Applicability

Projects that are preparatory to research are not regulated under the Common Rule.  However, if you or any member of the study team will be accessing any Protected Health Information (PHI) to assess the feasibility of a research project (for example, determining whether there are enough potential subjects in order to pursue the research project), the activities must comply with HIPAA Privacy Protections. 

In order to comply with HIPAA Privacy Protections, you will need to request a Waiver of HIPAA Authorization prior to accessing any PHI.  This means the project will need to be reviewed by the Privacy Board.

To submit a project for Privacy Board review, you will need to complete a Not-Regulated Application thru eResearch.  In addition to the other required sections, you will need to be sure to complete Sections 25-1 and 25-3 of the application.  Once completed and submitted, the application will be forwarded by IRBMED Staff to the Privacy Board for consideration.

Criteria for Waiver

The Privacy Board will evaluate the application to ensure that the use and/or disclosure of Protected Health Information (PHI) for the project involve no more than minimal risk of harm to the privacy of individuals.  In making this determination, the Privacy Board will consider the following:

• The use or disclosure of the PHI is solely to prepare to conduct research.
• None of the PHI will be removed from the covered entity.
• Access to the PHI is necessary for the research purpose.

Process Flowchart