HIPAA at OHSU - HIPAA and Research

Priv main Side Bar



	INFORMATION PRIVACY (HIPAA)


	Contact Us


	infoWatch Newsletter


	Forms


	Policies & Procedures


	Privacy Education	›


	Privacy Resources	›


	Research Resources	›





	OHSU INTEGRITY OFFICE


	Institutional Integrity


	Audit & Advisory Services


	Conflict of Interest/Outside Activity


	Hospitals & Clinics Integrity


	Information Privacy (HIPAA)


	Information Security


	Integrity Education


	Transaction Standards, Code Sets, & Identifiers (TCI)

HIPAA and Research: General Information

What is Research?
HIPAA defines research as "a systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge." This definition is identical with the one used in the so-called Common Rule, separate federal legislation designed to protect human subjects involved in research. HIPAA describes privacy standards for protecting PHI, and so only applies to research that involves humans� (not animals�) health information.

HIPAA and New Documentation Requirements
New research documents include a HIPAA authorization form, a waiver of authorization form, and a data use agreement form. These forms will be made available on the HIPAA web site forms page as they are developed, and can also be obtained through OHSU�s Research Integrity Office.

Patient Rights and Research
Under HIPAA, patients have certain new rights. Those that may affect research include the right to receive OHSU�s Notice of Privacy Practices (NPP), the right to access, inspect, and receive a copy of one�s own PHI, the right to request an amendment to one�s own PHI, and the right to an accounting of certain disclosures of PHI that occur outside the scope of treatment, payment and health care operations (TPO) that have not been authorized. See the Research FAQ�s for more information.

HIPAA and Existing Studies
Studies that enroll human subjects prior to April 14, 2003 may proceed according to the protocol documents that were approved by the IRB. After April 14, 2003, researchers may continue to collect and use data gathered from these subjects, and no new documentation is required. However, any research subject enrolled AFTER April 14, 2003 must sign a HIPAA-compliant authorization form. This form is in addition to the existing Informed Consent document, and is federally required. In many cases, the Informed Consent document may be combined with a HIPAA authorization; contact OHSU�s Research Integrity Office for more information, or see the Research FAQ�s.

HIPAA Compliance Deadline
OHSU must comply with all HIPAA standards by April 14, 2003.

More Information
You can contact OHSU�s Research Integrity Office or OHSU�s HIPAA Program for more information. You can also check out our Research FAQ�s or some outside resources.