activities of the Coordinating Center

Office of Research Oversight Combining VA Data with Affiliate Data for “Collaborative” Studies Slide 22 If Coordinating Center is at the Affiliate Site : –A dual appointment investigator should not conduct research using the combined data set while on VA time unless data ownership issues have been clarified in writing –ORO strongly recommends consultation with ORD and Regional Counsel regarding data ownership clarifications

Office of Research Oversight Combining VA Data with Affiliate Data for “Collaborative” Studies Related Documents ORO Interim Guidance on Research Data Disclosures for “Collaborative” Studies (July 27, 2011) AAMC Working Group on Information Technology Security and Privacy in VA and NIH-Sponsored Research Available at: (click on: Memoranda, Clarifications, and Guidance) Slide 23