HIPAA and the Privacy Rule Policy
The HIPAA Privacy Rule establishes the conditions under which Protected Health Information (PHI) may be used or disclosed by covered entities for research purposes. University Hospitals is a covered entity and as such, must abide by the HIPAA Rules for the use and disclosure of PHI under its jurisdiction (see 45 CRR 160 and 164).
The UH Research Privacy Board (RPB) has recently updated the policy related to use and disclosure of PHI for research. The parameters of the policy have not changed since the implementation of the Privacy Rule and HIPAA Authorization requirements were enacted in 2003; Rather the RPB has revised the policy to provide additional guidance for investigators with respect to how health information may be used as part of an approved research protocol and what the requirements are for use of this information.
HIPAA Authorization Template
The UH Privacy Office has moved to office space in the UH Management Service Center in Shaker Heights. As a result, the UH HIPAA Authorization template has been updated to reflect the Privacy Office’s address. Please use the updated version of the HIPAA Authorization template when submitting new protocols. Beginning April 1, 2008, please begin submitting revised HIPAA Authorization forms for all actively enrolling studies at the next Amendment or Continuing Review.
Please feel free to view the full Notice of Privacy Practices online, which describes how medical information and you may be used and disclosed and how you can get access to this information
Forms and Templates