HIPAA Rules Could Put a Chill on Office-Based Research. (Privacy Regulations)

Article excerpt

ARLINGTON, VA. -- The now active privacy rule of the Health Insurance Portability and Accountability Act may make it more difficult and risky to conduct office-based research.

The privacy rules regarding the use and disclosure of patient health information are less precise for research than they are for situations covered by a provider's Notice of Privacy Practices, Dr. David Kibbe said at a meeting sponsored by the American Academy of Family Physicians National Research Network.

The core privacy standard of the Health Insurance Portability and Accountability Act (HIPAA) says "all uses and disclosures of personally identifiable health information are prohibited without the individual's written authorization." Written permission is needed to use or disclose such information unless the actions are specially permitted by the privacy rule.

"There aren't any exceptions for [research] that I know of," said Dr. Kibbe, the AAFP director of health information technology.

Things such as case or care management, peer review, and quality improvement are health care operations and not research. This does not mean that a physician can ask to see another physician's charts if they are not his patients and his purpose is not for health care operations, he said.

When practices within a research network seek to collaborate with one another on research projects, they cannot have patients who would be included in various studies sign off on a "blanket release" for all the studies. …