Lauren DeWitt, an associate in the Health Sciences Department of Pepper Hamilton, was quoted in the October 2018 Briefings on HIPAA article, "Revisions to the Common Rule and HIPAA: What You Need to Know."
"It is important to understand how these rules interact," says Lauren DeWitt, Esq., an associate in the health sciences department of Pepper Hamilton LLP in Princeton, New Jersey.
DeWitt explains that where both HIPAA and the Common Rule apply, both must be followed. For example, if a study uses identifiable information from a CE, then you must comply with HIPAA and the Common Rule. The rules, while different, are not necessarily in conflict with one another, but you must be cognizant of each.
"The purpose behind many of the revisions to the Common Rule is to enhance research and to reduce regulatory burdens that don’t actually increase protection of research subjects," explains DeWitt. "This can be seen in how the Common Rule addresses obtaining consent for how researchers can use biospecimens and what has to be disclosed to participants if you’re going to use them for future studies."
"HIPAA has always had standards for use and disclosure of information," DeWitt says. "HIPAA still applies to CEs, regardless of the broad spectrum of people who will have access to the information."
DeWitt explains that although research is a very small part of what 42 CFR Part 2 covers, Part 2 programs can disclose data for research purposes, generally to a CE or business associate, pursuant to an authorization. The recipient of the data is still subject to the Common Rule, but the use of Part 2 data will still have stricter requirements for authorization.
Finally, among the proposed changes not included in the final rule was an exemption for secondary research involving identifiable private information, where notice of such use had been given. DeWitt suggests that this addresses lingering concerns about protecting the interests of the research subject.
"Ultimately," she says, "the purpose of the revisions to the Common Rule goes toward reducing regulatory burden where patient information is still protected."
For more information on Briefings on HIPAA, visit http://hcmarketplace.com/briefings-on-hipaa.