LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

Size: px
Start display at page:

Download "LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research"

Transcription

1 LifeBridge Health HIPAA Policy 4 Uses of Protected Health Information for Research This Policy contains the following Sections: I. Policy II. III. IV. Definitions Applicability Procedures A. Individual Authorization B. Waiver of Authorization with IRB Approval C. Other Uses Without Patient Authorization D. Use of De-identified Information E. Limited Data Sets and Data Use Agreements F. Accounting for Disclosures G. Transition H. Access to Databases created for Non-research Purposes I. Compliance V. Forms - Appendix A. HIPAA Authorization Form Instructions B. Request for Waiver of Authorization C. Request for Access to PHI Preparatory to Research D. Request for Access to PHI of Decedents

2 I. POLICY LifeBridge Health protects the confidentiality and privacy of protected health information ( PHI ) used in research by following federal regulations, professional ethics, and Institutional Review Board (IRB) policies and procedures. The Federal Privacy Rules (45 CFR 160 and 164) are intended to build on existing Federal regulations that address research, including the Common Rule and Food and Drug Administration (FDA) regulations. The Privacy Rules allow research participants to have more information about how their health information may be used for research than currently allowed by existing laws. The rules apply to any protected health information (PHI) obtained for research purposes and does not make a distinction between research that involves treatment and research that does not involve treatment. II. DEFINITIONS INSTITUTIONAL REVIEW BOARD (IRB): An oversight board appointed by LifeBridge Health to protect the rights and welfare of human subjects who take part in research and to ensure that all research activities are conducted in compliance with federal regulations and organizational policies. PROTECTED HEALTH INFORMATION: Individually identifiable health information transmitted or maintained in any form or medium, including oral, written, and electronic. Individually identifiable health information relates to an individual s health status or condition, furnishing health services to an individual or paying or administering health care benefits to an individual. Information is considered protected health information where there is a reasonable basis to believe the information can be used to identify an individual. THE COMMON RULE: Code of Federal Regulations for Protection of Human Subjects (45 CFR Part 46 Subpart A). III. APPLICABILITY A. Use and Disclosure of Protected Health Information In order to use or disclose individually identifiable information on subjects or prospective subjects in a research study, all researchers who intend to conduct clinical research at or within LifeBridge Health or a LifeBridge Health entity ( LifeBridge Health ) or request access to protected health information held by LifeBridge Health for research purposes, or who use a LifeBridge Health entity to carry out orders for services or procedures that are required under a research protocol, are required to either: 1. Obtain individual authorization for use or disclosure of such PHI (per the provisions of 45 CFR ), or 2

3 2. Obtain a waiver of authorization granted by the LIFEBRIDGE HEALTH IRB (as provided for in 45 CFR (i)(1)(i)), or 3. Use de-identified information (as per 45 CFR (d) or (a-c)), or 4. Use information from a limited data set under a data use agreement with LifeBridge Health. IV. PROCEDURES A. Individual Authorization 1. Any researcher who proposes to conduct a clinical research study within LifeBridge Health is required to prepare (and to individualize for the particular study) an Individual Authorization Form (see HIPAA Authorization Form Instructions and accompanying forms on LifeBridge Health HIPAA intranet site, under IRB/ Research Materials) for all prospective research subjects to sign. 2. The Individual Authorization form may be used as a stand-alone form (for example, for a records review study), or as a supplement to the standard patient consent form for participation in the study (for example, for a prospective clinical trial). 3. Obtaining the HIPAA research authorizations shall be in addition to obtaining the written informed consent of research subjects using the IRB-approved informed consent document. 4. The researcher is directly responsible for assuring that the appropriate relevant information is provided to the subjects in his/her study. 5. The LifeBridge Health template form is provided to the Principal Investigator (PI) by the IRB for use in assuring HIPAA compliance. The PI is responsible for customizing this template for the individual study and, just as obtaining informed consent for participation in research is a process, so is obtaining individual authorization for the use or disclosure of PHI. The PI is responsible for explaining the content of the PHI use/disclosure authorization form to all prospective research subjects before or at the time of study enrollment. 6. It is the investigator s responsibility to include in the Authorization Form all elements required by the regulations. The LifeBridge Health IRB will, as a courtesy to investigators, review sample Individual Authorization Forms for each new or ongoing research protocols to check that the elements required by the regulations are included. IRB approval is NOT required before Authorization Forms can be used. 7. The Individual Authorization may be inserted into the informed consent document for participation in the research study, at the investigator or sponsor s 3

4 discretion. IRB review and approval IS required prior to use of consent forms containing the Privacy Authorization, as per standard IRB procedures for review of informed consent documents.. 8. If a research subject refuses to sign the Individual Authorization Form for Use or Disclosure of PHI, the individual may not be enrolled in the clinical study. 9 The Individual Authorization form may have an indefinite term, or may expire at termination of the study. 10. The PI must maintain the signed Individual Authorization Form for a period of no less than six years (or longer if required by applicable law or LifeBridge Health policy), and must make a copy available to authorities upon request. B. Waiver of Authorization with IRB Approval 1. In limited circumstances, the LifeBridge Health IRB may grant to the PI a Waiver of Authorization (for example, for a records review study when it is not possible to either obtain individual authorization or to use de-identified information). A PI should submit a Request for Waiver of Authorization form to the LifeBridge Health IRB. For a waiver to be granted, all of the following three criteria must be satisfied: The use or disclosure of the information would pose no more than a minimal risk to the individual s privacy. This requires the PI to provide: o A plan to protect the individuals from improper use or disclosure of the PHI, o A plan to destroy the identifiers at the earliest possible opportunity, and o Written assurance that the PHI will not be reused or disclosed except as required by law, Evidence that the research could not practicably be conducted without the waiver, and Evidence that the research could not practicably be conducted without access to and use of the PHI. 2. The LifeBridge Health IRB approval may be granted through a normal or an expedited review process, and requires the signature of the Chairperson or designee. 3. When a waiver of authorization is granted, the LifeBridge Health IRB will issue a letter describing the specific PHI to be used or disclosed, documenting the date of approval and noting whether an expedited or regular review was performed, and 4

5 documenting that the above criteria were satisfied, signed by the LifeBridge Health IRB Chairperson or designee. 4. The IRB Approval Letter must be presented to the Medical Records Custodian by the investigator or designee prior to beginning any review of the medical records for the study. C. Other Uses Without Patient Authorization LifeBridge Health may use or disclose PHI for research without authorization of the patient in either of the following circumstances: 1. Preparatory to Research: A LifeBridge Health medical records custodian may grant a researcher access to obtain PHI from medical records that is solely to be used for the purpose of planning a research study, or assessing the feasibility of a research study. Examples would include retrospective reviews of medical records for generation of a hypothesis for a prospective research study, or to evaluate whether a large enough sample of patients with a particular condition are seen in an investigator s practice to warrant a prospective study. A letter (See form Request for Access to PHI Preparatory to Research ) must be submitted to the respective medical records custodian prior to embarking upon activities that are preparatory to research. The letter must include the following elements: a. The purpose of the proposed review of medical records b. The specific PHI that are necessary to be used in performing the records review (i.e. patient names, address or zip code, age, gender, diagnosis, results of diagnostic tests or physical exams, etc.), and c. Each of the following attestations: 1. No PHI shall be recorded for the purpose of research during this preparatory review; 2. No PHI shall be removed from the provider entity (medical records department) 3. The PHI for which access is sought is necessary for the research purpose, (i.e. the research preparation cannot be performed without use of the PHI), and 4. The PHI being reviewed shall be limited to the minimum necessary for the research preparations (i.e. if phone numbers and SSN are not necessary for the research preparations, that information should not be used). 2. Research on Decedents. A LifeBridge Health medical records custodian may grant a researcher access to obtain PHI from medical records that is solely to be used 5

6 for the purpose of research on the protected health information of decedents. A letter (See form Request for Access to PHI of Decedents ) must be submitted to the respective medical records custodian prior to the review of any medical records for the research. The letter must include the following elements: a Representation that the use or disclosure sought is solely for research on the protected health information of decedents; b. Documentation, if requested, of the death of such individuals; and, c. Representation that the protected health information is necessary for the research purposes. D. Use of De-identified Information 1. For research studies that involve only the collection and analysis of existing PHI held by a LifeBridge Health entity (e.g. retrospective medical records review only), a PI may access such information for research purposes without either the authorization of the patient or a waiver from the IRB if the PHI has been de-identified by the medical records custodian prior to use by the investigator. 2. De-identification (in accord with 45 CFR (d) and (a-c) of the Privacy Rule) means that the research subjects cannot be identified (by the researcher or others) directly or indirectly through identifiers linked to the subjects. a. Identifiers that must be removed include: Names; Address, including street address, city, county, zip code; Names of relatives and employers; All element of dates (except year), including date of birth, admission date, discharge date, date of death; and all ages over 89 and all elements of dates including year indicative of such age except that such ages and elements may be aggregated into a single category of age 90 or older; Telephone numbers; Fax numbers; addresses; Social Security Number (SSN); Medical record number; Health beneficiary plan number; Account numbers; Certificate/License Number; Vehicle identifiers, including license plate numbers; Medical device ID and serial number; 6

7 Uniform Resource Locator (URL); Identifier Protocol (IP) addresses; Biometric identifiers (such as fingerprints, retinal scans, etc.); Full face photographic images and other comparable images; Any other unique identifying number characteristic or code. 3. The respective LifeBridge Health medical records custodian shall be responsible for de-identifying PHI, subject to LifeBridge health policies, prior to providing such information to the PI. 4. Use of de-identified information by the PI is not subject to the Privacy Regulations and does not require the approval of the IRB. E. Limited Data Sets and Data Use Agreements LifeBridge Health may use a limited data set of patient health information and enter into a data use agreement with recipients of the limited data set to protect the confidentiality of the individual and to allow LifeBridge Health to use or disclose such information for research, public health, or health care operations without the individual s authorization. Any disclosure or request for a limited data set must adhere to the minimum necessary requirements of the federal privacy regulations. A limited data set may include the following identifiable information: Admission, discharge and service dates; of death; Age (including age 90 or over); Five digit zip code or any other geographic subdivision such as state, county, city, precinct, and their equivalent geocodes; or, of birth. A limited data set must exclude: Names; Postal address information, other than town or city, state and zip code; Telephone numbers; Fax numbers; Electronic mail addresses; Social Security numbers; Medical record numbers; Health plan beneficiary numbers; Account numbers; Certificate/license numbers; Vehicle identifiers and serial numbers, including license plate numbers; Medical device identifiers and serial numbers; 7

8 Web Universal Resource Locators (URLs); Internet Protocol (IP) address numbers; Biometric identifiers, including finger and voice prints; and, Full face photographic images and any comparable images. LifeBridge Health may use or disclose a limited data set only if it obtains satisfactory assurance, in the form of a data use agreement, that the limited data set recipient will only use or disclose the PHI for limited purposes. Those researchers wishing to enter a data use agreement with LifeBridge Health should contact the LifeBridge Health HIPAA Privacy Officer ( ). The data use agreement will: 1. Establish the permitted uses and disclosures of the information, which may include only research, public health, health care operations, or as otherwise required by law, and does not authorize the limited data set recipient to further disclose the information in a manner that would violate the federal privacy regulations if performed by LifeBridge Health; 2. Provide that the limited data set recipient will: a. Not use or further disclose the information other than as permitted by the data use agreement or as otherwise required by law; b. Use appropriate safeguards to prevent use of disclosure of the information other than as provided for by the data use agreement; c. Report to LifeBridge Health any use or disclosure of the information not provided for by its data agreement of which it becomes aware; d. Request the minimum amount of information necessary to fulfill the requirement of the request; e. Ensure that any agents, including a subcontractor, to whom it provides the limited data set agrees to the same restrictions and conditions that apply to the limited data set recipient with respect to such information; and, f. Not identify the information or contact the individuals. F. Accounting for Disclosures When LifeBridge Health releases PHI for research purposes, each patient whose PHI is released has the right to request and receive from LifeBridge Health an accounting of the disclosures made. Such an accounting must include all research-related disclosures, 8

9 except those instances when the patient authorized the release or the information was provided was either de-identified or in a limited data set. Each LifeBridge Health medical record custodian is responsible for tracking such disclosures on the LifeBridge Health Accounting for Disclosures of PHI form, and for providing the accountings when requested by patients. If research involves more than 50 patients. If, during the period covered by the accounting, LifeBridge Health has made disclosures of PHI for a particular research purpose for 50 or more individuals, the Privacy Rules provide for a simplified accounting. Contact the LifeBridge HIPAA Privacy officer to discuss this further. G. Transition All research that begins after the compliance date, April 14, 2003, is required to obtain Individual Authorization for the Use or Disclosure of PHI from all participants, or to follow one of the other procedures described in this policy, as applicable. Research studies started prior to the compliance date are able to continue after the compliance date, but the investigator is required to obtain Individual Authorization for the Use or Disclosure of PHI from all participants enrolled after April 14, without obtaining additional consent. Specifically, LifeBridge Health may use or disclose protected health information for research that is created or received either before or after the compliance date for the Privacy Rules (April 14, 2003), provided that there is no agreed-to restriction, and the PI obtained, prior to the compliance date, from each participant either: 1. An authorization or other express legal permission from an individual to use or disclose protected health information for the research; 2. The informed consent of the individual to participate in the research; or, 3. An IRB waiver of informed consent for the research in accordance with the Common Rule. H. Access to Databases created for Non-research Purposes LifeBridge health recognizes that there are databases containing PHI that reside on personal computers and servers in the various locations in which PIs and other researchers work and see patients. These database files serve a variety of purposes including pure research, pure treatment, or a mixture of both. Databases that are exclusively used for patient treatment are not covered by the HIPAA regulations that relate to research and/or IRB compliance. The PHI in these databases shall not be used for research purposes unless the use is compliant with all of the HIPAA and IRB requirements as previously stated in this policy. 9

10 I. Compliance If LifeBridge Health knows of a pattern of activity or practice of PI or other researcher that constitutes a material breach or violation of these policies or of the Privacy Rules under HIPAA, LifeBridge Health must take reasonable steps to cure the breach or end the violation, as applicable, and, if such steps are unsuccessful: 1. Discontinue disclosure of protected health information to the recipient; and, 2. Report the problem to LifeBridge Health s Privacy Officer, who will determine if such offense should be reported to the Secretary of the Department of Health and Human Services. 10

11 Instructions for Individual Authorization Form for Use or Disclosure of Protected Health Information (PHI) for Research Purposes Instructions to Investigators and staff: To use or disclose protected health information with authorization by the research participant, the investigator must obtain an authorization that satisfies the requirements of 45 CFR (c)(2). The Privacy Rule includes a general set of authorization requirements that apply to all uses and disclosures, including those for research purposes. Those are listed below. The Authorization may be used as a stand-alone document, or may be inserted into the standard informed consent document for the study. Three templates are provided for your use, as follows: Template for Investigator Sponsored Research: Individual Authorization Form for Use or Disclosure of PHI Template for Outside Sponsored Research: Individual Authorization Form for Use or Disclosure of PHI Authorization Section for Use in Standard Informed Consent Document for Research Studies The LBH IRB must review PHI Authorization sections of standard patient consent forms and approve the changes before use of the revised form can be implemented. Submission of Individual Authorization forms is requested by the IRB, but is not required for Authorization Forms prior to use. Individual Authorization forms will be reviewed by the IRB to insure that all required elements are satisfactorily included.. Instructions on the forms appear in italics, and areas to be completed are highlighted. Electronic copies can be obtained from Patty Lohinski at plohinsk@lifebridgehealth.org. Please remove highlighting and complete the information requested in the blanks as applicable to the study. Required Elements for Individual Authorization and Consent Forms All Individual Authorizations and Consent Form sections for Use or Disclosure of Protected Health Information must include all of the following elements: 1 A description of the personal health information to be collected in the study that is to be used or disclosed. 2 Identification of the individual(s) or organizations involved in the study or in activities related to the study who are authorized to use or disclose the information.

12 3 Identification of individuals organizations involved in the study or in activities related to the study who may receive the information. 4 Description of each purpose of the requested use or disclosure. 5 Signature of the individual and date, or signature of an authorized personal representative. When a personal representative is to sign, a description of the representative s authorization must be attached. 6 Notice to the individual that authorization to use PHI may be revoked or withdrawn at any time by a request made in writing. 7 The potential for information disclosed pursuant to this authorization to be subject to redisclosure by the recipients and no longer may be protected by the Federal Privacy Act. 8 The authorization must be written in plain language. The following two special provisions also apply to research authorizations, as distinct from authorizations for other purposes: 9 Unlike other authorizations, an authorization for a research purpose may state that the authorization does not expire, that there is no expiration date or event, or that the authorization continues until the end of the research study; and 10 An authorization for the use or disclosure of protected health information for research may be combined with a consent to participate in the research, or with any other legal permission related to the research study.

13 Application for Waiver of Individual Authorization for Use or Disclosure of Protected Health Information (PHI) in a Research Study Please complete and submit this form to the IRB office with a summary of your research proposal at least 2 weeks in advance of the date the research is to begin. You may not initiate the research until you receive a signed IRB approval of the waiver request. Study Title and Number: Principal LBH Investigator: Sub-Investigators: Outside Sponsor or Funding Source (if any): Purpose for Which Waiver is Requested: (i.e. screening by study nurse, or records review by PI) of Application: Please include in the research summary: the type and design of the study, the number of subjects to be enrolled or records to be reviewed, the number of sites, list the objectives or endpoints, all methods or procedures to be used, and list all data to be collected in the study. Please document all of the following (remove and replace highlighted text prior to completion): 1. The proposed uses and disclosures of information involve no more than minimal risk to the individual s privacy, based on the following: An adequate plan to protect the individual from improper use and disclosure of PHI; Insert here what methods will be used to safeguard the PHI from unauthorized access or improper use or disclosure. (Files kept under lock/key or in a restricted area, limited access to investigators/study personnel; personnel trained in Privacy practices). An adequate plan to destroy the identifiers at the earliest opportunity consistent with conduct of the research, unless there is a health or research justification for retaining the identifiers or retention is otherwise required by law; Insert here how and when all patient identifiers will be destroyed or cite the applicable justification for retention. (Such as removal of identifiers at end of data collection phase or end of study.)

14 Insert here I certify that the PHI will not be reused or disclosed to any other person or entity, except as required by law, for authorized oversight of the research study, or for other research for which the use or disclosure of PHI would be permitted and cite the applicable provision, if any. 2. The research could not practicably be conducted without the waiver Insert an explanation of why it is not practicable to obtain individual authorization or to use deidentified information or a limited data set for this research. 3. The research could not practicably be conducted without access to and use of the PHI. Insert an explanation of why access to PHI is necessary for this research. 4. Insert here I acknowledge that it is my duty under Maryland State law not to redisclose patient-identifying PHI that is obtained for research without individual consent, and that such PHI will be used only for purposes of research and will be subject to all other applicable requirements of the IRB. PI Signature Attending Signature (if different from PI) Chief of Service Signature

15 Request for Use or Disclosure of Protected Health Information (PHI) Preparatory to Research Please complete and submit this form to the LifeBridge Health medical records custodian in those cases where you are requesting access to PHI solely for purposes preparatory to research, pursuant to 45 CFR (I)(1)(ii). This form must be filed with the medical records custodian prior to any PHI being made available to you. Study Title and Number (if known): Principal Investigator: Sub-Investigators: Outside Sponsor or Funding Source (if any): Purpose for Which Access is Requested: (i.e. screening by study nurse, or records review by PI) of Application: Description of Records/ PHI requested: I hereby certify and attest to the following: No PHI shall be recorded for the purpose of research during this preparatory review No PHI shall be removed from the LifeBridge Health entity (medical records department or other physical location of the PHI) The PHI for which access is sought is necessary for the research purpose, (i.e. the research preparation cannot be performed without use of the PHI), and The PHI being reviewed shall be limited to the minimum necessary for the research preparations (i.e. if phone numbers and SSN are not necessary for the research preparations, that information will not be used). I acknowledge that it is my duty under Maryland State law not to re-disclose patient-identifying PHI that is obtained for research without individual consent, and that such PHI will be used only for purposes of research and will be subject to all other applicable requirements of the IRB. I understand that if the PHI accessed under this certification is to be used for other than preparatory to research, the requirements for individual patient authorization, use of de-identified information, a limited data set, or waiver of authorization will apply, as per the LifeBridge Health HIPAA Policies. PI Signature Attending Signature (if different from PI) Chief of Service Signature

16 Request for Use or Disclosure of Protected Health Information (PHI) of Decedents Please complete and submit this form to the LifeBridge Health medical records custodian in those cases where you are requesting access to PHI solely for research on decedents, pursuant to 45 CFR (I)(1)(iii). This form must be filed with the medical records custodian prior to any PHI being made available to you. Study Title and Number (if known): Principal Investigator: Sub-Investigators: Outside Sponsor or Funding Source (if any): Purpose for Which Access is Requested: (i.e. screening by study nurse, or records review by PI) of Application: Description of Records/ PHI requested: I hereby certify and attest to the following: The PHI requested by me is solely for the research on the PHI of decedents; The PHI being sought is necessary for the research to be conducted, and At the request of LifeBridge Health, I will provide documentation of the death of the individuals about whom information is being sought. I acknowledge that it is my duty under Maryland State law not to re-disclose patient-identifying PHI that is obtained for research without individual consent, and that such PHI will be used only for purposes of research and will be subject to all other applicable requirements of the IRB. PI Signature Attending Signature (if different from PI) Chief of Service Signature

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions. HIPAA PRIVACY RULE & AUTHORIZATION Definitions Breach. The term breach means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy

More information

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996 YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA Health Insurance Portability and Accountability Act of 1996 Handbook Table of Contents I. Introduction What is HIPAA? What is PHI? What is a Covered Entity

More information

The Queen s Medical Center HIPAA Training Packet for Researchers

The Queen s Medical Center HIPAA Training Packet for Researchers The Queen s Medical Center HIPAA Training Packet for Researchers 1 The Queen s Medical Center HIPAA Training Packet for Researchers Table of Contents Overview of HIPAA and Research 3 Penalties for violations

More information

The Impact of The HIPAA Privacy Rule on Research

The Impact of The HIPAA Privacy Rule on Research The Impact of The HIPAA Privacy Rule on Research This is simplification? Upstate Medical University WHAT HASN T CHANGED All research involving human subjects must be reviewed and approved by the IRB. The

More information

HIPAA Privacy Regulations Governing Research

HIPAA Privacy Regulations Governing Research HIPAA Privacy Regulations Governing Research HIPAA Health Insurance Portability and Accountability Act In a Nutshell The Privacy Regulations govern a provider s use and disclosure of health information

More information

The HIPAA privacy rule and long-term care : a quick guide for researchers

The HIPAA privacy rule and long-term care : a quick guide for researchers Scripps Gerontology Center Scripps Gerontology Center Publications Miami University Year 2005 The HIPAA privacy rule and long-term care : a quick guide for researchers Jane Straker Patricia Faust Miami

More information

HIPAA COMPLIANCE APPLICATION

HIPAA COMPLIANCE APPLICATION 1 HIPAA COMPLIANCE APPLICATION PROJECT TITLE: PRINCIPAL INVESTIGATOR Name (Last, First): Please complete this form if you intend to use/disclose protected health information (PHI) in your research. An

More information

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance New HIPAA Privacy Regulations Governing Research Karen Blackwell, MS Director, HIPAA Compliance kblackwe@kumc.edu 913-588 588-0942 HIPAA Health Insurance Portability and Accountability Act In a Nutshell

More information

DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI)

DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI) PRIVACY 8.0 DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI) Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have

More information

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections Navigating HIPAA Regulations Michelle C. Stickler, DEd Director, Research Subjects Protections mcstickler@vcu.edu 828-0131 Key Definitions Covered Entity: Organization that handles identifiable health

More information

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH Helenemarie Blake, Esq. Chief Privacy Officer, Interim Office of HIPAA & Privacy Security August 2016 SCENARIO You are putting a study together

More information

Privacy Rule Overview

Privacy Rule Overview Privacy Rule Overview Protected Health Information (PHI) is private information that is subject to special treatment under the HIPAA Privacy Regulations. PHI can only be used or disclosed in research if

More information

Use And Disclosure Of Protected Health Information (PHI) For Research

Use And Disclosure Of Protected Health Information (PHI) For Research Current Status: Pending PolicyStat ID: 2558954 Origination: Last Approved: Last Revised: Next Review: Owner: Policy Area: References: Applicability: N/A N/A N/A 1 year after approval PAIGE ENGLISH: ASSOCIATE

More information

System-wide Policy: Use and Disclosure of Protected Health Information for Research

System-wide Policy: Use and Disclosure of Protected Health Information for Research System-wide Policy: Use and Disclosure of Protected Health Information for Research Origination Date: May 2016 Next Review Date: May 2019 Effective Date: May 2016 Reference #: SYS ADMIN-RA-005 Approval

More information

HIPAA & Research Overview for the Privacy Board March 22, UAMS HIPAA Office Vera M. Chenault, JD

HIPAA & Research Overview for the Privacy Board March 22, UAMS HIPAA Office Vera M. Chenault, JD HIPAA & Research Overview for the Privacy Board March 22, 2011 UAMS HIPAA Office Vera M. Chenault, JD The Privacy Board - YOU HIPAA Privacy Rule establishes the requirements for membership and role of

More information

HIPAA Policies and Procedures Manual

HIPAA Policies and Procedures Manual UNIVERSITY of NORTH CAROLINA at CHAPEL HILL SCHOOL of NURSING HIPAA Policies and Procedures Manual November 2015 1 Table of Contents I. INTRODUCTION... 3 A. GENERAL POLICY... 3 B. SCOPE... 3 II. DEFINITIONS...

More information

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION FORM W/H-01 APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION Research for which this form is appropriate generally involves only existing patient records or specimens.

More information

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative

More information

Module: Research and HIPAA Privacy Protections ( )

Module: Research and HIPAA Privacy Protections ( ) Module: Research and HIPAA Privacy Protections (7-18-11) HIPAA's protections focus on individually identifiable health information HIPAA defines identifiable health information as (1) any form or medium"

More information

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix IRB 101 Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix Contents Brief discussion of regulations IRB Structure Levels of Approval Informed Consent HIPAA/HITECH

More information

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10 Page 1 of 10 TITLE: HIPAA COMPLIANCE: PRIVACY AND THE CONDUCT OF RESEARCH POLICY It is the policy of the San Francisco Department of Public Health (DPH) to maintain the privacy of Protected Health Information

More information

The HIPAA Privacy Rule and Research: An Overview

The HIPAA Privacy Rule and Research: An Overview The HIPAA Privacy Rule and Research: An Overview Joy Pritts, JD Research Associate Professor Health Policy Institute Georgetown University jlp@georgetown.edu 1 Topics HIPAA Background Overview of Privacy

More information

New Study Submissions to the IRB

New Study Submissions to the IRB New Study Submissions to the IRB Tufts-New England Medical Center Tufts University Health Sciences IRB Education Series 2006 Presentation may only be reused or reprinted with written permission from the

More information

Privacy Board Standard Operating Procedures

Privacy Board Standard Operating Procedures Privacy Board Standard Operating Procedures Page 1 of 12 I. Background The Health Insurance Portability and Accountability Act ( HIPAA ) generally requires specific compliance reviews and documentation

More information

UNIVERSITY OF ILLINOIS HIPAA PRIVACY AND SECURITY DIRECTIVE

UNIVERSITY OF ILLINOIS HIPAA PRIVACY AND SECURITY DIRECTIVE May 19, 2016 UNIVERSITY OF ILLINOIS HIPAA PRIVACY AND SECURITY DIRECTIVE UNIVERSITY OF ILLINOIS HIPAA PRIVACY AND SECURITY DIRECTIVE Table of Contents DIRECTIVE INFORMATION... 4 BACKGROUND... 4 APPLICABILITY...

More information

Access to Patient Information for Research Purposes: Demystifying the Process!

Access to Patient Information for Research Purposes: Demystifying the Process! Access to Patient Information for Research Purposes: Demystifying the Process! Cynthia Nappa Institutional Privacy Administrator State University of New York Upstate Medical University 1 Administrative

More information

HIPAA PRIVACY TRAINING

HIPAA PRIVACY TRAINING HIPAA PRIVACY TRAINING HIPAA Privacy Training Objective Present a general overview of HIPAA and define important terms Understand the purpose of HIPAA and the Privacy Rule Understand the term Protected

More information

Saint Joseph Mercy Health System Institutional Review Board

Saint Joseph Mercy Health System Institutional Review Board Saint Joseph Mercy Health System Institutional Review Board NEW PROJECT APPLICATION At Saint Joseph Mercy Health System, which includes Ann Arbor, Livingston, Saline, St. Mary s Livonia, Chelsea and Port

More information

Pennsylvania Hospital & Surgery Center ADMINISTRATIVE POLICY MANUAL

Pennsylvania Hospital & Surgery Center ADMINISTRATIVE POLICY MANUAL Page 1 Issued: POLICY: Committee Approval: HIPAA Administrative Policy Review Committee: April 2003 April 2005 April 2006 April 2007 April 2008 Attachment(s): For purposes of this policy, Pennsylvania

More information

WHAT IS AN IRB? WHAT IS AN IRB? 3/25/2015. Presentation Outline

WHAT IS AN IRB? WHAT IS AN IRB? 3/25/2015. Presentation Outline Education &Training WHAT IS AN IRB? Introduction to the UofL Institutional Review Boards & Human Subjects Protection Program IRB Review Process Post Approval Monitoring March 2015 1 Presentation Outline

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT INSTRUCTIONS Read through this presentation. Submit completed post test to the Portage County MRC Coordinator. Estimated completion time: 1 hour Learning

More information

CLINICIAN S GUIDE TO HIPAA PRIVACY

CLINICIAN S GUIDE TO HIPAA PRIVACY CLINICIAN S GUIDE TO HIPAA PRIVACY Introduction... 2 What is HIPAA?... 2 Health Information Privacy... 2 Protected Health Information... 3 Identifiers... 3 HIPAA s Impact on Clinical Practice, Treatment,

More information

REQUEST TO ACCESS EXISTING MEDICAL RECORDS, CHARTS OR DATABASES FOR RESEARCH

REQUEST TO ACCESS EXISTING MEDICAL RECORDS, CHARTS OR DATABASES FOR RESEARCH Steering Committee approved 10/17/11 1. POLICY The Aurora IRB, acting as the HIPAA Privacy Board, is required to review any request for access to medical records, charts or databases maintained by any

More information

Roles & Responsibilities of Investigator & IRB

Roles & Responsibilities of Investigator & IRB Roles & Responsibilities of Investigator & IRB Jaranit Kaewkungwal Mahidol University Regulatory & Guidelines Regulatory & Guidelines GCP & Computer / Database Management Systems International Conference

More information

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW I. Policy: Policy Number: [Enter] Effective Date: [Enter] A. Purpose This policy establishes consent requirements for the disclosure of health

More information

Patient-Level Data. February 4, Webinar Series Goals. First Fridays Webinar Series: Medical Education Group (MEG)

Patient-Level Data. February 4, Webinar Series Goals. First Fridays Webinar Series: Medical Education Group (MEG) First Fridays Webinar Series: Medical Education Group (MEG) Patient-Level Data February 4, 2011 Provide Insights into MEG Operations Share Up-To-Date Information Webinar Series Goals Share Best Practices

More information

Geisinger IRB Member Orientation Session 2. Debra L. Henninger, MHS RN CCRC Associate Director, Research Compliance

Geisinger IRB Member Orientation Session 2. Debra L. Henninger, MHS RN CCRC Associate Director, Research Compliance Geisinger IRB Member Orientation Session 2 Debra L. Henninger, MHS RN CCRC Associate Director, Research Compliance 1 How does the IRB make decisions? Guiding Ethical Principles Regulatory Considerations

More information

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information PP-501.00 SOP For Safeguarding Protected Health Information Effective date of version: 01 April 2012 Study Management PP 501.00 STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

More information

Professional Compliance Program Grievance Report

Professional Compliance Program Grievance Report Professional Compliance Program Grievance Report Please complete this form carefully. All material that you wish AAOS to consider must either accompany this form or be sent electronically and identified

More information

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office Privacy and Security Orientation for Visiting Observers DUHS Compliance Office 919-668-2573 compliance@dm.duke.edu Introduction This orientation is to provide new Visiting Observers with the HIPAA Privacy

More information

Recruiting subjects for clinical research outside the academic setting

Recruiting subjects for clinical research outside the academic setting Recruiting subjects for clinical research outside the academic setting Laura A. Siminoff, PhD Professor & Chair Department of Social & Behavioral Health Virginia Commonwealth University Why recruit outside

More information

Commission on Dental Accreditation Guidelines for Filing a Formal Complaint Against an Educational Program

Commission on Dental Accreditation Guidelines for Filing a Formal Complaint Against an Educational Program Commission on Dental Accreditation Guidelines for Filing a Formal Complaint Against an Educational Program The Commission strongly encourages attempts at informal or formal resolution through the program's

More information

TRICARE Management Activity s Human Research Protection Program, Data Sharing Agreement Program, and the TMA Privacy Board

TRICARE Management Activity s Human Research Protection Program, Data Sharing Agreement Program, and the TMA Privacy Board Human Protections Administrators Conference Fort Detrick August 29, 2012 s Human Research Protection Program, Data Sharing Agreement Program, and the TMA Privacy Board Overview (TMA) Privacy and Civil

More information

(Type inside gray boxes, cells will expand) A. EIGHT POINT CRITERIA for IRB Review

(Type inside gray boxes, cells will expand) A. EIGHT POINT CRITERIA for IRB Review Page 1 of 5 IRB Reviewers 8-Point Analysis Form Based on Federal Policy for the Protection of Human Subjects, Criteria for IRB Approval of Research (45 CFR 46.111) Protocol ID #/Title: Date of Review:

More information

Utilizing the NCI CIRB

Utilizing the NCI CIRB Policy P15 Written By: B. Laurel Elder, Ph.D. Created: September 2, 2011 Edited Version P15.1 Utilizing the NCI CIRB PURPOSE - The purpose of this Standard Operating Procedure (SOP) is to outline the procedures

More information

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance

HIPAA. Health Insurance Portability and Accountability Act. Presented by the UMMC Office of Integrity and Compliance HIPAA Health Insurance Portability and Accountability Act Presented by the UMMC Office of Integrity and Compliance Rules and Regulations to ensure Privacy Set Federally recognized standards to ensure both

More information

COMMISSION ON DENTAL ACCREDITATION REPORTING PROGRAM CHANGES IN ACCREDITED PROGRAMS

COMMISSION ON DENTAL ACCREDITATION REPORTING PROGRAM CHANGES IN ACCREDITED PROGRAMS COMMISSION ON DENTAL ACCREDITATION REPORTING PROGRAM CHANGES IN ACCREDITED PROGRAMS The Commission on Dental Accreditation recognizes that education and accreditation are dynamic, not static, processes.

More information

Patient Privacy Requirements Beyond HIPAA

Patient Privacy Requirements Beyond HIPAA Patient Privacy Requirements Beyond HIPAA Jane Hyatt Thorpe, J.D. School of Public Health and Health Services George Washington University Carrie Bill, J.D. Feldesman Tucker Leifer Fidell LLP The George

More information

Compliance Policy C-FMS Clinical Research Project Approval Application

Compliance Policy C-FMS Clinical Research Project Approval Application Internal Use Only: Business Unit: Fresenius Medical Services Region: RVP: Area Manager: Facility # Compliance Policy C-FMS-009.2 of Investigator or Study Coordinator completes the following: Facility Name

More information

Advanced HIPAA Communications and University Relations

Advanced HIPAA Communications and University Relations Advanced HIPAA Communications and University Relations accepts no liability of any use reliance placed on it, as it is warranty, express, or implied, or completeness of 1 the HIPAA Health Insurance Portability

More information

PRIVACY IMPACT ASSESSMENT (PIA) For the. Department of Defense Consolidated Cancer Registry (CCR) System. Defense Health Agency (DHA)

PRIVACY IMPACT ASSESSMENT (PIA) For the. Department of Defense Consolidated Cancer Registry (CCR) System. Defense Health Agency (DHA) PRIVACY IMPACT ASSESSMENT (PIA) For the Department of Defense Consolidated Cancer Registry (CCR) System Defense Health Agency (DHA) SECTION 1: IS A PIA REQUIRED? a. Will this Department of Defense (DoD)

More information

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook

Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook HIPAA and Social Media and other PHI Safeguards Presented by the UAMS HIPAA Office August 2013 Anita B. Westbrook Social Networking Let s Talk Facebook More than 750 million users Average user has 130

More information

Implementing the Revised Common Rule Exemptions with Limited IRB Review

Implementing the Revised Common Rule Exemptions with Limited IRB Review Implementing the Revised Common Rule Exemptions with Limited IRB Review Introduction: Four of the exempt categories in the revised Common Rule include a provision for limited IRB review. This resource

More information

FAFSA Completion Initiative Participation Agreement

FAFSA Completion Initiative Participation Agreement Larry Hogan Governor Boyd K. Rutherford Lt. Governor Anwer Hasan Chairperson James D. Fielder, Jr., Ph. D. Secretary FAFSA Completion Initiative Participation Agreement This FAFSA Completion Initiative

More information

COMMISSION ON DENTAL ACCREDITATION GUIDELINES FOR PREPARING REQUESTS FOR TRANSFER OF SPONSORSHIP

COMMISSION ON DENTAL ACCREDITATION GUIDELINES FOR PREPARING REQUESTS FOR TRANSFER OF SPONSORSHIP COMMISSION ON DENTAL ACCREDITATION GUIDELINES FOR PREPARING REQUESTS FOR TRANSFER OF SPONSORSHIP REQUESTS FOR TRANSFER OF SPONSORSHIP OF ACCREDITED PROGRAMS The sponsorship of an accredited program may

More information

HIPAA Compliancy Group, LLC. 2017

HIPAA   Compliancy Group, LLC. 2017 1 Meet Your Expert Proud Sponsor Visionary Contributor Endorsed Partner Marc Haskelson Compliancy Group, CEO Marc@compliancygroup.com CompTIA Channel Advisory Board Co Chair CompTIA Business Applications

More information

PFF Patient Registry Protocol Version 1.0 date 21 Jan 2016

PFF Patient Registry Protocol Version 1.0 date 21 Jan 2016 PFF Patient Registry Protocol Version 1.0 date 21 Jan 2016 Contents SYNOPSIS...3 Background...4 Significance...4 OBJECTIVES & SPECIFIC AIMS...5 Objective...5 Specific Aims... 5 RESEARCH DESIGN AND METHODS...6

More information

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA?

HIPAA PRIVACY DIRECTIONS. HIPAA Privacy/Security Personal Privacy. What is HIPAA? DIRECTIONS HIPAA Privacy/Security Personal Privacy 1. Read through entire online training presentation 2. Close the presentation and click on Online Trainings on the Intranet home page 3. Click on the

More information

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996 Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,

More information

The SOP applies to all human subject research falling under the purview of the University of Missouri Institutional Review Board.

The SOP applies to all human subject research falling under the purview of the University of Missouri Institutional Review Board. Institutional Review Board.... University of Missouri-Columbia.. Standard Operating Procedure Informed Consent Types and Elements Informed Consent Types and Elements Effective Date: December 12, 2005 Original

More information

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

Student Orientation: HIPAA Health Insurance Portability & Accountability Act _ Student Orientation: HIPAA Health Insurance Portability & Accountability Act HIPAA: National Privacy Law History of HIPAA What was once an ethical responsibility to protect a patient s privacy is now

More information

Guidelines for Requesting an Increase in Enrollment in a Predoctoral Dental Education Program

Guidelines for Requesting an Increase in Enrollment in a Predoctoral Dental Education Program Guidelines for Requesting an Increase in Enrollment in a Predoctoral Dental Education Program TIMING OF REQUESTS AND RESPONSE: Approval of an increase in enrollment in predoctoral dental education programs

More information

HCCA PRIVACY COMPLIANCE FOCUS GROUP

HCCA PRIVACY COMPLIANCE FOCUS GROUP HCCA PRIVACY COMPLIANCE FOCUS GROUP Industry Immersion Session 2005 Annual Institute New Orleans April 2005 1 DISCUSSION LEADERS Betsy Hall Jodi Innocent Marti Arvin April 2005 2 AGENDA 1:45 to 3:15 HIPAA

More information

SCREENING PROCEDURES: WHAT IS COVERED BY A

SCREENING PROCEDURES: WHAT IS COVERED BY A SCREENING PROCEDURES: WHAT IS COVERED BY A PARTIAL HIPAA WAIVER AND WHAT IS NOT? IRB Webinar March 12, 2015 BEFORE WE START Currently there is a lot of discussion at Emory on HIPAA and recruitment practices.

More information

NATIONAL ASSOCIATION FOR STATE CONTROLLED SUBSTANCES AUTHORITIES (NASCSA) MODEL PRESCRIPTION MONITORING PROGRAM (PMP) ACT (2016) COMMENT

NATIONAL ASSOCIATION FOR STATE CONTROLLED SUBSTANCES AUTHORITIES (NASCSA) MODEL PRESCRIPTION MONITORING PROGRAM (PMP) ACT (2016) COMMENT 1 NATIONAL ASSOCIATION FOR STATE CONTROLLED SUBSTANCES AUTHORITIES (NASCSA) MODEL PRESCRIPTION MONITORING PROGRAM (PMP) ACT (2016) SECTION 1. SHORT TITLE. This Act shall be known and may be cited as the

More information

COMMISSION ON DENTAL ACCREDITATION POLICY ON REPORTING AND APPROVAL OF SITES WHERE EDUCATIONAL ACTIVITY OCCURS

COMMISSION ON DENTAL ACCREDITATION POLICY ON REPORTING AND APPROVAL OF SITES WHERE EDUCATIONAL ACTIVITY OCCURS COMMISSION ON DENTAL ACCREDITATION POLICY ON REPORTING AND APPROVAL OF SITES WHERE EDUCATIONAL ACTIVITY OCCURS The Commission on Dental Accreditation recognizes that students/residents may gain educational

More information

Guidelines for Requesting an Increase in Authorized Enrollment in Orthodontics and Dentofacial Orthopedics Residency and Fellowship Programs

Guidelines for Requesting an Increase in Authorized Enrollment in Orthodontics and Dentofacial Orthopedics Residency and Fellowship Programs Guidelines for Requesting an Increase in Authorized Enrollment in Orthodontics and Dentofacial Orthopedics Residency and Fellowship Programs POLICY ON ENROLLMENT INCREASES IN ADVANCED DENTAL SPECIALTY

More information

Technology Standards of Practice

Technology Standards of Practice 2016 Technology Standards of Practice Used with permission from the Association of Social Work Boards (2016) Table of Contents Technology Standards of Practice 2 Definitions 2 Section 1 Practitioner Competence

More information

Signature (Patient or Legal Guardian): Date:

Signature (Patient or Legal Guardian): Date: X-Ray Patient Information: [ ] Male [ ] Female Patient Name: Date of Birth: / / SS#: Mailing Address: City: State: Zip: Phone # s: (Home) (Work) (Cell) Referring Physician: Phone #: /Fax#: Additional Physician:

More information

2018 ABOS Part II Oral Examination

2018 ABOS Part II Oral Examination 2018 ABOS Part II Oral Examination Information Packet: Preparing Your Case List Page 1 of 20 2018 American Board of Orthopaedic Surgery (ABOS) Part II Oral Examination Dear ABOS Part II Oral Candidate:

More information

HIPAA Privacy Training for Non-Clinical Workforce

HIPAA Privacy Training for Non-Clinical Workforce Office of Compliance Programs HIPAA Privacy Training for Non-Clinical Workforce Revised: January 24, 2017 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA)

More information

Release of Medical Records in Ohio OHIMA. Ohio Revised Code (ORC) HIPAA

Release of Medical Records in Ohio OHIMA. Ohio Revised Code (ORC) HIPAA Release of Medical Records in Ohio OHIMA March, 2010 Ann Hubbuch, JD, RHIA Vice President Corporate Compliance Licking Memorial Health Systems Ohio Revised Code (ORC) One part of the puzzle What controls.hipaa

More information

FAQs March 12, 2012 FREQUENTLY ASKED QUESTIONS

FAQs March 12, 2012 FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Table of Contents (Click to follow links) The National Cancer Institute s Central IRB (NCI CIRB)... 2 Standalone HIPAA Authorizations... 3 Retroactive CRADO Waivers... 4 Implementation

More information

Southwest Acupuncture College /PWFNCFS

Southwest Acupuncture College /PWFNCFS Southwest Acupuncture College /PWFNCFS This replaces policies in the catalogue and any other documents to date. Boulder Santa Fe TABLE OF CONTENTS STATEMENT OF PURPOSE... 1 I. RIGHT TO A NOTICE OF PRIVACY

More information

ETHICAL AND REGULATORY CONSIDERATIONS

ETHICAL AND REGULATORY CONSIDERATIONS CONSIDERATIONS Office for Office for Human Research Protections The Office for Office for Human Research Protections (OHRP) is an administrative subdivision within the U.S. Department of Health and Human

More information

An Introduction to the HIPAA Privacy Rule. Prepared for

An Introduction to the HIPAA Privacy Rule. Prepared for An Introduction to the HIPAA Privacy Rule Prepared for January 2005 An Introduction to the HIPAA Privacy Rule Prepared for Covering Kids & Families National Program Office Southern Institute on Children

More information

(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone

(PLEASE PRINT) Sex M F Age Birthdate Single Married Widowed Separated Divorced. Business Address Business Phone Cell Phone (PLEASE PRINT) Emma Warner, MSW, LCSW, ACSW Tulsa, OK 74105 (918) 749-6935 Personal Information Name Address Last Name First Name Initial Home Phone Soc. Sec. # City State Zip Sex M F Age Birthdate Single

More information

ORA Closeout Process for NIH Awards

ORA Closeout Process for NIH Awards Office of Research Administration ORA Closeout Process for NIH Awards ORA CLOSEOUT GUIDELINES ORA is responsible for making sure that necessary closeout documents are submitted to NIH within 90 days of

More information

SAINT AGNES MEDICAL CENTER CLINICAL RESEARCH CENTER Fresno, California. STANDARD OPERATING PROCEDURES Institutional Review Board

SAINT AGNES MEDICAL CENTER CLINICAL RESEARCH CENTER Fresno, California. STANDARD OPERATING PROCEDURES Institutional Review Board SAINT AGNES MEDICAL CENTER CLINICAL RESEARCH CENTER Fresno, California STANDARD OPERATING PROCEDURES Institutional Review Board Date Effective: April 26, 2001 Index No. R 1217 Date Last Revised: 0 Date

More information

HIPAA Privacy & Security Training

HIPAA Privacy & Security Training HIPAA Privacy & Security Training for Nonclinicians Introduction As a Duke Medicine workforce member you may have access to patients and patient information and you have a legal and ethical obligation

More information

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow. Office of Compliance Programs Revised: July 18, 2017 HIPAA Privacy HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all

More information

Changes to the Common Rule

Changes to the Common Rule Changes to the Common Rule November 21, 2017 S Joseph Austin, JD, LL.M Corey Zolondek, PhD, CIP Introduction: NOTE: Relative to the Common Rule changes, this presentation does not address requirements

More information

HIPAA Privacy & Security Training

HIPAA Privacy & Security Training HIPAA Privacy & Security Training for Clinicians Introduction As a clinician at Duke Medicine, you have direct access to patients and patient information and a legal and ethical obligation to protect patient

More information

Memorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL

Memorial Hermann Information Exchange. MHiE POLICIES & PROCEDURES MANUAL Memorial Hermann Information Exchange MHiE POLICIES & PROCEDURES MANUAL TABLE OF CONTENTS 1. Definitions 3 2. Hardware/Software Supported Platform Requirements 4 3. Anti-virus Software Requirement 4 4.

More information

[Enter Organization Logo] USE AND DISCLOSURE OF MENTAL HEALTH RECORDS. Policy Number: [Enter] Effective Date: [Enter]

[Enter Organization Logo] USE AND DISCLOSURE OF MENTAL HEALTH RECORDS. Policy Number: [Enter] Effective Date: [Enter] USE AND DISCLOSURE OF MENTAL HEALTH RECORDS Policy Number: [Enter] Effective Date: [Enter] I. Policy: A. Purpose This policy establishes guidelines to be followed by [Organization] s workforce when using

More information

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA

FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA FEDERAL AND STATE BREACH NOTIFICATION LAWS FOR CALIFORNIA LEGAL CITATION California Civil Code Section 1798.82 California Health and Safety (H&S) Code Section 1280.15 42 U.S.C. Section 17932; 45 C.F.R.

More information

POLICY ON ENROLLMENT INCREASES IN ADVANCED DENTAL SPECIALTY PROGRAMS

POLICY ON ENROLLMENT INCREASES IN ADVANCED DENTAL SPECIALTY PROGRAMS Guidelines for Requesting an Increase in Authorized Enrollment in Oral and Maxillofacial Surgery Residency and Fellowship Programs POLICY ON ENROLLMENT INCREASES IN ADVANCED DENTAL SPECIALTY PROGRAMS A

More information

Exempt & Expedited Reviews. February 2017 IRB Member Training

Exempt & Expedited Reviews. February 2017 IRB Member Training Exempt & Expedited Reviews February 2017 IRB Member Training Introduction Studies that are minimal risk Meet certain criteria ( categories ) Extensive screening by ORA staff Reviewed by a designated member

More information

REQUEST FOR PROPOSALS. For: As needed Plan Check and Building Inspection Services

REQUEST FOR PROPOSALS. For: As needed Plan Check and Building Inspection Services Date: June 15, 2017 REQUEST FOR PROPOSALS For: As needed Plan Check and Building Inspection Services Submit Responses to: Building and Planning Department 1600 Floribunda Avenue Hillsborough, California

More information

Signature Date Date First Effective: Signature Date Revision Date:

Signature Date Date First Effective: Signature Date Revision Date: University of Kentucky Office of Research Integrity and Institutional Review Board Standard Operating Procedures Revision #7 TITLE: NCI CIRB Review Page 1 of 15 C3.0400 Approved By: ORI Director Signature

More information

.. Policy and Procedure Policy name: HIPAA: Privacy Notice Policy Policy number: 180-00-05 Proponent: Director of Quality and Compliance Mind Springs Asset Management, Company: LLC West Springs Hospital,

More information

Research Audits PGR. Effective: 12/04/2013 Reviewed: 12/04/2015. Name of Associated Policy: Palmetto Health Administrative Research Review

Research Audits PGR. Effective: 12/04/2013 Reviewed: 12/04/2015. Name of Associated Policy: Palmetto Health Administrative Research Review Effective: 12/04/2013 Reviewed: 12/04/2015 Name of Associated Policy: Palmetto Health Administrative Research Review Definitions Responsible Positions Equipment Needed Procedure Steps, Guidelines, Rules,

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Cardiac Care Network of Ontario (CCN):

Report of the Information & Privacy Commissioner/Ontario. Review of the Cardiac Care Network of Ontario (CCN): Information and Privacy Commissioner / Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Cardiac Care Network of Ontario (CCN): A Prescribed Person under the Personal Health

More information

Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015

Safeguarding PHI Nutrition Services. UAMS HIPAA Office May 2015 Safeguarding PHI Nutrition Services UAMS HIPAA Office May 2015 HIPAA (not HIPPA) What is HIPAA? The Health Insurance Portability and Accountability Act is a federal law that protects the privacy and security

More information

PATIENT INFORMATION. In Case of Emergency Notification

PATIENT INFORMATION. In Case of Emergency Notification PATIENT INFORMATION Patient Name Date Nickname DOB Age Sex Race/Ethnicity Language(s) spoken at home Person completing form Relation to Patient Patient Address City State Zip Phone # Other Phone Medical

More information

Kansas Department for Aging and Disability Services

Kansas Department for Aging and Disability Services Agency 26 Kansas Department for Aging and Disability Services Editor s Note: Pursuant to Executive Reorganization Order (ERO) No. 41, the Kansas Department on Aging was renamed the Kansas Department for

More information

ENTERPRISE INCOME VERIFICATION (EIV) SECURITY POLICY

ENTERPRISE INCOME VERIFICATION (EIV) SECURITY POLICY ENTERPRISE INCOME VERIFICATION (EIV) SECURITY POLICY Rev. October 2011 EIV Security Policy Acknowledgment Form By signing this form I acknowledge my receipt of the EIV System Security Policy approved by

More information

AAHRPP Accreditation Procedures Approved April 22, Copyright AAHRPP. All rights reserved.

AAHRPP Accreditation Procedures Approved April 22, Copyright AAHRPP. All rights reserved. AAHRPP Accreditation Procedures Approved April 22, 2014 Copyright 2014-2002 AAHRPP. All rights reserved. TABLE OF CONTENTS The AAHRPP Accreditation Program... 3 Reaccreditation Procedures... 4 Accreditable

More information

Office of Human Research Office of Human Research Policy and Procedure Manual. Version: 4/4/18

Office of Human Research Office of Human Research Policy and Procedure Manual. Version: 4/4/18 Version: 4/4/18 Signatures on File for the Approval of Revisions to the Policy and Procedures Table of Contents 100 General Administration (GA)... 5 Policy GA 101: The Authority and Purpose of the Institutional

More information

PART 512 RESEARCH. Subpart B Research. 28 CFR Ch. V ( Edition)

PART 512 RESEARCH. Subpart B Research. 28 CFR Ch. V ( Edition) Pt. 512 Whenever possible, the Warden or designee shall make the determination as to whether an arrest should occur. PART 512 RESEARCH Subpart B Research Sec. 512.10 Purpose and scope. 512.11 Requirements

More information