Does HIPAA apply to clinical research?

Does HIPAA apply to clinical research?

Clinical trials are permitted by the HIPAA Privacy Rule, however, under most circumstances, researchers need both written authorization and an informed consent form from patients before commencing HIPAA clinical trials.

What is considered PHI in clinical research?

PHI includes demographic identifiers used in medical records, biological specimens, data sets, as well as direct identifiers of the research subjects in clinical trials. PHI also includes biometric information such as facial images, fingerprints, voiceprints, and genetic information.

What is HIPAA minimum necessary standard?

Under the HIPAA minimum necessary standard, covered entities must make reasonable efforts to ensure that access to protected health information (PHI) is limited, per the HIPAA Privacy Rule, to the minimum amount of information necessary to fulfill or satisfy the intended purpose of a particular disclosure, request, or …

What kinds of research are covered by HIPAA?

HIPAA affects only that research which uses, creates, or discloses Protected Health Information (PHI). In general, there are two ways a research study would involve PHI: The study involves review of medical records as one (or the only) source of research information. Retrospective studies involve PHI in this way.

Do researchers have to follow the HIPAA privacy rule when managing data for a research project?

A: Yes. The Privacy Rule permits a covered entity to include an individual’s PHI in a clinical research recruitment database and permit researchers access to the recruitment database, provided the individual has given permission through a written Authorization.

What type of information is not covered by HIPAA?

Protected Health Information Definition PHI only relates to information on patients or health plan members. It does not include information contained in educational and employment records, that includes health information maintained by a HIPAA covered entity in its capacity as an employer.

What is considered research under HIPAA?

Research is defined in the Privacy Rule as, “a systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge.” See 45 CFR 164.501.

What is minimum necessary information?

The Minimum Necessary Standard is a requirement that covered entities take all reasonable steps to see to it that protected health information (PHI) is only accessed to the minimum amount necessary to complete the tasks at hand.

What is the need to know rule?

Under need-to-know restrictions, even if one has all the necessary official approvals (such as a security clearance) to access certain information, one would not be given access to such information, or read into a clandestine operation, unless one has a specific need to know; that is, access to the information must be …

Are research studies subject to HIPAA regulations?

Some research studies do not use, create or disclose PHI and are not subject to HIPAA regulations. For example, some studies use individually identifiable health information that includes personal identifiers such as name, date of birth or address.

What is the new guidance on HIPAA and individual authorization?

New Guidance on HIPAA and individual authorization of uses and disclosures of protected health information for research. – PDF This guidance explains certain requirements for an authorization to use or disclose PHI for future research.

What are the requirements for Phi disclosure under HIPAA?

Disclosure of PHI requires a specific authorization under HIPAA except if disclosure is related to the provision of TPO (Treatment Payment Operations) of the entity responsible for the PHI or under a limited set of other circumstances, such as public health purposes.

What does the privacy rule mean for clinical research?

The Privacy Rule adds to these existing obligations. Where a covered entity conducts clinical research involving protected health information (PHI), physician-investigators need to understand the Privacy Rule’s restrictions on the use and disclosure of PHI for research purposes.