HIPAA’s protections for health information used for research purposes…
supplement those of the Common Rule and FDA.
HIPAA protects a category of information known as protected health information (PHI). PHI includes:
identifiable health information that is created or held by covered entities and their business associates.
When required, the information provided to the data subject in a HIPAA disclosure accounting …
must be more detailed for disclosures that involve fewer than 50 subject records.
HIPAA includes in its definition of “research,” activities related to …
development of generalizable knowledge.
Under HIPAA, a “disclosure accounting” is required:
for all human subjects research that uses PHI without an authorization from the data subject, except for limited data sets.
A HIPAA authorization has which of the following characteristics:
Uses “plain language” that the data subject can understand, similar to the requirement for an informed consent document.
Under HIPAA, “retrospective research” (a.k.a., data mining) on collections of PHI generally …
is research, and so requires either an authorization or meeting one of the criteria for a waiver of authorization.