Welcome to the ORIC - Research HIPAA Compliance
The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of protected health information (PHI) needed for patient care and other important purposes.
The purpose in this site is to help researchers know the limitations here at ECU when conducting research using PHI. This will explain the required length of storage of data as well as how to store it securely while having the proper authorization to do so.
*For non-research HIPAA compliance questions please refer to: http://www.ecu.edu/cs-dhs/institutionalintegrity/index.cfm
Required Research HIPAA Training
Login to Cornerstone for HIPAA training using your pirateID and search for:
ECU HIPAA/Security Training for Researchers click on request and the training will be assigned to you.
Research HIPAA FAQs
What is PHI?
PHI stands for Protected Health Information.
The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
How to know if PHI is involved?
- Are you recruiting patients as participants from a healthcare component?
- Are you accessing the medical record to retrieve data?
- Is a healthcare component referring patients to you to recruit?
- Are you conducting your research within a healthcare component?
If you answer yes to any of the 4 questions above then PHI is involved in your research.
HIPAA Forms and Documents
- HIPAA Authorization Template
- HIPAA Authorization Template – Spanish Version
- HIPAA Authorization Template – Future Research
- HIPAA Authorization Template – Future Research – Spanish Version
- Parent HIPAA Authorization for Minor Participants
- Application for Waiver of HIPAA Authorization Template
- Alteration of HIPAA Authorization for Recruiting Template
- Research on Decedents Information Form
- Request for Preparatory Review of PHI
Other ECU Links Relevant to Research HIPAA Compliance
Identity Theft Protection Committee (ITPC) - In order to implement and ensure compliance with legal requirements governing SSNs and PII, ECU established the Identity Theft Protection Committee (ITPC) to oversee ECU's compliance with this regulation in regard to the collection, segregation, disclosure and security of SSNs and PII and the development of related policies/regulations.
The ITPC is also responsible for approving the collection and use of SSNs and PII.
Questions concerning the requirements of this regulation should be directed to the Identity Theft Protection Committee (ITPC) at ITPC@ecu.edu
Clinical Information Steering Committee - The Clinical Information Steering (CIS) Committee oversees the adoption and use of healthcare-related information technologies. CIS's partnership with ITCS provides a uniform process for the Brody School of Medicine, ECU School of Dental Medicine, ECU Allied Health, ECU College of Nursing and ECU Physicians to request and receive guidance in the selection, development and implementation of hardware, software systems, databases and third party IT services that support clinical research and operations for the purposes of assuring compatibility with existing East Carolina University and Vidant Health healthcare-related information technology systems, promoting operational efficiency, limiting storage of patient information outside of the university's designated Electronic Health Record (EHR) system(s), and ensuring both patient and university data are protected within the scope of applicable university policies, government regulations and state laws.