HIPAA Learning Shots:
HIPAA is the acronym for the Health Insurance Portability and Accountability Act of 1996.
The intention of HIPAA is to protect patients from inappropriate disclosures of "Protected Health Information" (PHI) that can cause harm to a person's insurability, employability, etc.
The privacy provisions of HIPAA found in the Privacy Rule apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses.
PHI is information that can be linked to a particular person and that is created, used, or disclosed in the course of providing a health care service (i.e., diagnosis or treatment).
HIPAA affects only that research which uses, creates, or discloses PHI.
Researchers have legitimate needs to use, access, and disclose PHI to carry out a wide range of health research studies.
The Privacy Rule protects PHI while providing ways for researchers to access and use PHI when necessary to conduct research.
In general, there are two types of human research that would involve PHI:
The IRB-HSR acts as the Privacy Board at UVa to review the use/disclosure of PHI and to determine whether the subjects should sign an "Authorization" (Adds additional language to the consent template) or if a Waiver of Authorization (roughly analogous to a Waiver of Consent under the Common Rule) may be granted. At UVa the requirements for a HIPAA Authorization have been incorporated into the research consent form to eliminate the need for multiple forms. If for some reason a research consent will not be obtained, the IRB-HSR provides a template for a Stand-alone HIPAA Authorization.