Human Subjects Research and the HIPAA Privacy Rule
When HIPAA took effect in 2003, it outlined new procedures for collecting and sharing protected health information (“PHI”) in research. Unless one of the exceptions discussed below applies, investigators who wish to use or disclose PHI for research purposes must first obtain a signed authorization from each research subject. Institutions are required to establish a “Privacy Board” to review and approve requests for waivers of authorization for uses and disclosures of PHI for research purposes. At UW-Madison, each Institutional Review Board (IRB) serves as a Privacy Board. Thus, researchers are not obliged to apply to two separate committees/boards.
According to federal regulations, all institutions governed by HIPAA must train their workforce regarding uses and disclosures of PHI. UW-Madison accomplishes this through online training.