HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery

Size: px
Start display at page:

Download "HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery"

Transcription

1 HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery Research A. General Rules. There are four pathways for covered entities ( CEs ) to obtain permission under the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) to use and disclose protected health information ( PHI ) for research or research related purposes. Research is defined in the HIPAA Final Rule (45 CFR, et. seq.) as a systematic investigation including research development, testing and evaluation, designed to develop or contribute to general reliable knowledge, 45 CFR Evaluative activities, such as quality assurance, which are not meant to generate knowledge that is generalizable beyond the four walls of the CE, are not considered research. The four pathways are as follows: 1. Consent for health care operations. Consents generally permit a CE provider to use or disclose PHI for TPO purposes--that is, for treatment, payment and health care operations. 45 CFR (a)(1)(ii), (a)(i). Certain studies or evaluations of treatment rendered within a CE provider may constitute health care operations, and PHI may be used in connection with those activities pursuant to a HIPAA compliant consent. In particular, health care operations as defined in the Final Rule to include quality assurance, clinical guidelines and outcomes studies, as well as population based activities relating to improving health or reducing health care costs. 45 CFR Authorization. For a CE to conduct research involving PHI, or for a researcher to obtain PHI from a CE for research purposes, the CE or researcher must obtain patient authorization (or a waiver or alteration of the authorization requirement). 45 CFR (a)(1)(iv) and Authorization will generally be necessary for research involving treatment of human subjects or human clinical trials, since the

2 research subject (or the subject s authorized representative) will generally be available to provide the required authorization. Authorizations, however, may be impractical to obtain for research involving existing medical records or databases, where subjects may have died, moved, or simply be too numerous to contact. a. Authorization Exceptions. There are authorization exceptions for: (i) Review of PHI necessary to prepare a research protocol or for similar purposes preparatory to research, as long as PHI is not removed from the premises, 45 CFR (i)(1)(ii); (ii) Research on decedents provided that the investigator provides the CE with documentation of death upon request, 45 CFR (i)(1)(iii); (iii) Certain disclosures necessary to facilitate mandatory reporting to the FDA by CEs that are subject to FDA jurisdiction (e.g., pharmaceutical companies, medical device manufacturers) 45 CFR (b)(1)(iii)(A)- (D); and disclosures. (iv) HIPAA mandated 3. Waiver. An Institutional Review Board ( IRB ) or a Privacy Board organized in compliance with HIPAA requirements can waive or alter the requirements of patient authorization for research if the waiver meets eight (8) specified waiver criteria discussed below. Note that IRBs are only required to review federally supported or conducted research involving human subjects, and human clinical trials conducted under FDA jurisdiction. A Privacy Board will be needed to review requests for authorization waivers for other types of research projects that involve PHI (e.g., database research). In this regard, also note that the IRB of a CE may serve as its Privacy Board for purposes of these other research projects. -2-

3 It is anticipated that most retrospective medical records research and identifiable database research will need to be conducted pursuant to authorization waivers granted by IRBs and Privacy Boards since it generally will not be practicable to obtain written authorizations from all research subjects who historically participated in the studies. a. Criteria. To grant a waiver, the IRB/Privacy Board must find: (i) The disclosure involves no more than minimal risk to the individual; (ii) The waiver or alteration will not adversely affect privacy rights and welfare of the individual; (iii) The research could not practicably be conducted without PHI or waiver; (iv) The research could not practicably be conducted without access to the PHI sought; (v) The Privacy risks are reasonable in relation to anticipated benefits to individuals and the importance of the knowledge that may reasonably be expected to result from the research; (vi) There is an adequate plan to protect PHI from improper use and disclosure and to destroy identifiers at the earliest opportunity consistent with the conduct of the research; and (vii) Adequate written assurances have been provided that PHI will not be reused or disclosed to any other person (except as required or permitted by law). 45 CFR (i)(2). -3-

4 4. De-Identified Information. A CE may use or disclose de-identified information (which does not constitute PHI) for research purposes. There are two ways to de-identify data under HIPAA: a. Determination and documentation by a statistical expert that the risk is very small that the information could be used to identify the individual, 45 CFR (a); or b. Removal of 18 specified identifiers, including name, birth date, admission date, discharge date, date of death (except year); ages over 89; social security numbers; addresses; medical record numbers; license plate numbers; telephone numbers; medical device identifiers/serial numbers; and for geographic region, identifiers other than state or the initial three digits of the zip code; and, any other unique, identifying number, characteristic or code. 45 CFR (b). B. Open Research Issues 1. Research Protocols. Where does the authorization exception for development of a research protocol (and other activities preparatory to research) end and the need for authorization (or waiver of authorization) for research begin? The scope of the authorization exception for protocol development is unclear. It is intended to permit researchers to have access to PHI as may be necessary to develop hypotheses on which a protocol can be based, and to develop the protocol to the point that it can be brought to an IRB/Privacy Board for approval. To obtain access to PHI for these purposes, the researcher must represent in writing to the covered entity that: (1) the use or disclosure of PHI is sought solely for protocol development purposes, (2) the PHI for which access is sought is necessary for research purposes, and (3) the PHI will not be removed from the CE s premises. 45 CFR (i)(1)(iii). In addition, if the researcher is an employee (or workforce member) of a covered entity (or a covered component of a hybrid entity), then the extent of access of the researcher to PHI for protocol development -4-

5 purposes would be determined on an individualized basis under the CE s minimum necessary standard policies and procedures. It should be noted that the protocol development exception is not intended to be used by the researcher to identify potential study participants. 2. Organ Banks. Are organ banks covered entities (or covered components)? An organ bank may or may not be a covered entity (or covered component) depending on whether it is a health care provider or performs health care provider functions on behalf of a hybrid entity (such as an University). If the organ bank harvests organs, tissues or fluids, analyzes them for pathology, and/or transplants or uses them for therapeutic purposes, and if the organ bank charges for its services in connection with a HIPAA standardized transaction, then the organ bank would be a health care provider. As such, it could only use or disclose identifiable specimens from living patients for research purposes with patient authorization or an IRB/Privacy Board waiver. Organs from decedents can be used for research purposes without a HIPAA authorization under the decedent s exception to the authorization requirement. If, however, the organ bank does not conduct HIPAA standard transactions, then it would not be a covered entity or component. As such, HIPAA would not apply to the organ bank, except to the extent that the organ bank seeks to obtain organs, tissues or samples that involve the PHI of living subjects from hospitals, physicians and other covered entities. In such circumstances, the organ bank would need to obtain the benefit of an authorization or an IRB/Privacy Board waiver to access the PHI related to the specimens from the covered entity. 3. Specimens. To what extent do organs, tissues and bodily fluids constitute PHI? Research samples generally fall into three categories: unlinked samples, coded samples and identified samples. Unlinked samples lack identifiers or codes that can link a particular -5-

6 sample to an identified specimen or human being. Assuming that all 18 of the identifiers listed in the Final Rule are absent, an unlinked sample would constitute de-identified information, and thus not be considered PHI. Coded samples are samples supplied by repositories to investigators from identified specimens along with a code, but without any personally identifying information. Such coded samples may be de-identified information in the hands of researchers who do not have access to the code; but would be PHI for researchers who have access to the code. Identified samples are samples with personal identifiers that would allow the researcher to link the biological information derived from the sample directly to the individual from whom the material was taken. The personal identifiers associated with these samples constitute PHI. Complicating the analysis is that all organs, tissues, and bodily fluid samples contain genetic material. As such, all samples have intrinsically identifying characteristics--that is, they may be identified by the donor s DNA sequence. To be fully de-identified under the Final Rule, information must not contain any unique, identifying numbers, characteristic or code. 45 CFR (b). Does this mean that genetic material should always be treated as PHI? Or should unlinked samples only be treated as PHI if the researcher has access to genotype information of particular subjects to which the gene sequence may be matched? In this regard, what are the implications of the creation of DNA data banks for inmates, and commercial DNA databanks? Will the potential for linkage of samples to particular individuals through these databanks, over time, cause samples containing genetic material, in the future, to be viewed as PHI? 4. Organ Research. If an organ proves unsuitable for transplant, can the transplant team transfer the organ to researchers without the authorization of a live donor? This is a relatively commonplace practice in academic medical centers today. It, however, would be barred under HIPAA without patient authorization or waiver of authorization if the organ is accompanied by PHI linking it to its donor. -6-

7 5. Pre-Existing Consent. Can a researcher rely on a pre-existing Common Rule consent to continue to use PHI for treatment related research after the HIPAA compliance date (April 14, 2003)? The question is whether the Final Rule draws a distinction between research use and treatment use after the compliance date of pre-existing PHI, based on a pre-compliance date consent. The answer appears to be that a covered entity can use or disclose preexisting PHI for both purposes, in connection with research related treatment, based on any form of pre-compliance date human subject research consent. See 45 CFR (b)(3). As DHHS states in the commentary to the Final Rule, if a covered entity obtained a consent, authorization or other express legal permission from the individual who is the subject of the research, it would be able to rely upon that consent, authorization or permission, consistent with any limitations it expressed, to use or disclose the protected health information it created or received prior to or after the compliance date of this regulation. 65 Fed. Reg (December 28, 2001). 6. Condition To Treatment. Can the researcher condition research related treatment on the patient s authorization to access pre-existing PHI? A CE can condition research related treatment on the patient giving a HIPAA compliant authorization. See 45 CFR (b)(4)(i). According to DHHS, the Privacy Rule in no way prohibits researchers from conditioning enrollment in a research study on the execution of an authorization for the use of pre-existing health information. Standards for Privacy of Individually Identifiable Health Information ( Guidance ), July 6, 2001, Pg Specification Requirement. Can the researcher rely on the authorization to conduct unanticipated follow-up or supplemental studies? The answer to this question depends on the scope of the initial authorization given by the subject. To be HIPAA compliant, -7-

8 the authorization must describe the PHI to be disclosed in a specific and meaningful fashion and the authorization must specify an expiration date or event. See 45 CFR (c). Unless the initial authorization is drafted to cover follow-up, retesting, ancillary or other studies, then a new authorization or waiver may be necessary for these purposes. 8. Research Subject Identification. How can researchers identify potential research subjects after the compliance date? Identification of research subjects will become more challenging after the compliance date. Clinicians at academic medical centers and in private practice will no longer be able to make referrals to researchers without patient authorization or waiver of authorization. While researchers can comb medical records without authorization for purposes of developing research protocols, and other purposes preparatory to research, it is not clear that researchers are authorized to do so for subject identification purposes. It can also be anticipated that some CEs may prevent outside researchers from accessing medical records for even protocol development purposes without Privacy Board review or approval. 9. Revocation. If an authorization is revoked or expires after data derived from the research has been imbedded in a database, can the database continue to be used for research purposes? The answer to this question is not entirely clear. To the extent that the researcher has reasonably relied on the original authorization, the researcher can continue to use the subject s PHI for the intended research purposes. This may absolve the researcher from the responsibility of expunging PHI from the database upon receipt of a revocation or upon expiration of the authorization. But, it may not absolve the researcher (or others) from using the database for future research purposes that were not expressly contemplated by the original authorization. The rules therefore raise issues regarding the reuse/replicability of scientific -8-

9 results, the continued integrity of research databases, and ultimately the scientific validity of database research. 10. Patient Registries. Can CEs make reports to patient disease registries? Patient registries collect information on patient diseases for research, drug development, and quality improvement purposes. Certain patient registries are maintained by state public health departments (e.g., registries of sexually transmitted diseases). No authorization is necessary for CEs to make state mandated reports to patient registries maintained by the state. However, patient authorization (or waiver of authorization) may be required to make reports that include PHI to private patient registries maintained by trade associations (e.g., American Cancer Association), pharmaceutical companies, or other private organizations. To the extent that PHI is communicated to a private patient registry in furtherance of quality improvement activities conducted by the registry solely on behalf of the CE (e.g., some cancer registries), the patient registry may be a business associate of the CE. See 45 CFR (e)(1); (e)(1). As such, PHI may be reported by the CE to the patient registry under a business associate contract. To the extent that PHI reported to the patient registry would be used for other purposes (e.g., for the registry s own research or for disclosure to others), patient authorization or waiver of authorization would appear necessary to permit the report to be made. 11. Multisite Research. If an investigator is conducting multi-site research, will an IRB/Privacy Board waiver approved by one CE site be effective to permit the research to be conducted without patient authorization at all CE sites? A CE can reasonably rely on a waiver approved by any IRB/Privacy Board, but is not required to accept the judgment of any IRB/Privacy Board. Each CE is free to reject a waiver approved by any IRB/Privacy Board, including its own. It is relatively unlikely, however, that a CE would, in fact, reject a decision of its own IRB/Privacy Board. To avoid multiple, duplicative or inconsistent IRB/Privacy Board determinations, it is -9-

10 advisable for multi-site research to be conducted pursuant to a joint, cooperative research agreement. Under the joint research agreement, the various CEs could designate a single IRB/Privacy Board to review and oversee the research at all locations, and agree to rely reasonably on its decisions. 12. Waiver Criteria. Are the waiver criteria mutually inconsistent? If so, how are IRB/Privacy Boards to make waiver determinations? Two of the eight waiver criteria appear, on their face, to be somewhat inconsistent. Those criteria are that: (a) the waiver will not adversely affect the privacy rights and welfare of the individual, and (b) privacy risks are reasonable in relation to anticipated benefits. See 45 CFR (i)(2). The former criterion appears categorically to prohibit any adverse effect on privacy, while the latter criterion contemplates a balancing of adverse affect on privacy against potential research benefits. So, the question is, does the Final Rule require no, or permit some, adverse effect on privacy in approving a waiver? The answer is unclear. Also, other waiver criteria include a requirement that the research could not practicably be conducted without the PHI and the waiver. Id. The standard of practicability is not defined and may vary with the size of the research project and the resources of the researcher. For example, it may be impractical for a single investigator with meager means to obtain authorizations from research subjects for even a modest retrospective review of medical records; but, it may be entirely feasible for a well-heeled university to solicit patient authorizations for the same study. It is left to be seen how IRBs and Privacy Boards will interpret and apply this impracticability standard. 13. Access. Can a research subject, during the course of research, gain access to his or her medical records to determine whether he or she is in a placebo group? In general, a research subject has a right under the Final Rule to access his or her PHI upon written request. The subject s right to access, however, can be temporarily suspended for as long -10-

11 as research that involves treatment is in progress, provided that the individual agreed to the denial of access when consenting to participate in the research and is informed that the right to access will be reinstated upon completion. 45 CFR (a)(2)(iii). This provision can be invoked by the CE to temporarily suspend the subject s access to research records. The open question is whether the temporary suspension is terminated by a revocation of authorization for research related treatment. In such circumstances, the research related treatment can be viewed as no longer in progress and the research can be viewed as completed (at least with respect to the research subject). This may provide a means for research subjects to gain access to blinded study information during the course of research, thereby potentially jeopardizing research study results. 14. Certificates of Confidentiality. Can HHS access PHI under HIPAA that is subject to a certificate of confidentiality? Certificates of confidentiality are granted by HHS under 301(d) of the Public Health Services Act, 42 USC 241(d), to protect particularly sensitive information (e.g., drug or alcohol rehabilitation, criminal offense information) from compulsory legal process. The certificate of confidentiality renders such sensitive information immune from subpoena and discovery by federal and state agencies. Under the HIPAA Final Rule, however, all PHI maintained by a covered entity may be accessed by HHS for HIPAA compliance and enforcement purposes. These inconsistent provisions hold the potential to pit one arm of HHS (NIH) against another arm of HHS (OCR). 15. Peer Review. Does the subject s right to access PHI override state peer review protections? Generally, the answer to this question should be no, as long as all peer review records are excluded from the covered entity s designated record set. Under the Final Rules, a research subject only has access to his/her designated record set. Designated records set is defined in the Final Rule to mean: -11-

12 A group of records maintained for a covered entity that is: (i) The medical records and billing records about individuals maintained by or for a covered health care provider; (ii) The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or (iii) Used, in whole or in part, by or for the covered entity to make decisions about individuals. 45 CFR Peer review records are more properly characterized as records used for making decisions about practitioners involved in the patient s care, than records used by the covered entity to make decisions about the patient. As such, peer review records should be excludable from the CE s designated record set. It should also be noted that to the extent peer review records are maintained on a de-identified basis, they are also outside the scope of patient access rights under HIPAA. 16. Retention of PHI. What constitutes adequate research justification for not destroying identifiers at the earliest opportunity consistent with the conduct of research? One of the criterion for granting an authorization waiver is that the researcher present to the IRB/Privacy Board an adequate plan to protect PHI from improper use and disclosure and to destroy identifiers at the earliest opportunity consistent with the conduct of research. 45 CFR (i)(2). In DHHS Guidance on the Final Rule issued on July 6, 2001, DHHS indicates that identifiers need to be destroyed at the conclusion of research unless there is adequate research justification for obtaining the identifiers. It is unclear, however, what will be deemed by DHHS to constitute such adequate research justification. 17. De-Identification. Will the HIPAA de- -12-

13 identification standards, paradoxically, cause researchers to request access to more PHI through waivers than would otherwise have been the case? The Association of American Medical Colleges and the Biotechnology Industry Organization have argued in comments to DHHS on the Final Rules that the de-identification standards will have the paradoxical effect of resulting in greater disclosure of PHI to researchers than would be the case if the de-identification standards were somewhat less strict (e.g., if they permitted retention of dates of birth, zip code information, and date of treatment information which are useful data points for longitudinal, epidemiological, and outcomes studies). The argument is that the strict de-identification standard in the Final Rule will necessitate researchers requesting waivers to access to all PHI in circumstances where information with fewer identifiers would have sufficed. Under the strict standard, researchers will have to more frequently avail themselves of the IRB/Privacy Board waiver process, which adds administrative burden. In granting a waiver, the IRB/Privacy Board is required to limit the researcher s access to PHI to the minimum extent necessary to conduct the intended study. This should mitigate the concern that the researcher will ultimately access more PHI than if the researcher could simply use somewhat less cleansed de-identified information. 18. Privacy Board. Should a lawyer be a member of the CE s Privacy Board? The Privacy Board is required to be composed of members with appropriate competency to review the effect of the proposed research on the individual s privacy rights and related interests. 45 CFR (i)(B). DHHS has indicated that this means that Privacy Boards should include members with appropriate privacy and legal expertise. While it may be useful to have a lawyer well versed in patient privacy rights serve as a member of the Privacy Board, it is not advisable to have a lawyer who represents the CE sit on the Privacy Board. This is because of the potential professional conflicts of interest and waiver of attorney-client -13-

14 privilege that may occur when a lawyer simultaneously serves as attorney and his/her own client. 19. IRB Requirements. If the research is exempt from IRB review, is it also exempt from HIPAA IRB/Privacy Board waiver requirements? Not necessarily. An IRB and Privacy Board serve somewhat distinct purposes. IRBs are responsible for reviewing overall risks of the research, including potential privacy risks, in relation to the anticipated overall potential benefits of the research. The Privacy Board, in contrast, only assesses privacy risks. IRBs are only required to review federally supported or conducted research and FDA clinical trials that involve human subjects. Privacy Boards, in contrast, will be needed to assess privacy rules for any research involving PHI where it would be impracticable to obtain patient authorization (regardless of whether the research involves human subjects). Moreover, the exceptions to IRB review requirements for OHRP and FDA purposes are different from the waiver exceptions for HIPAA purposes. Thus, there will be circumstances where IRB approval is not required, but a Privacy Board waiver must be obtained (e.g., emergency use of test articles for FDA clinical trials purposes will require a Privacy Board waiver if patient authorization for use of PHI in connection with the test article cannot be obtained from the patient or patient s representative; research conducted in established or commonly accepted educational settings). 20. Research Disruption. Will HIPAA cause a lock-down of databases by CEs and hinder research? Currently, a fair amount of PHI is shared in academic medical centers between clinicians and researchers. Under the Final Rule, covered entities will generally only be permitted to release PHI to researchers pursuant to an authorization or waiver of authorization granted by an IRB/Privacy Board. Because of the threat of HIPAA liability and penalties, it can be anticipated that covered entities will become more protective of PHI and will only release PHI in circumstances permitted by the Final Rule. It is somewhat hyperbolic to characterize the effect of the Final Rule as -14-

15 a lock-down of databases, but in some instances the Final Rule will prevent, impede or delay access to PHI for research purposes. This is the trade-off that DHHS appears to have intentionally made to give what it believes is due protection to patient privacy rights. It is left to be seen what impact this trade-off will have on the pace and progress of scientific discovery. -15-

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal

More information

The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy

The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy June 2008 Table of Contents PART V: The Health Insurance Portability and Accountability Act (HIPAA)...

More information

Winthrop-University Hospital

Winthrop-University Hospital Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR 164.512(i), 164.512(a-c) and in connection with the implementation of the HIPAA Compliance

More information

HIPAA COMPLIANCE INFORMATION. HIPAA Policy

HIPAA COMPLIANCE INFORMATION. HIPAA Policy HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas

More information

HIPAA COMPLIANCE. What is HIPAA?

HIPAA COMPLIANCE. What is HIPAA? HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used

More information

University of Mississippi Medical Center Office of Integrity and Compliance

University of Mississippi Medical Center Office of Integrity and Compliance Office of Integrity and Effective Date: 2005 By: Committee 1.0 PURPOSE The purpose of this policy is to guide (UMMC) employees, who are involved with research, in obtaining an authorization for the use

More information

HIPAA Basics for Clinical Research

HIPAA Basics for Clinical Research HIPAA Basics for Clinical Research Audio options: Built-in audio on your computer OR Separate audio dial-in: 415-930-5229 Toll-free: 1-877-309-2074 Access Code: 960-353-248 Audio PIN: Shown after joining

More information

Memorandum. Factual Background

Memorandum. Factual Background Memorandum TO: FROM: SUBJECT: Chris Ianelli and Jill Mullan, ispecimen, Inc. Kristen Rosati and Ana Christian, Polsinelli, PC ispecimen Regulatory Compliance DATE: January 26, 2014 You have asked us to

More information

What is Covered under the Privacy Rule? Protected Health Information (PHI)

What is Covered under the Privacy Rule? Protected Health Information (PHI) HIPAA & RESEARCH What is Covered under the Privacy Rule? Protected Health Information (PHI) Health information + Identifier = PHI Transmitted or maintained in any form (paper, electronic, forms, web-based,

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association DISCLAIMER This general information fact sheet is made available

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred

More information

BUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS

BUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS BUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS This Business Associate Agreement (this Agreement ), is made as of the day of, 20 (the Effective Date ), by and between ( Business Associate ) and ( Covered Entity

More information

Children's Hospital, Boston (Draft Edition)

Children's Hospital, Boston (Draft Edition) Children's Hospital, Boston (Draft Edition) The Researcher's Guide to HIPAA Evervthing You Alwavs Wanted to Know About HIPAA But Were Afraid to Ask 1. What is HIPAA? 2. What is the Privacy Rule? 3. What

More information

[B3] How IRBs are Implementing HIPAA: Finding the Best Fit for Your Institution

[B3] How IRBs are Implementing HIPAA: Finding the Best Fit for Your Institution [B3] How IRBs are Implementing HIPAA: Finding the Best Fit for Your Institution The 18 th Annual Meeting of the Applied Research Ethics National Association 1 Faculty John Falletta, MD Duke University

More information

RESEARCH INVOLVING DATA AND/OR BIOLOGICAL SPECIMENS

RESEARCH INVOLVING DATA AND/OR BIOLOGICAL SPECIMENS RESEARCH INVOLVING DATA AND/OR BIOLOGICAL SPECIMENS 1. Overview IRB approval and participant informed consent are required to collect biological specimens for research purposes. Similarly, IRB approval

More information

Health Insurance Portability & Accountability Act (HIPAA) Compliance Application

Health Insurance Portability & Accountability Act (HIPAA) Compliance Application Health Insurance Portability & Accountability Act (HIPAA) Compliance Application IRB Office 101 - Altru Psychiatry Center 860 S. Columbia Rd, Grand Forks, North Dakota 58201 Phone: (701) 780-6161 PROJECT

More information

Health Insurance Portability and Accountability Policy 1.8.4

Health Insurance Portability and Accountability Policy 1.8.4 Health Insurance Portability and Accountability Policy 1.8.4 Appendix C Uses and Disclosures of PHI Procedures This Appendix covers procedures related to Uses and Disclosures of PHI. Disclosures to Law

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

Standard Operating Procedures for Research Involving Human Subjects

Standard Operating Procedures for Research Involving Human Subjects Section I: Introduction v07/2015 Standard Operating Procedures Indiana University and its affiliates are dedicated to protecting the rights and welfare of human participants recruited to participate in

More information

SOP Number: OCR-HIP-001 Effective Date: August 2013 Page 1 of 5

SOP Number: OCR-HIP-001 Effective Date: August 2013 Page 1 of 5 Title: HIPAA Research Policy: General Nova Southeastern University Standard Operating Procedure for GCP Version # 1 SOP Number: OCR-HIP-001 Effective Date: August 2013 Page 1 of 5 PURPOSE: Federal privacy

More information

Medical Research Law & Policy Report

Medical Research Law & Policy Report Medical Research Law & Policy Report Reproduced with permission from Medical Research Law & Policy Report, 12 MRLR 98, 02/06/2013. Copyright 2013 by The Bureau of National Affairs, Inc. (800-372-1033)

More information

HIPAA Privacy Compliance Plan for Research. University of South Alabama IRB Guidance and Procedures

HIPAA Privacy Compliance Plan for Research. University of South Alabama IRB Guidance and Procedures HIPAA Privacy Compliance Plan for Research University of South Alabama IRB Guidance and Procedures Office of Research Compliance and Assurance CSAB 140 460-6625 Adopted: 4/2/2003 2 HIPAA PRIVACY COMPLIANCE

More information

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information

More information

HIPAA Privacy Rule Primer for the College or University Administrator

HIPAA Privacy Rule Primer for the College or University Administrator HIPAA Privacy Rule Primer for the College or University Administrator On August 14, 2002, the Department of Health and Human Services ( HHS ) issued final medical privacy regulations (the Privacy Rule

More information

Parsonage Vandenack Williams LLC Attorneys at Law

Parsonage Vandenack Williams LLC Attorneys at Law MEDICAL RECORDS ACCESS GUIDE NEBRASKA Parsonage Vandenack Williams LLC Attorneys at Law Parsonage Vandenack Williams LLC 2008 For more information, contact info@pvwlaw.com TABLE OF CONTENTS RESPONDING

More information

HIPAA HITECH PA Physician Practices

HIPAA HITECH PA Physician Practices NOTICE OF PRIVACY PRACTICES Premier Urology Associates LLC dba Urology Care Alliance SUMMARY Effective Date: 12/20/2012 WHAT IS THIS NOTICE FOR? This Notice of Privacy Practices (Notice) describes how

More information

Gaston County HIPAA Manual

Gaston County HIPAA Manual Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.

More information

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative

More information

MEDICAL RECORDS ACCESS GUIDE IOWA

MEDICAL RECORDS ACCESS GUIDE IOWA MEDICAL RECORDS ACCESS GUIDE IOWA Parsonage Vandenack Williams LLC Attorneys at Law Parsonage Vandenack Williams LLC 2008 For more information, contact info@pvwlaw.com TABLE OF CONTENTS Iowa...1 Patient

More information

HIPAA-Compliant Research Access to PHI

HIPAA-Compliant Research Access to PHI HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for

More information

Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL 60010 847.382.4600 Fax 847.382.1771. HIPAA Notice of Privacy Practices ( Notice )

Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL 60010 847.382.4600 Fax 847.382.1771. HIPAA Notice of Privacy Practices ( Notice ) Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL 60010 847.382.4600 Fax 847.382.1771 HIPAA Notice of Privacy Practices ( Notice ) THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY

More information

HIPAA Privacy Policies & Procedures

HIPAA Privacy Policies & Procedures HIPAA Privacy Policies & Procedures This sample HIPAA Privacy Policies & Procedures document will help you with your HIPAA Privacy compliance efforts. This document addresses the basics of HIPAA Privacy

More information

A USER S GUIDE TO THE RASCAL HIPAA MODULE

A USER S GUIDE TO THE RASCAL HIPAA MODULE A USER S GUIDE TO THE RASCAL HIPAA MODULE Version: 2.0 Revised: September 2011 Office for HIPAA Compliance 1 P a g e R A S C A L H I P A A G u i d e TABLE OF CONTENTS SUGGESTED USE OF THE MANUAL...3 INTRODUCTION...4

More information

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY HIPAA PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. INTRODUCTION PLEASE REVIEW IT CAREFULLY Moriarty

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is entered into by and between Professional Office Services, Inc., with principal place of business at PO Box 450, Waterloo,

More information

Office of Chief Counsel

Office of Chief Counsel Department of the Treasury Internal Revenue Service Office of Chief Counsel CC-2004-034 September 10, 2004 Subject: Effect of the Health Insurance Portability and Accountability Act of 1996 Privacy Regulations,

More information

Central Maine Healthcare

Central Maine Healthcare Central Maine Healthcare Administrative Policy No. HC-HI-5004(R2) HIPAA SUBJECT: Disclosures of Protected Health Information Policy Statement/Purpose: This policy sets forth the circumstances in which

More information

MEDICAL RECORDS ACCESS GUIDE MICHIGAN

MEDICAL RECORDS ACCESS GUIDE MICHIGAN MEDICAL RECORDS ACCESS GUIDE MICHIGAN Parsonage Vandenack Williams LLC Attorneys at Law Parsonage Vandenack Williams LLC 2008 For more information, contact info@pvwlaw.com TABLE OF CONTENTS Michigan...1

More information

DISCLAIMER HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES

DISCLAIMER HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES DISCLAIMER This web site is provided for information and education purposes only. No doctor/patient relationship is established by your use of this site. No diagnosis or treatment is being provided. The

More information

DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS. This Policy describes permissible disclosures of Alcohol and Substance/Drug Abuse Records.

DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS. This Policy describes permissible disclosures of Alcohol and Substance/Drug Abuse Records. PRIVACY 11.0 DISCLOSURE OF ALCOHOL AND SUBSTANCE/DRUG ABUSE RECORDS Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have

More information

HIPAA S BUSINESS ASSOCIATE REQUIREMENTS FOR PATHOLOGISTS AND LABORATORIES

HIPAA S BUSINESS ASSOCIATE REQUIREMENTS FOR PATHOLOGISTS AND LABORATORIES HIPAA S BUSINESS ASSOCIATE REQUIREMENTS FOR PATHOLOGISTS AND LABORATORIES What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) establishes new privacy requirements for

More information

This form may not be modified without prior approval from the Department of Justice.

This form may not be modified without prior approval from the Department of Justice. This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate

More information

Guidance on Withdrawal of Subjects from Research: Data Retention and Other Related Issues

Guidance on Withdrawal of Subjects from Research: Data Retention and Other Related Issues Office for Human Research Protections (OHRP) Department of Health and Human Services (HHS) Guidance on Withdrawal of Subjects from Research: Data Retention and Other Related Issues This guidance represents

More information

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement This (hereinafter referred to as Addendum ) by and between Athens Area Health Plan Select, Inc. (hereinafter referred to as HPS ) a Covered Entity under HIPAA, and INSERT ORG NAME (hereinafter referred

More information

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS 1. HIPAA Privacy Policies & Procedures Overview (Policy & Procedure) 2. HIPAA Privacy Officer (Policy & Procedure) 3. Notice of Privacy

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health

More information

AAMC Project to Document the Effects of HIPAA on Research

AAMC Project to Document the Effects of HIPAA on Research AAMC Project to Document the Effects of HIPAA on Research Susan H. Ehringhaus, J.D. Associate General Counsel Association of American Medical Colleges ACE Annual Meeting, Sept. 13, 2004 AAMC HIPAA Survey

More information

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT

FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT FORM OF HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is made and entered into to be effective as of, 20 (the Effective Date ), by and between ( Covered Entity ) and

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

PHYSICIANS REIMBURSEMENT FUND, INC. A Risk Retention Group. APPLICATION MD & DO Locum Tenens. 1. First Name: Middle Initial: Last Name:

PHYSICIANS REIMBURSEMENT FUND, INC. A Risk Retention Group. APPLICATION MD & DO Locum Tenens. 1. First Name: Middle Initial: Last Name: PHYSICIANS REIMBURSEMENT FUND, INC. A Risk Retention Group APPLICATION MD & DO Locum Tenens Applicant Information: 1. First Name: Middle Initial: Last Name: CA Medical License #: Expiration Date: Date

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is effective September 1, 2013 and made between Community Health Solutions of America, Inc., a Florida corporation ( CHS ) and ( Company ).

More information

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 20 (the Effective Date ), by and between (a) THE SOCIETY OF GYNECOLOGIC

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

What is Covered by HIPAA at VCU?

What is Covered by HIPAA at VCU? What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT COLUMBIA AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered into as of ( Effective Date ) by and between The Trustees of Columbia University in the City of

More information

Strategies for Electronic Exchange of Substance Abuse Treatment Records

Strategies for Electronic Exchange of Substance Abuse Treatment Records Strategies for Electronic Exchange of Substance Abuse Treatment Records Patricia Gray, J. D., LL. M. Prepared for the Texas Health and Human Services Commission and the Texas Health Services Authority

More information

HIPAA IN A NUTSHELL: A Synopsis of How the HIPAA Privacy Rules Impact Ex Parte Communications. By Larry A. Golston, Jr.

HIPAA IN A NUTSHELL: A Synopsis of How the HIPAA Privacy Rules Impact Ex Parte Communications. By Larry A. Golston, Jr. HIPAA IN A NUTSHELL: A Synopsis of How the HIPAA Privacy Rules Impact Ex Parte Communications By Larry A. Golston, Jr. BEASLEY, ALLEN, CROW, METHVIN, PORTIS & MILES, P.C. 272 COMMERCE STREET POST OFFICE

More information

HIPAA Policies and Procedures

HIPAA Policies and Procedures HIPAA Policies and Procedures William T. Chen, MD, Inc. General Rule 164.502 A Covered Entity may not use or disclose PHI except as permitted or required by the privacy regulations. Permitted Disclosures:

More information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy Use and Disclosure of Psychotherapy Notes 10130

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy Use and Disclosure of Psychotherapy Notes 10130 IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy Use and Disclosure of Psychotherapy Notes 10130 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel &

More information

Notice of Privacy Practices for Protected Health Information (PHI)

Notice of Privacy Practices for Protected Health Information (PHI) Notice of Privacy Practices for Protected Health Information (PHI) Arapahoe Sports Medicine and Rehabilitation THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW

More information

DISCLOSURES OF PHI & FLORIDA STATE LAW

DISCLOSURES OF PHI & FLORIDA STATE LAW DISCLOSURES OF PHI & FLORIDA STATE LAW The Privacy Rule provides an extensive list of permitted disclosures; however, if state laws provide greater privacy protections or privacy rights with respect to

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into by and between (the Covered Entity ), and Iowa State Association of Counties (the Business Associate ). RECITALS

More information

The HIPAA privacy rule and long-term care : a quick guide for researchers

The HIPAA privacy rule and long-term care : a quick guide for researchers Scholarly Commons at Miami University http://sc.lib.miamioh.edu Scripps Gerontology Center Scripps Gerontology Center Publications The HIPAA privacy rule and long-term care : a quick guide for researchers

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS

More information

Model Business Associate Agreement

Model Business Associate Agreement Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model

More information

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual

State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual Updated 9/17/13 1 Overview As of April 14, 2003, the State of Connecticut Department of Social Services (DSS) is

More information

Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 Phone: (248)618-3467 Fax: (248)618-3515

Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 Phone: (248)618-3467 Fax: (248)618-3515 Dr. Adam Apfelblat 5140 Highland Road Waterford 48327 HIPAA NOTICE OF PRIVACY PRACTICES PLEASE REVIEW THIS NOTICE CAREFULLY. IT DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW

More information

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( Agreement ) dated as of the signature below, (the Effective Date ), is entered into by and between the signing organization

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ), is made effective as of the sign up date on the login information page of the CarePICS.com website, by and between CarePICS,

More information

Understanding Your Health Record Information

Understanding Your Health Record Information Associated Retina Consultant s, Ltd. Notice of Information Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10 HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH

More information

THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY

THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY Table of Contents I. Overview... 3 II. Legal Authority for NHCS... 3 III. Requirements of the HIPAA Privacy Rule... 3 IV. Extra Safeguards and

More information

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (Agreement) is made this day of, 20, between the Catholic Social Services ( CSS ), whose business address is 3710

More information

Louisiana State University System

Louisiana State University System PM-36: Attachment 4 Business Associate Contract Addendum On this day of, 20, the undersigned, [Name of Covered Entity] ("Covered Entity") and [Name of Business Associate] ("Business Associate") have entered

More information

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798

PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 PsyBar, LLC 6600 France Avenue South, Suite 640 Edina, MN 55435 Telephone: (952) 285-9000 Facsimile: (952) 848-1798 Updated 12/8/15 PSYBAR, L. L. C. INDEPENDENT CONTRACTOR AGREEMENT PsyBar attempts to

More information

SDC-League Health Fund

SDC-League Health Fund SDC-League Health Fund 1501 Broadway, 17 th Floor New York, NY 10036 Tel: 212-869-8129 Fax: 212-302-6195 E-mail: health@sdcweb.org NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION

More information

HIPAA OVERVIEW ETSU 1

HIPAA OVERVIEW ETSU 1 HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health

More information

Notice of Patients Rights and Privacy Protections under Federal Privacy Laws (HIPAA)

Notice of Patients Rights and Privacy Protections under Federal Privacy Laws (HIPAA) Notice of Patients Rights and Privacy Protections under Federal Privacy Laws (HIPAA) The Health Insurance Portability and Accountability Act of 2013, commonly referred to as HIPAA, requires this office

More information

Human Research Protection Program University of California, San Diego ISSUES ON DNA AND INFORMED CONSENT

Human Research Protection Program University of California, San Diego ISSUES ON DNA AND INFORMED CONSENT Human Research Protection Program University of California, San Diego ISSUES ON DNA AND INFORMED CONSENT Regulatory changes will occur for investigators studying human DNA The recent acceleration and widening

More information

HIPAA Compliance Strategies for Pharmaceutical Manufacturers,

HIPAA Compliance Strategies for Pharmaceutical Manufacturers, HIPAA Compliance Strategies for Pharmaceutical Manufacturers, PBMs and Pharmacies Jean-Paul Hepp,, Ph.D. Director, Global Privacy HIPAA Colloquium Harvard MA; August 22, 2002 1 Agenda Privacy ~ Definitions

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. NOTICE OF PRIVACY PRACTICES Understanding Your

More information

Yale University Open Data Access (YODA) Project Procedures to Guide External Investigator Access to Clinical Trial Data Last Updated August 2015

Yale University Open Data Access (YODA) Project Procedures to Guide External Investigator Access to Clinical Trial Data Last Updated August 2015 OVERVIEW Yale University Open Data Access (YODA) Project These procedures support the YODA Project Data Release Policy and more fully describe the process by which clinical trial data held by a third party,

More information

DALLAS ALLERGY & ASTHMA CENTER

DALLAS ALLERGY & ASTHMA CENTER DALLAS ALLERGY & ASTHMA CENTER Gary N. Gross, MD Michael E. Ruff, MD 5499 Glen Lakes Dr., Suite 100 Dallas, TX 75231 Dania A. Wierzbicki, MD Phone: (214) 691-1330 Jane Zepeda, PA-C FAX: (214) 691-6405

More information

HIPAA Notice of Patient Privacy Practices

HIPAA Notice of Patient Privacy Practices HIPAA Notice of Patient Privacy Practices Effective Date: January 1, 2014 THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

HIPAA Privacy FAQ s. 3. Generally, what does the HIPAA Privacy Rule require the average provider or health plan to do?

HIPAA Privacy FAQ s. 3. Generally, what does the HIPAA Privacy Rule require the average provider or health plan to do? HIPAA Privacy FAQ s 1. What is the HIPAA privacy regulation? Until Congress passed HIPAA in 1996, personal health information (PHI) was protected by a patchwork of federal and state laws. Patients health

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

HIPAA Employee Training Guide. Revision Date: April 11, 2015

HIPAA Employee Training Guide. Revision Date: April 11, 2015 HIPAA Employee Training Guide Revision Date: April 11, 2015 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (also known as Kennedy- Kassebaum Act ). HIPAA regulations address

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version) THIS AGREEMENT is entered into and made effective the day of, 2012 (the Effective Date ), by and between (a)

More information

HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA)

HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA) Sí necesita ayuda para traducir esta información, por favor comuníquese con el departamento de Servicios a miembros de Highmark Delaware al número al réves de su tarjeta de identificación de Highmark Delaware.

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,

More information

HIPAA Compliance And Participation in the National Oncologic Pet Registry Project

HIPAA Compliance And Participation in the National Oncologic Pet Registry Project HIPAA Compliance And Participation in the National Oncologic Pet Registry Project Your facility has indicated its willingness to participate in the National Oncologic PET Registry Project (NOPR) sponsored

More information

Research Involving Human Biological Materials: Ethical Issues and Policy Guidance Executive Summary

Research Involving Human Biological Materials: Ethical Issues and Policy Guidance Executive Summary Research Involving Human Biological Materials: Ethical Issues and Policy Guidance Executive Summary Introduction Biomedical researchers have long studied human biological materials such as cells collected

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

IRB Application for Medical Records Review Request

IRB Application for Medical Records Review Request Office of Regulatory Research Compliance Institutional Review Board FORM B1 : Medial Records Review Application FORM B1 IRB Application for Medical Records Review Request Principal Investigator: Email:

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCL OSE D AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. B ACK GR OUND

More information

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,

More information