FASEB COMMENTS ON PROPOSED CHANGES TO HIPAA PRIVACY RULE Created by on 09/17/2010
FASEB recently urged the Department of Health and Human Services (HHS) to exempt research from the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Responding to a Notice of Proposed Rule Making (NPRM) devised to amend HIPAA, FASEB expressed concern that implementation of the Privacy Rule has had an adverse impact on medical research aimed at improving human health.
In its letter to HHS, FASEB noted that the Rule has made it more difficult to design consent forms that participants can understand, increased the cost and time associated with recruiting research subjects, caused delays in institutional review board approval, and contributed to selection bias, among other impediments to research. FASEB stated that the collective interests of the research community and study participants could best be served by exempting research from the Privacy Rule, extending the Common Rule to non-federally funded research, and strengthening data privacy and security measures.
While FASEB strongly favors an exemption for research within HIPAA, it acknowledged that the proposed modifications outlined in the NPRM may ameliorate some of the Rule’s detrimental effects on research. For example, the proposal to amend the Privacy Rule to allow covered entities to combine conditioned and unconditioned authorizations for research would facilitate the authorization process and minimize the confusion that results when patients are presented with multiple authorization forms for a single study. FASEB also supported HHS’s proposal to permit individuals to authorize the future use and disclosure of their protected health information for research purposes, so long as the intent to use that information is clearly conveyed in the authorization form. In closing, FASEB took the opportunity to urge HHS to create a modified de-identification standard for research purposes that is more closely aligned with the Common Rule and to eliminate service dates from the list of information that must be removed in order to de-identify health information.