Applicability

Research involving decedents is not regulated under the Common Rule (45 CFR part 46).  However, if you or any member of the study team will be accessing any Protected Health Information (PHI) of the decedent(s), the project must comply with HIPAA Privacy Protections. 

In order to comply with HIPAA Privacy Protections, you will need to request a Waiver of HIPAA Authorization prior to accessing any PHI.  This means the project will need to be reviewed by the Privacy Board.

To submit a project for Privacy Board review, you will need to complete a Not-Regulated Application thru eResearch.  In addition to the other required sections, you will need to be sure to complete Sections 25-1 and 25-6 of the application.  Once completed and submitted, the application will be forwarded by IRBMED Staff to the Privacy Board for consideration.

Criteria for Waiver

The Privacy Board will evaluate the application to ensure that the use and/or disclosure of Protected Health Information (PHI) for the project involve no more than minimal risk of harm to the privacy of individuals.  In making this determination, the Privacy Board will consider the following:

• The use or disclosure being sought is solely for research on the PHI of decedents.
• The PHI being sought is necessary for the research.
• At the request of the covered entity, the researcher will be able to provide documentation of the death of the individuals about whom information is being sought.

Process Flowchart