Jason Wrench, profile picture
Uploaded byJason Wrench
PPT, PDF2,169 views

Hipaa

This document provides an overview of how the Health Insurance Portability and Accountability Act (HIPAA) affects clinical research and the use of Protected Health Information (PHI). Some key points: - HIPAA aims to standardize health data and implement security standards to protect privacy and integrity of health information. - PHI includes identifiable health data and specimens. Researchers must understand how to properly access and use PHI for research. - PHI can be used and disclosed for research with individual authorization or a waiver of authorization from an Institutional Review Board (IRB). - There are also limited situations where PHI can be used without authorization, like for preparatory review of records or research on

Embed presentation

Downloaded 59 times
HIPAA For Research Understanding how the Health Insurance Portability & Accountability Act of 1996 Affects Clinical Research
HIPAA History Health Insurance Portability & Accountability Act of 1996 (Kennedy-Kassebaum Act) Effective April 14, 2001 Compliance Required by April 14, 2003 (October 2003)
HIPAA – General Provisions Standardization of electronic patient health, administrative and financial data; Unique identifiers for individuals, employers, health plans, and health care providers; Security standards protecting the confidentiality and integrity of health information.
What Is PHI? * PHI is all individually identifiable health information, including demographic data and biological specimens, that is transmitted or maintained by a covered entity. * PHI can be in any form, including written, electronic, and verbal.
Protected Health Information (PHI) Is created or received by a health care provider, health plan, or health care clearinghouse Relates to past, present, or future: Provision of care to an individual Physical or mental condition(s) Payment for provision of health care to an individual
De-identification of PHIs Medical institutions can release de-identified health information without patient authorization. The following 18 specific identifiers must be deleted:
De-identification Names All geographic subdivisions smaller than a state. All dates (except year) Telephone numbers Fax numbers Electronic mail addresses Social Security numbers Medical record numbers Health plan beneficiary numbers Account numbers Certificate/license numbers Vehicle identifiers, including license plate numbers
De-identification cont… Device identifiers and serial numbers URLs Internet Protocol (IP) Addresses Biometric identifiers, including finger and voice prints Full face photographic images and any comparable images Any other unique identifying number, characteristic, or code.
Impact on WVSOM Human Subject Research -Access to PHI Researcher must understand the permissible routes of access to PHI for research activity AND -Restrictions on Use and Disclosure of PHIs Researcher must implement necessary safeguards to protect the PHI
The Privacy Rule permits a covered entity (WVSOM or Affiliated Hospitals) to use and disclose PHI for research When an individual Authorization has been obtained from a research participant, OR When a Waiver of Authorization has been obtained.
There are other limited situations where PHI can be used/disclosed without an Authorization e.g use of PHI on decedents, use of PHI for Reviews Preparatory to Research, limited data sets, etc.
Existing IRB-Approved Studies The ‘Transition Provision’ in the Privacy Rule permits covered entities (USF) to continue to use and disclose PHI for research, if it has obtained prior to April 14, 2003, An IRB approved consent form, or An IRB approved waiver of consent, or An express legal permission (e.g., a signed authorization)
New Studies To use/disclose PHI in research, the researcher must obtain 1) An Authorization from the individual participant. OR 2) A Waiver of Authorization for the study. An Authorization is the HIPAA equivalent of consent to use and disclose data.
AUTHORIZATIONS Valid authorization must include the following elements: A description that identifies the information in a specific and meaningful fashion; The name of the person(s) authorized to make the requested use or disclosure The name of the person(s) to whom the covered entity may make the requested use or disclosure
Patient Authorization (Cont.) An expiration date/event that relates to the purpose of the use or disclosure; A statement of the individual’s right to revoke the authorization in writing and the exceptions to the right to revoke, together with a description of how the individual may revoke the authorization;
Patient Authorization (Cont.) A statement that information used may be subject to re-disclosure by the recipient and no longer be protected by this rule; Signature of the individual and date; If the authorization is signed by a personal representative of the individual, a description of such representative’s authority to act for the individual;
Patient Authorization (Cont.) The authorization must be written in plain language. Can be combined with consent if research involves treatment, but not at WVSOM. Research including existing records would require a separate authorization.
Waiver Disclosure involves no more than minimal risk to the individual The waiver will not adversely affect the privacy rights of the individual Research could not be conducted without the waiver Research could not be conducted without access to protected health information
Waiver (Cont.) The privacy risks are reasonable in relation to the anticipated benefits to the individuals and the importance of the knowledge gained through research There is a plan to protect patient identifiers from improper use and disclosure There is a plan to destroy patient identifiers at the earliest opportunity
Waiver (Cont.) There are adequate written assurances that protected health information will not be reused or disclosed to others except as provided by the regulations and restricts most disclosures of information to the minimum intended purpose.
Research Use/Disclosures That Do Not Require Authorizations or Waivers 1. Review of PHI Preparatory to Research 2. Use of PHI of Decedents for Research Purposes
Special Rules Regarding Databases Creating and maintaining databases containing PHI is considered research. If you will use existing databases containing PHI for research after April 14, 2003, you must obtain Authorizations or Waivers. If you will create or maintain databases for future analysis, you must comply with HIPAA in addition to obtaining IRB approval.
Research Subject Recruitment Recruitment for research is subject to the general authorization requirement unless the researcher has a direct treatment relationship with the patient. Researchers could use the Waiver of Authorization mechanism to access PHI for recruiting prospective research subjects.
A researcher who has a direct treatment relationship with the patient can engage in conversations related to recruitment without having to obtain Authorizations or Waivers. Research Subject Recruitment cont…
Revocation of Authorization Research subjects can revoke their Authorization in writing at any time. This is subject to an exception know as the ‘Reliance Exception.’ A subject wishing to revoke the Authorization must be given a form for Revocation of Authorization
If the subject does not sign and return the form, then the researcher may continue to use the PHI and treat the Authorization as valid. Revocation of Authorization cont…
Reliance Exception to Revocation The Reliance Exception allows researchers to use and disclose a subject’s PHI that was obtained before the subject’s revocation in the following ways: To account for a subject’s withdrawal from the study To conduct investigations of scientific misconduct To report adverse events As necessary to incorporate the information of a marketing application to FDA
Research Subject’s Rights Accounting of the following research related disclosures of PHI are required: Disclosures as allowed by a Waiver of Authorization Reviews preparatory to research Research on PHI of decedents Disclosures made as allowed by law
Research Subject’s Rights cont… The Following Disclosures are NOT required: Disclosures made to the individual subject. Disclosures authorized by the subject (i.e., the research subject has signed an Authorization for this use/disclosure of PHI). De-identified data and limited data sets.
Summary Yes No Decedents No No Record Review (No Identifiers) Yes Exempt No Record Review (Identifiers) Yes (2) Preexisting and Research Yes Clinical Research HIPAA IRB
Sanctions for Non-Compliance Significant penalties may be imposed against WVSOM, Affiliate Hospitals, and individual researchers. Civil Penalties: Based on patient complaints: $100 per violation with $25,000 maximum per year
Criminal Penalties: Knowingly wrongful disclosures: fines up to $50,000 and/or up to 1 year in prison Under false pretenses: fines up to $100,000 and/or up to 5 years in prison With intent to sell: fines up to $250,000 and/or up to 10 years in prison
Summary: Researcher Responsibilities Preparing an extensive confidentiality plan Who will have access to the data? How long will access be needed? Will third party payers or other administrators need to have access? Time to gain approval from an additional committee Alternatives
Summary: IRB Responsibilities Have appropriate expertise in privacy and confidentiality concerns. Ensure that consent forms contain appropriate authorization requirements if applicable.
Understand waiver criteria and document appropriately. Coordinate with Privacy Board, if applicable. Summary: IRB Responsibilities
HIPAA &IRB AT WVSOM David Brown, Ph.D. Chair of the IRB [email_address] Brentz Thompson HIPAA Compliance Officer [email_address]
You must demonstrate both IRB and HIPAA Compliance by Passing the Following Courses and Quizzes: IRB: http://cme.nci.nih.gov/ HIPAA: http://www.wvu.edu/~rc/irb/hipwebct.htm
QUESTIONS!? Prepared By: Jason S. Wrench, Ed. D. Medical Education Specialist West Virginia School of Osteopathic Medicine

More Related Content

PPTX
Hipaa rahul thore 1
byRahulThore
 
PPTX
Health Insurance and Portability and Accountability Act
byসারন দাস
 
PPS
HIPAA
bykgriffin62
 
PPTX
Hipaa in clinical trails
byTejaswi Reddy
 
PPTX
HIPPA-Health Insurance Portability and Accountability Act
byHarshit Trivedi
 
PPTX
HIPAA
byAlanoud Alqoufi
 
PPTX
HIPAA AND INFORMATION TECHNOLOGY
bymariaradziminski
 
PPTX
HIPAA Privacy and Security
byParsons Behle & Latimer
 
Hipaa rahul thore 1
byRahulThore
 
Health Insurance and Portability and Accountability Act
byসারন দাস
 
HIPAA
bykgriffin62
 
Hipaa in clinical trails
byTejaswi Reddy
 
HIPPA-Health Insurance Portability and Accountability Act
byHarshit Trivedi
 
HIPAA
byAlanoud Alqoufi
 
HIPAA AND INFORMATION TECHNOLOGY
bymariaradziminski
 
HIPAA Privacy and Security
byParsons Behle & Latimer
 

What's hot

PPTX
Health Insurance Portability & Accountability Act (HIPAA)
byArpitha Aarushi
 
PPTX
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
bySanjeev Bharwan
 
PPTX
Health Insurance Portability & Accountability Act (HIPAA).pptx
byRajiv Gandhi College of Pharmacy Nautanwa Maharajganj UP , India
 
PPTX
Hipaa overview 073118
byrobint2125
 
PPTX
Hipaa
byMehak AggarwAl
 
PPT
Hippa
bycameonicole
 
PPTX
IPR NDA and ANDA
bymahender Kotte
 
PDF
Welcome to HIPAA Training
byJonathan Montes
 
PPTX
Protocol ppt
byaishuanju
 
PPTX
CMC , POST APPROVAL CHANGES.pptx
bySakshiSonawane6
 
PPTX
ANDA Submission.pptx
byKuntalKapure
 
PPTX
Hatch waxman act
byCSIR-Central Drug Research Institute
 
PPT
ctd and e ctd submission
byRohit K.
 
PPTX
ANDA
bySagar K Savale
 
PPTX
Hatch Waxman Act
byNaveen Kumar
 
PPTX
NDA and ANDA regulatory approval process
byJagrutiKale1
 
PPTX
regulatory requirement for bioequivalence
bylamrin33
 
PPTX
Electronic Data Capture & Remote Data Capture
byCRB Tech
 
PPTX
Scale up post approval changes
byROHIT
 
PPTX
Preparation & stability of large & small volume parentrals
byROHIT
 
Health Insurance Portability & Accountability Act (HIPAA)
byArpitha Aarushi
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
bySanjeev Bharwan
 
Health Insurance Portability & Accountability Act (HIPAA).pptx
byRajiv Gandhi College of Pharmacy Nautanwa Maharajganj UP , India
 
Hipaa overview 073118
byrobint2125
 
Hipaa
byMehak AggarwAl
 
Hippa
bycameonicole
 
IPR NDA and ANDA
bymahender Kotte
 
Welcome to HIPAA Training
byJonathan Montes
 
Protocol ppt
byaishuanju
 
CMC , POST APPROVAL CHANGES.pptx
bySakshiSonawane6
 
ANDA Submission.pptx
byKuntalKapure
 
Hatch waxman act
byCSIR-Central Drug Research Institute
 
ctd and e ctd submission
byRohit K.
 
ANDA
bySagar K Savale
 
Hatch Waxman Act
byNaveen Kumar
 
NDA and ANDA regulatory approval process
byJagrutiKale1
 
regulatory requirement for bioequivalence
bylamrin33
 
Electronic Data Capture & Remote Data Capture
byCRB Tech
 
Scale up post approval changes
byROHIT
 
Preparation & stability of large & small volume parentrals
byROHIT
 

Similar to Hipaa

PPTX
hipaa by roy.pptx
bySubhamRoy63
 
PPTX
health insurance portability and accountability act.pptx
byamartya2087
 
PPTX
Privacy & confedentiality
byHemang Patel
 
PPTX
Protecting patients confidentiality slide presentation
byplunkk
 
PPTX
HIPAA & PHI Training
byHatch Compliance, Inc.
 
PPTX
HIPAA Training - 2011
bydarichardson
 
PDF
HIPAA Guidance on Recruitment - NIH
bydhainc
 
PPT
Introduction HIPAA-For Health Care Professionals
byMayank Mathur
 
PPTX
2018-HIPAA-Renewal-Training for executives
byMayank Mathur
 
PPTX
residents-2020-orientation-hipaa-highlights.pptx
bywondimagegndesta
 
PPT
HIPAA Audio Presentation
byLisa Shannon, RN, BSN, JD.
 
ODP
Hippa Powerpoint
bykvanrandall
 
PPTX
HIPAA Course University of Iowa 2020.pptx
bythedentallabinc
 
PPTX
Patient confidentiality training
byLacey Bredehoeft-Fiene
 
PPTX
Hipaa
bywcmc
 
PPTX
2018-HIPAA-Renewal-Training.pptx
byFariida Osman
 
PPT
HIPAA 2010
bybarbarabenson
 
PPTX
HIPAA, PHI, & 42 CFR Part 2
byHatch Compliance, Inc.
 
DOCX
This training program is designed to introduce staff
bysawanda
 
PPTX
Are You HIPAA Safe?
byTriageLogic
 
hipaa by roy.pptx
bySubhamRoy63
 
health insurance portability and accountability act.pptx
byamartya2087
 
Privacy & confedentiality
byHemang Patel
 
Protecting patients confidentiality slide presentation
byplunkk
 
HIPAA & PHI Training
byHatch Compliance, Inc.
 
HIPAA Training - 2011
bydarichardson
 
HIPAA Guidance on Recruitment - NIH
bydhainc
 
Introduction HIPAA-For Health Care Professionals
byMayank Mathur
 
2018-HIPAA-Renewal-Training for executives
byMayank Mathur
 
residents-2020-orientation-hipaa-highlights.pptx
bywondimagegndesta
 
HIPAA Audio Presentation
byLisa Shannon, RN, BSN, JD.
 
Hippa Powerpoint
bykvanrandall
 
HIPAA Course University of Iowa 2020.pptx
bythedentallabinc
 
Patient confidentiality training
byLacey Bredehoeft-Fiene
 
Hipaa
bywcmc
 
2018-HIPAA-Renewal-Training.pptx
byFariida Osman
 
HIPAA 2010
bybarbarabenson
 
HIPAA, PHI, & 42 CFR Part 2
byHatch Compliance, Inc.
 
This training program is designed to introduce staff
bysawanda
 
Are You HIPAA Safe?
byTriageLogic
 

More from Jason Wrench

PPT
Basic Research Design
byJason Wrench
 
PPT
Homophobia Workshop
byJason Wrench
 
PPT
Risk Communication Presentation
byJason Wrench
 
PPT
30 Minute Lecture Presentation
byJason Wrench
 
PPT
3 C’S Of Corporate Communication
byJason Wrench
 
PPT
Hate, Stereotyping, & Prejudice
byJason Wrench
 
PPT
Unit 2 3
byJason Wrench
 
PPT
Family Systems Theory
byJason Wrench
 
PPT
Harassment Of Slamantha
byJason Wrench
 
PPT
Unit 1 5
byJason Wrench
 
PPT
Unit 2 4
byJason Wrench
 
PPT
Unit 2 2
byJason Wrench
 
PPT
Unit 2 5
byJason Wrench
 
PPT
Dewey
byJason Wrench
 
PPT
Unit 2 1
byJason Wrench
 
PPT
Unit 1 3
byJason Wrench
 
PPT
Unit 1 4
byJason Wrench
 
PPT
Course Intro&1 1
byJason Wrench
 
PPT
Inclusive Education
byJason Wrench
 
PPT
Multiple Sexualities
byJason Wrench
 
Basic Research Design
byJason Wrench
 
Homophobia Workshop
byJason Wrench
 
Risk Communication Presentation
byJason Wrench
 
30 Minute Lecture Presentation
byJason Wrench
 
3 C’S Of Corporate Communication
byJason Wrench
 
Hate, Stereotyping, & Prejudice
byJason Wrench
 
Unit 2 3
byJason Wrench
 
Family Systems Theory
byJason Wrench
 
Harassment Of Slamantha
byJason Wrench
 
Unit 1 5
byJason Wrench
 
Unit 2 4
byJason Wrench
 
Unit 2 2
byJason Wrench
 
Unit 2 5
byJason Wrench
 
Dewey
byJason Wrench
 
Unit 2 1
byJason Wrench
 
Unit 1 3
byJason Wrench
 
Unit 1 4
byJason Wrench
 
Course Intro&1 1
byJason Wrench
 
Inclusive Education
byJason Wrench
 
Multiple Sexualities
byJason Wrench
 

Recently uploaded

PPTX
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
PPTX
Semester 6 UNIT 2 Dislocation of hip.pptx
bysachin7989
 
PDF
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
PDF
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
PPTX
Details of Muscular-and-Nervous-Tissues.pptx
byAshish Umale
 
PPTX
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
PDF
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
PPTX
Accounting Skills Paper-II (Registers of PACs and Credit Co-operative Societies)
byDr. Sushil Bansode
 
PPTX
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
PPTX
Unit I — Introduction to Anatomical Terms and Organization of the Human Body
byRAKESH SAJJAN
 
PPTX
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
PPTX
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PDF
Analyzing the data of your initial survey
byThelma Villaflores
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PDF
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
PDF
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
PPTX
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
PDF
Toward Massive, Ultrareliable, and Low-Latency Wireless Communication With Sh...
byMan_Ebook
 
PPTX
extracting significant information to formulate sound judgement
byMarichelle2
 
PPTX
2025-2026 History in your Hands Class 4 December 2025 January 2026 .pptx
byEilsONeill
 
ICH Harmonization A Global Pathway to Unified Drug Regulation.pptx
byDr. Smita Kumbhar
 
Semester 6 UNIT 2 Dislocation of hip.pptx
bysachin7989
 
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
Details of Muscular-and-Nervous-Tissues.pptx
byAshish Umale
 
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
Accounting Skills Paper-II (Registers of PACs and Credit Co-operative Societies)
byDr. Sushil Bansode
 
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
Unit I — Introduction to Anatomical Terms and Organization of the Human Body
byRAKESH SAJJAN
 
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
Analyzing the data of your initial survey
byThelma Villaflores
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
Toward Massive, Ultrareliable, and Low-Latency Wireless Communication With Sh...
byMan_Ebook
 
extracting significant information to formulate sound judgement
byMarichelle2
 
2025-2026 History in your Hands Class 4 December 2025 January 2026 .pptx
byEilsONeill
 

Hipaa

  • 1.
    HIPAA For ResearchUnderstanding how the Health Insurance Portability & Accountability Act of 1996 Affects Clinical Research
  • 2.
    HIPAA History HealthInsurance Portability & Accountability Act of 1996 (Kennedy-Kassebaum Act) Effective April 14, 2001 Compliance Required by April 14, 2003 (October 2003)
  • 3.
    HIPAA – GeneralProvisions Standardization of electronic patient health, administrative and financial data; Unique identifiers for individuals, employers, health plans, and health care providers; Security standards protecting the confidentiality and integrity of health information.
  • 4.
    What Is PHI?* PHI is all individually identifiable health information, including demographic data and biological specimens, that is transmitted or maintained by a covered entity. * PHI can be in any form, including written, electronic, and verbal.
  • 5.
    Protected Health Information(PHI) Is created or received by a health care provider, health plan, or health care clearinghouse Relates to past, present, or future: Provision of care to an individual Physical or mental condition(s) Payment for provision of health care to an individual
  • 6.
    De-identification of PHIsMedical institutions can release de-identified health information without patient authorization. The following 18 specific identifiers must be deleted:
  • 7.
    De-identification Names Allgeographic subdivisions smaller than a state. All dates (except year) Telephone numbers Fax numbers Electronic mail addresses Social Security numbers Medical record numbers Health plan beneficiary numbers Account numbers Certificate/license numbers Vehicle identifiers, including license plate numbers
  • 8.
    De-identification cont… Deviceidentifiers and serial numbers URLs Internet Protocol (IP) Addresses Biometric identifiers, including finger and voice prints Full face photographic images and any comparable images Any other unique identifying number, characteristic, or code.
  • 9.
    Impact on WVSOMHuman Subject Research -Access to PHI Researcher must understand the permissible routes of access to PHI for research activity AND -Restrictions on Use and Disclosure of PHIs Researcher must implement necessary safeguards to protect the PHI
  • 10.
    The Privacy Rulepermits a covered entity (WVSOM or Affiliated Hospitals) to use and disclose PHI for research When an individual Authorization has been obtained from a research participant, OR When a Waiver of Authorization has been obtained.
  • 11.
    There are otherlimited situations where PHI can be used/disclosed without an Authorization e.g use of PHI on decedents, use of PHI for Reviews Preparatory to Research, limited data sets, etc.
  • 12.
    Existing IRB-Approved StudiesThe ‘Transition Provision’ in the Privacy Rule permits covered entities (USF) to continue to use and disclose PHI for research, if it has obtained prior to April 14, 2003, An IRB approved consent form, or An IRB approved waiver of consent, or An express legal permission (e.g., a signed authorization)
  • 13.
    New Studies Touse/disclose PHI in research, the researcher must obtain 1) An Authorization from the individual participant. OR 2) A Waiver of Authorization for the study. An Authorization is the HIPAA equivalent of consent to use and disclose data.
  • 14.
    AUTHORIZATIONS Valid authorizationmust include the following elements: A description that identifies the information in a specific and meaningful fashion; The name of the person(s) authorized to make the requested use or disclosure The name of the person(s) to whom the covered entity may make the requested use or disclosure
  • 15.
    Patient Authorization (Cont.)An expiration date/event that relates to the purpose of the use or disclosure; A statement of the individual’s right to revoke the authorization in writing and the exceptions to the right to revoke, together with a description of how the individual may revoke the authorization;
  • 16.
    Patient Authorization (Cont.)A statement that information used may be subject to re-disclosure by the recipient and no longer be protected by this rule; Signature of the individual and date; If the authorization is signed by a personal representative of the individual, a description of such representative’s authority to act for the individual;
  • 17.
    Patient Authorization (Cont.)The authorization must be written in plain language. Can be combined with consent if research involves treatment, but not at WVSOM. Research including existing records would require a separate authorization.
  • 18.
    Waiver Disclosure involvesno more than minimal risk to the individual The waiver will not adversely affect the privacy rights of the individual Research could not be conducted without the waiver Research could not be conducted without access to protected health information
  • 19.
    Waiver (Cont.) Theprivacy risks are reasonable in relation to the anticipated benefits to the individuals and the importance of the knowledge gained through research There is a plan to protect patient identifiers from improper use and disclosure There is a plan to destroy patient identifiers at the earliest opportunity
  • 20.
    Waiver (Cont.) Thereare adequate written assurances that protected health information will not be reused or disclosed to others except as provided by the regulations and restricts most disclosures of information to the minimum intended purpose.
  • 21.
    Research Use/Disclosures ThatDo Not Require Authorizations or Waivers 1. Review of PHI Preparatory to Research 2. Use of PHI of Decedents for Research Purposes
  • 22.
    Special Rules RegardingDatabases Creating and maintaining databases containing PHI is considered research. If you will use existing databases containing PHI for research after April 14, 2003, you must obtain Authorizations or Waivers. If you will create or maintain databases for future analysis, you must comply with HIPAA in addition to obtaining IRB approval.
  • 23.
    Research Subject RecruitmentRecruitment for research is subject to the general authorization requirement unless the researcher has a direct treatment relationship with the patient. Researchers could use the Waiver of Authorization mechanism to access PHI for recruiting prospective research subjects.
  • 24.
    A researcher whohas a direct treatment relationship with the patient can engage in conversations related to recruitment without having to obtain Authorizations or Waivers. Research Subject Recruitment cont…
  • 25.
    Revocation of AuthorizationResearch subjects can revoke their Authorization in writing at any time. This is subject to an exception know as the ‘Reliance Exception.’ A subject wishing to revoke the Authorization must be given a form for Revocation of Authorization
  • 26.
    If the subjectdoes not sign and return the form, then the researcher may continue to use the PHI and treat the Authorization as valid. Revocation of Authorization cont…
  • 27.
    Reliance Exception toRevocation The Reliance Exception allows researchers to use and disclose a subject’s PHI that was obtained before the subject’s revocation in the following ways: To account for a subject’s withdrawal from the study To conduct investigations of scientific misconduct To report adverse events As necessary to incorporate the information of a marketing application to FDA
  • 28.
    Research Subject’s RightsAccounting of the following research related disclosures of PHI are required: Disclosures as allowed by a Waiver of Authorization Reviews preparatory to research Research on PHI of decedents Disclosures made as allowed by law
  • 29.
    Research Subject’s Rightscont… The Following Disclosures are NOT required: Disclosures made to the individual subject. Disclosures authorized by the subject (i.e., the research subject has signed an Authorization for this use/disclosure of PHI). De-identified data and limited data sets.
  • 30.
    Summary Yes NoDecedents No No Record Review (No Identifiers) Yes Exempt No Record Review (Identifiers) Yes (2) Preexisting and Research Yes Clinical Research HIPAA IRB
  • 31.
    Sanctions for Non-ComplianceSignificant penalties may be imposed against WVSOM, Affiliate Hospitals, and individual researchers. Civil Penalties: Based on patient complaints: $100 per violation with $25,000 maximum per year
  • 32.
    Criminal Penalties: Knowingly wrongful disclosures: fines up to $50,000 and/or up to 1 year in prison Under false pretenses: fines up to $100,000 and/or up to 5 years in prison With intent to sell: fines up to $250,000 and/or up to 10 years in prison
  • 33.
    Summary: Researcher ResponsibilitiesPreparing an extensive confidentiality plan Who will have access to the data? How long will access be needed? Will third party payers or other administrators need to have access? Time to gain approval from an additional committee Alternatives
  • 34.
    Summary: IRB ResponsibilitiesHave appropriate expertise in privacy and confidentiality concerns. Ensure that consent forms contain appropriate authorization requirements if applicable.
  • 35.
    Understand waiver criteriaand document appropriately. Coordinate with Privacy Board, if applicable. Summary: IRB Responsibilities
  • 36.
    HIPAA &IRB ATWVSOM David Brown, Ph.D. Chair of the IRB [email_address] Brentz Thompson HIPAA Compliance Officer [email_address]
  • 37.
    You must demonstrateboth IRB and HIPAA Compliance by Passing the Following Courses and Quizzes: IRB: http://cme.nci.nih.gov/ HIPAA: http://www.wvu.edu/~rc/irb/hipwebct.htm
  • 38.
    QUESTIONS!? Prepared By:Jason S. Wrench, Ed. D. Medical Education Specialist West Virginia School of Osteopathic Medicine