Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Social Psychology

University of Illinois at Springfield

advertisement 
Institutional Review Board
University of Illinois
at Springfield
MS PAC 525
One University Plaza
Springfield, IL 62703-5407
tel: 217-206-7409
fax: 217-209-7623
E-mail: kathleen.furr@uis.edu Web:
www.uis.edu/grants
HIPAA COMPLIANCE FORM
To Be Completed By the Responsible Principal
Investigator
Date Application Completed:
For IRB Use Only
UIS Protocol #:
I. Research Title:
II. Responsible Principal Investigator
Name (Last, First)
Highest Degree
University Status/Title
Department
College
Mailing Address
E-mail Address
Phone Number
Fax Number
Mail Stop
Instructions
Please complete this form if you intend to use/disclose protected health
information (PHI) in your research.
PHI is health information transmitted or maintained in any form or medium that:



identifies or could be used to identify an individual:
is created or received by a healthcare provider, health plan, employer, or healthcare
clearinghouse; and
relates to the past, present, or future physical or mental health or condition of an
individual; the provision of healthcare to an individual; or the past, present, or future
payment for the provision of healthcare to an individual
An investigator may access PHI using one or more of the following methods. Unless otherwise
noted, you should complete this entire form as applicable. In addition, you must also complete the
Research Data Security Form if you are collecting, using and/or disclosing PHI for research
purposes. Exceptions are de-identified information, reviews preparatory to research, and research
on decedent’s information.
Page 1 of 5
HIPAA Compliance Form
III. Application
A. Description
Provide a description of the health information associated with the PHI to be used or disclosed for your
research:
B. Please check the appropriate box(es) for your specific research.
1.
De-identified Information
De-identified Information is health information that cannot be linked to an individual. The HIPAA
Privacy Rule regulations [45 CFR 164.514(b)] lists 18 specific identifiers that must be removed from
the health information before the researcher obtains the information for it to be considered not
identifiable. The list includes:


















Name/initials
Street address, city, county, precinct, zip code and equivalent geocodes
All elements of dates (except year) directly related to an individual (date of birth, admission date,
discharge date, date of death);
Elements of date, including year, for persons 90 or older
Telephone number
Fax number
Electronic mail address
Social Security Number
Medical record numbers
Health plan identification numbers
Account numbers
Certificate/license numbers
Vehicle identifiers and serial numbers, including license plate numbers
Device identifiers and serial numbers
Web addresses (URLs); Internet IP addresses
Biometric identifiers, including finger and voice prints
Full face photographic images and any comparable images
Any other unique identifying number, characteristic or code
If the research does not include access to any of the above identifiers, STOP, the HIPAA privacy
regulations do not apply to your research. Sign and Date this section only if the research involves
De-Identified Information.
Page 2 of 5
HIPAA Compliance Form
RESPONSIBLE PRINCIPAL INVESTIGATOR (RPI) ASSURANCE
I assure that if the research is modified to include PHI, I will submit an amendment to my research
protocol for IRB review and approval prior to initiating this change. Additionally, if the research is
revised to involve PHI, I understand that my research staff must satisfy the UIS HIPAA Research
101 training requirement.
__________________________
RPI signature
_______
Date
________________________
Print name
RESPONSIBLE RESEARCH SUPERVISOR (RRS) ASSURANCE
(Required if RPI is a student)
____________________________
RRS signature
_________
Date
____________________________
Print name
2.
Limited Data Set
A Limited Data set is a subset of information (PHI) that only contains the following identifiers linked
to the subject:
 city, state, zip code,
 elements of date such as date of birth, death or service,
 other numbers, characteristics, or codes not listed as HIPAA direct identifiers.
The other direct identifiers included in the list above may not be included in the health
information that is being received by the research team. The use of a Limited Data Set
requires a Data Use Agreement to be in place.
Data Use Agreement templates for internal use (within UIS) and external use (sharing information
outside of UIS) are available from the Grants and Contracts website. The Grants and Contracts
Office, Pre-Award, must approve the Data Use Agreement. The Data Use Agreement is a legal
contract between the covered entity and the recipient.
3.
Patient Authorization
A patient authorization is a document, signed by the subject that gives the researcher permission to
use/disclose PHI collected during the research study for defined purposes. An Authorization Form
may be a separate document or be combined with the Informed Consent Document. Please
prepare an Authorization and submit it with your IRB application. Authorization templates are
available on the Grants and Contracts website.
Page 3 of 5
HIPAA Compliance Form
4. Waiver/Alteration (Check all that apply)
a. waiver for entire research project,
b. waiver for recruitment purposes only
A waiver/alteration is a request to forgo the authorization requirement based on the fact that the use
and/or disclosure of PHI involves minimal risk to the subject’s privacy and the research cannot be
practically done without this waiver/alteration and access to/use of PHI. Refer to Section C to see if
you may qualify for a waiver/alteration. Remember that if you are seeking a waiver/alteration of
Authorization, you should request the parallel waiver/alteration of informed consent in your research
protocol application submitted for initial review.
C. Waiver/Alteration of Authorization
Complete this section to request a waiver of authorization for the entire research protocol, for
recruitment purposes, or to request an alteration of authorization process such as no signed
documentation.
1. Describe the identifiable health information that will be accessed under this waiver.
2. Criteria for Waiver/Alteration of Authorization
a. Explain how the use and disclosure of the information presents no more than minimal risk
to the privacy of the individual.
b. Describe the plan to protect the identifiers from improper use and disclosure (i.e., where will
the identifiers will be stored and who will have access).
c.
Describe the plan to destroy the identifiers at the earliest opportunity consistent with the
conduct of the research. If there is a health or research justification for retaining identifiers
or if such retention is required by law, please provide this information as well.
d. Explain why the research could not be practicably conducted without the alteration or
waiver.
e. Explain why the research could not be conducted without access to and use of the PHI.
f.
The Privacy Rule requires that when a waiver is granted that only the minimum necessary
health information be used/disclosed. Therefore, provide justification that the PHI being
requested is the minimum necessary information reasonably necessary to accomplish
objectives of the proposed research.
Page 4 of 5
HIPAA Compliance Form
RESPONSIBLE PRINCIPAL INVESTIGATOR’S ASSURANCE
The information listed in the application is accurate and all research staff (investigators, key research personnel)
that are involved in the research will comply with the HIPAA regulations. Further, I assure that all research staff
will have completed the UIS HIPAA research training requirement prior to research participation.
I agree that any breach or suspected breach of confidentiality (data security) meeting the definition of an
unanticipated problem will be promptly reported to the IRB. I also agree that any breach or suspected breach
involving UIS PHI in the custody of the principal investigator, co-investigator(s), research staff, students, or
business associate will be immediately reported to the HIPAA Privacy Officer.
I assure that the information obtained as part of this research (including protected health information) will not be
reused or disclosed to any other person or entity other than those identified on this form, except as required by
law. If at any time I want to reuse this information for other purposes or disclose the information to other
individuals or entities I will seek approval by the UIS IRB.
Responsible Principal Investigator
Date
RESPONSIBLE RESEARCH SUPERVISOR’S ASSURANCE
By my signature as sponsor on this application, I certify that the student or guest investigator was knowledgeable
about the regulations and policies governing research with human subjects and had sufficient training and
experience to conduct this particular study in accordance with the approved protocol.
RRS1 (if RPI is a student or a fellow)
Date
The faculty sponsor must be a member of the UIS faculty. The faculty member is considered the responsible party for legal and
ethical performance of the project.
Page 5 of 5
Related documents
OHR-5 Thomas Jefferson University Institutional Review Board HIPAA De-Identification Certification Form
OHR-5 Thomas Jefferson University Institutional Review Board HIPAA De-Identification Certification Form
Waiver of Authorization Form
Waiver of Authorization Form
APPENDIX G University of South Alabama D
APPENDIX G University of South Alabama D
GASTROINTESTINAL AND LIVER CLINIC, PC
GASTROINTESTINAL AND LIVER CLINIC, PC
Sample HIPAA Compliant Consent Form
Sample HIPAA Compliant Consent Form
Application for Case Reports and Case Studies DREXEL UNIVERSITY
Application for Case Reports and Case Studies DREXEL UNIVERSITY
Download
advertisement