HIPAA - The Privacy Rule | Office of Research and Technology Management

HIPAA - The Privacy Rule

Research subject to the Health Insurance Portability and Accountability Act (HIPAA) must comply with 黑料吃瓜网鈥檚 policies and procedures for HIPAA.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) went into effect on April 14, 2003, to:

Promote the portability of insurance coverage as employees moved from job to job;
Increase accountability and decrease fraud and abuse in healthcare; and
Improve the efficiency of the healthcare payment process, while protecting a patient's privacy.

HIPAA applies to "Covered Entities," defined by the Privacy Rule as:

A healthcare provider that conducts certain transactions in electronic form,
A healthcare clearinghouse,
A health plan, or
A business associate (person or organization) performing a function on behalf of the Covered Entity for which access to protected health information is needed.

Because 黑料吃瓜网 has at least one department that provides healthcare services and electronically transmits health information, it is considered a Covered Entity.

黑料吃瓜网 As A "Hybrid Entity"

Since the primary function of 黑料吃瓜网 is not to provide healthcare, 黑料吃瓜网 is permitted to designate itself as a "hybrid entity," which allows it to apply the Privacy Rule only to those parts of 黑料吃瓜网 that, if standing alone, would be a Covered Entity. As a hybrid entity, 黑料吃瓜网 must designate its "healthcare components," which includes departments that provide support for healthcare components.

Healthcare components at 黑料吃瓜网 are:

黑料吃瓜网 School of Dental Medicine
黑料吃瓜网 School of Dental Medicine Faculty Practice
黑料吃瓜网 Student Self-Insured Health Plan and Optional Dependent Medical Plan
黑料吃瓜网 Employee Health Plan
黑料吃瓜网 Postdoctoral Benefits Program
Prion Disease Pathology Surveillance Center
黑料吃瓜网 Frances Payne Bolton (FPB) School of Nursing Clinical Practice

黑料吃瓜网 Policies and Procedures for HIPAA

Learn more about HIPAA at 黑料吃瓜网.

HIPAA and Research

A researcher who obtains Protected Health Information (PHI) from a Covered Entity (whether at 黑料吃瓜网, University Hospitals of Cleveland, the MetroHealth System, the Louis Stokes Cleveland Veterans Affairs Medical Center, Cleveland Clinic or from some other Covered Entity) or creates new PHI through the Covered Entity will need to comply with the Privacy Rule. 黑料吃瓜网 and its affiliated hospitals empower their Institutional Review Boards (IRBs) to act as Privacy Boards on behalf of each Covered Entity. For example, the MetroHealth IRB also acts as MetroHealth's Privacy Board for research purposes.

For more information on how to meet each institution's HIPAA requirements, please click on the link for the appropriate IRB below:

黑料吃瓜网 IRB

Other Resources on HIPAA

Definition of PHI and the 18 identifiers considered to be PHI under HIPAA

黑料吃瓜网 HIPAA Contacts

Kimberly Volarcik , RN

Executive Director, Human Subjects Research Protection Program

Research Compliance Officer

Adjunct Instructor

Department of Bioethics

School of Medicine

Email: kimberly.volarcik@case.edu

Phone: 216.368.0134

黑料吃瓜网