How is the HIPAA Privacy Rule related to the HIPAA Security Rule?
Each is a separate regulation under the HIPAA statute. The Privacy Rule applies to all health information obtained or created by a covered entity, regardless of medium. The Security Rule applies to protected health information created or stored in an electronic form. The Security Rule establishes standards for how covered entities store, transmit, and safeguard “ePHI.” A researcher who fails to protect the security of PHI, by failing to follow JHM information security policies (e.g., password protection, encryption) may be violating both the Privacy Rule and the Security Rule. For more information about Security Rule requirements, contact the JH Information Security services. [back to top] II. Recruitment Question 1: At what point in recruitment may we gather information about a potential participant (i.e., a potential participant calls our office after seeing a flier, may we screen that person/ ask them about their history, or do we need him or her to complete a written privacy Author
