National Academies Press: OpenBook

Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary (2010)

Chapter: Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule

« Previous: Appendix C: Workshop Attendee List
Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×

Appendix D
The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule

RECOMMENDATIONS SUMMARY

The committee’s foremost recommendation is the following:

  1. Congress should authorize HHS and other relevant federal agencies to develop a new approach to protecting privacy that would apply uniformly to all health research. When this new approach is implemented, HHS should exempt health research from the HIPAA Privacy Rule.

    • Apply privacy, security, transparency, and accountability obligations to all health records used in research.

If national policy makers choose to continue to rely on the HIPAA Privacy Rule rather than adopt a new federal approach (Recommendation I), the committee recommends the following:

  1. HHS should revise the HIPAA Privacy Rule and associated guidance.

  1. HHS should reduce variability in interpretations of the HIPAA Privacy Rule in health research by covered entities, IRBs, and Privacy Boards through revised and expanded guidance and harmonization.

    1. HHS should develop a dynamic, ongoing process to increase empirical knowledge about current “best practices” for privacy protection in responsible research using protected health information (PHI), and promote the use of those best practices.

Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×
  1. HHS should encourage greater use of partially deidentified data called “limited datasets” and develop clear guidance on how to set up and comply with the associated data use agreements more efficiently and effectively, in order to enhance privacy in research by expanding use and usability of data with direct identifiers removed.

  2. HHS should clarify the distinctions between “research” and “practice” to ensure appropriate IRB and Privacy Board oversight of PHI disclosures for these activities.

  3. HHS guidance documents should simplify the HIPAA Privacy Rule’s provisions regarding the use of PHI in activities preparatory to research and harmonize those provisions with the Common Rule, in order to facilitate appropriate IRB and Privacy Board oversight of identification and recruitment of potential research participants.

  1. HHS should develop guidance materials to facilitate more effective use of existing data and materials for health research and public health purposes.

    1. HHS should develop guidance that clearly states that individuals can authorize use of PHI stored in databases or associated with biospecimen banks for specified future research under the HIPAA Privacy Rule with IRB/Privacy Board oversight, as is allowed under the Common Rule, in order to facilitate use of repositories for health research.

    2. HHS should develop clear guidance for use of a single form that permits individuals to authorize use and disclosure of health information in a clinical trial and to authorize the storage of their bio-specimens collected in conjunction with the clinical trial, in order to simplify authorization for interrelated research activities.

    3. HHS should clarify the circumstances under which DNA samples or sequences are considered PHI, in order to facilitate appropriate use of DNA in health research.

    4. HHS should develop a mechanism for linking data from multiple sources so that more useful datasets can be made available for research in a manner that protects privacy, confidentiality, and security.

  1. HHS should revise provisions of the HIPAA Privacy Rule that entail heavy burdens for covered entities and impede research without providing substantive improvements in patient privacy.

Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×
  1. HHS should reform the requirements for the accounting of disclosures of PHI for research.

  2. HHS should simplify the criteria that IRBs and Privacy Boards use in making determinations for when they can waive the requirements to obtain authorization from each patient whose PHI will be used for a research study, in order to facilitate appropriate authorization requirements for responsible research.

Regardless of whether Recommendation I or II is implemented, the following recommendation, which are independent of the Privacy Rule, should be adopted:

  1. Implement changes necessary for both policy options above (Recommendations I and II).

  1. All institutions (both covered entities and non-covered entities) in the health research community should take strong measures to safeguard the security of health data.

    • HHS should also support the development and use of new security technologies and self-evaluation standards.

  1. To encourage service on Institutional Review Boards, HHS—or, as necessary, Congress—should provide reasonable protection against civil suits for members of Institutional Review Boards and Privacy Boards who serve in good faith.

    • But no protection for willful or wanton misconduct.

  1. HHS and researchers should take steps to provide the public with more information about health research by:

    1. Disseminating research results to study participants and the public.

    2. Educating the public about how research is done and what value it provides.

Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×

This page intentionally left blank.

Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×
Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×
Page 311
Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×
Page 312
Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×
Page 313
Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×
Page 314
Suggested Citation:"Appendix D: The IOM Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule." Institute of Medicine. 2010. Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary. Washington, DC: The National Academies Press. doi: 10.17226/12212.
×
Page 315
Next: Other Publications in the Learning Healthcare System Series »
Clinical Data as the Basic Staple of Health Learning: Creating and Protecting a Public Good: Workshop Summary Get This Book
×
Buy Paperback | $90.00 Buy Ebook | $69.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Successful development of clinical data as an engine for knowledge generation has the potential to transform health and health care in America. As part of its Learning Health System Series, the Roundtable on Value & Science-Driven Health Care hosted a workshop to discuss expanding the access to and use of clinical data as a foundation for care improvement.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!