HIPAA and Clinical Research Training

Research and the Duty to Protect PHI

After viewing the training materials, complete the short quiz below. Be certain to include your name in the last question to receive credit for completing the training. Please note that as of September 8, 2016, University Hospitals Case Medical Center has changed its name to University Hospitals Cleveland Medical Center.

All non-UH personnel involved with Clinical Research at University Hospitals are required to attend an education session on HIPAA (the Health Insurance Portability and Accountability Act) and how it relates to research. This video is provided to fulfill this requirement.

Federal privacy protections under HIPAA apply to human participant research, in addition to the Common Rule and FDA regulations. Individuals conducting clinical research at UH are required to understand how these regulations affect clinical research. This training will also outline UH’s policies governing the privacy and security of protected health information (PHI).

This training builds upon the information contained within the Health Information Privacy and Security (HIPS) module from the Collaborative Institutional Training Initiative (CITI) online training program. In addition, this session will:

  1. provide a refresher of the HIPAA requirements for privacy and information security relating to research
  2. discuss the 2009 HITECH Act
  3. provide practical examples of how these laws affect research involving UH patient data

The goal of the UH credentialing process is to provide non-UH employees access to patient records for research.*

*
All of the following are key points about the HIPAA Privacy Rule and Research, EXCEPT:*



*
All of the following are considered protected health information, EXCEPT: *




*
De-identified data sets have all 18 HIPAA identified removed.*

*
Limited datasets are not subject to HIPAA regulations and can be disclosed to collaborators at other institutions. *

*
In order to data mine for potential research subjects, prior patient authorization or IRB (Institutional Review Board)/RPB (Research Privacy Board) approval or waiver is required.*

*
HITECH penalties for breaches of PHI are only applicable to entities/ institutions, not individuals.*

*
The HITECH Act revised the HIPAA enforcement rule by:*




*
I should do the following to protect research data I am authorized to have access to, EXCEPT:*




*
The following institutions/individuals are responsible for protecting and securing PHI:*





*
I should report any UH PHI I have stored on non-UH assets to HelpDesk@UHhospitals.org.*

*
I certify that I have completed one (1) hour of on-line training on HIPAA and Clinical Research. While participating in clinical research at University Hospitals (UH), I agree to follow all UH policies relating to the appropriate use of UH Information Technology systems and the privacy and security of protected health information.
*
*
*
Are you a Medical Student?

*

Make an Appointment

Schedule your appointment with a specialist at University Hospitals.
1-866-UH4-CARE (1-866-844-2273)

More Scheduling Options

Need to Refer a Patient?

Click here for Patient Referrals

Browse Services A-Z

Maps and Directions

Click here for directions