Privacy Board Standard Operating Procedures

Similar documents
LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

TRICARE Management Activity s Human Research Protection Program, Data Sharing Agreement Program, and the TMA Privacy Board

REQUEST TO ACCESS EXISTING MEDICAL RECORDS, CHARTS OR DATABASES FOR RESEARCH

The Queen s Medical Center HIPAA Training Packet for Researchers

Use And Disclosure Of Protected Health Information (PHI) For Research

System-wide Policy: Use and Disclosure of Protected Health Information for Research

Privacy Rule Overview

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996

HIPAA & Research Overview for the Privacy Board March 22, UAMS HIPAA Office Vera M. Chenault, JD

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.

Module: Research and HIPAA Privacy Protections ( )

INDIANA STATE UNIVERSITY POLICIES AND PROCEDURES FOR THE REVIEW OF RESEARCH INVOLVING HUMAN SUBJECTS

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

The Impact of The HIPAA Privacy Rule on Research

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

HIPAA Policies and Procedures Manual

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections

Genesis Health System. Institutional Review Board. Standard Operating Procedures

NOVA SOUTHEASTERN UNIVERSITY

Compliance Policy C-FMS Clinical Research Project Approval Application

(Type inside gray boxes, cells will expand) A. EIGHT POINT CRITERIA for IRB Review

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

Implementing the Revised Common Rule Exemptions with Limited IRB Review

ETHICAL AND REGULATORY CONSIDERATIONS

HIPAA Privacy Regulations Governing Research

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

HIPAA COMPLIANCE APPLICATION

Record or Document Type Retention Period Relevant Legal Citation(s) IRB Records: Training Records;

The HIPAA Privacy Rule and Research: An Overview

Research Audits PGR. Effective: 12/04/2013 Reviewed: 12/04/2015. Name of Associated Policy: Palmetto Health Administrative Research Review

Office of Academic Grants and Sponsored Research Financial Conflict of Interest Disclosure, Review, and Management Procedures

Washington University Institutional Review Board Policies and Procedures. April 20, 2015

DO I NEED TO SUBMIT FOR THIS?... & OTHER FREQUENTLY ASKED QUESTIONS. March 2015 IRB Forum

System to Track and Approve Research STAR Principal Investigator/Proxy User Guide

Southwest Acupuncture College /PWFNCFS

SAMPLE CARE COORDINATION AGREEMENT

Utilizing the NCI CIRB

The HIPAA privacy rule and long-term care : a quick guide for researchers

1303A West Campus Drive

HIPAA P12 CMS Data Use Agreements & Data Management Plans

always legally required to follow the privacy practices described in this Notice.

SCREENING PROCEDURES: WHAT IS COVERED BY A

XAVIER UNIVERSITY. Financial Conflict of Interest Policy-Federal Grant Proposals

The University Hospital Medical Staff BYLAWS

MINISTRY OF RESOURCES AND DEVELOPMENT PROTECTED AREAS NETWORK REGULATIONS

Institutional Review Board Manual. University of the Incarnate Word

Chapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)

PROCEDURES GOVERNING HUMAN SUBJECTS RESEARCH

Office of Human Research Office of Human Research Policy and Procedure Manual. Version: 4/4/18

Emory University Research Administration Services (RAS) Standard Operating Procedure (SOP)

Section VII Provider Dispute/Appeal Procedures; Member Complaints, Grievances, and Fair Hearings

UT Southwestern Medical Center Human Research Protection Program Policy, Procedure and Guidance Documents

A Better You Counseling Services, LLC 1225 Johnson Ferry Road, Ste 170 Marietta GA

I. Preamble: II. Parties:

Institutional Review Board Application for Exempt Status Determination

University of Colorado Denver Human Research Protection Program Investigator Responsibilities for the Protection of Human Subjects

HIPAA PRIVACY NOTICE

Access to Patient Information for Research Purposes: Demystifying the Process!

Demystifying the IRB

SECNAVINST E ONR Dec 2017 SECNAV INSTRUCTION E. From: Secretary of the Navy. Subj: HUMAN RESEARCH PROTECTION PROGRAM

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

Standard Operating Procedure IRB Review of Research Subject to the Revised Common Rule

MARKEY CANCER CENTER CLINICAL RESEARCH ORGANIZATION STANDARD OPERATING PROCEDURES SOP No.: MCCCRO-D

EXHIBIT A SPECIAL PROVISIONS

SAMPLE MEDICAL STAFF BYLAWS PROVISIONS FOR CREDENTIALING AND CORRECTIVE ACTION

UH Medical Staff Bylaws April Medical Staff BYLAWS. Last Updated: April Page 1 of 72

Recruiting subjects for clinical research outside the academic setting

Bold blue=new language Red strikethrough=deleted language Regular text=existing language Bold Green = new changes following public hearing

ACCREDITATION POLICIES AND PROCEDURES

Request to Use an External IRB as an IRB of Record

CLINICIAN S GUIDE TO HIPAA PRIVACY

DOCTORS HOSPITAL, INC. Medical Staff Bylaws

BRISTOL-MYERS SQUIBB DATA SHARING INDEPENDENT REVIEW COMMITTEE (IRC) CHARTER

Chapter 2: Guiding Principles Chapter 3: Authority and Delegation

General Procedure - Institutional Review Board


Roles & Responsibilities of Investigator & IRB

Northeast Power Coordinating Council, Inc. Regional Standards Process Manual (RSPM)

REQUEST FOR PROPOSALS. For: As needed Plan Check and Building Inspection Services

Patient Section. Patient Name: (Last) (First) (MI) Address: City: State: Zip: Date of Birth: / / Month Day Year Home Phone: ( ) - Cell Phone: ( ) -

Part 1: Employment Restrictions After Leaving DoD: Personal Lifetime Ban

SAN JOSÉ STATE UNIVERSITY ONE WASHINGTON SQUARE SAN JOSÉ, CA 95192

Authorization and Waiver Frequently Asked Questions

Page 1 of 5 ADMINISTRATIVE POLICY AND PROCEDURE

21 PUBLICATIONS POLICY RESPONSIBILITIES Timelines... 3 The SDMC will release specific timelines for each major conference...

Northeast Power Coordinating Council, Inc. Regional Standard Processes Manual (RSPM)

PROMPTLY REPORTABLE EVENTS

NOTICE OF PRIVACY PRACTICES

Arizona Department of Education

IRBNet Instructions for Investigators

AAHRPP Accreditation Procedures Approved April 22, Copyright AAHRPP. All rights reserved.

REQUEST FOR PROPOSALS (RFP) TRIENNIAL PERFORMANCE AUDIT FOR THE MADERA COUNTY TRANSPORTATION COMMISSION

21 PUBLICATIONS POLICY RESPONSIBILITIES DEFINITIONS Tier 1 Priorities Tier 2 Priorities

HIPAA PRIVACY RULE: LIMITING USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION TO THE MINIMUM NECESSARY

Notice of Privacy Practices for Protected Health Information (PHI)

COMPLIANCE PLAN PRACTICE NAME

External Research Application Resource Guide

INSTITUTIONAL REVIEW BOARD For Human Subjects Research POLICIES AND PROCEDURES AND GUIDELINES FOR INVESTIGATORS

Balance Fitness and Nutrition

Parental Consent For Minors to Receive Services

Transcription:

Privacy Board Standard Operating Procedures Page 1 of 12

I. Background The Health Insurance Portability and Accountability Act ( HIPAA ) generally requires specific compliance reviews and documentation by a Privacy Board in accordance with the HIPAA regulations when protected health information ( PHI ) managed by a University of Colorado Colorado Springs ( UCCS ) covered entity ( CE ) is used and/or disclosed for research purposes. The UCCS Privacy Board is critical for UCCS s compliance with the HIPAA Privacy Rule (45 CFR 160 & 164). Submissions to the UCCS Privacy Board are processed through expedited HIPAA Privacy Rule review procedures. Expedited review is permitted for research projects that are determined to involve no more than minimal risk to the privacy of the individuals who are the subject of the PHI for which use or disclosure is sought. A submission undergoes expedited review by the Chair or by a designated member of the UCCS Privacy Board, hereinafter referred to as Board Member. II. Definitions A. Altered HIPPA Authorization A HIPAA Authorization, also known as an Authorization, in which some required elements are modified or removed and the UCCS Privacy Board determines that specific criteria within the HIPAA Privacy Rule have been met. For example, an alteration of the Authorization might be requested to remove the element that describes each purpose of the requested use or disclosure where the identification of the specific research project would affect the results of the project. B. Application for a Waiver of Authorization or an Altered Authorization A template used to apply for review by the UCCS Privacy Board for a waiver of Authorization(s) or an altered Authorization. The answers provided in the application assist the UCCS Privacy Board in determining if a full or partial waiver or an altered Authorization is appropriate under the HIPAA Privacy Rule for the particular research study. C. Authorization An Authorization is an individual's signed permission to use or disclose the individual's PHI that is described in the Authorization for the purpose(s) and to the recipient(s) stated in the Authorization. In order to be valid, an Authorization must contain all of the required elements and core statements outlined in the HIPAA Privacy Rule at 45 CFR 164.508(c). The signed Authorization must be retained for at least 6 years as per the privacy rule. Page 2 of 12

D. Data Use Agreement (DUA) A data use agreement entered into by both the covered entity and the researcher, pursuant to which the covered entity may disclose a limited data set to the researcher for research, public health, or health care operations. See 45 CFR 164.514(e). A limited data set excludes specified direct identifiers of the individual or of relatives, employers, or household members of the individual. The data use agreement must: 1. Establish the permitted uses and disclosures of the limited data set by the recipient, consistent with the purposes of the research, and which may not include any use or disclosure that would violate the Rule if done by the covered entity; 2. Limit who can use or receive the data; and 3. Require the recipient to agree to the following: a. Not to use or disclose the information other than as permitted by the data use agreement or as otherwise required by law; b. Use appropriate safeguards to prevent the use or disclosure of the information other than as provided for in the data use agreement; c. Report to the covered entity any use or disclosure of the information not provided for by the data use agreement of which the recipient becomes aware; d. Ensure that any agents, including a subcontractor, to whom the recipient provides the limited data set agree to the same restrictions and conditions that apply to the recipient with respect to the limited data set; and e. Not to identify the information or contact the individual. E. Waiver of Authorization A waiver granted by an IRB or UCCS Privacy Board when certain criteria, set forth in the HIPAA Privacy Rule at 45 CFR 164.512(i)(2), are met. Either of the following two types of waivers may be approved: 1. Full Waiver: Enables a research project to obtain PHI about research participants without obtaining signed Authorizations from research participants at any point during the project. 2. Partial Waiver: Enables a research project to obtain PHI about research participants without obtaining signed Authorizations from the participants for part of the research project, but not the entire research project. Examples of when Partial Waivers are appropriate include when PHI is necessary for recruitment/screening of potential research participants, after which PHI is no longer necessary or until a point at which Authorizations can be obtained from all research participants. Page 3 of 12

F. Internal Review Checklist A template used by the UCCS Privacy Board to ensure uniform, consistent, and thorough reviews of a completed Application for a Waiver of Authorization or an Altered Authorization in determining compliance with the HIPAA Privacy Rule. G. Principal Investigator (PI) Certification A template used by the UCCS Privacy Board that must be signed by the PI upon approval of a Research Authorization Review and blank Authorization(s) for a research study. Among other requirements, the certification ensures that the PI will maintain, electronically and/or in hard copy, the signed Authorization for each research participant whose PHI is used or disclosed in the project and will provide any and/or all of the signed Authorizations to UCCS immediately upon request. H. Required Representations for Research on Decedent s Information A template used by the UCCS Privacy Board when the researcher intends to conduct research that is solely on the PHI of decedents. The PI must initial and sign this template to document compliance with the representations required by the HIPAA Privacy Rule at 45 CFR 164.512(i)(1)(iii). I. Required Representations for Review Preparatory to Research A template used by the UCCS Privacy Board when the researcher intends to conduct a review of PHI to prepare for a research protocol or for similar purposes preparatory to research (e.g., where PHI is needed to determine whether the proposed research project is feasible or to design the research study) and agrees not to remove the PHI from UCCS in the course of the review. The PI must initial and sign this template to document compliance with the representations required by the HIPAA Privacy Rule at 45 CFR 164.512(i)(1)(ii). J. Research Authorization Review A template used by the UCCS Privacy Board when the researcher has the ability to obtain written and signed Authorizations from all research participants to comply with the HIPAA Privacy Rule. The PI must submit a copy of the blank Authorization(s) to be used in the project and the completed Research Authorization Review template. The UCCS Privacy Board will conduct a review to determine that all core elements and required statements are provided in the blank Authorization(s) as required by the HIPAA Privacy Rule at 45 CFR 164.508(c). III. Roles and Responsibilities A. UCCS Privacy Board Page 4 of 12

The UCCS Privacy Board reviews research-related data requests to use and/or disclose PHI of individual research participants that is managed by UCCS for compliance with the HIPAA Privacy Rule. The UCCS Privacy Board is not an IRB and is not authorized to review and/or approve human subject s research regulated under the Federal Policy for the Protection of Human Subjects (45 CFR 46), also known as the Common Rule. Board Members have been selected based on their demonstrated knowledge and understanding of research, the HIPAA Privacy Rule. As required by the HIPAA Privacy Rule the UCCS Privacy Board: Has members with varying backgrounds and appropriate professional competency as necessary to review the effect of the research protocol on the individual s privacy rights and related interests; Includes at least one member who is not affiliated with UCCS, not affiliated with any entity conducting or sponsoring the research, and not related to any person who is affiliated with any such entities; and Does not have any member participating in a review of any project in which the member has a conflict of interest. 1. Board Members responsibilities include a. Taking required training. b. Attending UCCS Privacy Board meetings on an ad hoc basis; c. Conducting reviews of completed Applications for a Waiver of Authorization or an Altered Authorization; d. Collaborating on the HIPAA Privacy Rule, and research-related issues of interest to the UCCS Privacy Board; and e. Recusing themselves from UCCS Privacy Board reviews where they have or may appear to have a conflict of interest. 2. Training of Privacy Board Members Collaborative Institutional Training Initiative ( CITI ) training program offers computer-based training for board members. CITI training is self-directed instructional course that gives an overview of the HIPAA Privacy Rule. For complete instructions on how to access the CITI site and login please visit the Office of Sponsored Programs and Research Integrity http://www.uccs.edu/osp/research-compliance/research-involving-humansubject-irb.html under the Training section. Before becoming a voting member, a new member will: a. Complete the above-mentioned tutorial within a three-month period. A certificate will be kept on file. b. Receive and review the UCCS Privacy Board Standard Operating Procedures. Reference Materials will be available in the UCCS Compliance Office and available to members as requested. Page 5 of 12

B. UCCS Privacy Board Support Staff The UCCS Compliance Office assigns staff to support the UCCS Privacy Board, hereinafter referred to as Support Staff. Support Staff provide administrative assistance on behalf of the UCCS Privacy Board by attending the UCCS Privacy Board Meetings, drafting email communications to the researchers and Board Members; maintaining files for all submissions to the UCCS Privacy Board; tracking submissions and pending requests for submissions; preparing the agenda and materials for UCCS Privacy Board meetings; and, assisting in the facilitation of board meetings. C. Principal Investigator ( PI ) The PI is the lead researcher for a particular well-defined project that is taking place at UCCS. 1. PI s responsibilities include: a. Taking required CITI training and abiding by the HIPAA Privacy Rule (See C2 below). b. Preparing the research project and any required paperwork to submit to the UCCS Privacy Board. c. Answering any questions that the UCCS Privacy Board may have related to the project / research. d. Keeping the UCCS Privacy Board informed of any changes related to the project / research. 2. Training of Investigators Collaborative Institutional Training Initiative ( CITI ) training program offers computer-based training for members. CITI training is self-directed instructional course that gives an overview of the HIPAA Privacy Rule. For complete instructions on how to access the CITI site and login please visit the Office of Sponsored Programs and Research Integrity http://www.uccs.edu/osp/research-compliance/research-involving-humansubject-irb.html under the Training section. Reference Materials will be available in the UCCS Compliance Office and available to members as requested. IV. Templates The UCCS Privacy Board designed the following templates to assist in obtaining information necessary for its HIPAA Privacy Rule compliance reviews: 1. Request for Waiver of Elements of Authorization or an Altered Authorization 2. Authorization (Permission) to Use or Disclose (Release) Identifiable Information for Research (Authorization template). Page 6 of 12

3. HIPAA Authorization for Research Checklist 4. PI Certification 5. Required Representations for Research on Decedent s Information 6. Activities Preparatory to Research Request for Waiver of Authorization One additional template, the Internal Review Checklist, is used internally by the Board Members in their review and is not otherwise provided to the PI for completion. These templates are provided for viewing at http://compliance.uccs.edu/?cat=69, and are maintained and updated, as needed, by Support Staff with the approval of the Chair. V. Tracking UCCS Privacy Board Submissions Support Staff maintain the following: (1) UCCS Privacy Board Submissions Received; and (2) Folders with Study-specific approvals and meeting minutes. VI. Procedures A. Receipt of UCCS Privacy Board Submissions Submissions to the UCCS Privacy Board can be made in one of two ways: 1. The PI may make submissions to the Office of Sponsored Programs and Research Integrity. For detailed information related to the UCCS IRB please visit their website at http://www.uccs.edu/osp/research-compliance/research-involvinghuman-subject-irb.html. The Office of Sponsored Programs and Research Integrity will then forward any Privacy Board Information requests along with IRB application, protocol, level of review assigned by the IRB (full board, expedited or exempt) and assigned IRB number to the UCCS Privacy Board. Once the information is received, the UCCS Privacy Board Support Staff will then email the PI confirming receipt of their submission. 2. The PI may email submissions directly to the UCCS Privacy Board if there is no IRB review required (e.g., accessing PHI preparatory to research). Support Staff provide preliminary review of the submission for completeness and confirm pertinent documents have been received and/or that templates have been signed, dated, and otherwise initialed or completed. If Support Staff receives an incomplete submission, Support Staff will email the PI on behalf of the UCCS Privacy Board and track until the submission is complete. Once the submission is deemed complete, Support Staff assigns a completed Application for review based on the type of review requested and the level of review assigned by the IRB. Please see the Privacy Board Review Process flowchart Page 7 of 12

B. Review of UCCS Privacy Board Submissions The PI certification, attached to the email, is properly initialed, signed, and returned to the UCCS Privacy Board. Upon receipt of an appropriately completed PI Certification, Support Staff prepares an email to be sent by the Chair acknowledging receipt of the PI Certification and indicating approval of the blank Authorization(s). The PI are further advised that if the blank Authorization(s) is(are) modified or if any new Authorizations are used in the course of the project, such Authorizations must be submitted to the UCCS Privacy Board for review/approval prior to use in the research project. 1. Review of Required Representations for Review Preparatory to Research Support Staff reviews information about the research project for consistency with the representations that the use or disclosure of PHI is sought solely for purposes preparatory to research and that the PHI will not be removed from UCCS. The information abstracted in the course of the review of PHI, from the Covered Entity or Covered Component. Furthermore, may not be disclosed under any circumstances to anyone outside of the Covered Entity or Covered Component. Support Staff will follow-up with the PI to confirm the template is appropriate. Support Staff prepares an email that is sent by the Chair to the PI acknowledging acceptance and approval of the Required Representations for Review Preparatory to Research template. Support Staff also notifies the UCCS Privacy Board and the Office of Sponsored Programs and Research Integrity of the approval. 2. Review of Required Representations for Research on Decedent s Information Support Staff reviews information about the research project for consistency with the representation that the research is solely on the PHI of decedents, and follows up with the PI as needed in order to confirm that the template is appropriate with respect to the research conducted in the project. Once the review is complete, Support Staff prepares an email that is sent by the Chair to the PI acknowledging acceptance and approval of the Required Representations for Research on Decedent s Information template. Support Staff also notifies the UCCS Privacy Board and the Office of Sponsored Programs and Research Integrity of the approval. 3. Review of the Research Authorization Review Template and Blank Authorization(s) Support Staff reviews Authorization (Permission) to Use or Disclose (Release) Identifiable Information for Research (Authorization template) submitted to the UCCS Privacy Board, which will be used in the research project. The review determines whether all core elements and required statements set forth in the HIPAA Privacy Rule at 45 CFR 164.508(c) are included in any Authorization used in the project. The template is designed to help the PI address these needs prior to submission. Where an Authorization for use in a research project is deficient, Support Staff emails the PI listing any deficiencies and provides an explanation for appropriate revisions to be made and the Research Page 8 of 12

Authorization Review template and blank Authorization(s) can be resubmitted to the UCCS Privacy Board for approval. When blank Authorizations meet the regulatory requirements, Support Staff prepares an email that is sent by the Chair to the PI indicating the blank Authorization(s) submitted for use in the project will be approved. Support Staff will notify the UCCS Privacy Board and the Office of Sponsored Programs and Research Integrity the Research Authorization Review and blank Authorization(s) are approved. 4. Review of Request for Waiver of Elements of Authorization or an Altered Authorization Support Staff reviews the Request for Waiver of Elements of Authorization or an Altered Authorization for completeness and follows up with the PI if necessary. Once the form is deemed complete, Support Staff assigns the review to the UCCS Privacy Board Chair or designee if the project was marked as either exempt or expedited (i.e. minimal risk) by the IRB. If the project was marked as full board review by the IRB, then Support Staff notifies the UCCS Privacy Board of the review and assigns it to the next scheduled UCCS Privacy Board meeting. All of the meeting documents will be sent via email to the Board Members for review and discussion at the next meeting. C. Meeting Administration Except when an exempt or expedited review procedure is used, the UCCS Privacy Board will review proposed Request for Waiver of Elements of Authorization or an Altered Authorization at convened meetings where a quorum is present. The UCCS Privacy Board will meet monthly as needed in conjunction with the UCCS IRB meetings, or at some other frequency determined by UCCS Privacy Board Chair. 1. Quorum a. A quorum is defined as one half of the number of regular Board Members plus one. b. A quorum consists of regular Board Members and includes: at least one Board Member who is not associated with the University. c. If a Board Member abstains from voting, the Board Member may be used to establish a quorum. d. Special consultant(s) are not used to establish a quorum. e. If a Board Member recuses him/herself from deliberations and voting, the Board Member may not be used to establish quorum for the duration of review of the item from which the member is recused. A Board Member experiencing a COI must recuse him/herself. Recused Board Members leave the board room during voting discussion. 2. Meeting Materials Sent Prior to UCCS Privacy Board Meetings a. All UCCS Privacy Board Members will be sent documentation required for review approximately one week in advance of the meeting to allow time for adequate review. These include: Page 9 of 12

3. Telephone Use Agenda: a meeting agenda will be prepared by the Support Staff and distributed to UCCS Privacy Board Members prior to each meeting. A copy of the agenda and attached materials will be maintained on file with the meeting minutes. Minutes: Documentation shall be in sufficient detail to show attendance at the meeting, actions taken by the UCCS Privacy Board, the vote on actions including the number of Board Members voting for, against, and abstaining or recusing, and the basis for requiring changes in or disapproving the request for waiver or alteration of the research authorization. a. Convened meeting using speaker phone: Should a Board Member not be able to be physically present during a convened meeting, but is available by telephone, the meeting can be convened using a speakerphone. In this manner, all Board Members will be able to discuss the protocol even though one member is not physically present. Board Members participating by such speakerphone may vote, provided they have had an opportunity to review the material. b. Meetings Conducted Via Telephone Conference Calls: On occasion, meetings may be convened via a telephone conference call. A quorum (as defined above) must participate for the conference call meeting to be convened. To allow for appropriate discussion to take place, all Board Members must be connected simultaneously for a conference call to take place -- "telephone polling" (where members are contacted individually) will not be accepted as a conference call. Board Members not present at the convened meeting or participating in the conference call may not vote on an issue discussed during a convened meeting (no voting by proxy). 4. Meeting Actions a. Approvals If a Full Waiver is approved, The UCCS Privacy Board will agree to the Request for Waiver of Elements of Authorization or an Altered Authorization as long as it contains all required provisions set forth in the HIPAA Privacy Rule at 45 CFR 164.512(i)(2). Support Staff prepares an email / letter that will be sent by the Chair to the PI which will include the following information: i. Identify the approval by the UCCS Privacy Board ; ii. Date on which the waiver or alteration was approved; iii. A statement that the UCCS Privacy Board has determined that all of the specified criteria for a waiver or an alteration were met; Page 10 of 12

b. Denials D. Extensions, Renewals, and Modifications iv. A brief description of the PHI for which use or access has been determined by the IRB or UCCS Privacy Board to be necessary in connection with the specific research activity; v. A statement that the waiver or alteration was reviewed and approved under normal or expedited review procedures. vi. The required signature of the UCCS Privacy Board chair or the chair's designee. Support Staff then notifies the UCCS Privacy Board and the Office of Sponsored Programs and Research Integrity of the approval. If a Partial Waiver is approved, if the Partial Waiver is approved by the Privacy Board, Support Staff prepare an email / letter that is sent by the Chair to the PI which will include the following information: i. i. Identify the approval by the UCCS Privacy Board ; ii. Date on which the waiver or alteration was approved; iii. A statement that the UCCS Privacy Board has determined that all of the specified criteria for a waiver or an alteration were met; iv. A brief description of the PHI for which use or access has been determined by the IRB or UCCS Privacy Board to be necessary in connection with the specific research activity; v. A statement that the waiver or alteration was reviewed and approved under normal or expedited review procedures. vi. The required signature of the UCCS Privacy Board chair or the chair's designee. Support Staff then notifies the UCCS Privacy Board and the Office of Sponsored Programs and Research Integrity of the approval. In the event the Privacy Board a Request for Waiver of Elements of Authorization or an Altered Authorization application, Support Staff promptly notifies the Office of Sponsored Programs and Research Integrity of the denial. Support Staff also prepares an email that is sent by the Chair to the PI outlining the document deficiency(ies) and asking the PI to follow-up with the UCCS Privacy Board to address this matter. Support Staff tracks the communications related to the submission until the deficiency(ies) contained in the approved waiver documentation has (have) been resolved. At that point, Support Staff prepares an email for the Chair to send to the PI acknowledging the acceptance and reliance upon the UCCS Privacy Board approved waiver. UCCS Privacy Board approvals document HIPAA compliance in support of a specific research-related privacy requests. The duration of any approval by the UCCS Privacy Board is linked to the related UCCS IRB Approval or the expiration in which the PI states. When Page 11 of 12

there is a request to extend, renew, or modify a research-related expiration date in which the UCCS Privacy Board provided prior approval, it is the responsibility of the UCCS IRB to notify the UCCS Privacy Board. Where there is a substantial change in the project that may affect any of the UCCS Privacy Board s prior approvals, Support Staff will contact the PI for further information to determine whether further review is required or if prior approved documentation is sufficient to support the extension, renewal and/or modification. E. Lack of Response from the PI and/or Government Sponsor VII. Misconduct VIII. References During the course of a review, if Support Staff and/or the Board Member are not obtaining responses from the PI within a reasonable amount of time, Support Staff will notify the UCCS Privacy Board to try to resolve the issues. If a No Action letter is to be sent by the UCCS Privacy Board, Support Staff prepares an email / letter that will be sent by the Chair to the PI and Office of Sponsored Programs and Research Integrity informing them that the UCCS Privacy Board s file related to the Privacy Board Review has been inactivated. Allegations of Privacy or Research Misconduct will be handled according to either the IRB policies or the HIPAA policies, depending on the situation of the allegation. HIPAA Privacy Rule, 45 CFR Parts 160 and 164 Page 12 of 12

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback