2,654
edits
Honest Broker: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "<table style="background:#F8FCFF; text-align:center" width="100%" cellspacing="0" cellpadding="0" border="0"> <tr> <td style="padding:0.5em; background-color:#e5e5e5; font-siz...") |
No edit summary |
||
| Line 37: | Line 37: | ||
A person or entity, other than a member of the workforce of a covered entity, who performs functions on behalf of a covered entity per 45 CFR 160 is a business associate. | A person or entity, other than a member of the workforce of a covered entity, who performs functions on behalf of a covered entity per 45 CFR 160 is a business associate. | ||
===De-identification=== | ===De-identification=== | ||
De-identification refers to removal of all | De-identification refers to removal of all 18 of the HIPAA identifiers or any other identifiers which would allow the reasonable possibility for investigators or others to identify patients directly or indirectly to prevent re-identification of patients. | ||
===Information Custodian=== | |||
All application systems must have an information custodian '''''(IM17, Access Control to Information Technology Resources)''''' who performs the following functions: '''''(IM29 - Information Custodian Roles and Responsibilities)''''' | |||
*Ongoing day to day administration for departmentally owned information systems | |||
*Coordination of system upgrades | |||
*End user training | |||
*First tier application support | |||
*Business process owner | |||
*System access and control | |||
*Resource table configuration and application testing | |||
*Business continuity coordination (downtime procedures) | |||
*Interface troubleshooting and error management | |||
*Report development | |||
*Research and development of emerging technologies | |||
*Primary vendor contact | |||
*Change management documentation and communication | |||
*Auditing requirements | |||
*Other duties as mutually agreed upon | |||
===Institutional Review Board (IRB)=== | |||
IRB means the Institutional Review Board of record for the ACE. | |||
===Limited Data Sets === | |||
A Limited Data Set means a set of identifiable patient information, as defined by HIPAA, which has limited identifiable information which may be used solely for the purpose of research, public health, or health care operations. A Limited Data Set should be shared only upon execution of a Data Use Agreement, which is an agreement which addresses HIPAA-mandated conditions related to subsequent uses and disclosures of Limited Data Sets. | |||
===Protected Health Information (PHI)=== | |||
Protected Health Information means any information whether oral or recorded in any medium created or received by a health care provider, health plan, employer or health care clearinghouse which relates to past, present or future physical or mental health or condition of an individual, or the past, present, or future payment for the provision of health care to an individual for which there is a reasonable basis to believe the information may be used to identify an individual. | |||
===IRB Requirements=== | |||
Use of human biological, samples, specimens and data or the like shall be consistent with the requirements, regulations, laws for use of such information and materials. | |||
===Workforce Member=== | |||
Workforce member refers to faculty, staff, volunteers, trainees, students, independent contractors and other persons whose conduct in the performance of work the ACE entities, or are under the direct control of an ACE entity. | |||
==Procedures== | |||
===Honest Broker Requirements=== | |||
The ACE will comply with the HIPAA Privacy Rule requirements pertaining to the use and disclosure of protected health information (PHI) and de-identification of PHI used for research and healthcare operations as well as any applicable related state laws that are not preempted by HIPAA and IRB Requirements. | |||
*'''De-identified health information''' must not include any of the eighteen identifiers defined by HIPAA, or any other identifiers, that would allow a reasonable possibility for any person to identify the patients directly or indirectly. | |||
*'''Limited Data Sets''': If the health information provided to research investigators is based on a Limited Data Set the investigators must complete and obtain Institutional Review Board (IRB) approval of a UNMC/Nebraska Medicine If the investigator requests changes to the Data Use agreement, the Privacy Office shall review and approve the revisions. | |||
*'''Re-Identification Codes''': The information provided to the investigators/others by the Honest Broker may incorporate linkage codes to permit information collation and/or subsequent inquiries (i.e., a “re-identification code”), however the information linking this re-identification code to the patient’s identity must be retained by the Honest Broker, secured and separate from research/other documents; all subsequent inquiries must be conducted through the Honest Broker and IRB approval. | |||
===Honest Broker Role=== | |||
*An Honest Broker will provide a research investigator with a de-identified listing of the health information of potential eligible research subjects. The Honest Broker will retain re-identification codes that permit only the Honest Broker to re-identify the data. | |||
*The Honest Broker may facilitate identification of potential research subjects by contacting patients’ personal physicians who would contact the patients to: | |||
:*Introduce the research study; | |||
:*Ascertain their interest in study participation; and | |||
:*Facilitate contact with an investigator or obtain their written authorization to share their interest in study participation with the investigators and to be contacted by them. The Honest Broker would not directly contact the patient. | |||
:*After secondary review by the Associate Vice Chancellor for Clinical Research, an Honest Broker may provide the research investigator with a list of potentially eligible patients who have agreed to be contacted for research studies they are eligible for based on their election on the Conditions of Treatment form or consistent with the Human Research Protection Program Policy #3.4 “Use of Protected Health Information in Research and Registries” for further information. | |||
c. Honest Broker Data Requests: Individuals requesting PHI or de-identified data shall complete the UNMC/Nebraska Medicine EHR Service Request form (research), the Analytics Request form (performance improvement) or another similar form. | |||
UNMC EHR Service Request form (research) currently at | |||
https://unmcredcap.unmc.edu/redcap/surveys/?s=9TsTE2UGsM | |||
Nebraska Medicine Analytics Request Form (performance improvement currently at: http://newintranet.nebraskamed.com/analyticsrequest/ | |||
==Additional Information== | ==Additional Information== | ||