Institutional Review Board for Health Sciences Research (IRB-HSR)

Special Issues

Protected Health Information (HIPAA)

HIPAA Regulations and Research

What is HIPAA?
What is PHI?
What Does the Privacy Rule Have To Do With Research?
What is the IRB's Role?
Research Provisions of the Privacy Rule
Additional Resources

HIPAA Learning Shots:

What is HIPAA?

HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996.

The intention of HIPAA is to protect patients from inappropriate disclosures of "Protected Health Information" (PHI) that can cause harm to a person's insurability, employability, etc.

The privacy provisions of HIPAA found in the Privacy Rule apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses.

What is PHI?

PHI is information that can be linked to a particular person and that is created, used, or disclosed in the course of providing a health care service (i.e., diagnosis or treatment).

What Does the Privacy Rule Have To Do With Research?

HIPAA affects only that research which uses, creates, or discloses PHI.

Researchers have legitimate needs to use, access, and disclose PHI to carry out a wide range of health research studies.

The Privacy Rule protects PHI while providing ways for researchers to access and use PHI when necessary to conduct research.

In general, there are two types of human research that would involve PHI:

What is the IRB's Role?

The IRB-HSR acts as the Privacy Board at UVa  to review the use/disclosure of PHI and to determine whether the subjects should sign an "Authorization" (Adds additional language to the consent template) or if a Waiver of Authorization (roughly analogous to a Waiver of Consent under the Common Rule) may be granted. At UVa the requirements for a HIPAA Authorization have been incorporated into the research consent form to eliminate the need for multiple forms.  If for some reason a research consent will not be obtained, the IRB-HSR provides a template for a Stand-alone HIPAA Authorization.  


Resources

Last Modified: Monday, 12-Jun-2017 14:12:41 EDT