Clinical Research Policy

Privacy and Confidentiality in Research

Certificates of Confidentiality Kiosk, NIH (updated September 4, 2012) - Certificates of Confidentiality are an important tool to protect the privacy of research study participants (see NIH Guide Notice 03/15/2002). This Kiosk web site provides information about Certificates of Confidentiality for those involved with the conduct of sensitive biomedical, behavioral, clinical or other types of research, including investigators, IRB members, and Institutional Officials.

Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health (HIPAA/HITECH)

The HIPAA Privacy Rule provides federal protections for individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.  At the same time, the Privacy rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes.  The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities and their business associates to use to assure the confidentiality, integrity, and availability of electronic protected health information.

HITECH was signed into law on February 17, 2009 and last revised in 2013. It promotes the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

HIPAA Administrative Simplification Statute and Rules

This is the complete suite of HIPAA Administrative Simplification Regulations that are found at 45 CFR Parts 160, 162, and 164, and includes:

  • Transactions and Code Set Standards
  • Identifier Standards
  • Privacy Rule
  • Security Rule
  • Enforcement Rule
  • Breach Notification Rule

Omnibus HIPAA Rulemaking

In March 2013, HHS announced a final rule that implements a number of provisions of the Health Information Technology for Economic and Clinical  Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).