HIPAA Policies
Human Research Involving Health Information Subject to HIPAA
The Health Insurance Portability and Accountability Act of 1996 established limits on the sharing of health information without the permission of individual patients. Depending on the scope and design of a research project, two components of HIPAA may apply to health researchers: the Privacy Rule and the Security Rule. The controls implemented in these rules only apply to certain types of health information possessed by certain types of organizations. The following guidance will help you identify whether HIPAA applies to your research, and if so, the steps you will need to take in developing your IRB application and addressing research compliance requirements:
- HIPAA Covered Entities
- Protected Health Information
- The Privacy Rule and Research Design Options
- The Security Rule
- IRB Application and Review Process for Research Involving PHI
- HIPAA FAQs
If you have questions after reviewing the web pages above, please contact the IRB at [email protected] or a staff member in the Office of Research Integrity for assistance.