Home :: Human Subjects :: Contact Us :: Office Location :: News & Events

 

HIPAA

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act. The Federal Department of Health and Human Services issued HIPAA regulations to protect the confidentiality of personal health care information effective April 14, 2003. Protected health information is defined as individually identifiable health information maintained or transmitted by a covered entity in any form or medium and includes:

  1. demographic information collected from an individual;
  2. medical history;
  3. information relating to the past, present or future physical or mental health or condition of an individual that is identifiable;
  4. the provision of health care to an individual or the payment for the provision of health care;
  5. physical examinations, blood tests, x-rays;
  6. and other diagnostic and medical procedures.

Privacy standards within HIPAA limit the use and disclosure of health information; restrict most disclosures of health information to the minimum intended purpose; establish new requirements for access to records by researchers; and protect the confidentiality and integrity of health information. At the University of New Mexico, the Board of Regents has determined that health care components that must comply with HIPAA regulations include four entities under the jurisdiction of the Main Campus Institutional Review Board: Center for Family & Adolescent Research, Center for Exercise, Psychology Clinic, Speech and Hearing Sciences. Effective April 14, 2003, all research protocols submitted by these components to the Main Campus IRB, and which include the gathering of health or mental health information from research participants, must develop and submit a HIPAA Authorization form that contains the core elements in the HIPAA Privacy Rule:

  1. a description of the information to be used or disclosed;
  2. the identification of the persons or class of persons authorized to make the use or disclosure of the protected health information;
  3. the identification of the persons of class of persons to whom the covered entity is authorized to make the use or disclosure;
  4. a description of each purpose of the use or disclosure;
  5. an expiration date or event;
  6. the individual's signature and date; and
  7. if signed by a personal representative, a description of his or her authority to act for the individual.

Authorizations to use and disclose individual health information for research purposes must be written in plain language so that the individual is able to make an informed decision about whether to grant the authorization. A copy of the signed authorization must be provided to the individual. The core elements for a valid authorization as well as other statements required in a valid HIPAA Authorization are contained in a template developed for use by Main Campus investigators. This HIPAA Authorization form must accompany the other protocol materials at the time of submission to the Main Campus IRB. The HIPAA authorization will be reviewed administratively by the IRB staff and IRB Chair to assist investigators and to ensure compliance. Click "HIPAA Authorization" below to view the template form. The form may be downloaded and printed.

HIPAA Authorization