|| Home||| Journal||| Directories||| Resources||| MAGI||| About Us||| Contact Us||| Sign In||| Sign Up|
NIH Guidance – Impact of HIPAAIMPACT OF THE HIPAA PRIVACY RULE ON NIH PROCESSES INVOLVING THE REVIEW, FUNDING, AND PROGRESS MONITORING OF GRANTS, COOPERATIVE AGREEMENTS AND RESEARCH CONTRACTS
RELEASE DATE: February 5, 2003
National Institutes of Health (NIH)
The purpose of this GUIDE notice is to provide an overview of how the HIPAA Privacy Rule may affect NIH processes involving the review, funding, and progress monitoring of grants, cooperative agreements and research contracts.
The Department of Health and Human Services (DHHS) issued final modifications to the STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION, the "Privacy Rule," on August 14, 2002. The Privacy Rule is a federal regulation under the Health Insurance Portability and Accountability Act (HIPAA) of 1996 that governs the protection of individually identifiable health information. The Rule was enacted to increase the privacy protection of health information identifying individuals who are living or deceased, and to regulate known and unanticipated risks to privacy that may accompany the use and disclosure of personal health information. The Privacy Rule is not an NIH regulation. It is administered and enforced by the DHHS Office for Civil Rights (OCR). Those who must comply with the Privacy Rule, including some grantees and contractors, must do so by April 14, 2003 (with the exception of small health plans which have an extra year to comply). The OCR website (http://www.hhs.gov/ocr/) provides information on the Privacy Rule, including a complete Regulation Text for the Privacy Rule.
I. The Privacy Rule and Research: Roles and ResponsibilitiesGrant Applicants and Contract Offerors – The Privacy Rule applies to researchers classified under the Rule as covered entities (i.e., a health care clearinghouse, health plan, or a health care provider that electronically transmits health information in connection with a transaction for which DHHS has adopted standards under HIPAA). The Rule may also affect researchers who obtain individually identifiable health information from covered entities through collaborative or contractual arrangements. Decisions about whether and how to implement the Privacy Rule reside with the researcher and his/her institution. A set of decision tools on "Am I a covered entity?" are available from the OCR website (http://www.hhs.gov/ocr/). Researchers should review this and other information on the Privacy Rule and then discuss with their appropriate institutional officials (e.g., Office of Research, legal counsel, etc.) to learn how the Rule applies to them, their organization, and their specific research project. OCR and the Department of Justice (DOJ) may impose civil or criminal penalties, respectively, on covered entities that fail to comply with the Rule.
|© 2003-2012 First Clinical Research LLC. Trademark Notice Terms & Conditions Privacy Statement Site Map|