HIPAA Privacy Rule and Research

Similar documents
MiFID II Best execution and client order handling

Firms will be required to appoint a single officer with specific responsibility for client assets

MiFID II 18 January MiFID II

MiFID II 31 December MiFID II. Third country access

MiFID II 31 December MiFID II

MiFID II 31 December MiFID II

MiFID II 31 December MiFID II

The Act Amending the Right of Inquiry

MiFID II. Inducements. Key Points

Every cent counts: China slashes certain IP application fees. April 2017

Third Party Rights / Licence. Binding Framework. Negotiating Framework

MiFID II Information to clients on costs and charges

Contents. Introduction 4. Directors conflicts duties 4. What is a conflict? 5. Who can authorise? 6. Authorising conflicts 7

MiFID II 31 December MiFID II

Shareholders' Rights in a Russian Joint-Stock Company

MiFID II 31 December MiFID II

Arbitrability of IP Disputes in Russia

Derivatives: trade execution

MiFID II 31 December MiFID II. Derivatives: trade execution

Physician Payment Transparency Provisions of the Affordable Care Act Sunshine 101

MiFID II 31 December MiFID II. Information to clients on costs and charges

Responding to Commercial Bribery Investigations What to Do When the Chinese Administration for Industry and Commerce (AIC) Arrives At Your Door

New listing regime proposals for emerging and innovative companies

Roundtable on Anti-Bribery and Anti- Corruption Compliance in Latin America Latin American Anti-Corruption Laws

The PSC register. The requirement for a register of persons with significant control over UK entities

Hogan Lovells (Luxembourg) LLP. What do you know about us?

Grey areas in the spotlight Update on Investment Regulations Non-public companies

SEC adopts requirement for disclosure of hedging policies for employees, officers, and directors

Payment Services Academy

A New Frontier Amendments to the Listing Rules, Prospectus Rules and Disclosure and Transparency Rules

MiFID II March MiFID II

MiFID II 31 December MiFID II. Commodity derivatives

Directors duties under the Companies Act An introduction

Observations on US LNG Export Prospects in Latin America Eduardo Carvajal, Hogan Lovells US-Americas LNG Forum I, Rio de Janeiro, Brazil May 23, 2018

ABA Mutual Institutions Council Capital Issues for Mutuals

HKMA reboots virtual banking. February 2018

Strategic and Operational Challenges Resulting from the New PPACA

NEW CHANNEL OPENED FOR FLOWING-BACK OF OVERSEAS RENMINBI ("RMB")

Directors and Officers Liabilities in Russia

Summary of principles from recent NEC cases

Listing in London An introductory guide

The Eurozone Crisis: Corporate briefing. May 2012

The Eurozone Crisis: Checklist of issues for finance documentation. May 2012

A survival guide for private equity

MiFID II Market data reporting

MEMORANDUM FOR THE NATONAL STRUCTURED SETTLEMENTS TRADE ASSOCIATION

Arbitration in Vietnam

The April 2015 tax changes

For the record: China's foreign investment regime enters a new phase

Which Market? Equity Capital Markets

Hong Kong Institute of Surveyors "EOT and Liquidated Damages"

2017 Singapore Insolvency and Restructuring Reforms

Taking security in Vietnam

Financing Africa s future. Who is taking the lead in lending?

MiFID II 31 December MiFID II. Market infrastructure, trading venues and central counterparties

Italy inbound: look no further. Foreign direct investments in Italy

China's new foreign exchange controls create fresh concerns. September 2017

Insurance aggregation issues. Dave Newmann and Stuart Hill (Hogan Lovells International LLP) 18 th July Insurance aggregation issues

Direct Lending in Italy

Case BLS Doc 548 Filed 10/30/18 Page 1 of 9 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE

Competition law in Singapore JANUARY. Contents Introduction 1. The Competition Act 1. Section 34 anti-competitive agreements and practices 1

EVMS Medical Group A. RESEARCH USE AND OR DISCLOSURE WITHOUT AUTHORIZATION:

Merger Control Rules in the EEA

Unitranche On the up, down under 2017

Human Research Protection Program (HRPP) HIPAA and Research at Brown

DC flexibility: providing DC access through external providers.

Back to the future but no idea when

Drafting international contracts for a global marketplace

Cross-Border Provisions of Tax Cuts and Jobs Act: Implications and Planning Considerations

Remuneration voting 2015 AGM season. CA Brochure_Remuneration Voting (Dinesh Rajan).indd 1

Contracts With Doctors:

UNIVERSITY OF TENNESSEE HEALTH SCIENCE CENTER INSTITUTIONAL REVIEW BOARD USE OF PROTECTED HEALTH INFORMATION WITHOUT SUBJECT AUTHORIZATION

Title: HP-53 Use and Disclosure of Protected Health Information for Purposes of Research. Department: Research

New Circular to Relax the Filing Process

Wells Fargo Bank, N.A. as Trustee v. Chukchansi Economic Development Authority, et al., Index No /2013

An Introduction to MiFID II

Case BLS Doc 690 Filed 01/23/19 Page 1 of 9 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE.

SAFE Issues Revamped Rules on Round-Tripping Investments by PRC Residents: But Will SAFE Circular 37 Make any Difference?

HIPAA Insurance Portability Act HIPAA. HIPAA Privacy Rule - Education Module for Institutional Review Boards

International Swaps and Derivatives Association, Inc.

7 ATLzr UNIVERSITY OF CALIFORNIA. January 30, 2014

Our International Disputes experience in Africa

FSMA Consults on New Rules on the Marketing of Financial Products in Belgium and on Product Bans 1

Saudi Arabia opens Stock Market to Foreign Investors. May 2015

Hogan Lovells. Global Insurance Practice

Busting the myth: compliance with the gold standard of the GDPR does not buy you a free pass under China's new personal information guidelines

Latham & Watkins Corporate Department

Case BLS Doc 474 Filed 09/25/18 Page 1 of 10 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE

Will Rising Interest Rates Pummel Your Portfolio?

Risks and opportunities for the decommissioning of nuclear power plants in Germany

Mining Industry Newsletter

HIPAA: What Researchers Need to Know

HIPAA s New Rules: Expanding Scope, Clarifying Uncertainties, and Reinforcing Fundamentals

CypressEnergyPartners,L.P.

UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1

COLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICY ON THE PRIVACY RULE AND THE USE OF HEALTH INFORMATION IN RESEARCH

The Cost of Capital Navigator. The New Online Resource for Estimating Cost of Capital

Saudi Arabia opens Stock Market to Foreign Investors. May 2015

Pensions Group. Employment & Benefits.

MIFID2 ASIAN FINANCIAL INSTITUTIONS BEST EXECUTION SEPTEMBER 2017

Transcription:

HIPAA Privacy Rule and Research Melissa Bianchi Partner February 24, 2014 Healthcare/Privacy

Research Pre-January 2013 Under HIPAA, may use PHI for research with: an individual s written authorization Must be study-specific No compound authorizations May not authorize future unspecified research a waiver of authorization by an Institutional Review Board ( IRB ) or privacy board, a data use agreement regarding a limited data set, de-identified information a certification for data reviews preparatory to research, or special provisions for research using decedent s information. www.hoganlovells.com 2

Major changes in the HITECH final rule Study-specific limitation/future unspecified research Compound authorizations www.hoganlovells.com 3

Research: Study-Specific Limitation HHS prior position = research authorizations may not authorize future unspecified research The Privacy Rule requires authorizations to describe the purpose of the requested use and disclosure. Historically, HHS has interpreted this as requiring study-specific descriptions of the purpose, and prohibiting authorization for use or disclosure of PHI for future, unspecified research. www.hoganlovells.com 4

New approach to describing future research HITECH Final Rule modifies HHS s prior position: As of March 26, 2013, a HIPAA authorization may permit future research if the authorization adequately describes the future research such that it would be reasonable for the individual to expect that his/her PHI could be used or disclosed for that purpose. Certain ongoing studies grandfathered www.hoganlovells.com 5

Research: Compound Authorization The Privacy Rule prohibits compound authorization for use/disclosure of PHI that authorizes (i) research activities for which treatment is conditioned on signing the authorization ( conditioned ) and (ii) research activities for which treatment is not conditioned on signing the authorization ( unconditioned ). Under old interpretation, a clinical trial associated with corollary research activities (e.g. biospecimen banking), required separate authorizations for the clinical trial participation (conditioned authorization) and participation in the corollary activity (unconditioned authorization). www.hoganlovells.com 6

New approach to compound authorizations The Final Rule permits such compound authorizations for research purposes provided: (1) the authorization clearly differentiates between the conditioned and unconditioned research components; (2) the authorization provides a clear opportunity for individuals to optin to the unconditioned component; and (3) the research does not involve psychotherapy notes www.hoganlovells.com 7

What does this mean for research? Significant change in interpretation provides greater flexibility to conduct research Removes some of the road blocks for research Important for researchers, study sponsors C-Change advocated for these changes to the authorization process www.hoganlovells.com 8

What are covered entities doing now? Revising template HIPAA research authorizations to permit future research Considering compound authorizations for protocols involving multiple research activities (e.g., investigational treatment and tissue banking of specimens) Amending policies and procedures for implementing requests to revoke authorization Reviewing ongoing studies that involve the possibility of future research to determine eligibility for grandfather status www.hoganlovells.com 9

Looking at de-identification There are two methods of de-identifying PHI in accordance with the HIPAA Privacy Rule 1. Statistician Certification A statistician must determine that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is a subject of the information. The statistician must document the methods and results of the analysis that justify the determination. A similar determination by a non-statistician would not satisfy the HIPAA standard. See 45 C.F.R. 164.514(b)(1) www.hoganlovells.com 10

HIPAA De-Identification Requirements 2. Safe Harbor: (a) The following 18 identifiers of the individual or of relatives, employers, or household members of the individual must be removed: 1. Name 7. Social security number 13. URLs 2. Geographic subdivisions smaller than a state 3. All elements of dates (except year) for dates directly related to an individual (e.g., DOB, admission date) 8. Health plan beneficiary number 14. Device identifiers/serial number 9. Medical record number 15. Biometric identifiers including finger and voice prints 4. Telephone number 10. Account numbers 16. Full face photo and comparable image 5. Fax number 11. Certificate/license numbers 17. IP address numbers 6. E-mail 12. Vehicle identifiers/serial numbers 18. Unique identifying number, characteristic or code (b) and the covered entity must not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information. www.hoganlovells.com 11

HIPAA De-Identification Requirements Once PHI is de-identified in accordance with the HIPAA Privacy Rule, it: Is no longer PHI Is not subject to HIPAA May be used for any purpose (subject to other applicable law) www.hoganlovells.com 12

Sale of PHI Sale of PHI: disclosure of PHI by a covered entity (CE) or business associate (BA), where the CE or BA directly or indirectly receives remuneration from or on behalf of the recipient of the PHI in exchange for the PHI Several exceptions, including disclosures for: Research (allows a reasonable cost-based fee to cover the cost to prepare and transmit data) Public Health (costs not limited to cost-based fee) Grants, contracts, other similar arrangements Example: Grant funding from government that requires CE to report PHI for program oversight Sale of PHI www.hoganlovells.com 13

www.hoganlovells.com Hogan Lovells has offices in: Alicante Amsterdam Baltimore Beijing Berlin Brussels Budapest* Caracas Colorado Springs Denver Dubai Dusseldorf Frankfurt Hamburg Hanoi Ho Chi Minh City Hong Kong Houston Jakarta* Jeddah* London Los Angeles Madrid Miami Milan Moscow Munich New York Northern Virginia Paris Philadelphia Prague Rio de Janeiro Riyadh* Rome San Francisco Shanghai Silicon Valley Singapore Tokyo Ulaanbaatar Warsaw Washington DC Zagreb* "Hogan Lovells" or the "firm" is an international legal practice that includes Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses. The word "partner" is used to describe a partner or member of Hogan Lovells International LLP, Hogan Lovells US LLP or any of their affiliated entities or any employee or consultant with equivalent standing. Certain individuals, who are designated as partners, but who are not members of Hogan Lovells International LLP, do not hold qualifications equivalent to members. For more information about Hogan Lovells, the partners and their qualifications, see www.hoganlovells.com. Where case studies are included, results achieved do not guarantee similar outcomes for other clients. Attorney Advertising. Hogan Lovells 2013. All rights reserved. *Associated offices

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback