HIPAA for Researchers

Accounting for Disclosures Guidance: This document provides guidance on when and how researchers are required to account for disclosures of research participants’ PHI. The document includes a link to the REDCap Accounting Log researchers should use when accounting for disclosures.

Authorizations for Use or Disclosure of PHI in Research
Please note, these are templates only. As with your research consent form, your HIPAA authorization form will need to be tailored to fit the particular uses and disclosures of PHI in your study.

• HIPAA Authorization Form (Stand-alone)
• HIPAA Authorization Form (Stand-alone) – Spanish Translation
• Research Authorization — Veterans Affairs (VA)

• Certification for Activities Preparatory to Research: This certification must be signed prior to using PHI in the preparation of a research protocol.
• Certification for Research on the Protected Health Information of Decedents: This certification must be signed when the research, or a distinct part of the research, uses only the protected health information of decedents.

• Database Decision Tool: This tool is used to determine if a database that is used for research purposes must be registered with the UW-Madison HIPAA Privacy Officer.
• Database Registration and Preparatory to Research Certification for Database Custodian: This form is used to register a database with the UW-Madison Privacy Officer and, when applicable, for the database custodian to certify use of the database in preparation of a research protocol.

Data Use Agreement: This agreement must be completed before receiving or disclosing a Limited Data Set (“LDS”).

• Data Transfer and Use Agreements: Use these forms to disclose or receive an LDS from an external entity.
• Internal Data Use Agreement for Use or Disclosure of a Limited Data Set: This internal data use agreement must be signed when a UW-Madison employee receives a limited data set from within the UW HCC or UW ACE.