HIPAA and Research
Use and Disclosure of Patient Information for Research
The HIPAA Privacy Rule is a regulation that governs the way health information is collected, maintained, used, and disclosed. The HIPAA Privacy Rule requires covered entities to use and disclose Protected Health Information (PHI) according to specific requirements including:
- Written authorization from the study participant and subject of the PHI
- Special representations for reviews preparatory to research and use of decedent information
- Approved waiver of HIPAA authorization from an IRB or Privacy Board
- Data Use Agreements if the information is released as a limited data set
The Ohio State University Wexner Medical Center and Access to Patient Information for Research
Obtaining approval from the IRB is the first step to starting research involving PHI. Once appropriate IRB approval has been obtained the research team will need to provide the proof of IRB approval to the Department of Medical Information Management to access PHI from patient medical records for the purposes of research. Additional forms may need to be completed.
- Ohio State Medical Center: Guide to Information Access for Research Activities
- Request for Research Access to Health System Clinical Information
- Research Statement of Confidentiality
Access to electronic medical records for research is limited to employees of Ohio State Wexner Medical Center who can show proof of or have provided the appropriate representations to the Department of Medical Information Management. If you access electronic records for research, you may be asked to provide confirmation of IRB approval prior to or after access.
- Wexner Medical Center Research HIPAA
- Office of Responsible Research Practices: HIPAA and Human Subjects Research
- National Institutes of Health Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule
- Health Services Research and the HIPAA Privacy Rule
- Research Repositories, Databases, and the HIPAA Privacy Rule
- Clinical Research and the HIPAA Privacy Rule
- Institutional Review Boards and the HIPAA Privacy Rule
- Privacy Boards and the HIPAA Privacy Rule
- HIPAA Authorization for Research