Although HIPAA Privacy and Security regulations were created to protect patients’ individually identifiable information in the custody of the health care industry rather than in research, there are a variety of HIPAA impacts when research uses information generated in the course of health care.  The impacts are relevant not only to clinical trials but also to many other types of research such as projects evaluating standard treatment outcomes or public health trends.

HIPAA intersects with research in many facets including:

• creation, acquisition, use and sharing of individuals’ health information for research
• the processes of informed consent and authorization or waiver of informed consent and authorization
• contract provisions with research sponsors
• agreements among researchers
• creation of data repositories for future research

In addition to understanding the basic requirements of HIPAA with respect to use and disclosure of “Protected Health Information” it is very important to understand the variations on required or permitted documentation based on factors such as:

• the structures of the organizations involved (covered entity, hybrid entity, non covered entity)
• the type of project (research, public health, healthcare operations, a compound of several project types)
• the roles of each of the parties in HIPAA terms
• the data elements and information flows

Research Compliance Consulting can assist you in evaluating and addressing all of these issues.