Responsibilities

​HIPAA / PIPEDA

HIPAA (US)

According to the Health Insurance Portability and Accountability Act or HIPAA Privacy Rule (US) Authorizations to Use and/or Disclose Protected Health Information must be study specific. The US Board has provided sample template Authorization language that may be customized for a specific study by a Covered Entity.  Each site must make its own decision as to whether or not it is a Covered Entity. The site should consult is legal counsel and review the decision tree, "Am I a Covered Entity?" on the HIPAA website.  Even if a site is not technically a Covered Entity, the study protocol may require compliance with the HIPAA Privacy Rule.

Institutional Review Boards are not required to review HIPAA Authorizations that are separate from the informed consent (i.e. "stand-alone Authorizations"). See FDA's Guidance Document  IRB Review of Stand-Alone HIPAA Authorizations Under FDA Regulations and NIH's HIPAA Privacy Rule Information for Researchers. Upon request, Schulman will review HIPAA stand-alone authorizations.  Schulman is required to review all HIPAA Authorizations incorporated into the informed consent document (i.e., "compound Authorizations").  It is the Investigator's responsibility to comply with the HIPAA Authorizations language to ensure that it meets federal and state privacy laws requirements.  Since state privacy laws vary, Schulman encourage the use of stand-alone authorizations to help ensure compliance with state specific requirements.

PIPEDA (CAN)

In compliance with the Personal Information Protection and Electronic Documents Act or
PIPEDA (CAN) and Provincial Privacy Laws (CAN), Schulman will review privacy text regarding the collection, use and disclosure of identifiable health information that is incorporated into informed consents.