HIPAA in Research

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has special requirements that WCM researchers must follow when viewing or handling the protected health information ("PHI") of patients or other individuals for research purposes. These research provisions, as dictated by the HIPAA Privacy Rule and HIPAA Security Rule, are explained in the guide below.

Please note that when handling patient or research subject information, do not use email. Use only the messaging functionality within Epic, or the WCMC File Transfer Service.

HIPAA Tests

Remember to take the following exams:
(Principal Investigators, Co-investigators, Key Staff and anyone involved in research)

• The CITI Exam (which includes a HIPAA component) The HIPAA Privacy Test (click on the words "Take the On-Line HIPAA Privacy Training")
• The HIPAA Security Test (click on the words "Take the On-Line HIPAA Security Training")

All are encouraged to sign a Confidentiality Agreement.

HIPAA Links

For more helpful HIPAA information, please visit the following:

• Department of Health and Human Services National Institutes of Health (HIPAA Privacy Rule Information for Researchers):
• Office For Civil Rights (Privacy & Security Rule Information for Researchers)
• Office for Civil Rights: Summary of the HIPAA Privacy Rule
• WCMC HIPAA Intranet Site