b3 how irbs are implementing hipaa finding the best fit
play

[B3] How IRBs are Implementing HIPAA: Finding the Best Fit for Your - PowerPoint PPT Presentation

Oct 01, 2022 •254 likes •1.25k views

[B3] How IRBs are Implementing HIPAA: Finding the Best Fit for Your Institution The 18 th Annual Meeting of the Applied Research Ethics National Association December 5, 2003 1 Washington DC Faculty John Falletta, MD Duke University

  1. [B3] How IRBs are Implementing HIPAA: Finding the Best Fit for Your Institution The 18 th Annual Meeting of the Applied Research Ethics National Association December 5, 2003 1 Washington DC

  2. Faculty • John Falletta, MD – Duke University Health System – Pediatric Hematologist/Oncologist, Senior IRB Chair • Tammy Sayers Lesko – The Copernicus Group IRB – Director of Quality Assurance & Regulatory Compliance • Brian Murphy, MS – State University of New York at Buffalo – Director, HIPAA Compliance December 5, 2003 2 Washington DC

  3. Agenda • HIPAA in • Institutional “Fit” Research – DUHS • 7 PHI Access Keys – CGIRB for Research and – SUNY at Buffalo Points to Consider • HIPAA and the Common Rule • Questions & Answers December 5, 2003 3 Washington DC

  4. Who does HIPAA Apply to? • Covered entities – Health Care Plans; – Health Care Clearinghouses; – Health Care Providers who engage in specific electronic transactions. • Also may include operations designated as part of the “Health Care Component” within a hybrid entity. December 5, 2003 4 Washington DC

  5. HI Health Information • Any information in any form or medium (oral, written, recorded). • Information created or received by health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse. December 5, 2003 5 Washington DC

  6. HI Health Information (2) • Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual. December 5, 2003 6 Washington DC

  7. IIHI Individually Identifiable Health Information • Is HI (excluding that created by a public health authority, school or university, or life insurer) that: – Is created or received by a health care provider, health plan, employer, or health care clearinghouse – Identifies the individual or there is a reasonable basis to believe the individual can be identified December 5, 2003 7 Washington DC

  8. PHI Protected Health Information • IIHI that is transmitted or maintained in any medium • Excludes: – Education records covered by the Family Educational Rights and Privacy Act. – Employment records held by a covered entity in its role as employer. – Records of student ≥ age 18 attending postsecondary education made or maintained by health care provider and used to provide treatment to student and not available to anyone other than those providing treatment or health care provider of student’s choice. December 5, 2003 8 Washington DC

  9. Protected Health Information • HIPAA specifically recognizes that PHI may be created, used and disclosed in the course of performing research. December 5, 2003 9 Washington DC

  10. PHI Summary • Any information in any form or medium (oral, written, recorded). • Transmitted or maintained in any medium. • Created by a health care provider (some exclusions in educational settings), health plan or health care clearinghouse. • Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual. • HIPAA protections apply to PHI created or received by a covered entity. December 5, 2003 10 Washington DC

  11. Protected Health Information Points to Consider • You can’t identify PHI by looking at it – you also have to know where it comes from. – It isn’t PHI if it doesn’t come from a covered entity. • A static piece of information can alternate between being PHI and non-PHI as it transits covered entities and non-covered entities. – Even within a covered entity, PHI that becomes part of employment records is no longer PHI. December 5, 2003 11 Washington DC

  12. Items Defined as Identifiers (1-10) • Names • Social security numbers • Addresses /ZIP codes* • Medical Record Numbers • Dates except year • Health plan beneficiary numbers • Telephone numbers • Account numbers • Fax numbers • Electronic mail addresses December 5, 2003 12 Washington DC

  13. Items Defined as Identifiers (11-18) • Certificate/license • Biometric identifiers numbers • Full face photographic • Vehicle identifiers and images serial numbers • Any other unique • Device identifiers and identifying number, serial numbers characteristic or code • Web Universal Resource Locators (URLs) • Internet Protocol (IP) address numbers December 5, 2003 13 Washington DC

  14. What does HIPAA protect? • Information – Confidentiality of Protected Health Information (Privacy/Security) – Electronic Integrity (Security) – Electronic Availability (Security) • Protect against “reasonably anticipated” – Uses / disclosures of electronic information not permitted by HIPAA (Privacy/Security) – Threats / hazards to security & integrity of electronic data (Security) December 5, 2003 14 Washington DC

  15. The “Why” of the Privacy Rule http://www.hhs.gov/ocr/hipaa/finalmaster.html The Privacy Rule for the first time creates national standards to protect individuals' medical records and other personal health information. • It gives patients more control over their health information. • It sets boundaries on the use and release of health records. • It establishes appropriate safeguards that health care providers and others must achieve to protect the privacy of health information. • It holds violators accountable, with civil and criminal penalties that can be imposed if they violate patients' privacy rights. • And it strikes a balance when public responsibility requires disclosure of some forms of data - for example, to protect public health. December 5, 2003 15 Washington DC

  16. Privacy Rule: Advantages to Patients • For patients - it means being able to make informed choices when seeking care and reimbursement for care based on how personal health information may be used. – It enables patients to find out how their information may be used and what disclosures of their information have been made. – It generally limits release of information to the minimum reasonably needed for the purpose of the disclosure. – It gives patients the right to examine and obtain a copy of their own health records and request corrections. December 5, 2003 16 Washington DC

  17. Impact of HIPAA • Does not reduce the effect of the Common Rule or FDA regulations. • Mandates more protections to ensure privacy of subjects and confidentiality of data. • Requires action whenever any PHI is used for research. December 5, 2003 17 Washington DC

  18. HIPAA PHI and Research • HIPAA provides 7 “keys” to accessing PHI. • Keys permit PHI to move from covered entity treatment side to researchers. • Implementation of some keys and activities related to them is dependent on whether researcher is within the covered entity holding the PHI. December 5, 2003 18 Washington DC

  19. Research Access to PHI • Authorization 45 CFR §164.508 • Waiver or Alteration of Authorization • Review Preparatory to Research • Research on Decedents • Transition Provisions • De-identified Data • Limited Data Set December 5, 2003 19 Washington DC

  20. Authorization • Authorization specific to disclosure required for external research (cannot be “open ended” for unspecified future research). • Multiple specific implementation requirements (see handouts). • May be a stand alone document or combined with the informed consent document. • Revocation right balanced with ‘Reliance exception’. • Disclosures not subject to “accounting for disclosures”. December 5, 2003 20 Washington DC

  21. Authorization Points to Consider • To combine or not combine with Informed Consent Form. • Ensuring a complete listing of recipients. • State law pre-emption. December 5, 2003 21 Washington DC

  22. Research Access to PHI • Authorization • Waiver or Alteration of Authorization 45 CFR §164.512(i)(1)(i) & §164.512(i)(2) • Review Preparatory to Research • Research on Decedents • Transition Provisions • De-identified Data • Limited Data Set December 5, 2003 22 Washington DC

  23. Waiver of Authorization • (1) Permitted uses and disclosures. A covered entity may use or disclose protected health information for research, regardless of the source of funding of the research, provided that: • (i) Board approval of a waiver of authorization. The covered entity obtains documentation that an alteration to or waiver, in whole or in part, of the individual authorization required by §164.508 for use or disclosure of protected health information has been approved by either: • (A) An Institutional Review Board … • (B) A privacy board that: …. December 5, 2003 23 Washington DC

  24. Waiver Requirements • (i) Identification and date of action. • (ii) Waiver criteria. A statement that the IRB or privacy board has determined that the alteration or waiver, in whole or in part, of authorization satisfies the following criteria: December 5, 2003 24 Washington DC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data

Presenting a live 90 minute webinar with interactive Q&A HIPAA Privacy and Security: y y Surviving Heightened Enforcement Crafting and Implementing Data Security Policies and Responding to Breaches THURS DAY, MAY 5, 2011 1pm Eastern

836 views • 56 slides
Role of the research regulatory agencies-IRBs 1 B R AN D O N B R O W N D I R E C TO R O F G

Role of the research regulatory agencies-IRBs 1 B R AN D O N B R O W N D I R E C TO R O F G

Role of the research regulatory agencies-IRBs 1 B R AN D O N B R O W N D I R E C TO R O F G H R E AT U C I RV I N E P R O G R AM I N P U B L I C H E ALT H I RV I N E , C A U S A IRBs 2 IRB=Institutional Review Board (ethics

117 views • 11 slides
Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA

Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA

Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA initially went into effect April 14, 2003 HIPAA is a set of rules that is to be followed by doctors, hospitals and other health care providers.

284 views • 25 slides
Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy, Confidentiality & Security Subcommittee May 15, 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other government and private

240 views • 10 slides
HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security

575 views • 33 slides
Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to

Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to obtaining a persons medical records for court proceedings and law enforcement purposes. A) Entities covered by HIPAA The medical records of a patient

405 views • 6 slides
HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c.

HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c.

HIPAA COW Webinar: HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c. HIPAA COW Webinar November 11, 2010 Presentation Overview TOP 3 HIPAA Compliance Risks Unauthorized Use and Disclosure of

522 views • 28 slides
CTTI Advancing the Use of Central IRBs Project: Academic Institution and Government Sponsor

CTTI Advancing the Use of Central IRBs Project: Academic Institution and Government Sponsor

CTTI Advancing the Use of Central IRBs Project: Academic Institution and Government Sponsor Perspectives NIH Collaboratory Grand Rounds: Rethinking Clinical Research 25 April 2014 CTTI Advancing the Use of Central IRBs Project: Academic

915 views • 43 slides
Research & HIPAA October, 2016 Overview HIPAA & Research Increased Enforcement

Research & HIPAA October, 2016 Overview HIPAA & Research Increased Enforcement

Research & HIPAA October, 2016 Overview HIPAA & Research Increased Enforcement HIPAA Security 2 HIPAA & Research HIPAA & Research 4 HIPAA & Research PHI Disclosure for PHI Use for Research Research

752 views • 59 slides
HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

Presenting a live 90-minute webinar with interactive Q&A HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and Security Compliance TUESDAY, FEBRUARY 5, 2013 1pm Eastern | 12pm Central | 11am

793 views • 53 slides
HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental

HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the removal of individual

1.19k views • 61 slides
Ethics, IRBs, and Network Research Why we need to think about ethics i in our projects j New

Ethics, IRBs, and Network Research Why we need to think about ethics i in our projects j New

Ethics, IRBs, and Network Research Why we need to think about ethics i in our projects j New York Times SEP 08, 2001 S h l Scholar Sets Off Gastronomic False Alarm S t Off G t i F l Al By JOHN KIFNER When Jean-Claude Baker, the owner

273 views • 25 slides
HIPAA SECURITY POLICIES AND PROCEDURES (P&P) AND COMPUTER NETWORK DOCUMENTATION (CND) Get it

HIPAA SECURITY POLICIES AND PROCEDURES (P&P) AND COMPUTER NETWORK DOCUMENTATION (CND) Get it

HIPAA SECURITY POLICIES AND PROCEDURES (P&P) AND COMPUTER NETWORK DOCUMENTATION (CND) Get it from DUMATEK ! Get you HIPAA Security P&P and CND here! ONLY $5040.00 This solution becomes ongoing and proprietary to your company. HIPAA

107 views • 10 slides
Wellness Checkup Wellness Roadmap HIPAA Wellness Rules ADA GINA ERISA COBRA

Wellness Checkup Wellness Roadmap HIPAA Wellness Rules ADA GINA ERISA COBRA

Wellness Checkup Wellness Roadmap HIPAA Wellness Rules ADA GINA ERISA COBRA ACA HIPAA Privacy Tax 2 Stop #1 HIPAA Wellness Rules HIPAA Wellness Rules: What is a GHP? Apply to group health plans (GHPs) that

464 views • 28 slides
Role of Equipment Manager in HIPAA HIPAA Role of Equipment Manager in & & HIPAA and

Role of Equipment Manager in HIPAA HIPAA Role of Equipment Manager in & & HIPAA and

Role of Equipment Manager in HIPAA HIPAA Role of Equipment Manager in & & HIPAA and Medical Device Standards HIPAA and Medical Device Standards Organizations (e.g., DICOM, IHE) Organizations (e.g., DICOM, IHE) Charles Parisot, GE

687 views • 43 slides
EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau

EVV Security and Privacy Approach Marguerite Marsh, HIPAA Privacy Officer Matt Williams, Bureau Chief, Information Security and Technology 1 What is HIPAA? 2 HIPAA What: Health Insurance Portability and How: Congress mandated the establishment

444 views • 9 slides
Education Research Practice Partnership with the District of Columbia Pre-Application

Education Research Practice Partnership with the District of Columbia Pre-Application

Education Research Practice Partnership with the District of Columbia Pre-Application Conference December 18, 2019 Welcome & Agenda Agenda Research Practice Partnership (RPP) Background RPP Objectives RPP Proposal

572 views • 25 slides
Todays Schedule THE GRADUATE STUDENT ADVISORY COMMITTEE (GSAC) WELCOMES YOU! GRADUATE

Todays Schedule THE GRADUATE STUDENT ADVISORY COMMITTEE (GSAC) WELCOMES YOU! GRADUATE

Todays Schedule THE GRADUATE STUDENT ADVISORY COMMITTEE (GSAC) WELCOMES YOU! GRADUATE STUDENT ADVISORY COMMITTEE (GSAC) In 2007 the Psychological Sciences Department established a Graduate Student Advisory Committee to allow a venue for

1.24k views • 76 slides
Ten Tips for A IRB Administrator Cynthia Lutzmann Perfect IRB Chairperson Lauren Maziarz,

Ten Tips for A IRB Administrator Cynthia Lutzmann Perfect IRB Chairperson Lauren Maziarz,

3/31/2016 Lourdes University IRB Ten Tips for A IRB Administrator Cynthia Lutzmann Perfect IRB Chairperson Lauren Maziarz, Ph.D., R.N., Scientist Members Application! Lourdes University Robert Campbell, M.A., Non-Scientist Lourdes

68 views • 4 slides
12/1/2017 1 Research Service Our mission is to improve the quality of care for veterans

12/1/2017 1 Research Service Our mission is to improve the quality of care for veterans

12/1/2017 1 Research Service Our mission is to improve the quality of care for veterans through medical research. There are approximately 100 human, animal, and bench studies at the Cincinnati VA Medical Center. Studies are funded

568 views • 18 slides
UM ASSURANCES ORA CERTIFICATE CLASS #4 Joseph Smith Pamela Lanford DECEMBER 2, 2015 Glynnis

UM ASSURANCES ORA CERTIFICATE CLASS #4 Joseph Smith Pamela Lanford DECEMBER 2, 2015 Glynnis

12/2/2015 UM ASSURANCES ORA CERTIFICATE CLASS #4 Joseph Smith Pamela Lanford DECEMBER 2, 2015 Glynnis Bowman Brian Falasca 1 Compliance: Why Do We Care? Protect human and animal subjects, investigators and the institution State and

365 views • 34 slides
The Graduate School Budget & Resource Committee April 21, 2016 Graduate Education Part

The Graduate School Budget & Resource Committee April 21, 2016 Graduate Education Part

The Graduate School Budget & Resource Committee April 21, 2016 Graduate Education Part of the Colleges storied tradition (1 st masters degree awarded in 1950) Core to the Colleges academic mission Means for the College to

379 views • 26 slides
Submitting studies to WIRB as a CHLA researcher Agenda Overview of WCG and WIRB Initial

Submitting studies to WIRB as a CHLA researcher Agenda Overview of WCG and WIRB Initial

5/8/2020 Submitting studies to WIRB as a CHLA researcher Agenda Overview of WCG and WIRB Initial Review Preparing to Submit How to submit Connexus and Submission Overview 2 1 5/8/2020 Overview of WCG and CHLA

488 views • 27 slides
Engaging Navaj o Nation Chapters in Historic Preservation and S urvey Research Navaj o Nation

Engaging Navaj o Nation Chapters in Historic Preservation and S urvey Research Navaj o Nation

Engaging Navaj o Nation Chapters in Historic Preservation and S urvey Research Navaj o Nation Government S tructure As a sovereign nation, the Navaj o Nation has a central government Three Branch Government Executive

215 views • 9 slides

More recommend