130 likes | 387 Views
Role of the Privacy Officer on the IRB. Stephania H. Griffin, RHIA, CIPP/G VHA Privacy Officer. Overview of Discussion. Role of Information Access and Privacy Office Non-voting Member of VA Central IRB Issuing Policy and Guidance Reviewing Requests for National Data
E N D
Role of the Privacy Officer on the IRB Stephania H. Griffin, RHIA, CIPP/G VHA Privacy Officer
Overview of Discussion • Role of Information Access and Privacy Office • Non-voting Member of VA Central IRB • Issuing Policy and Guidance • Reviewing Requests for National Data • Processing requests for RealSSN and VistAWeb Access • Role of Facility Privacy Officer • Non-voting Member of IRB or R&D Committee • Privacy Reviews For Research
Role of Information Access and Privacy Office • Non-voting Member of VA Central IRB • Review all Protocols submitted to the VA Central IRB and conduct privacy review • Issuing Policy and Guidance • VHA Handbook 1605.1 • Review Tools • Privacy Review Checklist – Available at http://vaww.vhaco.va.gov/privacy/vhapo.htm
Role of Information Access and Privacy Office • Issuing Policy and Guidance (cont.) • Privacy Fact Sheets • June 2006, Vol. 06, No. 3 - Privacy Requirements for Use of VHA Data by VHA Researchers • June 2006, Vol. 06, No. 4 - Privacy Requirements for Disclosure for Research to Non-VA Researchers • Available at http://vaww.vhaco.va.gov/privacy/FactSheets.htm
Role of Information Access and Privacy Office • Reviewing Requests for National Data • Extracts from National Databases at AAC • Extracts from Corporate Data Warehouse • Processing Requests for RealSSN and VistAWeb Access • Review Research Documentation • Provide approval • Sign and Submit VAF 9957 for RealSSN • Approval on Request Form for VistAWeb
Role of Facility Privacy Officer • VHA Directive 2007-040, Appointment of Facility Information Security Officer (ISO) and Privacy Officer to the Institutional Review Board (IRB) or the Research and Development (R&D) Committee • Rewrite of the policy directive is currently underway. • But today….
Role of Facility Privacy Officer • Non-voting Member of IRB or to R&D Committee • Participate in IRB or R&C Committee meetings in order to review research documentation and raise privacy issues directly to IRB or the R&D Committee • VA uses Affiliate or Outside IRB • Develop policies, in conjunction with Research Department, for the privacy review of documentation for all facility research studies; and • Reside as non-voting member on affiliate IRB or facility R&D Committee
Role of Facility Privacy Officer • Final Privacy Review of Research • Required after IRB approval of research study and/or approval of waiver of HIPAA-compliant authorization • Ensure legal authority exists prior to the use of Protected Health Information (PHI) for Research – must review: • HIPAA-compliant authorization; and/or • IRB approval of waiver of HIPAA-compliant authorization; and • Business Associate Agreements, in rare instances where contractors will have access to PHI.
Role of Facility Privacy Officer • Ensure legal authority exists prior to the disclosure of PHI to outside entities (e.g., study sponsor) for Research – must review: • HIPAA-compliant authorization; or • IRB approval of waiver of HIPAA-compliant authorization • Ensure process exists for the maintenance of an accounting of all disclosures resulting from the Research. • Ensure HIPAA-compliant Authorization is consistent with the Informed Consent.
Role of Facility Privacy Officer • Preliminary or Interim Privacy Review of Research • Review performed on Principal Investigator submission prior to the IRB Meeting • Review HIPAA-compliant authorization, if present, to determine if it meets all content requirements • Determine if a waiver of HIPAA-compliant authorization is requested or required, and what it covers (e.g., recruitment only or entire study) • Review Informed Consent to see if consistent with HIPAA-compliant authorization provided • Provide all comments to IRB
Role of Facility Privacy Officer • Requested Privacy Review (Prior to IRB Submission) • Conducted at request of Principle Investigator • Review to ensure that all elements are contained in the HIPAA-compliant Authorization (if stand alone or incorporated into the Informed Consent) • Assist in determining if waiver of HIPAA-compliant Authorization required
Contact Information • Stephania H. Griffin, VHA Privacy Officer, Director, Information Access and Privacy Office • Phone: 704-245-2492 • Email: stephania.griffin@va.gov