HIPAA Privacy Rule
In compliance with the
HIPAA Privacy Rule, Schulman will review Authorizations to Use or
Disclose Protected Health Information that are incorporated into informed
consent documents. The Board will review, upon request, stand-alone
Authorizations.
The Board has approved standard 
Authorization
language for research involving the use and/or disclosure of Protected
Health Information by a "Covered Entity" according to the HIPAA Privacy Rule.
Each site must make its own decision as to whether or not it is a Covered
Entity. The site should consult its legal counsel and review the decision tree,
"Am I a Covered Entity?" on the
HIPAA web site. Even if a site is not technically a "Covered Entity,"
the study protocol may require compliance with the HIPAA Privacy Rule.
According to the HIPAA Privacy Rule, Authorization language must be study
specific. The Board recommends that the Authorization language be attached to
and incorporated into the informed consent document.