Research Privacy Under HIPAA and the Common Rule

7 Pages Posted: 6 Dec 2009

Date Written: 2005

Abstract

For nearly twenty-five years, federal regulation of privacy issues in research involving human subjects was the primary province of the federal rule for Protection of Human Subjects (Common Rule).' As of April 14, 2003, the compliance date for the Privacy Rule ofthe Health Insurance Portability and Accountability Act (HIPAA),^ however, the Common Rule and the Privacy Rule^ jointly regulate research privacy. Although, in theory, the Privacy Rule is intended to omplement the Common Rule, there are several areas in which the rules diverge. In some instances the inconsistencies result in gaps in privacy protection; in other instances the inconsistencies result in added burdens on researchers without additional privacy protections.In all instances, the lack of harmonization of these rules has created confusion, frustration, and misunderstanding by researchers, research subjects, and institutional review boards (IRBs). In this article, I review the major provisions ofthe Privacy Rule for research, explain the areas in which the Privacy Rule and Common Rule differ, and conclude that the two rules should be revised to promote onsistency and maximize privacy protections while minimizing the burdens on research.

Keywords: research, privacy, HIPAA Privacy Rule, Common rule, IRBs, deidentification, consent

JEL Classification: K31, K32

Suggested Citation

Rothstein, Mark A., Research Privacy Under HIPAA and the Common Rule (2005). Journal of Law, Medicine and Ethics, Vol. 33, No. 1, p. 154, 2005, Available at SSRN: https://ssrn.com/abstract=1518527

Mark A. Rothstein (Contact Author)

U of Louisville ( email )

3787 Via Vuelta
3787 Via Vuelta
Rancho Santa Fe, CA 92091
United States
15025299381 (Phone)

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
211
Abstract Views
1,262
Rank
261,591
PlumX Metrics