Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator."— Presentation transcript:

1 HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator

2 Introduction This is a preliminary overview – much more information to comeThis is a preliminary overview – much more information to come Be kind – we do NOT have all the answers – but we do want to hear the questionsBe kind – we do NOT have all the answers – but we do want to hear the questions Be patient – the final Privacy Rule was first available on August 14, 2002 – we are working furiously!Be patient – the final Privacy Rule was first available on August 14, 2002 – we are working furiously! Don’t blame us – we didn’t write it!Don’t blame us – we didn’t write it!

3 What are the new Privacy Standards? Limits the use and release of health informationLimits the use and release of health information Gives patients the right to access their medical recordsGives patients the right to access their medical records  And to know who else accessed their health information  Restricts most disclosure of health information to the minimal intended purpose Establishes civil/criminal penalties for improper use or disclosureEstablishes civil/criminal penalties for improper use or disclosure Establishes new requirement for access to records by researchersEstablishes new requirement for access to records by researchers

4 What Research is Affected? Privacy rule applies to research that uses Protected Health Information (PHI). PHI is individually identifiable health information.

5 What Research is Affected? Three categories of identifiability: Three categories of identifiability: 1.PHI – Identifiable – rule applies 2.De-Identified Information - rule does not apply 3.Limited Data Set – a middle option - limited parts of the rule apply

6 What Research is Affected? “De-Identified” – there are 18 specific identifiers which must be removed to be considered de- identified – thus not covered by rule.“De-Identified” – there are 18 specific identifiers which must be removed to be considered de- identified – thus not covered by rule. Limited Data Set – Not fully “de-identified” – can retain certain dates, geographic info and unique identifying numbers. Most privacy rule requirements do not apply, the minimum necessary standard does apply and a data use agreement is required.Limited Data Set – Not fully “de-identified” – can retain certain dates, geographic info and unique identifying numbers. Most privacy rule requirements do not apply, the minimum necessary standard does apply and a data use agreement is required.

7 18 Items Which Must Be Removed to Be “De-identified” 1.Names 2.ALL geographic subdivisions smaller than the state 3.All elements of dates smaller than a year birth date, admission, discharge, death, etc.) 3.All elements of dates smaller than a year (i.e. birth date, admission, discharge, death, etc.) 4.Phone numbers 5.Fax numbers 6.E-mail addresses 7.SS numbers 8.Medical record number 9.Health plan beneficiary

8 10.Any other account numbers 11.Certificate/license numbers 12.Vehicle identifiers 13.Device identification numbers 14.WEB URL's 15.Internet IP address numbers 16.Biometric identifiers (fingerprint, voice prints, retina scan, etc) 17.Full face photographs or comparable images 18.Any other unique number, characteristic or code. 18 Items Which Must Be Removed to Be “De-identified” (continued)

9 How to obtain PHI for research? 1. Authorization 2. Waiver of Authorization

10 How to obtain authorization for use of PHI? To use or disclose PHITo use or disclose PHI Driven by Privacy RuleDriven by Privacy Rule Reviewed by IRB or Privacy Board (our IRB will serve as the Privacy Board)Reviewed by IRB or Privacy Board (our IRB will serve as the Privacy Board) To participate in the research based on the risks and benefits Driven by the Common Rule Reviewed by IRB Authorization Informed Consent Authorization

11 How to obtain authorization II Required elements in an authorizationRequired elements in an authorization  Specific and meaningful description of what information will be used or disclosed  Who may use or disclose  To whom the PHI will be disclosed  Why the use or disclosure is being made (each purpose) Notice that authorization may be revoked;  Notice that the information may be disclosed to others not subject to the Privacy Rule

12 How to obtain authorization III Required elements in an authorizationRequired elements in an authorization  Statement of how long the use or disclosure will continue (no expiration date is allowed for research purposes - but this must be explicitly stated in the authorization form)  Notice that the covered entity may or may not condition treatment or payment on the individual’s signature  Individual’s signature and date Required elements in an authorizationRequired elements in an authorization  Statement of how long the use or disclosure will continue (no expiration date is allowed for research purposes - but this must be explicitly stated in the authorization form)  Notice that the covered entity may or may not condition treatment or payment on the individual’s signature  Individual’s signature and date

13 How to obtain Authorization? Authorization language will be provided as a template by the IRB, to be incorporated into the informed consent document.

14 How to obtain Waiver of Authorization? In research, authorization is not required if it meets the criteria for waiver outlined in the privacy rule.

15 No more than minimal riskNo more than minimal risk Not adversely affect rights and welfare of subjectsNot adversely affect rights and welfare of subjects Research cannot be done without waiverResearch cannot be done without waiver When appropriate, information will be provided to subjects of researchWhen appropriate, information will be provided to subjects of research No more than minimal risk to privacy, based on, at least:  Plan to protect identifiers  Plan to destroy identifiers ASAP  Written assurance that PHI will not be used/disclosed with few exceptions Research cannot be done without waiver, and Research cannot be done without this PHI COMMON RULEPRIVACY RULE CRITERIA FOR WAIVER OF AUTHORIZATION

16 TRANSITION TO PRIVACY RULE Compliance date: April 14, 2003Compliance date: April 14, 2003 Informed consents and waiversInformed consents and waivers  What’s grandfathered?  When are new forms required?

17 4/14/03 HIPAA DAY!! If: All informed consents signed before HIPAA-day HIPAA DAY!! Planned enrollment of subjects Planned long-term assessment period IRB approval Informed consents GRANDFATHERED

18 4/14/03 HIPAA DAY!! IRB approval Planned enrollment of subjects Planned long-term assessment period If: Informed consents signed before and after HIPAA-day Grand- fathered Addendum needed

19 If: All informed consents signed after HIPAA-day 4/14/03 HIPAA DAY!! Planned enrollment of subjects Planned long-term assessment period New forms or addendum needed IRB approval

20 4/14/03 HIPAA DAY!! If: Waiver of informed consent approved before HIPAA-day HIPAA DAY!! IRB approval Waiver GRANDFATHERED

21 If: Waiver of consent approved after HIPAA-day 4/14/03 HIPAA DAY!! New waiver needed IRB Approval

22 REMINDERS When the authorization language is finalized, the IRB will contact you to inform you what you need to do When the authorization language is finalized, the IRB will contact you to inform you what you need to do HIPAA is in addition to current IRB human subject requirements - when both regulations apply, both requirements must be followed HIPAA is in addition to current IRB human subject requirements - when both regulations apply, both requirements must be followed

23 REMINDERS Message  Messenger

24 Acknowledgement Some of the material used in this presentation was developed by P. Pearl O'Rourke, M.D., Director of Human Research Affairs at Partners HealthCare Systems, in Boston, MA and we are grateful to her for her willingness to share this information with us.

Download ppt "HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator."

Similar presentations

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA Privacy Rule and Research

HIPAA Privacy Rule and Research
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA, Privacy & Confidentiality Local Accountability for Research Protection in VA Facilities VA Office of Research & Development Baltimore, February.

HIPAA, Privacy & Confidentiality Local Accountability for Research Protection in VA Facilities VA Office of Research & Development Baltimore, February.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.

COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.

RESEARCH COMPLIANCE Agenda 1. No Destruction of local research documents after scanning 2. Training for shipping biological samples/specimens 3. Regulatory.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
HIPAA Requirements for Patient Oriented Research

HIPAA Requirements for Patient Oriented Research
Informed Consent.

Informed Consent.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center

Nora B. McCann Privacy Manager Corporate Compliance Fox Chase Cancer Center

Similar presentations

Ads by Google