60 likes | 80 Views
AAMC/VA Working Group Privacy. Stephania H. Griffin, RHIA, CIPP/G VHA Privacy Officer June 2011. Privacy’s Role. Ensure legal authority exists under all applicable Federal laws and regulations before patient information is shared or disclosed.
E N D
AAMC/VA Working GroupPrivacy Stephania H. Griffin, RHIA, CIPP/G VHA Privacy Officer June 2011
Privacy’s Role • Ensure legal authority exists under all applicable Federal laws and regulations before patient information is shared or disclosed. • Ensure individual’s privacy rights are maintained. • AAMC/VA Workgroup Participation – Provide SME on privacy legal requirements for use and disclosure of VA data for research.
AAMC/VA Guiding Statements The Working Group developed the following statements to guide the responsibilities of organizations with similar values and interests in research data security: • If a person authorizes the disclosure and use of data or other personal health information for research purposes, then researchers and institutions have an ethical and professional obligation to make those data available for responsible use while providing reliable safeguards and security against misuse of the data. • If an Institutional Review Board (IRB) has determined that data may be used in research without such an individual’s authorization and under specific circumstances outlined in a protocol, then researchers and institutions are similarly obliged to make those data available for responsible use while providing reliable safeguards and security against misuse of the data, as provided above. IRBs determine the extent to which data relating to research subjects may be ethically used and disclosed.
AAMC/VA Guiding Statements • Information security as well as privacy policies and procedures should facilitate such use, disclosure, and transfer of these data, so that the research community can continue to meet public expectations for further advances in medical care while providing confidence in the protection of the data.
Privacy Take Away 1. VHA must still have the legal authority under • Privacy Act; • HIPAA Privacy Rule; • 38 USC 5701; and • 38 UUSC7332, if applicable to make the disclosure of VA data to the Academic Affiliate. 2. VHA must still account for the disclosure.