A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

Slides:



Advertisements
Similar presentations
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Advertisements

HIPAA Training: Health Insurance Portability and Accountability Act.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
NATIONAL FORUM ON YOUTH VIOLENCE PREVENTION: HIPAA PRIVACY RULE CONSIDERATIONS November 1, 2011 Iliana L. Peters, JD, LLM HHS Office for Civil Rights.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Training for the MDAA Preceptorship Program Health Insurance Portability and Accountability Act.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
WORKFORCE CONFIDENTIALITY HIPAA Reminders. HIPAA 101 The Health Insurance Portability and Accountability Act (HIPAA) protects patient privacy. HIPAA is.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA P RIVACY & S ECURITY Education for Health Care Professionals.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
Health Information Technology for Economic and Clinical Health Act (HITECH)
HIPAA PRIVACY AND SECURITY AWARENESS.
Health Insurance Portability and Accountability Act (HIPAA)
LAW SEMINARS INTERNATIONAL CLOUD COMPUTING: LAW, RISKS AND OPPORTUNITIES Developing Effective Strategies for Compliance With the HITECH Act and HIPAA’s.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
HIPAA Training Developed for Ridgeview Institute 2012 Hospital Wide Orientation.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Health Insurance portability and Accountability Act (HIPAA)‏
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
HIPAA Privacy and Security Rules and the HITECH Act Training for Researchers By: Office of University Counsel February 2016.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Human Subjects Update E. Wethington, Chair, UCHS.
AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.
Developed for Ridgeview Institute 2015 Hospital Wide Orientation
HIPAA 2017 JHSPH IRB Clarifications and Changes
HIPAA Privacy and Security
Health Insurance Portability and Accountability Act of 1996
Privacy & Information Security Basics
HIPAA Privacy & Security
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
Privacy & Confidentiality
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
The HIPAA Privacy Rule and Research
HIPAA Privacy & Security
The Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act
Presentation transcript:

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015

Introduction The HIPAA Privacy Rule establishes the conditions under which Covered Entities can provide researchers access to and use of protected health information for research purposes. The HIPAA Privacy Rule does not replace or act in lieu of other federal regulations such as HHS Protection of Human Subjects and the FDA Protection of Human Subjects Research is defined under the HIPAA Privacy Rule as: “a systematic investigation, including research development, testing and evaluation, designed to develop or contribute to generalized knowledge”

HIPAA Privacy Rule Covered Entity is a health plan, a health care provider or a health care clearinghouse who electronically transmit any health information in connection with transactions for which HHS has adopted standards Protected Health Information (PHI):  Relates to past, present, or future physical or mental condition of an individual; provisions of healthcare to an individual; or for payment of care provided to an individual.  Is transmitted or maintained in any form (electronic, paper, or oral representation).  Identifies, or can be used to identify the individual.

How Can Covered Entities Use and Disclose PHI for Research and Comply with the HIPAA Privacy Rule? 1.De-identified health information, as described in the Privacy Rule, is not PHI, and thus not protected by the Privacy Rule 2.PHI may be used and disclosed for research WITH an individual’s written permission 3.PHI may be used and disclosed for research WITHOUT an Authorization in limited circumstances: (a) under a waiver of the Authorization requirement; (b) for research on decedents’ information; (c) preparatory to research; and (d) as a limited data set with a data use agreement

Request for Information from a Covered Entity Scenario #1: A sponsor has asked you for information to determine if Jefferson has a sufficient number of patients with a specific diagnosis to conduct a study at Jefferson. How do you proceed? Why is the information needed? What type of information is needed to make this determination? Is PHI needed? Is de-identified information needed? Is an approved IRB study needed to request de-identified information? To whom and how is the request made?

Request for Information from a Covered Entity Scenario #2: The PI is considering conducting a study. The PI would like to review potential subjects’ PHI before submitting a protocol to the IRB. How do you proceed? Why is the information needed? What type of information is needed? Is PHI needed? Is IRB approval needed before the review may be conducted? To whom and how is the request for PHI made? Hint: See, OHR-29 Review Preparatory to Research Request Form

Request for Information from a Covered Entity Scenario #3: The PI is conducting a clinical trial. Patient data needs to be obtained from the patients’ EMRs. How do you proceed? Why is the information needed? What type of information is needed? Is IRB approval needed before study coordinators are permitted to access patients’ EMRs? Is a signed Research Informed Consent Form needed? Are copies of relevant sections of the patients EMRs permitted to be made? Hint: See, Jefferson Policy No “Access to JUP Electronic Records by Research Coordinators for Research Purposes”

Minimum Necessary Restriction With some exceptions, the HIPAA Privacy Rule minimum necessary requirements apply Researchers should only secure the minimum information necessary to achieve the research purpose

How do we protect PHI when conducting Research? Maintain the privacy and security of research documents. When you talk about patients/subjects as part of your research, try to prevent others from overhearing the conversation. Hold conversations in private areas; do not discuss patients in public areas. Do not leave PHI unattended Remove patient/subject documents from faxes/copiers as soon as you can. When you throw away documents containing PHI, properly dispose of documents, e.g. shredding. Never remove the patient's official medical record from a Covered Entity. Do not leave PHI where your family members or other unauthorized individuals may see it.

How do we protect e-PHI when conducting Research? Never use anyone else’s log-on, or a computer someone else is logged-on to. Do not share passwords. Never download PHI on personal laptops and PDAs. Never leave PHI unattended. Never “Blog” disclosing PHI. Do use automatic locks on laptop computers and PDAs. Do log off after each time you use a computer. Do purge PHI from devices as soon as possible. Do use secure networks for s with PHI and add a confidentiality disclaimer to the footer of such s. Do provide for confidential sending and receipt of faxes that contain PHI and other confidential information.

Mandatory Breach Notification The HITECH Act applies to breaches of “unsecured protected health information” Information must be encrypted or destroyed in order to be considered “secured” If you suspect a breach has occurred, promptly notify your immediate supervisor. If a breach has occurred, reporting requirements must be satisfied. See, Jefferson Policy No , “Mandatory Reporting, Investigation and Notification of Breaches of Health or Personal Information”.

HITECH-What Constitutes a Breach? A “breach” is an impermissible acquisition, access, use or disclosure not permitted by the HIPAA Privacy or Security Rules. Examples include: Laptop containing PHI is stolen Researcher who is not authorized to access PHI looks through patient files in order to learn of a person’s treatment Researcher misplaces research documents with study subject PHI Researcher sends study subject information including PHI to the wrong sponsor Researcher sends sponsor more PHI than stated in Informed Consent Form Research office theft results in stolen PHI

Penalties for Violations A violation of federal regulations can result in civil money penalties or criminal penalties. Penalties can be imposed for underlying HIPAA Privacy Rule violation even if the breach is properly handled.

Conclusion If you have questions, please feel free to contact Doreen Kornrumpf, Privacy Officer/Legal Counsel.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.