Research projects that are expected to be regulated should be submitted through eResearch as a standard application. When a regulated project seeks a Waiver of Informed Consent or a Waiver of Documentation of Informed Consent, a Waiver of HIPAA Authorization must also be obtained.
Regulated applications requesting a Waiver of HIPAA Authorization are either reviewed by a full convened IRBMED Board or through expedited review procedures. Both processes take into consideration and evaluate for HIPAA compliance.
The IRBMED Board or Expedited Reviewer will evaluate the application to ensure that the use and/or disclosure of Protected Health Information (PHI) does not involve more than minimal harm to the privacy of individuals. In doing so, the following will be considered:
- An adequate plan is in place to protect patient identifiers and PHI from improper use and disclosure.
- An adequate plan to destroy the identifiers at the earliest opportunity consistent with the conduct of the research, unless there is an approved health or research justification for retaining the identifiers or such retention is otherwise required by law.
- Adequate written assurances that the PHI will not be reused or disclosed to any other person or entity, except as required by law, for authorized oversight of the research study, or for other research for which the use or disclosure would be permitted by HIPAA.
- The Waiver or Alteration of Authorization will not adversely affect the rights and welfare of the subjects.
- The research could not practicably be conducted without the Waiver or Alteration of Authorization.
- The research could not practicably be conducted without access to and use of the PHI.
- Whenever appropriate, the subjects (including their physicians, as applicable) are provided with additional pertinent information after participation.
Update Approved by IRBMED Chairs and Director: October 14, 2011
Website Updated: October 17, 2011