What are the requirements for authorization when reseachers wish to access patient information?
The HIPAA regulations use the term “authorization” to describe the process through which a patient allows researchers to access protected health information (PHI). The information must include: • a description of the information to be used for research purposes; • who may use or disclose the information; • who may receive the information; • purpose of the use or disclosure; • expiration date or event (if the information will be kept indefinitely, the authorization states that there is no expiration date); • individual’s signature and date; • right to revoke authorization; • right to refuse to sign authorization (if this happens, the individual may be excluded from the research and any treatment associated with the research); • if relevant, that the research subject’s access rights are to be suspended while the clinical trial is in progress, and that the right to access PHI will be reinstated at the conclusion of the clinical trial. Blanket authorizations for research to be conducted in
