The website will soon adopt a new look and feel. Click here to preview this page.

Privacy Rule under HIPAA

Other Regulations related to Privacy, Confidentiality, and Consent:

In addition to 45 CFR 46 and FDA regulations (21 CFR 50), other federal regulations may apply to research involving human participants. 

Privacy Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA):

The Privacy Rule, a Federal regulation under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, regulates the way covered entities handle individually identifiable health information known as protected health information (PHI).  The Privacy Rule itself applies only to covered entities, not to research itself; however, the Privacy Rule may affect researchers because it establishes the conditions under which covered entities can use or disclose PHI for research. 

Missouri State is a hybrid entity, which means that some units are covered under HIPAA, while other units are not.  The Privacy Rule does not directly regulate researchers who are engaged in research within units that are not part of the covered entities, even though they may gather, generate, access, and share personal health information. The Privacy Rule is in 45 CFR Part 160 and Subparts A and E of Part 164. 

PIs planning to engage in physical or medical health related research that is covered under the Privacy Rule are advised to begin consultation with the covered entity early in the research design process.