Human Research Involving Health Information Subject to HIPAA
The Health Insurance Portability and Accountability Act of 1996 established limits on the sharing of health information without the permission of individual patients. Depending on the scope and design of a research project, two components of HIPAA may apply to health researchers: the Privacy Rule and the Security Rule. The controls implemented in these rules only apply to certain types of health information possessed by certain types of organizations. The following guidance will help you identify whether HIPAA applies to your research, and if so, the steps you will need to take in developing your IRB application and addressing research compliance requirements:
If you have questions after reviewing the web pages above, please contact the IRB at [email protected] or a staff member in the Office of Research Integrity for assistance.