16 sept Data Use Agreement And Hhs Security And Privacy Initial Inquiry
The procedures for identifying and recruiting potential research participants should also be simplified and harmonised with the common rule. The provisions relating to these activities that prepare the research are complex, confusing and in fact offer less privacy protection than the common rule. The Committee considers that IRBs and Privacy Boards can protect research participants, including their data protection and privacy interests, and therefore recommends that the IRB/Privacy Board`s agreement (as required by the common rule) be necessary for all researchers (internal and external to the covered entity) before contacting potential subjects. In deciding whether research projects should be approved, the IRB or the Privacy Board should review and take into account the auditor`s plans for patient contact and also ensure that the information is only used for research projects approved by the IRB or the Privacy Board, and not to third parties. Like the relationship between the data protection rule and other federal laws, the relationship between the data protection rule and national data protection legislation is complex. In general, the data protection rule anticipates the laws of the state regarding the protection of health information. Generally speaking, this means that when it is impossible for a covered company to comply with both the data protection rule and the national law in question, the data protection rule is applied in the situation and the state law is considered invalid.80 HHS has issued several guidelines on this subject, but these statements, some of which were contradictory, did not eliminate the confusion (verified by SACHRP, 2004). In accordance with the current SHH data protection guidelines, researchers (both internal and external to a covered unit) may conduct a review of medical records under the research preparation exception. However, only internal researchers (a staff member or a staff member of the company concerned) can contact potential subjects about the possibility of participating in a study in accordance with this provision of the data protection rule. The SHH Data Protection Guidelines state that, under the exception for research preparation, external researchers are not allowed to record or remove patient contact information from a covered unit. External researchers must obtain a waiver of the authorization authorized by the IRB/Privacy Board to carry out recruitment activities. This creates an artificial distinction between internal and external researchers, which in fact offers less privacy protection than the common rule, which requires that all activities that prepare for research on human subjects or that are related to the initial recruitment of subjects for research studies be monitored and approved by an IRB (HHS, 2003). Thus, the data protection rule allows conduct prohibited by the Common Rule (Rothstein, 2005).
Regardless of how genetic information is regulated under the HIPAA data protection rule, a federal ban on genetic discrimination is needed to address data protection concerns and reduce the possible negative consequences of accidental disclosure of genetic information. Many people are concerned about genetic discrimination – the misuse of genetic information by insurance companies, employers and others to make decisions based on a person`s DNA – so it is important to protect both the privacy of genetic information and protect people from such discrimination. I hope that the recently signed Genetic Information Nondiscrimination Act (GINA) will begin to address some of these concerns.