HIPAA and Research

Florida Atlantic University (FAU) is committed to conducting research in compliance with all applicable laws, regulations, and university policies. As part of its commitment, the University has adopted policies and procedures to comply with the Health Insurance Portability and Accountability Act {HIPAA}.

This includes a later update to HIPAA, the Health Information Technology for Economical and Clinical Health Act (HITECH).

HIPAA is a federal law that establishes national standards for protecting the privacy and security of health information and defines specific rights for individuals with respect to their health information. Individually identifiable health information that is created or received by a "covered entity" qualifies as protected health information (PHI) and is subject to the rules and regulations of HIPAA.

The HITECH Act, which took effect in 2013, includes a number of measures designed to broaden the scope and increase the rigor of HIPAA compliance. The Act specifically requires that patients be notified in the event of a breach of privacy or security, and establishes penalties for non-compliance.

ALL FAU faculty, staff and students should be aware of the importance of protecting patient information, and should be sensitive to the laws and regulations designed to safeguard PHI. For more information see policy 10.3.7 Disclosure and Use of Protected Health Information (PHI) in Research.

To assist you in understanding HIPAA and HITECH, please refer to the links below:

Guidance on HIPAA Research, Forms, and Assessment Tools

• Assessment Tool 1: Does HIPAA Apply To My Research?
• Assessment Tool 2: Am I using PHI?
• Assessment Tool 3: What HIPAA Forms Do I Use?

To access HIPAA forms log into IRBNET.

Training and Education

HIPAA training is available online via the Collaborative Inter-Institutional Training Initiative (CITI) site. CITI's Information Privacy and Security (IPS) materials cover the principles of data protection, focusing on the healthcare-related privacy and information security requirements of the Health Insurance Portability and Accountability Act (HIPAA).

To take HIPAA training:

• Go to citiprogram.org
• Create a new account and select IPS as one of your courses.
• If you have an existing account, log into your existing account and add the IPS to your Learner's Menu.
  Note: IPS Training for Investigators is required for all new, continuing, and amended IRB submissions that involve the use of Protected Health Information.

For information on HIPAA and Privacy at FAU click here.

Resources

• National Institutes of Health
• Office for Civil Rights
• State of Florida Privacy Laws
• American Medical Association (AMA)
• American Psychological Association
• National Association of Social Workers

For additional questions, please contact Research Integrity Office at researchintegrity@fau.edu.