THE IRB OFFICE IS LOCATED INSIDE THE OFFICE OF SPONSORED PROGRAMS OFFICE AT 422K THOMPSON HALL.

TO SUBMIT : PLEASE SIMPLY LEAVE YOUR IRB APPLICATIONS IN THE BOX TO THE RIGHT INSIDE THE DOOR OF OUR OFFICE.  YOU WILL BE CONTACTED UPON ITS RECEIPT.

THERE ARE NO IRB MATERIALS AVAILABLE IN THE OFFICE. ALL INFORMATION AND MATERIALS ARE AVAILABLE ON OUR WEBSITE. IF YOU HAVE ANY ADDITIONAL QUESTIONS THAT AFTER YOU HAVE SUBMITTED YOUR APPLICATION, PLEASE E-MAIL CRISTY ETTENSON AT ETTENSON@TC.EDU .

To better serve first-time applicants for IRB review, OSP has published the first ever Common Errors Guide at Teachers College. Using samples taken from IRB applications over the last three years, the guide addresses how investigators can avoid recurring pitfalls in the area of human subjects research.

HIPAA

The Health Insurance Portability & Accountability Act (HIPAA) contains provisions that protect the privacy of medical records, including records reviewed or created in the context of research. The new provisions go into effect on April 14, 2003. The memo below details the actions TC is taking to ensure compliance with HIPAA, some guidance to help you determine if your research is subject to HIPAA, and the actions to take if it does. One thing that is absolutely essential to bear in mind is that HIPAA’s privacy requirements will apply to all research in which data collection is currently underway at TC, and not just research set to start after April 14. Everyone currently collecting research data needs to take a moment to determine whether or not HIPAA applies to them. In most instances it will not. My apologies for the length of this memo, but the information is important and getting all of it out now will, we hope, help to avoid confusion later on.

Institutional Compliance with HIPAA:

1. HIPAA requires that all institutions appoint a privacy committee to review research protocols for compliance with HIPAA privacy mandates. Effective March 24, 2003, Acting Dean Aaron Pallas has appointed the Teachers College Institutional Review Board (IRB) as our Privacy Committee for HIPAA purposes.
2. New, revised IRB application forms addressing HIPAA compliance will be put online in time for the April 14 deadline.

Determining if HIPAA applies to your research:

3. Determining whether or not HIPAA applies to you or not depends first and foremost on where you are doing your data collection. HIPAA will apply if you are collecting personal health information (PHI) in or from a HIPAA-covered entity. HIPAA-covered entities include:
· Hospitals, including teaching hospitals and medical research centers

• · Private medical practices or facilities
• · Mental heath care practices or facilities
• · Social service agencies that provide either medical or mental health assistance (for example, hospices, welfare program offices, drug and alcohol treatment centers, nursing homes, rehabilitation facilities)
• · Insurance companies and HMOs

4. If you answer “yes” to the above, will you be collecting or reviewing private, identifiable medical information, such as diagnosis, treatment, medical history, etc?
5. If “yes”, then will the identities of the individuals from whom you are collecting data be known to you?

Investigator Compliance with HIPAA:

If the answer to all three of the above is “yes”, then your research is subject to HIPAA. In practical terms, this means you must do one of two things: 1) obtain consent from research subjects to create, use and disclose Private Health Information (this consent is separate from and in addition to your previously approved Informed Consent Document) or 2) request a waiver of HIPAA authorization.

In order to bring your research into compliance with HIPAA, you need to take the following actions:

• 6. Submit a memo to the IRB requesting a change to a previously approved protocol, following the instructions detailed here: http://www.tc.edu/osp/irb/forms.htm
  The memo should state expressly that you are requesting a modification in order to comply with HIPAA.
  7. If you plan on obtaining consent from your subjects, fill out the HIPAA Consent Form and attach it to the memo. The memo should explain how, when and where you plan on obtaining this additional consent from subjects.
  8. HIPAA allows investigators to use or disclose PHI for research purposes without subjects’ consent or authorization when the IRB has approved a waiver of consent/authorization. To approve such a waiver, the investigator must establish:
  That the research involves no more than minimal risk to the subjects;
• · That the waiver will not adversely affect the rights and welfare of the subjects;
• · That the research could not practicably be conducted without the waiver;
• · That the research could not practicably be conducted without access to and use of the PHI;
• · That the use or disclosure of the PHI involves no more than minimal risk to the privacy of the subjects as a result of:
• An adequate plan to protect the PHI from improper use and disclosure;
• An adequate plan to destroy any identifiers contained in the PHI at the earliest opportunity consistent with the research;
• Adequate written assurances that the PHI will not be reused or re-disclosed to any other person or entity, except as required by law, for authorized oversight of the research study, or for other research for which the use or disclosure of PHI would be permitted; and
• · Whenever appropriate, the subjects will be provided with additional pertinent information after participation.
• · In general, “identifiers” means information about an individual or his or her relatives or employer that alone or in combination with other information could identify the individual.

9. If you plan on requesting a waiver, your memo must provide assurances that the confidentiality measures in your originally approved protocol meet the above criteria, or else it should add additional measures to ensure the above criteria are met.
10. The IRB has authorized all modifications made for HIPAA compliance purposes between now and April 14 to be made administratively. We can promise a quick turn around time for approvals.

Again, it’s important to recognize that most research conducted under TC’s auspices will not be subject to HIPAA. The two questions to ask are 1) where am I collecting this data? and 2) are there identifiers linking the data to an individual? Also bear in mind that just because your research is exempt for IRB purposes doesn’t mean it’s exempt from HIPAA. The most common example of IRB exempt research that is subject to HIPAA is a review of medical or health care record that was exempt under category 4). Review of archival data.