Research Privacy Under HIPAA and the Common Rule
7 Pages Posted: 6 Dec 2009
Date Written: 2005
For nearly twenty-five years, federal regulation of privacy issues in research involving human subjects was the primary province of the federal rule for Protection of Human Subjects (Common Rule).' As of April 14, 2003, the compliance date for the Privacy Rule ofthe Health Insurance Portability and Accountability Act (HIPAA),^ however, the Common Rule and the Privacy Rule^ jointly regulate research privacy. Although, in theory, the Privacy Rule is intended to omplement the Common Rule, there are several areas in which the rules diverge. In some instances the inconsistencies result in gaps in privacy protection; in other instances the inconsistencies result in added burdens on researchers without additional privacy protections.In all instances, the lack of harmonization of these rules has created confusion, frustration, and misunderstanding by researchers, research subjects, and institutional review boards (IRBs). In this article, I review the major provisions ofthe Privacy Rule for research, explain the areas in which the Privacy Rule and Common Rule differ, and conclude that the two rules should be revised to promote onsistency and maximize privacy protections while minimizing the burdens on research.
Keywords: research, privacy, HIPAA Privacy Rule, Common rule, IRBs, deidentification, consent
JEL Classification: K31, K32
Suggested Citation: Suggested Citation