and the IRB
Health Insurance Portability and Accountability Act of 1996 (HIPPA)
was enacted to issue privacy regulations governing individually
indefinable health information.
The Privacy Rule protects all iindividually identifiable
health information held or transmitted by a covered entity or
its business associate in any form or media, whether electronic
paper or oral. The
HIPPA Privacy Rule calls this information Protected Health Information
(PHI) and governs how information can be linked to a particular person
in the course of providing a health care service.
is considered a hybrid entity which allows only its designated
health care components to comply with HIPPA.
HIPPA recognizes organization activities such as education
HIPPA allows both use and disclosure
of PHI for research purposes, but such uses and disclosures
must follow HIPPA guidance and be part of a research plan that
is reviewed and approved by the Institutional Review Board (IRB).
When participants in a research study sign
a consent form allowing a researcher to have access to their PHI
(for research purposes), the information obtained should be governed
by the terms in their consent and is no longer PHI subject to
HIPPA. However, a researcher should continue to recognize and maintain
confidentiality of the disclosed information so as to insure continued
protection to the participant and maintain the best practices
for research involving human participants.
For a complete summary of the privacy rule