What information is required in a HIPAA Research Authorization?
A valid Authorization must include all of the following: • Description of the information to be used or disclosed • Identification of the persons authorized to make or use or disclose the protected health information • A description of each purpose of the use or disclosure • An expiration date or event (“no expiration date” may be used) • The subject’s signature and the date • A legally authorized representative must describe their authority to act for the individual • A statement that the subject may revoke the authorization in writing • A statement that the health information may no longer be protected by the Privacy Rule once it is disclosed. The institutions have created a template.
Related Questions
- Can databases or registries be created under HIPAA? Can I create a research database without obtaining an authorization from every single research subject?
- Retrospective chart reviews are important to Research; do they require a signed HIPAA Research Authorization?
- What are my alternatives when HIPAA Research Authorization is impractical for the study I want to conduct?
