What actions can an IRB take with respect to uses and disclosures of PHI for research?
HIPAA Weekly Advisor, December 20, 2002
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: What actions can an IRB take with respect to uses and disclosures of PHI for research?
A: An IRB may approve an alteration to or a waiver of the individual authorization that would be normally required for use or disclosure of PHI for research.
The regulations impose no requirements for the location or sponsorship of the IRB.
The HHS commentary notes that accreditation is not required because currently there are no accepted accreditation standards for IRBs, nor a designated accreditation body.
In order for the covered entity to use or disclose information without authorization for research, an IRB must find that:
- The use or disclosure of PHI involves no more than minimal risk to the privacy of individuals, based on the presence of the following criteria:
(1) An adequate plan to protect the identifiers from improper use and disclosure
(2) An adequate plan to destroy the identifiers at the earliest opportunity, unless there is a health or research justification for retaining the identifiers or retention is otherwise required by law
(3) Adequate written assurances that the PHI will not be reused or disclosed to any other person or entity, except as required by law, for authorized oversight of the research study, or for other research for which the use or disclosure of PHI is permitted under HIPAA
- The research could not practicably be conducted without the alteration or waiver
- The research could not practicably be conducted without access to and use of the PHI
The waiver of authorization must include:
- A statement identifying the IRB and the date on which the waiver or alteration of authorization was approved
- A statement that the IRB has determined that the waiver or alteration satisfies the required criteria
- A brief description of the PHI for which use or access has been determined to be necessary
- A statement that the waiver or alteration has been reviewed and approved under either normal or expedited review procedures
This documentation must be signed by the IRB's chair, or other member as designated by the chair. A privacy board has the same power as an IRB to issue waivers.
Editor's note: Brought to you by attorneys Marty Baxter and Gretchen McBeath at Bricker and Eckler, LLP (http://www.bricker.com) and The Quality Management Consulting Group, Ltd. (http://www.qmcg.com). E-mail: mbaxter@bricker.com or gmcbeath@bricker.com.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- Running an effective peer review committee meeting
- HealthDataInsights posts new issues for medical necessity claims
- Sneak Peek: Effort underway to establish caseload benchmarks
- Q/A: Coding for telescopic intraocular lens
- New FAQ posted on storing laryngoscope blades
- Tip: Perform your own internal investigation prior to government audit
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- Q/A: Coding for telescopic intraocular lens
- Q/A: Correct use of modifier -PT
- Tip: Correctly code bilateral pain management procedures
- "Wall fountains" may be spreading Legionnaires to patients, visitors
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- Case Management Monthly, March 2012
- Searched