|
WORKING WITH THE PRIVACY BOARD
SUBMITTING A REQUEST FOR WAIVER OF AUTHORIZTION:
The Board meets every Thursday, and submission materials
should be received by the Friday preceding the meeting.
Submissions may be sent via mail or fax. Please submit
one copy of each of the items listed under, "Submitting
a Request for Waiver of Authorization".
THE REVIEW PROCESS:
Upon receipt, and prior to review by the Board, the
application is reviewed for completeness. This pre-review
may expedite the approval, but does not guarantee that
the Board will issue approval to Waive Authorization.
If it is determined by the staff of The Privacy Board
that the project meets regulatory criteria for Expedited
Review, the review should be completed within 2 business
days of receipt of the complete application.
NOTIFICATION OF BOARD ACTIONS:
Generally, The Privacy Board notifies the applicant
about the results of the review within 72 hours by e-mail,
fax or phone.
APPROVALS:
If The Privacy Board approves the Waiver of Authorization,
an approval letter is issued. The approval letter specifically
includes the following::
 |
A statement identifying The Privacy
Board as the reviewing body. |
|
The date on which the alteration or
waiver of authorization was approved. |
|
Whether the approval was granted at
a convened meeting of the Board or via Expedited
Review. |
|
Description of the protected health
information for which waiver or alteration of authorization
for use or access is requested. |
|
The criteria for approval, including
at least: |
| |
- The use or disclosure of protected health
information involves no more than minimal risk
to the individuals;
|
| |
- The alteration or waiver will not adversely
affect the privacy rights and the welfare of
the individuals;
|
| |
- The research could not practicably be conducted
without the alteration or waiver;
|
| |
- The research could not practicably be conducted
without access to, and use of the protected
health information;
|
| |
- There is an adequate plan to protect the identifiers
from improper use and disclosure;
|
| |
- There is an adequate plan to destroy the identifiers
at the earliest opportunity consistent with
conduct of the research, unless there is a health
or research justification for retaining the
identifiers, or such retention is otherwise
required by law; and
|
| |
- There are adequate written assurances that
the protected health information will not be
reused or disclosed to any other person or entity,
except as required by law, for authorized oversight
of the research project, or for other research
for which the use or disclosure of protected
health information would be permitted.
|
|
In addition, the approval documentation
will affirm that the data set to be used or disclosed
meets the criteria for minimum necessary per 45
CFR 164. |
APPROVAL PERIODS:
The Privacy Rule does not stipulate that projects must
be reviewed on any regular basis. However, investigators
should notify The Privacy Board regarding:
- Any changes to the research design or procedures
- Completion of the study.
A Project Update Form will
be included in the approval documents and on this
Website.
Please feel free to call Jim
Saunders at The Privacy Board at 781-431-7577 for
additional information about our policies and services.
|
