CCSS: HIPAA-Compliant Recruitment. Dennis Deapen, DrPH CCSS Annual Investigators Meeting Memphis, TN October 9-11, 2005

Similar documents
HIPAA & Research Overview for the Privacy Board March 22, UAMS HIPAA Office Vera M. Chenault, JD

Module: Research and HIPAA Privacy Protections ( )

Recruiting subjects for clinical research outside the academic setting

Compliance Policy C-FMS Clinical Research Project Approval Application

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.

HIPAA COMPLIANCE APPLICATION

Privacy Rule Overview

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

PRIVACY IMPACT ASSESSMENT (PIA) For the. Department of Defense Consolidated Cancer Registry (CCR) System. Defense Health Agency (DHA)

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION

WV MEDICAID PROVIDER WORKSHOPS & TRAINING SESSIONS. Amber Nary Business Development Manager

HIPAA Policies and Procedures Manual

ETHICAL AND REGULATORY CONSIDERATIONS

HIPAA P12 CMS Data Use Agreements & Data Management Plans


HIPAA Privacy Regulations Governing Research

The HIPAA Privacy Rule and Research: An Overview

The Queen s Medical Center HIPAA Training Packet for Researchers

1303A West Campus Drive

SCREENING PROCEDURES: WHAT IS COVERED BY A

The HIPAA privacy rule and long-term care : a quick guide for researchers

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996

Authorization and Waiver Frequently Asked Questions

Use And Disclosure Of Protected Health Information (PHI) For Research

Thirty-three three Years of Rapid Case Ascertainment: Lessons Learned

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

TRICARE Management Activity s Human Research Protection Program, Data Sharing Agreement Program, and the TMA Privacy Board

INFORMED CONSENT TO PARTICIPATE IN A DIABETES RESEARCH REGISTRY

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

2/24/2017. Academic Medical Center Compliance: Tips, Traps, and Emerging Best Practices. Structure of Duke Health. Duke University

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections

1. Contacts and Title

I. TITLE: RELEASE OF MEDICAL RECORDS FOR THE PURPOSE OF RESEARCH

Managing Privacy Risk in Your Research and Development Enterprise. Sujata Dayal, Abbott Justin McCarthy, Pfizer

Waiver of Informed Consent when Using Medical Records or Other Secondary Data or Specimens UNC-CH OHRE Guidance Document

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

PFF Patient Registry Protocol Version 1.0 date 21 Jan 2016

REQUEST TO ACCESS EXISTING MEDICAL RECORDS, CHARTS OR DATABASES FOR RESEARCH

HIPAA and Joint Commission Requirements Compared and Contrasted

Chapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION: HIPAA PRIVACY POLICY

CINCINNATI CHILDREN S HOSPITAL MEDICAL CENTER CONSENT TO PARTICIPATE IN A RESEARCH STUDY

CLINICIAN S GUIDE TO HIPAA PRIVACY

Session Number G24 Responding to a Data Breach and Its Impact. Karen Johnson Chief Deputy Director California Department of Health Care Services

Office of Human Research Office of Human Research Policy and Procedure Manual. Version: 4/4/18

SECONDARY USE OF DATA IN HEALTH RESEARCH: ETHICS AND PRIVACY CONSIDERATIONS. Donna Roche & Sandra Veenstra

Title: Investigator Responsibilities. SOP Number: 1501 Effective Date: June 2, 2017

Research Compliance Oversight in the Department of Veterans Affairs

National Health Information Privacy and Security Week. Understanding the HIPAA Privacy and Security Rule

Alumni Foundation Database

Good Documentation Practices. Human Subject Research. for

ELIGIBILITY INFORMATION DISCLOSURE AGREEMENT Shared Between Child Nutrition Program Sponsors. and. From to Effective Dates

FAQs March 12, 2012 FREQUENTLY ASKED QUESTIONS

Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living

Exempt & Expedited Reviews. February 2017 IRB Member Training

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

New Study Submissions to the IRB

Consent Form Requirements for Multicenter studies when CHOP Relies on an external IRB

Williamson County EMS (WCEMS) HIPAA Training for Third Out Riders

The Impact of The HIPAA Privacy Rule on Research

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

POLICY & PROCEDURE. This policy applies to all healthcare organizations owned and/or managed by WFH.

HIPAA THE PRIVACY RULE

New York Notice Form Notice of Psychologists Policies and Practices to Protect the Privacy of Your Health Information

Privacy Board Standard Operating Procedures

STAFFING AGENCY ADMINISTRATIVE POLICIES AND PROCEDURES

Principal Presenters 9/22/2010. University of California Clinical Research Billing Education Series September October 2010

Breast Specimen Repository & Registry Specimen Allocation and Registry Use Policy

HIPAA Privacy Policies & Procedures Table of Contents

Implementing the Revised Common Rule Exemptions with Limited IRB Review

INSPIRing Changes to the IRB Process: New templates and more

Geisinger IRB Member Orientation Session 2. Debra L. Henninger, MHS RN CCRC Associate Director, Research Compliance

Protecting Health Information: Health Data Security Training

Setting up a CITI account for users not enrolled at or employed by Georgia Tech. Georgia Institute of Technology December 2016

HIPAA PRIVACY TRAINING

Access to Patient Information for Research Purposes: Demystifying the Process!

HIPAA. The. Privacy Regulations. The Fetal and Infant Mortality Review Process:

UA New Common Rule Implementation

Signature Date Date First Effective: Signature Date Revision Date:

(Type inside gray boxes, cells will expand) A. EIGHT POINT CRITERIA for IRB Review

HITECH Act. Overview and Estimated Timeline

OREGON HIPAA NOTICE FORM

HIPAA Compliance and Health IT

Section 11. Recruitment of Study Subjects (Revised 7/1/10)

HIPAA PRIVACY RULE. Joint Commission on Accreditation of Healthcare Organizations. Margaret VanAmringe. Vice-President, External Relations

Southwest Acupuncture College /PWFNCFS

PROTECTING PATIENT PRIVACY IS NOT ONLY

Ask the Experts Panel

HIPAA Training

ORIGINAL INVESTIGATION. Potential Impact of the HIPAA Privacy Rule on Data Collection in a Registry of Patients With Acute Coronary Syndrome

EMPOWERING THE NEW HEATHCARE ERA

TITLE PAGE FLORIDA DEPARTMENT OF HEALTH DOH REQUEST FOR PROPOSALS (RFP) FOR Institutional Review Board (IRB) Application Management System

Institutional Review Board Application for Exempt Status Determination

HIPAA IMPLICATIONS: Patient Rights Under HIPAA

Changes to the Common Rule

SUNY DOWNSTATE MEDICAL CENTER POLICY AND PROCEDURE

EMORY UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICIES AND PROCEDURES 7/01/2016

Chapter 9 Legal Aspects of Health Information Management

Transcription:

CCSS: HIPAA-Compliant Recruitment Dennis Deapen, DrPH CCSS Annual Investigators Meeting Memphis, TN October 9-11, 2005

CCSS Institution Business Associate IRB & HIPAA approval Hire, train, supervise staff Identify roster of potentially eligible subjects Data on selection criteria and contact information Apply selection criteria to est. subset of subjects to be contacted Generate initial contact letter Register Survivor with CCSS Coordinating Center Successful contact Determine initial response to contact letter Send letters to CCSS Inst. PI for signature and mailing No contact Tracing New Address Confirm Eligibility Coordinating Center Classify as lost to follow-up for 1-yr period Recruit subject to participate in baseline survey non-participant Participant Institute medical record abstract by CCSS Institution Submit survey & medical record data to CCSS database in Seattle

28 CCSS Institutions Develop case finding and data abstraction methods Identification of potentially eligible cases tumor registry, patient index, departmental databases Completed case registration forms sent to USC

USC Generate introductory letters/envelopes on letterhead of specific institution Returned to institutions for signature and mailing Letter introduces the study, requests consent to send contact info to Coordinating Center at UM USC performs locating of lost to f/u

But what about patient consent and HIPAA?

Figure D.1 Overview of Recruitment Procedures CCSS Institution Business Associate IRB & HIPAA approval Hire, train, supervise staff Identify roster of potentially eligible subjects Data on selection criteria and contact information Apply selection criteria to est. subset of subjects to be contacted Generate initial contact letter Register Survivor with CCSS Coordinating Center Successful contact Determine initial response to contact letter Send letters to CCSS Inst. PI for signature and mailing No contact Tracing New Address Confirm Eligibility Coordinating Center Classify as lost to follow-up for 1-yr period Recruit subject to participate in baseline survey non-participant Participant Institute medical record abstract by CCSS Institution Submit survey & medical record data to CCSS database in Seattle

Figure D.1 Overview of Recruitment Procedures CCSS Institution Business Associate IRB & HIPAA approval Hire, train, supervise staff Identify roster of potentially eligible subjects Data on selection criteria and contact information Apply selection criteria to est. subset of subjects to be contacted Generate initial contact letter Register Survivor with CCSS Coordinating Center Successful contact Determine initial response to contact letter Send letters to CCSS Inst. PI for signature and mailing No contact Tracing New Address Confirm Eligibility Coordinating Center Classify as lost to follow-up for 1-yr period Recruit subject to participate in baseline survey non-participant Participant Institute medical record abstract by CCSS Institution Submit survey & medical record data to CCSS database in Seattle

Figure D.1 Overview of Recruitment Procedures CCSS Institution Business Associate IRB & HIPAA approval Hire, train, supervise staff Identify roster of potentially eligible subjects Data on selection criteria and contact information Apply selection criteria to est. subset of subjects to be contacted Generate initial contact letter Register Survivor with CCSS Coordinating Center Successful contact Determine initial response to contact letter Send letters to CCSS Inst. PI for signature and mailing No contact Tracing New Address Confirm Eligibility Coordinating Center Classify as lost to follow-up for 1-yr period Recruit subject to participate in baseline survey non-participant Participant Institute medical record abstract by CCSS Institution Submit survey & medical record data to CCSS database in Seattle

But what about patient consent and HIPAA for sending identifiers to USC? Release of patient identifiers and contact information from institutions is a HIPAA disclosure of protected health information (PHI) Options for HIPAA compliance Institutions obtain consent Business associate agreement (BAA) IRB waiver of authorization for screening and recruitment

Institutions obtain consent Pros No disclosure of PHI without authorization Cons Lack clerical staff with appropriate expertise Increases cost and time Lack resources to check veracity of address information Increases risk of breach of confidentiality Lack resources to find current address information for lost to follow up Creates bias in study population and results

Business associate agreement (BAA) Pros Permits disclosure of PHI without authorization Limits use and further disclosure Cons Intended for activities related to payment or health care operations Institutions have developed their own BAA language and often insist that theirs be used Could require lengthy and costly negotiations with 29 institutions

IRB waiver of authorization for screening and recruitment Pros Intended for research purposes Permits disclosure of PHI without authorization No institutional canned language Cons Institutions may require their own review Could require lengthy and costly negotiations with 29 institutions

IRB waiver of authorization for screening and recruitment Many research projects take place at multiple sites and require the use and disclosure of PHI. The Privacy Rule does not require approval of a waiver of Authorization by both bodies because a covered entity may rely on a waiver by any IRB Source: Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule, Department of Health and Human Services, NIH Publication Number 03-5388

What does an IRB waiver of authorization require? IRB determines that Use or disclosure of PHI involves no more than minimal risk to privacy Plan to protect identifiers from improper use and disclosure Plan to destroy identifiers Assurances that PHI will not be reused The research could not be practicably conducted without the waiver The research could not be practicably conduced without the PHI

Recommendation for CCSS Obtain IRB waiver of authorization from USC Provide waiver and HHS guidance on reciprocity to clinical institutions and ask that it be honored USC prepares patient contact/consent materials to be sent by clinical institutions locates lost to follow-up HIPAA compliant consent is obtained prior to transmission of data to UM

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback