HIPAA Privacy Rule imposes restrictions on the use of protected health information (PHI) in activities preparatory to research, defined as the development of research questions, determination of study feasibility (in terms of the available number and eligibility of potential study participants), and development of eligibility (inclusion and exclusion) criteria, and determination of eligibility for study participation of individual potential subjects.
Research Investigators must complete a Representation of Activities Preparatory to Research (RAPtoR) Form to obtain this information and submit the form to the MAPRI Privacy Officer, Chanika Nelson, for approval. The Director of Research Analytics, Eric Watson, should also be copied on this email submission. This approval is valid for 12 months following the date upon which this RAPtoR is approved/executed. If further review is necessary after that date another RAPtoR will be required.
Research Breach Incident Report
Breach means the acquisition, access, use or disclosure of PHI in a manner not permitted by the HIPAA Privacy Rule that compromises the security or privacy of PHI. PHI is compromised when there is an impermissible acquisition, access, use or disclosure of PHI. Such an incident is presumed to be a breach unless, under HIPAA, KP can show that there is a low probability that the PHI has been compromised. A risk assessment is required.
In the event of a research breach or any impermissible use/disclosure of PHI in the custody of the PI, Sub-investigator, research staff, or other data recipient must be reported to the MAPRI Privacy Officer, Chanika Nelson, and IRB by phone or email immediately, but no later than five (5) calendar days of becoming aware of the event.
Data Use Agreement
In order to obtain a Data Use Agreement (DUA), please contact, Research Administrator Ashley Green, at ashley.w.green@kp.org.