1 / 13

2012 VA IRB Administrators Meeting

2012 VA IRB Administrators Meeting. Stephania H. Griffin, JD, RHIA, CIPP/G VHA Privacy Officer Director, Information Access and Privacy . Privacy Officer Role and Reviews. Baltimore, MD August 14 – 15 , 2012. Overview of Discussion. Role of Facility Privacy Officer

kimball
Download Presentation

2012 VA IRB Administrators Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2012 VA IRB Administrators Meeting Stephania H. Griffin, JD, RHIA, CIPP/G VHA Privacy Officer Director, Information Access and Privacy Privacy Officer Role and Reviews Baltimore, MD August 14 – 15, 2012

  2. Overview of Discussion • Role of Facility Privacy Officer • Non-voting Member of IRB or R&D Committee • Final Privacy Review For Research • Common Privacy Issues • Important Points • Resources • 1

  3. Role of Facility Privacy Officer • VHA Handbook 1200.05, Requirements for the Protection of Human Subjects in Research, Paragraph 38, Privacy Officer and Information Security Officer (ISO) Responsibilities • Non-voting Member of IRB or to R&D Committee • Participate in IRB or R&D Committee meetings in order to raise privacy issues directly • Provide summary reports prior to, or at, the convened IRB meeting at which the study is to reviewed or, in the case of expedited review, prior to, the IRB approval determination of the IRB Chair, or designee. • Providing their final reports to the IRB staff timely. • 2

  4. Final Privacy Review of Research • Required after IRB approval of research study and/or approval of waiver of HIPAA-compliant authorization • Ensure legal authority exists prior to the use of Protected Health Information (PHI) for Research – must review: • HIPAA Authorization; and/or • IRB approval of waiver of HIPAA Authorization; and • Agreements, in rare instances where contractors will have access to PHI. • 3

  5. Final Privacy Review of Research • Ensure legal authority exists prior to the disclosure of PHI to outside entities (e.g., outside study sponsor) for Research – must review: • HIPAA Authorization; or • IRB approval of waiver of HIPAA Authorization • Ensure process exists for the maintenance of an accounting of all disclosures resulting from the Research. • Review and approve HIPAA Authorization • Meets all content requirements prescribed by HIPAA Privacy Rule • Consistency with Informed Consent • 4

  6. Common Privacy Issues • Inconsistency between Informed Consent and HIPAA Authorization • De-identified Information NOT actually de-identified (e.g., dates included with data) • When a Data Use Agreement is Required • Consent Requirements for Pictures & Audio-Recordings • Email Communication with Subjects • Retention and Storage of Research Data • Accounting of Disclosures • 5

  7. Accounting of Disclosures • Accounting required even if HIPAA Authorization obtained due to Privacy Act requirements • Standard Accounting – Retrospectively or Concurrently Created • For each disclosure • The name of the Veteran or subject • The date the disclosure was made • The name and, if known, address of the person or entity receiving PHI • A brief description of the PHI disclosed • A brief statement of the reason for the disclosure • 6

  8. Accounting of Disclosures (cont’d) • “Retrospectively Created” means that the accounting does not have to be created at the time the disclosure is made, as long as, it can be created later upon request. • All of the required information must be maintained somewhere within the research records. • The accounting of disclosures must be maintained for 6 years or the life of the record. • Currently, life of research records is indefinite. • So you must either maintain (concurrent) or be able to create (retrospective) the accounting even after the research study has ended. • 7

  9. Important Points • Privacy Officers DO NOT approve research. • Privacy Officers ensure privacy requirements are met prior to the use of VHA data for research. • The collection, extraction, and/or use of VHA data for research CANNOT start until all privacy requirements are met, as determined by the Privacy Officer. However, other research-related activities could be initiated, e.g., development of materials. • 8

  10. Important Points • The IRB and R&D Committee CANNOT override privacy requirements. Any debate between a Privacy Officer and the IRB should be elevated. You can contact the VHA Privacy Office for assistance. • A contract for survey services, mailings for recruitment, etc. as part of a research study requires an appropriate Agreement. • Do not forget about the accounting of disclosure requirement. • 9

  11. Resources • Privacy Fact Sheets • June 2006, Vol. 06, No. 3 - Privacy Requirements for Use of VHA Data by VHA Researchers • June 2006, Vol. 06, No. 4 - Privacy Requirements for Disclosure for Research to Non-VA Researchers • Available at http://vaww.vhaco.va.gov/privacy/FactSheets.htm • 10

  12. Resources • Procedure and Checklist for Privacy Review of Research Documentation (aka Research Checklist) • Available at http://vaww.vhaco.va.gov/privacy/research.htm. • 11

  13. Contact Information • Stephania H. Griffin, VHA Privacy Officer, Director, Information Access and Privacy Office • Phone: 704-245-2492 • Email: stephania.griffin@va.gov • 12

More Related