Overview
The Administrative Simplification
provisions of the Health Insurance
Portability & Accountability
Act of 1996 (HIPAA) were established
to improve the efficiency and
effectiveness of the nation's
health care system. The intent
of the law is to assure health
insurance portability, reduce
healthcare fraud and abuse, guarantee
security and privacy of health
information, and enforce standards
for health information.
The HIPAA Privacy Rule, which
is now in effect, provides greater
protection of patient records
and greater patient rights over
their medical information. The
HIPAA Security rule had a compliance
deadline of April 21, 2005. It
mandates the safeguarding of
electronic protected health information
(PHI) through physical, technical,
organizational and procedural
safety measures.
See also the following information
published by VIReC:
Watts PL, Hynes DM, & Kopp
A. "Research
Implications of the Privacy Standards
Under the Health Insurance Portability
and Accountability Act of 1996
(HIPAA)." VIReC Insights 2003; 4 (2).
Web Site Sources of Information
There are many Web sites concerning
the HIPAA privacy and security
regulations. Listed here are
some links to information about
privacy and security that are
relevant to the VA researcher.
VIReC's focus is Web sites that
address the VHA interpretation
of the rule.
VA Sites
http://www1.va.gov/vhapublications/ViewPublication.asp?pub_ID=1423
Information on VHA Privacy Policies
is found in the VHA Handbook
1605.1. This is the primary statement
of policy on privacy and release
of information for VHA. Its provisions
take into account not only the
HIPAA Privacy Rule but also several
other laws and regulations under
which VHA is required to conduct
its business.
http://www.research.va.gov/programs/pride/training/default.cfm
This is the official guidance
from the VHA's Office of Research
and Development (ORD). While
certain provisions of the Rule
specifically concern research
and may affect research activities,
the Privacy Rule recognizes that
the research community has legitimate
needs to use, access, and disclose
protected health information
(PHI) to carry out a wide range
of health research protocols
and projects. The Privacy Rule
protects the privacy of such
information while providing ways
in which researchers can access
and use PHI when necessary to
conduct research.
Other Government Sites
http://privacyruleandresearch.nih.gov/
This link is to general guidance
on application of the Privacy
Rule for research, published
by the National Institutes of
Health. This document should
be considered "reference
only" as VHA policy may
be different. VA Researchers
must comply with the VHA policies.
http://www.cms.hhs.gov/default.asp?hipaa/
The Centers for Medicare & Medicaid
Services (CMS) is responsible
for implementing various unrelated
provisions of HIPAA, therefore
HIPAA may mean different things
to different people. Here's a
directory of CMS's business activities
with regard to HIPAA
http://privacyruleandresearch.nih.gov/research_repositories.asp
The Department of Health and
Human Services (DHHS) has issued
clarifications on how the federal
health care privacy rule affects
medical records used in databases
for research. The guidance is
posted on the NIH website. It
is NIH Publication Number 04-5489,
dated January 2004. It includes
DHHS's answers to frequently
asked questions. This document
should be considered "reference
only" as VHA policy may
be different. VA Researchers
must comply with the VHA policies.
http://www.hhs.gov/ocr/hipaa/finalreg.html
This page is hosted by the Department
of Health and Human Services
(HHS) Office for Civil Rights
(OCR), the office with primary
responsibility for the Privacy
Rule. Here you can view the complete
regulation relating to HIPAA
Privacy and Security standards.
http://www.hhs.gov/ocr/hipaa/guidelines/research.pdf
In addition, OCR has published
guidance on HIPAA Privacy for
researchers. However, any guidance
from agencies external to the
VHA should be viewed as reference
only, as VHA policy may differ
from other agencies' interpretations.
VHA policy will govern the conduct
of research in VHA.
|