HIPAA, Research, and the IRB. Michelle Brown, BBA Biomedical IRB Manager
|
|
- Sharlene Sharyl Cross
- 7 years ago
- Views:
Transcription
1 HIPAA, Research, and the IRB Michelle Brown, BBA Biomedical IRB Manager
2 Agenda Brief History of HIPAA How Did We Get Here? When Does HIPAA Apply to Research? How Do Researchers Access & Share PHI Under the Privacy Rule? What Rights Has HIPAA Provided to Participants? What Additional Requirements Impact Research Administrators?
3 Brief History of HIPAA How Did We Get Here? When Does HIPAA Apply to Research? How Do Researchers Access & Share PHI Under the Privacy Rule? What Rights Has HIPAA Provided to Participants? What Additional Requirements Impact Research Administrators?
4 Health Insurance Portability & Accountability Act Original Intent: Sponsored by Senators Ted Kennedy of Massachusetts & Nancy Kassebaum of Kansas Enacted by Congress Signed by President Clinton in 1996 improve portability and continuity of health insurance coverage in the group and individual markets, combat waste, fraud, and abuse in health insurance and health care delivery, promote the use of medical savings accounts, improve access to long-term care services and coverage, to simplify the administration of health insurance.
5 Anatomy of the Act Titles Title I Healthcare Portability Title II Administrative Simplification Title III Tax Related Health Provisions Title IV Application Group Health Requirements Title V Revenue Offsets
6 Anatomy of the Act Title II: Administrative Simplification Provisions Improve Efficiency & Effectiveness Required Department of Health & Human Services (HHS) to adopt national standards for: electronic health care transactions and code sets, unique health identifiers, and security.
7 Anatomy of the Act Title II: Rules for Individually Identifiable Health Information Transactions Privacy Security Enforcement All are located at 45 CFR Part 160, 162, and 164
8 Summary Question: How did we get here? Answer: In the course of setting national standards for the regulation of certain health information, HIPAA and the Privacy Rule were created. Because researchers need access to this protected health information, we need to understand the parameters of the Privacy Rule.
9 Brief History of HIPAA How Did We Get Here? When Does HIPAA Apply to Research? How Do Researchers Access & Share PHI Under the Privacy Rule? What Rights Has HIPAA Provided to Participants? What Additional Requirements Impact Research Administrators?
10 The Privacy Rule & Research Only applies to a Covered Entity Health Plan Health Care Clearinghouse Health Care Provider (who transmits health information in electronic form in connection with a transaction for which HHS has adopted a standard) Sets Minimal Federal Standards Protects the privacy of individually identifiable health information Regulates the access, amendment, and sharing of PHI for research Not intended to impede research Establishes conditions under which covered entities can provide researchers access to and use of PHI when necessary to conduct research
11 Definition of Terms Health Information is any information in any medium, that: is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual. Individually Identifiable Health Information is a subset of health information and: is created or received by a health care provider, health plan, employer, or health care clearinghouse; and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and o That identifies the individual; or o With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
12 Definition of Terms Protected Health Information (PHI) is individually identifiable health information that is: transmitted by electronic media maintained in electronic media, or transmitted or maintained in any other form or medium. PHI is not: education records covered by FERPA employment records held by a covered entity in its role as employer. Privacy: relates to a person The research proposal should outline strategies on how the investigator will access information from or about participants. Confidentiality: relates to information/data about an individual The research proposal should outline strategies to maintain confidentiality of identifiable data, including controls on storage, handling, and sharing of data.
13 Privacy Rule & The Common Rule HIPAA covers the use and disclosure of individuals protected health information ( PHI ) Common Rule: Individually identifiable means the identity of the participant is or may readily ascertained by the investigator.
14 Protected Information 1. Names 2. All geographic subdivisions smaller than a State, including: street address, city, county precinct, zip codes and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: a) the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people, and b) the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
15 Protected Information 3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older.
16 Protected Information 4. Telephone Numbers 5. FAX Numbers 6. Addresses 7. Social Security Numbers 8. Medical Record Numbers 9. Health Plan Beneficiary Numbers 10. Account Numbers 11. Certificate / License Numbers 12. VIN and License Plate Numbers 13. Device ID s and Serial Numbers 14. Web Addresses (URL s) 15. Internet Protocol Numbers (IP Address) 16. Biometric Identifiers (fingerprints and voiceprints) 17. Full-face Photos and Comparable Images 18. Any other unique identifying number, characteristic, or code, unless otherwise permitted by the Privacy Rule for reidentification
17 Summary Question: When does HIPAA apply to research? Answer: When a covered entity is involved and it meets the definition of protected health information.
18 Brief History of HIPAA How Did We Get Here? When Does HIPAA Apply to Research? How Do Researchers Access & Share PHI Under the Privacy Rule? What Rights Has HIPAA Provided to Participants? What Additional Requirements Impact Research Administrators?
19 Accessing & Sharing PHI in Research De-identified Written Authorization Without an Authorization Preparatory Work Decedents Statistical Verification Removing Specific Information Combined with Informed Consent Pertains to specific research Not future, unspecified research Determination made by IRB or Privacy Board Solely to prepare protocol No PHI removed from covered entity Necessary for preparation of research Necessary and solely for research Documentation of death may be required Limited Data Sets Specific identifiers Data Use Agreement
20 De-identified Statistical Verification Removing Specific Information The Privacy Rule states that if PHI is de-identified, HIPAA does not apply. A researcher employed by a covered entity or accessing data from a covered entity can conduct his/her research using de-identified data and the study does not fall under the HIPAA Privacy Rule requirements. PHI can be de-identified in one of two ways: 1) Remove all 18 identifiers from the data. 2) Use statistical methods to certify there is small risk that the information released could identify the individual.
21 Written Authorization Combined with Informed Consent Pertains to specific research Not future, unspecified research Required Elements: Specific description of information to be used Identification of the person(s) authorized to make the requested use or disclosure The names of the person(s) to whom the covered entity may make the requested use or disclosure Description of each purpose of the requested use or disclosure Authorization expiration date or expiration event ( end of the research study or none are permissible for research) Signature of the individual and date.
22 Written Authorization Combined with Informed Consent Pertains to specific research Not future, unspecified research Required Statements: Individual s right to revoke authorization in writing Ability or inability to condition treatment, payment, enrollment, or eligibility for benefits Potential for information to be subject to re-disclosure
23 Without Authorization Determination made by IRB or Privacy Board Criteria: The use/disclosure involves no more than minimal risk because of an adequate plan/assurance: to protect PHI from improper use or disclosure to destroy identifiers at earliest opportunity that PHI will not be inappropriately reused or disclosed The research could not practicably be conducted without the waiver The research could be practicably be conducted without access to and use of PHI. Waiver of Authorization must be approved by the IRB.
24 Preparatory Work Solely to prepare protocol No PHI removed from covered entity Necessary for preparation of research Typically used by researchers to obtain access to PHI without authorization in order to collect aggregate data to determine if there are enough prospective subjects to justify conducting a study or to identify prospective participants that meet the inclusion / exclusion study criteria. Researcher may not remove PHI from Covered Entity site. Allows researcher to identify prospective participants for purposes of seeking their Authorization to use/disclose PHI for a study.
25 Decedents Necessary and solely for research Documentation of death may be required Not required to obtain Authorizations from personal representative or next of kin, a waiver or an alteration of the Authorization, or a Data Use Agreement. Researcher must provide: oral or written representations that the use and disclosure is sought solely for research on the PHI of decedents oral or written representations that the PHI is necessary for the research documentation of the death of the individual(s) whose PHI is being sought. The PHI of decedents may not be used to obtain information about a decedent s living relatives. Research on decedents does not require IRB approval.
26 Limited Data Sets Specific identifiers Data Use Agreement Research using a limited data allows the use of limited identifiers There must be a limited potential for individual identification Direct identifiers may not be used Provider of PHI must have a Data Use Agreement with recipient of data DIRECT IDENTIFIERS 1. Names 2. Street Addresses 3. Phone and Fax Numbers 4. Addresses 5. Social Security Numbers 6. Medical Record Numbers 7. Health Plan Numbers 8. Account Numbers 9. Certificate/Licenses Numbers 10. Vehicle Identifiers/license Plates 11. Device Identifiers 12. Web URLS 13. Internet Protocols (IP) 14. Full Face Photo
27 Summary Question: How do researchers access and share date under HIPAA and the Privacy Rule? Answer: Go outside of the Privacy Rule and de-identify the data. Obtain a Written Authorization. Obtain a Waiver of Written Authorization from the IRB. Verify PHI is being used in preparation of research. Research involves decedents and/or limited data sets.
28 Brief History of HIPAA How Did We Get Here? When Does HIPAA Apply to Research? How Do Researchers Access & Share PHI Under the Privacy Rule? What Rights Has HIPAA Provided to Participants? What Additional Requirements Impact Research Administrators?
29 How Are Research Participants Rights Affected by the Privacy Rule? Key Points: The Privacy Rule provides individuals with certain rights about: how their health information is used and disclosed and how they can gain access to health records and information about when their PHI was released without their permission. The Privacy Rule describes how covered entities can implement these rights while maintaining the integrity of the research project.
30 Brief History of HIPAA How Did We Get Here? When Does HIPAA Apply to Research? How Do Researchers Access & Share PHI Under the Privacy Rule? What Rights Has HIPAA Provided to Participants? What Additional Requirements Impact Research Administrators?
31 Databases / Repositories & Registries Covered entities are permitted to amass information on their patients for treatment, payment, and health care operations purposes, and to enter this information into their own databases without Authorization. The creation of a research Database/Repository or Registry, and the use or disclosure of PHI from a Database/Repository or Registry for research purposes, is research activity and requires IRB approval. - UNLESS the data is de-identified and determined by the IRB to be exempt from review, or a limited data set (under a Data Use Agreement)
32 Illinois State Law: sensitive information includes mental health, developmental disabilities, genetic testing, genetic counseling, HIV use of identifiable sensitive information for research requires patient consent genetic testing and HIV information may be used without consent on a de-identified basis genetic counseling, mental health, developmental disabilities require consent to use on a de-identified basis for research Minimum Necessary Requirement: covered entity or researcher must try to limit the PHI to be collected, used, or disclosed to the minimum necessary to achieve the research purpose
33 Summary Question: What additional requirements impact research administrators? Answer: state laws more than I list in the scope of this talk
34 For more information, consult the website at: hipaa
35 Questions?
HIPAA COMPLIANCE INFORMATION. HIPAA Policy
HIPAA COMPLIANCE INFORMATION HIPAA Policy Use of Protected Health Information for Research Policy University of North Texas Health Science Center at Fort Worth Applicability: All University of North Texas
More informationHIPAA COMPLIANCE. What is HIPAA?
HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used
More informationHIPAA-Compliant Research Access to PHI
HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for
More informationProtecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule
AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal
More informationHealth Insurance Portability & Accountability Act (HIPAA) Compliance Application
Health Insurance Portability & Accountability Act (HIPAA) Compliance Application IRB Office 101 - Altru Psychiatry Center 860 S. Columbia Rd, Grand Forks, North Dakota 58201 Phone: (701) 780-6161 PROJECT
More informationWinthrop-University Hospital
Winthrop-University Hospital Use of Patient Information in the Conduct of Research Activities In accordance with 45 CFR 164.512(i), 164.512(a-c) and in connection with the implementation of the HIPAA Compliance
More informationHIPAA Medical Billing Requirements For Research
The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy June 2008 Table of Contents PART V: The Health Insurance Portability and Accountability Act (HIPAA)...
More informationHIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information
More informationUniversity of Mississippi Medical Center Office of Integrity and Compliance
Office of Integrity and Effective Date: 2005 By: Committee 1.0 PURPOSE The purpose of this policy is to guide (UMMC) employees, who are involved with research, in obtaining an authorization for the use
More informationWhat is Covered by HIPAA at VCU?
What is Covered by HIPAA at VCU? The Privacy Rule was designed to protect private health information from incidental disclosures. The regulations specifically apply to health care providers, health plans,
More informationWhat is Covered under the Privacy Rule? Protected Health Information (PHI)
HIPAA & RESEARCH What is Covered under the Privacy Rule? Protected Health Information (PHI) Health information + Identifier = PHI Transmitted or maintained in any form (paper, electronic, forms, web-based,
More informationThe HIPAA privacy rule and long-term care : a quick guide for researchers
Scholarly Commons at Miami University http://sc.lib.miamioh.edu Scripps Gerontology Center Scripps Gerontology Center Publications The HIPAA privacy rule and long-term care : a quick guide for researchers
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy
More informationHIPAA OVERVIEW ETSU 1
HIPAA OVERVIEW ETSU 1 What is HIPAA? Health Insurance Portability and Accountability Act. 2 PURPOSE - TITLE II ADMINISTRATIVE SIMPLIFICATION To increase the efficiency and effectiveness of the entire health
More informationHIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS
HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS SCOPE OF POLICY: What Units Are Covered by this Policy?: This policy applies to the following units
More informationChildren's Hospital, Boston (Draft Edition)
Children's Hospital, Boston (Draft Edition) The Researcher's Guide to HIPAA Evervthing You Alwavs Wanted to Know About HIPAA But Were Afraid to Ask 1. What is HIPAA? 2. What is the Privacy Rule? 3. What
More informationMemorandum. Factual Background
Memorandum TO: FROM: SUBJECT: Chris Ianelli and Jill Mullan, ispecimen, Inc. Kristen Rosati and Ana Christian, Polsinelli, PC ispecimen Regulatory Compliance DATE: January 26, 2014 You have asked us to
More informationAdministrative Services
Policy Title: Administrative Services De-identification of Client Information and Use of Limited Data Sets Policy Number: DHS-100-007 Version: 2.0 Effective Date: Upon Approval Signature on File in the
More informationIRB Application for Medical Records Review Request
Office of Regulatory Research Compliance Institutional Review Board FORM B1 : Medial Records Review Application FORM B1 IRB Application for Medical Records Review Request Principal Investigator: Email:
More informationUPMC POLICY AND PROCEDURE MANUAL
UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1807 Ethics & Compliance SUBJECT: Honest Broker Certification Process Related to the De-identification of Health Information for Research and
More informationHow to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008
How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption
More informationHealth Insurance Portability and Accountability Policy 1.8.4
Health Insurance Portability and Accountability Policy 1.8.4 Appendix C Uses and Disclosures of PHI Procedures This Appendix covers procedures related to Uses and Disclosures of PHI. Disclosures to Law
More informationDe-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "
De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies
More informationHIPAA SELF STUDY TRAINING GUIDE
HIPAA SELF STUDY TRAINING GUIDE I have received the LifeWays HIPAA SELF STUDY TRAINING GUIDE. I understand that I will be accountable for the information contained in the guide. If I have questions I may
More informationJanuary 2003. Employers must be prepared for their obligations under the HIPAA Privacy Rules
Employer Sponsored Group Health Plans and the HIPAA Privacy Rules Employers must be prepared for their obligations under the HIPAA Privacy Rules January 2003 Bob Radecki KnowHIPAA.com HIPAA-COBRA-FMLA
More informationPROTECTED HEALTH INFORMATION AND THE JHSPH
PROTECTED HEALTH INFORMATION AND THE JHSPH The Health Insurance Portability and Accountability Act (HIPAA) protects individually identifiable health information, or Protected Health Information ( PHI ),
More informationA. HIPAA Privacy Authorizations and Exceptions for Use of Identifiable Protected Health Information
Protected Health Information and the JHSPH The Health Insurance Portability and Accountability Act (HIPAA) protects individually identifiable health information, or Protected Health Information ( PHI ),
More informationUniversity of Cincinnati Limited HIPAA Glossary
University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations
More informationStatement of Policy. Reason for Policy
Table of Contents Statement of Policy 2 Reason for Policy 2 HIPAA Liaison 2 Individuals and Entities Affected by Policy 2 Who Should Know Policy 3 Exclusions 3 Website Address for Policy 3 Definitions
More informationLegal Insight. Big Data Analytics Under HIPAA. Kevin Coy and Neil W. Hoffman, Ph.D. Applicability of HIPAA
Big Data Analytics Under HIPAA Kevin Coy and Neil W. Hoffman, Ph.D. Privacy laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule can have a significant
More information4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set.
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Limited Data Sets and Data Use Agreements 10200 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel
More informationDe-Identification of Clinical Data
De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008 1 1 Slide 1 cmw1 Craig M. Winter, 4/25/2008 Background
More informationHIPAA and Research Ethics
[B3] How IRBs are Implementing HIPAA: Finding the Best Fit for Your Institution The 18 th Annual Meeting of the Applied Research Ethics National Association 1 Faculty John Falletta, MD Duke University
More informationSection C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT
Section C: Data Use Agreement Illinois Department of Healthcare and Family Services And DATA USE AGREEMENT This Data Use Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by
More informationSCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training
SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative
More informationHIPAA Basics for Clinical Research
HIPAA Basics for Clinical Research Audio options: Built-in audio on your computer OR Separate audio dial-in: 415-930-5229 Toll-free: 1-877-309-2074 Access Code: 960-353-248 Audio PIN: Shown after joining
More informationDe-identification Koans. ICTR Data Managers Darren Lacey January 15, 2013
De-identification Koans ICTR Data Managers Darren Lacey January 15, 2013 Disclaimer There are several efforts addressing this issue in whole or part Over the next year or so, I believe that the conversation
More informationHIPAA 101: Privacy and Security Basics
HIPAA 101: Privacy and Security Basics Purpose This document provides important information about Kaiser Permanente policies and state and federal laws for protecting the privacy and security of individually
More informationStandard Operating Procedures for Research Involving Human Subjects
Section I: Introduction v07/2015 Standard Operating Procedures Indiana University and its affiliates are dedicated to protecting the rights and welfare of human participants recruited to participate in
More information2010 i2b2/va Challenge Rules of Conduct
2010i2b2/VAChallengeRulesofConduct The2010i2b2/VAChallengeisasharedtask.Theformatofthesharedtaskandtheprinciples whichbindtheparticipantsofthissharedtaskareasfollows: 1.Inordertosupportthesharedtask,i2b2andVAwillprovidetheparticipantswithdatafrom
More informationApplication for an Off-Site Tissue Banking Waiver at a Non-Profit or Academic Institution
Application for an Off-Site Tissue Banking Waiver at a Non-Profit or Academic Institution INSTRUCTIONS This form may be filled in and saved using Adobe Reader version 7.0 or higher. The full version of
More informationTriageLogic Information Security Policy
TriageLogic Information Security Policy What is HIPAA, and what information is protected by it? HIPAA, short for the United States Health Insurance Portability and Accountability Act, is a set of standards
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association DISCLAIMER This general information fact sheet is made available
More informationHIPAA, Licensed Health Care Providers and The Ohio State Dental Board (Board)
HIPAA, Licensed Health Care Providers and The Ohio State Dental Board (Board) OVERVIEW SUMMARY HIPAA The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that affects the entire
More informationData Security & eirb Tips & Tricks School of Nursing Office of Research Affairs Brown Bag Series
Data Security & eirb Tips & Tricks School of Nursing Office of Research Affairs Brown Bag Series Denise Snyder, MS, RD, CSO, LDN Director, Research Management Team (RMT) Research Practices Manager, SON
More informationVirginia Commonwealth University Information Security Standard
Virginia Commonwealth University Information Security Standard Title: Scope: Data Classification Standard This document provides the classification requirements for all data generated, processed, stored,
More informationLimited Data Set Background Information
Limited Data Set Background Information 1. A limited data set is protected health information that excludes certain identifiers but permits the use and disclosure of more identifiers than in a de-identified
More informationDe-Identification of Clinical Data
De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV Tyrone Grandison, PhD Manager, Privacy Research, IBM TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008
More informationHIPAA-G04 Limited Data Set and Data Use Agreement Guidance
HIPAA-G04 Limited Data Set and Data Use Agreement Guidance GUIDANCE CONTENTS Scope Reason for the Guidance Guidance Statement Definitions ADDITIONAL DETAILS Additional Contacts Web Address Forms Related
More informationNorth Shore LIJ Health System, Inc. Facility Name
North Shore LIJ Health System, Inc. Facility Name POLICY TITLE: The Medical Record POLICY #: 200.10 Approval Date: 2/14/13 Effective Date: Prepared by: Elizabeth Lotito, HIM Project Manager ADMINISTRATIVE
More informationHIPAA Privacy Rule Primer for the College or University Administrator
HIPAA Privacy Rule Primer for the College or University Administrator On August 14, 2002, the Department of Health and Human Services ( HHS ) issued final medical privacy regulations (the Privacy Rule
More informationLA BioMed Secure Email
INFORMATION SYSTEMS LA BioMed Secure Email Los Angeles Biomedical Research Institute at Harbor-UCLA 1124 W Carson St Bldg E2.5 Phone 310.222.1212 Table of Contents Intended Audience... 1 Purpose... 1 When
More informationGrand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health. Pam Jager, GRMEP Director of Education & Development
Grand Rapids Medical Education Partners Mercy Health Saint Mary s Spectrum Health Pam Jager, GRMEP Director of Education & Development To understand the requirements of the federal Health Information Portability
More informationThe HIPAA Privacy Rule: Overview and Impact
The HIPAA Privacy Rule: Overview and Impact DISCLAIMER: This information is provided as is without any express or implied warranty. It is provided for educational purposes only and does not constitute
More information[Insert Name and Address of Data Recipient] Data Use Agreement. Dear :
[Insert Name and Address of Data Recipient] Re: Data Use Agreement Dear : The federal Health Insurance Portability and Accountability Act and the regulations promulgated thereunder (collectively referred
More informationHIPAA Privacy and Security Rules: A Refresher. Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant
HIPAA Privacy and Security Rules: A Refresher Marilyn Freeman, RHIA California Area HIPAA Coordinator California Area HIM Consultant Objectives Provide overview of Health insurance Portability and Accountability
More informationHIPAA PRIVACY AND SECURITY STANDARDS CITY COMPLIANCE
Important: Conducting an assessment of your health plan(s) is the first step to determining HIPAA compliance. You will need to conduct a separate assessment for each of your health plans. (Please be aware
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationINDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3
INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS I. Introduction 2 II. Definitions 3 III. Program Oversight and Responsibilities 4 A. Structure B. Compliance Committee C.
More informationHIPAA Training: Ensuring Privacy for our Patients
HIPAA Training: Ensuring Privacy for our Patients The purpose of the HIPAA Privacy Rule is to prevent inappropriate use and disclosure of individual health information, most commonly referred to as protected
More informationProtected Health Information
Protected Health Information What Is Covered? Protected health information (PHI) Individually identifiable health information Transmitted or maintained in any form or medium by a Covered Entity or its
More informationState of Nevada Public Employees Benefits Program. Master Plan Document for the HIPAA Privacy and Security Requirements for PEBP Health Benefits
State of Nevada for the Requirements for PEBP Health Benefits Plan Year 2016 July 1, 2015 June 30, 2016 www.pebp.state.nv.us (775) 684-7000 Or (800) 326-5496 Amendments Amendment Log Any amendments, changes
More informationAuthorization for Release of Information
Authorization for Release of Information Section I. Date: Student Name: Date of Birth: / / (mm/dd/yy) ID: Grade: School: Section II: Name: authorizes District # to release the specific information identified
More informationHIPAA Privacy Compliance Plan for Research. University of South Alabama IRB Guidance and Procedures
HIPAA Privacy Compliance Plan for Research University of South Alabama IRB Guidance and Procedures Office of Research Compliance and Assurance CSAB 140 460-6625 Adopted: 4/2/2003 2 HIPAA PRIVACY COMPLIANCE
More informationBUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information
BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements
More informationHIPAA and Clinical Research
To Heal. To Teach. To Discover. HIPAA and Clinical Research 2011 Training Jennifer Edlind, UH Privacy Officer Ryan Terry, UH Information Security Officer 1 Agenda Research credentialing overview HIPAA
More informationGaston County HIPAA Manual
Gaston County HIPAA Manual Includes Gaston County IT Manual Action Date Reviewed and Revised December 2012 Gaston County HIPAA Policy Manual has be updated and combined with the Gaston County IT Manual.
More informationHealth Insurance Portability and Accountability Act (HIPAA) Privacy Compliance Plan
POLICY # : 90 AREA: Agency AFFECTED DIVISION: All Divisions EFFECTIVE DATE OF BOARD APPROVAL: September 25, 2013 Executive Director Board President Health Insurance Portability and Accountability Act (HIPAA)
More informationPRIVACY IMPLEMENTATION HANDBOOK PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE
PRIVACY IMPLEMENTATION HANDBOOK PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE Revised September 2013 TABLE OF CONTENTS 1.0 OVERVIEW... 6 1.1 Purpose of Handbook... 7 2.0 DEFINITIONS... 7 3.0 PRIVACY OFFICIALS...
More informationVENDOR / CONTRACTOR. Privacy Basics
VENDOR / CONTRACTOR Privacy Basics Introduction Premera s mission is to provide our customers with peace of mind about their healthcare. This requires that everyone who works with or for Premera (the Company
More informationQOPI CERTIFICATION PROGRAM
QOPI CERTIFICATION PROGRAM QCP Initial Chart Documentation Submission Guide American Society of Clinical Oncology 2318 Mill Rd., Suite 800 Alexandria, VA 22314 E: qopicertification@asco.org http://qopi.asco.org/certification
More informationHIPAA and You The Basics
HIPAA and You The Basics The Purpose of HIPAA Privacy Rules 1. Provide strong federal protections for privacy rights Ensure individual trust in the privacy and security of his or her health information
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationTexas A&M School of Public Health HIPAA Privacy Compliance Manual For Researchers
Texas A&M School of Public Health HIPAA Privacy Compliance Manual For Researchers Final: Approved by the SPH Executive Committee, 01/12/2016 1 Table of Contents INTRODUCTION... 3 PURPOSE... 4 LEGAL STATUS
More informationState of Connecticut Department of Social Services HIPAA Policies and Procedures Manual
State of Connecticut Department of Social Services HIPAA Policies and Procedures Manual Updated 9/17/13 1 Overview As of April 14, 2003, the State of Connecticut Department of Social Services (DSS) is
More informationUPMC POLICY AND PROCEDURE MANUAL
UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1611 Ethics & Compliance SUBJECT: Use and Disclosure of Protected Health Information (PHI) For Research Purposes Pursuant to the HIPAA Privacy
More informationHIPAA Compliance Strategies for Pharmaceutical Manufacturers,
HIPAA Compliance Strategies for Pharmaceutical Manufacturers, PBMs and Pharmacies Jean-Paul Hepp,, Ph.D. Director, Global Privacy HIPAA Colloquium Harvard MA; August 22, 2002 1 Agenda Privacy ~ Definitions
More informationSOP Number: OCR-HIP-001 Effective Date: August 2013 Page 1 of 5
Title: HIPAA Research Policy: General Nova Southeastern University Standard Operating Procedure for GCP Version # 1 SOP Number: OCR-HIP-001 Effective Date: August 2013 Page 1 of 5 PURPOSE: Federal privacy
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationHIPAA-P01 Uses and Disclosures of Protected Health Information Policy
HIPAA-P01 Uses and Disclosures of Protected Health Information Policy FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions Sanctions ADDITIONAL DETAILS Additional Contacts Web Address
More informationBUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE
BUSINESS ASSOCIATE AGREEMENT BETWEEN LEWIS & CLARK COLLEGE AND ALLEGIANCE BENEFIT PLAN MANAGEMENT, INC. I. PREAMBLE Lewis & Clark College and Allegiance Benefit Plan Management, Inc., (jointly the Parties
More informationHIPAA PRIVACY POLICIES AND PROCEDURES
HIPAA PRIVACY POLICIES AND PROCEDURES FOR MOTT COMMUNITY COLLEGE NOVEMBER 18, 2004 PREPARED BY: KUSHNER & COMPANY 2427 WEST CENTRE AVENUE PORTAGE, MICHIGAN 49024 (269) 342-1700 WWW.KUSHNERCO.COM EMPLOYEE
More informationDATA USE AGREEMENT RECITALS
DATA USE AGREEMENT This Data Use Agreement (the Agreement ), effective as of the day of, 20, is by and between ( Covered Entity ) and ( Limited Data Set Recipient or Recipient ) (collectively, the Parties
More informationYALE UNIVERSITY RESEARCHER S GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996 Handbook
YALE UNIVERSITY RESEARCHER S GUIDE TO HIPAA Health Insurance Portability and Accountability Act of 1996 Handbook Table of Contents I. INTRODUCTION... 2 What is HIPAA?... 2 What is PHI?... 2 II. HIPAA s
More informationHIPAA Privacy Keys to Success Updated January 2010
HIPAA Privacy Keys to Success Updated January 2010 HIPAA Job Specific Education 1 HIPAA and Its Purpose What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Title II Administrative
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy Use and Disclosure of Psychotherapy Notes 10130
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy Use and Disclosure of Psychotherapy Notes 10130 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel &
More informationHIPAA Privacy Officer Sonya Middleton. HIPAA Security Officer Joan Kellner
HIPAA Privacy Officer Sonya Middleton HIPAA Security Officer Joan Kellner Humboldt Workshop & Residential Services, Inc., mc, INC. POLICIES FOR PROTECTION OF THE PRIVACY OF PROTECTED HEALTH INFORMATION
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationHIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES
SALISH BHO HIPAA AND MEDICAID COMPLIANCE POLICIES AND PROCEDURES Policy Name: HIPAA BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date: 03/2016 Revision Date(s):
More informationHIPAA means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191.
HIPAA Data Use Agreement 1 Revision Date: This Data Use Agreement (the Agreement ) is entered into by and between Yale University ( Covered Entity ) and ( Data User ), collectively, the Parties, and shall
More informationHIPAA (The Health Insurance Portability and Accountability Act)
Section 16. HIPAA Requirements and Information HIPAA (The Health Insurance Portability and Accountability Act) Molina Healthcare s Commitment to Patient Privacy Protecting the privacy of members personal
More informationBUMC Clinical Research Seminar: What would YOU do? Put your IRB hat on!
BUMC Clinical Research Seminar: What would YOU do? Put your IRB hat on! Mary-Tara Roth, RN, MSN, MPH BUMC Clinical Research Resources Office (CRRO) Mary Banks, RN, BSN Senior Analyst II, BUMC IRB September
More informationExtracting value from HIPAA Data James Yaple Jackson-Hannah LLC
Extracting value from HIPAA Data James Yaple Jackson-Hannah LLC Session Objectives Examine the value of realistic information in research and software testing Explore the challenges of de-identifying health
More informationHIPAA Handbook for Researchers at UAB
HIPAA Handbook for Researchers at UAB Prepared by the UAB Institutional Review Board for Human Use, UAB Health System Information Services, and the UAB HIPAA Coordinator s Office Date of First Publication:
More informationHIPAA POLICY PROCEDURE GUIDE
HIPAA POLICY & PROCEDURE GUIDE HEALTH INFORMATION MANAGEMENT DEPARTMENT Office of Compliance & Audit Services - 1 - Table of Contents I. Patient Requests for Medical Records: Page 3 II. Other Requests
More informationRESEARCH INVOLVING DATA AND/OR BIOLOGICAL SPECIMENS
RESEARCH INVOLVING DATA AND/OR BIOLOGICAL SPECIMENS 1. Overview IRB approval and participant informed consent are required to collect biological specimens for research purposes. Similarly, IRB approval
More informationImplementing an HMIS within HIPAA
Implementing an HMIS within HIPAA Jon Neiditz Atlanta, GA (678) 427-7809 jneiditz@hunton.com September 14th and 15th, 2004 Chicago, IL Sponsored by the U.S. Department of Housing and Urban Development
More informationUCSF and Data Contributor are hereinafter also referred to individually as Party and collectively as Parties.
DATA USE AGREEMENT This Data Use Agreement ( Agreement ) is entered into by and between The Regents of the University of California, on behalf if its San Francisco campus ( UCSF or Data User ), and [full
More informationHIPAA. Privacy and Security Frequently Asked Questions for Employers. Gallagher Benefit Services, Inc.
2013 HIPAA Privacy and Security Frequently Asked Questions for Employers Gallagher Benefit Services, Inc. Disclaimer We share this information with our clients and friends for general informational purposes
More information