Does the Privacy Rule restrict access for research purposes to information held by the Medicaid or SCHIP programs?
Yes. Local and state Medicaid authorities are covered entities under HIPAA, as are the State Children’s Health Insurance Program (SCHIP) programs. These agencies or programs are covered under the Privacy Rule because they are listed in the Privacy Rule’s definition of a “health plan.” All SCHIP programs and state Medicaid agencies must consequently comply with the Privacy Rule; if they are hybrid entities, they must ensure that their designated health care components comply with the Privacy Rule. These government units will have some mechanism (a privacy officer, a Privacy Board, and/or an IRB) for controlling access to PHI for research purposes. A researcher will need to identify the responsible party and discuss with that office or official the ways in which access to PHI may be granted for research. Q: In conducting records research, will a researcher who is a covered entity still be required to comply with state laws relating to medical records privacy, such as state HIV/AIDS confi
Related Questions
- Does the HIPAA Privacy Rule permit the creation of a database for research purposes through an Institutional Review Board (IRB) or Privacy Board waiver of individual authorization?
- Does the HIPAA Privacy Rule permit the creation of a database for research purposes through an Institutional Review Board (IRB) waiver of individual authorization?
- Does the Privacy Rule restrict access for research purposes to information held by the Medicaid or SCHIP programs?
