![]() ![]() ![]() It’s important to note that human biological specimen data which includes PHI would also be research covered by HIPAA.Įxamples of identifiable information include: The study creates new medical records because as part of the research a health-care service is being performed, such as testing of a new way of diagnosing a health condition or a new drug or device for treating a health condition.Prospective studies may do this also, such as when a researcher contacts a participant’s physician to obtain or verify some aspect of a person’s health history. Retrospective studies involve PHI in this way. The study involves review of medical records as one (or the only) source of research information.Two common examples of how a research study would involve PHI include: ![]() HIPAA rules apply only to research which uses, creates, or discloses PHI. The use of decedent’s information is protected by the Rule but authorization is not required. In other words, a covered entity will make good faith effort to tell individuals how PHI will be used & disclosed and will not share a patient’s PHI without their express permission (authorization). Health information is “information that relates to the past, present, or future physical or mental health or condition of the individual, or that relates to the provision of health care in the past, present or future.” Identifiable means information “that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual”. Investigators may be permitted to use and disclose protected health information for research provided an individual gives written authorization to use or disclosure PHI unless such authorization is waived or excepted by an IRBs or Privacy Board. How HIPAA rules impact human subjects research The ORPC has a link to a page of definitions to assist investigators in understanding terms and requirements for HIPAA. Investigators also have the responsibility of identifying in an IRB application all proposed access to PHI during the course of the research, including access to paper and electronic medical records for the purpose of subject identification or screening, any intended addition of information into medical records, and any collection or use of human specimens with individually identifiable health information attached. The covered entity also maintains responsibility for the proper use or disclosure of protected health information for research purposes. Investigators maintain responsibility for complying with all requirements regarding use or disclosure of protected health information, including those specified by HIPAA and implemented by the covered entity (ies). HIPAA does not replace or modify the human research protection regulations found in 45 CFR 46, but in most cases exceeds privacy provisions found in 45 CFR 46 as it extends to decedents, applies to all research, regardless of funding or activity and extends the definition of “identifiable information”. But if future publication is a possibility, it’s important for investigators to understand the IRB review and approval process as retroactive approval to do research with person-identifiable records cannot be given. For example, a quality improvement project that analyzes the medical records of patients who were treated with a particular procedure would not be research if the analysis is used for internal purposes only. Another test of whether an activity is research is whether the results will be published. HIPAA uses the same definition as the federal Common Rule (45 CFR 46), which is a systematic investigation designed to contribute to generalizable knowledge. HIPAA does recognize the fact that some research (an in particular, IRB defined human subjects research) may create, use, and disclose Protected Health Information (PHI). This Act has provisions to protect the confidentiality and security of personally-identifiable information that an individual provides during the course of obtaining health care but is not primarily concerned with research. HIPAA stands for the Health Insurance Portability & Accountability Act of 1996 (Public Law 104-191). ![]()
0 Comments
Leave a Reply. |