Privacy Protection
HIPAA Requirements
- What are the 18 identifiers?
- How does the HIPAA privacy rule apply to my research?
- How does the HIPAA Security Rule that protects electronic information apply to my research?
- NIH Resources for Understanding the HIPAA Privacy Rule
- PSHMC/COM Privacy Policy - For Hershey Medical Center and College of Medicine
- HMC Privacy Notice - For subjects who did not receive the notice as a patient
- Acknowledgement of Receipt of Privacy Notice by Research Participant
- Penn State Privacy Policy - For all campuses other than HMC/COM
Templates
- Review Preparatory to Research Form
- Request for Research on Decedent's Information Form
- Confidentiality Agreement
- Data Use Agreement - Use of Limited Data Set that may include town, city, zip code, dates, age
- Business Associate Agreement for Research - A non HIPAA covered entity uses PHI while functioning on behalf of an HMC/COM researcher
- Authorization wording - See the 'Use of Private Health Information' section of the Model Consent Form
- Instructions for Tracking of Disclosures - For research not obtaining written authorization
Confidentiality
- Certificates of Confidentiality for Research
- NIH Certificate of Confidentiality Kiosk
This page includes detailed information about certificates, explains eligibility for certificates and provides NIH contacts. - FDA's Certificates of Confidentiality Application Instructions
If a Certificate of Confidentiality is needed for a study involving investigational new drugs (IND) use this application process . If a study is also NIH funded, applications for both agencies may be required. Coordinate with the FDA first.
- NIH Certificate of Confidentiality Kiosk