HIPPA and Clinical Research HIPPA and Clinical Research By Kimberly Van Randall
GCPs and HIPPA <ul>Good Clinical Practices (GCPs) <li>A standard for the design, conduct, performance, monitoring, auditing, recording, analysis, and reporting of clinical trials that provides assurance that the data reported results are credible and accurate and that the rights, integrity, and confidentiality of the trial subjects are protected.
The Health Insurance Portability and Accountability Act (HIPPA)
HIPPA was enacted by the U.S Congress in 1996 to provide confidentiality of health related information and the security of identifiable patient material. </li></ul>
HIPPA <ul><li>HIPPA covers health plans, health care clearinghouses, and health care providers that transmit health information electronically in connection with certain transactions that are defined in the HIPPA statue defined as “covered entities”.
Covered entities conduct clinical research involving protected health information (PHI), physician-investigators need to understand the Privacy Rule's restrictions on the use and disclosure of PHI for research purposes.
The Privacy Rules establishes the right of an individual, such as a research subject, to authorize a covered entity to use and disclose his/her PHI for research purposes. </li></ul>
HIPPA cont' <ul><li>The de-identification of PHI, single authorization from the patient is required for all uses and disclosures of patient health information, the combining of patient authorization form with informed consent documents, and the elimination of an expiration date or event for research authorization are all specific areas involving research.
De-identification of PHI means that the personal information (i.e. name, social number, phone number,etc.) have been removed and there is no actual knowledge that the subject could be identified.
Informed consent forms for research studies now required to include extensive detail on how the participant's protected health information will be kept private.
Elimination of the expiration on the Authorization and now allows either the inclusion of an expiration date or a statement that there is no expiration date. </li></ul>
When it is okay to disclose PHI for research <ul><li>If the subject of the PHI has granted specific written permission through an Authorization that satisfies section 164.508
For reviews preparatory to research with representations obtained from the researcher that satisfy section 164.512 (i)(1)(ii) of the Privacy Rule
Fore researcher solely on decedents' information with certain representations and, if requested, documentation obtained from the researcher that satisfies section 164.512 (i)(1)(iii) of the Privacy Rule
If the covered entity receives appropriate documentation of and IRB or a Privacy Board has granted a waiver of the Authorization requirement that satisfies section 164.512(i) </li></ul>
When it is okay to disclose PHI for Research cont' <ul><li>If the covered entity obtains documentation of an IRB or Privacy Board's alteration of the Authorization requirement as well as the altered Authorization from the individual
If the PHI has been de-identified in accordance with the standards set by the Privacy Rule at section 164.514(a)-(c) (in which case, the health information is no longer PHI
If the information is released in the form of a limited data set, with certain identifiers removed and with a data use agreement between the researcher and the covered entity, as specified under section 164.514(e)
Under a “grandfathered” informed consent of the individual to participate in the research, an IRB waiver of such informed consent, or Authorization or other express legal permission to use or disclose the information for research as specified under the transition provisions of the Privacy Rules at section 164.532 (c) </li></ul>
Penalties <ul><li>Wrongfully disclosing PHI include fines up to $50,000 and up to 1 year in prison
Obtaining PHI under false pretenses include fines up to $100,000 and up to 5 years in prison
Sponsors whom fail to comply with HIPPA regulations are subject to $250,000 and up to 10 years in prison
Civil penalties can reach as much as $100 per violation, not to exceed $25,000 per year with civil monetary damages to patients who win state tort claims, such as breach of privacy. </li></ul>
Ethics <ul><li>Ethics involved in confidentiality include: having respect for autonomy, beneficence, non-malfeasance,and justice
Allows subjects access treatment options where there are none, regardless of their background or economic stature. </li></ul>
Attitudes and Perceptions <ul><li>HIPPA Privacy Rule significantly decreases the number of patients available for outcomes research and introduces selection bias in data collection for patient registries.
Implementation of the HIPPA Privacy rule resulted in a drop from 96% to 34% in the proportion of follow-up surveys completed by study patients being followed after a heart attack.
Researchers overwhelmingly believe that he HIPPA Privacy Rule has had a negative impact on the scope, pace, and cost of research </li></ul>
Limitations <ul><li>The Privacy Rule creates obstructions most significantly in research requiring access to stored tissues, genetic datasets, patient registries and data warehouses and medical records-where these types of information are crucial in conducting population-based research.
The HIPPA Privacy Rule protects the privacy of individually identifiable health information
Changed the way clinical research is conducted in the United States and unintentionally created obstacles and restriction on clinical science. </li></ul>