Skip to main content About News Giving All Departments Contact Us Site Map
 University of Texas Southwestern Medical School
 
Search       
Print Friendly  
spacer Home Education Research Patient Care Faculty & Administration Resource Careers
Centers & Departments Core Facilities Post Doctoral Fellowships Research Services Clinical Research (CTSA) Technology Development Research Administration
| Home > Research > Research Services > Institutional Review Board >
HIPAA (Health Insurance Portability and Accountability Act)
 Forms 
 Meeting Schedule 
 Investigators' Manual 
 Regulations, Policies, and Procedures 
 Informative Web Sites 
 Training 
 ERGO 
 >IRB Training Reports 
 IRB News 
 Contact Us 
  
 

HIPAA and Research Activities

HIPAA is an acronym for the Health Insurance Portability and Accountability Act of 1996.  While the primary purpose of HIPAA was to enable employees and their families to transfer health care benefits from one employer to another, or to continue coverage in the case of a job loss, many aspects of the law deal specifically with data security and privacy.  These regulations are commonly referred to as the Privacy Rule.

The Privacy Rule establishes a minimum standard for the protection of protected health information (PHI), which is defined as individually identifiable information maintained in any medium.  Human Subject Protection and FDA regulations include some provisions that are similar to, but distinct from, the Privacy Rule's provisions for research. The Privacy Rule builds upon these federal regulations, by expanding privacy protections, which apply regardless of the funding source.   

The Privacy Rule recognizes the need for researchers to access, use and disclose PHI for a wide range of research activities, and provides various ways in which researchers can access and use the information necessary for research.  Of particular importance is the Privacy Rule’s requirement that written authorization be obtained from the subject for the use of PHI for research purposes (unless an exception applies).

For research activities involving PHI, the IRB acts as the institution’s Privacy Board (required by HIPAA) to review and approve the proposed access, use and disclosure of the PHI.  The IRB is responsible for determining whether research subjects are required to sign an authorization for the use and disclosure of their PHI, or if one of the exceptions to the authorization requirements applies.  Examples of these exceptions include waivers of authorization and the use of de-identified data or limited data sets. 

It is important for researchers to become familiar with how and under what conditions PHI can be accessed, used and disclosed for research purposes.  For more information about HIPAA and its relationship to human research, [click here]. 

 

Home  |  Education  |  Research  |  Patient Care  |  Faculty and Administration  |  Careers
About UT Southwestern  |  News  |  Giving  |  All Departments  |  Contact Us  |  Site Map  |  Legal Policies
President's Message on Diversity   |  State of Texas  |  Texas Homeland Security  |  Statewide Search


Copyright 2009. The University of Texas Southwestern Medical Center at Dallas
5323 Harry Hines Boulevard, Dallas, Texas 75390.     Telephone 214-648-3111