MENU
Mary Greyard

Announcements

Revisions to the federal regulations governing human research are coming January 19, 2018. Please be on the lookout for more information and training on the ORIC website and notices of changes within ePIRATE.

Welcome to the ORIC - Research HIPAA Compliance

The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of protected health information (PHI) needed for patient care and other important purposes.

The purpose in this site is to help researchers know the limitations here at ECU when conducting research using PHI. This will explain the required length of storage of data as well as how to store it securely while having the proper authorization to do so.

*For non-research HIPAA compliance questions please refer to:  http://www.ecu.edu/cs-dhs/institutionalintegrity/index.cfm

Required Research HIPAA Training

Login to Cornerstone for HIPAA training using your pirateID and search for:

ECU HIPAA/Security Training for Researchers click on request and the training will be assigned to you.

Research HIPAA FAQs

What is PHI?

PHI stands for Protected Health Information.

The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

How to know if PHI is involved?

  1. Are you recruiting patients as participants from a healthcare component?
  2. Are you accessing the medical record to retrieve data?
  3. Is a healthcare component referring patients to you to recruit?
  4. Are you conducting your research within a healthcare component?

If you answer yes to any of the 4 questions above then PHI is involved in your research.

HIPAA Forms and Documents

Other ECU Links Relevant to Research HIPAA Compliance

Identity Theft Protection Committee (ITPC) - In order to implement and ensure compliance with legal  requirements governing SSNs and PII, ECU established the Identity Theft Protection Committee (ITPC) to oversee ECU's compliance with this regulation in regard to the collection, segregation, disclosure and security of SSNs and PII and the development of related policies/regulations.

The ITPC is also responsible for approving the collection and use of SSNs and PII.

Questions concerning the requirements of this regulation should be directed to the Identity Theft Protection Committee (ITPC) at ITPC@ecu.edu

Clinical Information Steering Committee - The Clinical Information Steering (CIS) Committee oversees the adoption and use of healthcare-related information technologies. CIS's partnership with ITCS provides a uniform process for the Brody School of Medicine, ECU School of Dental Medicine, ECU Allied Health, ECU College of Nursing and ECU Physicians to request and receive guidance in the selection, development and implementation of hardware, software systems, databases and third party IT services that support clinical research and operations for the purposes of assuring compatibility with existing East Carolina University and Vidant Health healthcare-related information technology systems, promoting operational efficiency, limiting storage of patient information outside of the university's designated Electronic Health Record (EHR) system(s), and ensuring both patient and university data are protected within the scope of applicable university policies, government regulations and state laws.