|
|
This is only a preview of the paper
Click here to register and get the full text.
Existing members click here to login
|
|
|
Why Should Researchers Be Aware of the HIPAA Privacy Rule? The Privacy Rule regulates the way certain health care groups, organizations, or businesses, called covered entities under the Rule, handle the individually identifiable health information known as protected health information (PHI). Researchers should be aware of the Privacy Rule because it establishes the conditions under which covered entities can use or disclose PHI for many purposes, including for research. Although not all researchers will have to comply with the Privacy Rule, the manner in which the Rule protects PHI could affect certain aspects of research. It is important to understand that many research organizations that handle individually identifiable health information will not have to comply with the Privacy Rule because they will not be covered entities. The Privacy Rule will not directly regulate researchers who are engaged in research within organizations that are not covered entities even though they may gather, generate, access, and share personal health information. For instance, entities that sponsor health research or create and/or maintain health information databases may not themselves be covered entities, and thus may not directly be subject to the Privacy Rule. However, researchers may rely on covered entities for research support or as sources of individually identifiable health information to be included in research repositories or research databases. The Privacy Rule may affect such independent researchers, as it will affect their relationships with covered entities. In some instances, researchers may have to comply with the Privacy Rule because they may be or may work for a covered entity. For example, the Privacy Rule defines covered entities to include health care providers that transmit health information electronically in connection with certain financial and administrative transactions (such as most hospitals). As such, researchers who are or who work for these covered entities would need to understand the Privacy Rule and how it works because the Rule describes how covered entities can establish relationships in which PHI can be used and shared, as well as the specific ways in which a covered entity may use or disclose the PHI it holds, and under what conditions it can allow use or disclosure of the information. . For information on how the Privacy Rule may affect specific research areas, see the companion pieces to this booklet: Health Services Research and the HIPAA Privacy Rule; Repositories, Databases, and the HIPAA Privacy Rule; Clinical Research and the HIPAA Privacy Rule; Institutional Review Boards and the HIPAA Privacy Rule ; and Privacy Boards and the HIPAA Privacy Rule . Key Points: · The Privacy Rule establishes minimum Federal standards for protecting the privacy of individually identifiable health information. The Rule confers certain rights on individuals, including rights to access and amend their health information and to obtain a record of when and why their PHI has been shared with others for certain purposes. · The Privacy Rule establishes conditions under which covered entities can provide researchers access to and use of PHI when necessary to conduct research. The Rule is not intended to impede research. · Compliance with the Privacy Rule is required on and after April 14, 2003, for most covered entities. (Small health plans have an extra year to comply.) The purpose of the Privacy Rule is to establish minimum Federal standards for safeguarding the privacy of individually identifiable health information. Covered entities, which must comply with the Rule, are health plans, health care clearinghouses, and certain health care providers. Covered entities may not use or disclose PHI except as permitted or required under the provisions of the Privacy Rule. The Rule also confers certain rights on individuals, including rights to access and amend certain health information and to obtain a record of when and how their PHI has been shared with others for certain purposes.
Approximate Word count = 2399
Approximate Pages = 9.6
(250 words per page double spaced)
|
|
|
|
|
|