HIPAA Privacy Board Overview

Similar documents
Principal Investigator Responsibilities for Education and Social/Behavioral Researchers

HIPAA COMPLIANCE. What is HIPAA?

What is Covered by HIPAA at VCU?

HIPAA-Compliant Research Access to PHI

HIPAA COMPLIANCE INFORMATION. HIPAA Policy

What is Covered under the Privacy Rule? Protected Health Information (PHI)

Health Insurance Portability & Accountability Act (HIPAA) Compliance Application

Winthrop-University Hospital

PRIVACY IMPACT ASSESSMENT (PIA) For the

Standard Operating Procedures for Research Involving Human Subjects

PROTECTED HEALTH INFORMATION AND THE JHSPH

A. HIPAA Privacy Authorizations and Exceptions for Use of Identifiable Protected Health Information

Reliance Agreement for Institutions Utilizing Stony Brook University s Institutional Review Board(s)

IRB Application for Medical Records Review Request

Health Insurance Portability and Accountability Policy 1.8.4

HIPAA Basics for Clinical Research

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

BUSINESS ASSOCIATE AGREEMENT

Minimum Education Requirements for DoD Personnel Involved in Human Research Protection

WHEN I WANT TO: I NEED TO SUBMIT: {for CIRB studies, see the specific FAQ}

This form may not be modified without prior approval from the Department of Justice.

BUSINESS ASSOCIATE AGREEMENT

HIPAA Compliance Strategies for Pharmaceutical Manufacturers,

Louisiana State University System

Eligibility to Serve as a Principal Investigator for Research Involving Human Subjects

OFFICE OF CONTRACT ADMINISTRATION PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

HIPAA OVERVIEW ETSU 1

Human Subjects Research at OSU

HIPAA Privacy Rule Primer for the College or University Administrator

4. No accounting of disclosures is required with respect to disclosures of PHI within a Limited Data Set.

HIPAA BUSINESS ASSOCIATE AGREEMENT

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule

Accounting for Disclosure Requirements Summary of Changes Included in the Proposed Rule 76 Federal Register May 31, 2011

UNIVERSITY OF CALIFORNIA, SAN DIEGO HUMAN RESEARCH PROTECTIONS PROGRAM. DoD/DON-funded Research

HIPAA Business Associate Agreement Instructions

Enclosure. Dear Vendor,

AMWELL SERVICE PROVIDER SUBSCRIPTION AGREEMENT

SaaS. Business Associate Agreement

Institutional Review Board

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education. September 2014

Instructions for Form: Application for Claim of Exemption

Background, Definitions, and Requirements for Protecting VA Research Information

Decision Tree: When is a Business Associate Agreement (BAA) Required?

HIPAA Business Associate Agreement

HIPAA Data Use Agreement Policy R&G Template Updated for Omnibus Rule HIPAA DATE USE AGREEMENT 1

SAMPLE BUSINESS ASSOCIATE AGREEMENT

FirstCarolinaCare Insurance Company Business Associate Agreement

RESEARCH INVOLVING DATA AND/OR BIOLOGICAL SPECIMENS

Business Associate Agreement

Business Associate Agreement

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

HIPAA Handbook for Researchers at UAB

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

The Accreditation Association for Ambulatory Health Care (AAAHC) is a Business Associate as defined in the HIPAA Privacy Rule:

HIPAA Privacy Rule Policies

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT

INDIANA UNIVERSITY SCHOOL OF OPTOMETRY HIPAA COMPLIANCE PLAN TABLE OF CONTENTS. I. Introduction 2. II. Definitions 3

HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery

COLLECTION, USE, AND DISCLOSURE LIMITATION

Revision(s) to an Approved Study Form

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

Medical Research Law & Policy Report

Business Associate Agreement

HEALTH INFORMATION PRIVACY & SECURITY

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA-G04 Limited Data Set and Data Use Agreement Guidance

Sample Business Associate Agreement Provisions

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT (2012 Version)

APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT

Business Associate Agreement

UPMC POLICY AND PROCEDURE MANUAL

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT. Recitals

HIPAA BUSINESS ASSOCIATE AGREEMENT

WellDyneRxWEST Customer (TPA, Broker, Consultant, Group Health Plan, and other).

UPMC POLICY AND PROCEDURE MANUAL

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

BUSINESS ASSOCIATE AGREEMENT

Transcription:

Defense Health Agency Privacy and Civil Liberties Office HIPAA Privacy Board Overview April 30, 2015 1

Objectives The purpose of this presentation is to: Provide an overview of the DHA Privacy and Civil Liberties Office (Privacy Office) Privacy Board's function and operations, including: Establishment of the DHA Privacy Board and Regulatory Requirements Difference between Common Rule and the HIPAA Privacy Rule Types of Privacy Rule Reviews 2

The DHA Privacy Board HIPAA compliance reviews and documentation are required by an IRB or Privacy Board, set up in accordance with the HIPAA regulations, when PHI is used and/or disclosed for research purposes DHA does not have an IRB; therefore, the DHA Privacy Office established a HIPAA Privacy Board, known as the DHA Privacy Board The DHA Privacy Board is critical for DHA s compliance with the HIPAA Privacy Rule and DoD 6025.18-R The DHA Privacy Board accepts and relies on HIPAA reviews conducted by DoD or outside IRBs provided that the IRB s HIPAA-required documentation meets regulatory requirements 3

The Difference Between the Common Rule and the HIPAA Privacy Rule 4

Four Types of DHA Privacy Board Reviews Required Representations for Research on Decedent s Information Use or disclosure of PHI solely for research on decedents Required Representations for Review Preparatory to Research Use or disclosure of PHI solely for preparing a research protocol or for similar purposes Researchers agree not to remove the PHI from MHS in the course of the review Studies that must obtain HIPAA Authorizations Studies that Require a Waiver of Authorization or an Altered Authorization 5

HIPAA Authorizations Presumed to be Required Researchers are required to obtain a written and signed HIPAA Authorization from every participant in the research study Authorizations must contain all core elements and required statements set forth in the HIPAA Privacy Rule and DoD 6025.18-R PIs are required to initial and sign a certification assuring That the signed authorization of each research participant whose PHI is used or disclosed will be maintained electronically and/or in hard copy for a period of six years from the date the Authorization expires; and, That any and all of the signed Authorizations will be provided to DHA immediately upon request 6

Waiver of HIPAA Authorization Where it is impossible or impracticable to obtain a written Authorization from each and every research participant Two types of waivers Full: waiving authorizations for the entire study Partial: waiving authorizations for part of the project (e.g., for recruiting or screening potential research participants), thereafter PHI is no longer needed or Authorizations can be obtained at that point from each research participant Documentation by an IRB or Privacy Board of approval of a waiver must contain all required criteria set forth in the HIPAA Privacy Rule, 45 CFR 164.512(i)(2) and DoD 6035.18-R, C.7.9.2 7

Altered Authorization Appropriate when a research study requires a modification or removal of some, but not all, required elements from an Authorization (e.g., to remove the core element that describes each purpose of the requested use or disclosure where the identification of the specific study would affect the results of the project) Documentation by an IRB or Privacy Board of approval of an alteration to the Authorization must contain all required criteria set forth in the HIPAA Privacy Rule, 45 CFR 164.512(i)(2) and DoD 6035.18-R, C.7.9.2 An approved alteration only applies to the study for which it is requested and cannot be used for any subsequent use or disclosure of PHI in a different project 8

Modifications, Extensions and Renewals DHA Privacy Board approvals document HIPAA compliance in support of a specific research-related DSA When a DSA is modified, the DHA Privacy Board is contacted and will email the PI to determine if the study has changed and if the responses or representations in any documents/templates approved or accepted by the DHA Privacy Board remain the same. Any substantial changes in the previous information reviewed and relied upon by the DHA Privacy Board will require further review in support of a modification When a DSA is extended or renewed, the applicant certifies that there have been no changes to the study, and thus it does not need DHA Privacy Board review again 9

Impact of Termination or Expiration of a DSA When a research-related DSA expires or is otherwise terminated, any related Privacy Board approvals will also expire or be terminated When a research-related DSA expires or is otherwise terminated and a new DSAA is submitted, the PI is required to complete a new submission to the Board 10

QUESTIONS 11

Additional Resources Privacy Office Web site: http://www.health.mil/military-health-topics/privacy-and- Civil-Liberties/Privacy-Board Email DHAPrivacyBoard@mail.mil for HIPAA research related questions 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information