|
|
|
AuthorizationsThis page contains forms specific to the process of developing a valid HIPAA authorization. If you download copies of these forms for local use, be sure to check back here occasionally for updates. If you need to identify subjects from individually identifiable health information for study recruitment purposes prior to acquiring the subject's authorization, be sure you also have a limited waiver for recruitment purposes in place (see the Research Worksheet for more information). (revised 9/11/2008) IMPORTANT: When using the Authorization Template, the listing of information to be received in section (1), and the list of places that will be providing this information as well as the people to whom information holders will be giving this information listed in section (2), needs to be exhaustive and thorough. A covered entity must be able to rely on an appropriately executed Authorization as a stand alone document to identify itself as being able to provide information, the information it is authorized to provide, and who they are authorized to provide it to. Generalizations in section (1) such as 'data required for this study' are not sufficient. Generally authorizations can be combined with other documents, such as the informed consent. One exception to this is an authorization to release psychotherapy notes, which cannot be combined with other documents. Special types of Health InformationNew York State Law sets additional requirements on the disclosure of certain types of information by health care workers, including but not limited to: Cancer Information, Communicable Diseases within New York City , HIV/AIDS, Tuberculosis, Sexual Abuse, Drug Abuse, Births and Deaths, Early Intervention Services, Genetic Information, Alcohol and Substance Abuse, and Mental Health. In situations where research involves such information, State Law requirements, in addition to HIPAA requirements need to be considered. A HIPAA compliant authorization does not remove the need to understand and comply with any additional requirements governing disclosures associated with these types of information. Investigator Guidelines provide an overview of authorization requirements to the investigator.
Authorization Validity Checklist with Examples provides examples that can be cut and pasted into the authorization template. This document will be used by the IRB to validate authorizations submitted to it for review.
Authorization Template Use the template to prepare your authorization form for IRB review. Includes required provisions.
WorkflowAuthorization forms should be submitted along with other paperwork to the IRB. When a HIPAA authorization is being used, the authorization and informed consent will only be approved jointly, i.e., an informed consent will not be approved until the authorization is approved and visa-versa. You must have a separate, IRB approved authorization for each approved protocol which specifically identifies the protocol it is associated with. The authorization may not be further modified (boxes checked, information elements added) after IRB approval. After obtaining a research subject's signature on a HIPAA authorization, a copy of that signed authorization will have to be provided to the covered entity when you wish to use it to access protected health information. Handling of this varies by covered entity:
|
This material is designed for internal University at Buffalo use only and is
copyrighted. Information and documents available on this site may be
freely copied and used with appropriate attribution to the University at
Buffalo. None of the information on these pages should be construed as
legal advice or expert opinion with respect to how any particular function or
entity engages in work to come into compliance with HIPAA.
|
