If your proposed project is exempt from ongoing IRBMED oversight but you or any member of your study team will be accessing Protected Health Information (PHI), the project must be reviewed by the Privacy Board. You will need to complete an exempt application through eResearch, including Sections 25-1 and 25-2.
For more information regarding exempt categories, click here.
Criteria for Waiver
The Privacy Board will evaluate the application to ensure that the use and/or disclosure of Protected Health Information (PHI) for the project involve no more than minimal risk of harm to the privacy of individuals. In making this determination, the Privacy Board will consider the following:
- An adequate plan is in place to protect patient identifiers and PHI from improper use and disclosure.
- An adequate plan to destroy the identifiers at the earliest opportunity consistent with the conduct of the research, unless there is a Privacy Board-approved health or research justification for retaining the identifiers or such retention is otherwise required by law.
- Adequate written assurances that the PHI will not be reused or disclosed to any other person or entity, except as required by law, for authorized oversight of the research study, or for other research for which the use or disclosure would be permitted by HIPAA.
- The Waiver or Alteration of Authorization will not adversely affect the rights and welfare of the subjects.
- The research could not practicably be conducted without the Waiver or Alteration of Authorization.
- The research could not practicably be conducted without access to and use of the PHI.
- Whenever appropriate, the subjects (including their physicians, as applicable) are provided with additional pertinent information after participation.
- Where the Principal Investigator anticipates the disclosure of PHI outside the Covered Entity (as that may be determined from time to time), the Principal Investigator must account for each disclosure and retain records of such disclosures.