Investigators who wish to access, use, or disclose for research purposes Protected Health Information (PHI) from a U.S. “covered entity” must be familiar with the requirements under the Health Insurance Portability and Accountability Act (HIPAA). Please send questions about HIPAA to the Research Compliance Officer, Elizabeth Peterson at firstname.lastname@example.org.
HIPAA and Research Common Scenarios- discusses common circumstances in which HIPAA affects research activities
Guidance on Protected Health Information and the JHSPH- covers the requirements for obtaining signed privacy authorizations, for obtaining a waiver of the signed privacy authorization requirement as well as for using limited data sets.
Note: Like consent documents, IRB approved Authorization forms must be stamped with the IRB logo.
Stand-alone HIPAA Authorization
Investigators who seek access for research purposes to limited data sets containing PHI from a Johns Hopkins covered entity (JHH, Bayview, JHCP, and all the other JHH affiliated hospitals) will need to sign a Data Use Agreement (DUA). These Agreements are generated by the Office of Research Administration. To obtain a DUA, contact the Research Compliance Officer, Elizabeth Peterson at email@example.com.
All JHSPH investigators, study staff, and students using Protected Health Information in research must complete HIPAA training: MyLearning Module: HIPAA & Research - 01. You will find this course in the MyLearning Course Catalog under “Compliance > Research Compliance and Ethics > HIPAA & Research.” It will NOT be listed under “HIPAA” You do not need to take the “General Privacy Issues” course as a prerequisite.