HIPAA and Research

Important: The Health Information Technology for Economic and Clinical Health (HITECH) Act requires that any breach of HIPAA confidentiality be reported. Please report immediately upon discovery every use or disclosure of protected health information that is, or may be, in violation of HIPAA privacy requirements to the Johns Hopkins Privacy Office at [email protected]. Once contacted, the Johns Hopkins Privacy Office will provide you with forms to collect the details.

It is important that researchers understand and comply with HIPAA regulations as they pertain to research. This is the access point for specific information, policies, and forms pertaining to HIPAA and research. This material covers the HIPAA Privacy Rule and the HIPAA Security Rule.

Protected health information received or maintained by anyone within a Johns Hopkins covered entity may not be used or disclosed for research except in compliance with all applicable JHM HIPAA policies. * Psychotherapy notes require special attention see Policy 164.3.

Note: As of 1/26/06 BSPH is not part of the Johns Hopkins covered entities. The PI is responsible for ensuring that his or her research is conducted in compliance with HIPAA.

Additional Information, Forms and Policies

  1. HIPAA Definitions
  2. Research-related HIPAA forms
  3. JH HIPAA and Research Guidances
  4. OHSR HIPAA Policies [ Additional non-research HIPAA policies ]
  5. HIPAA and Research Frequently Asked Questions
  6. HIPAA Training and Education
  7. Contact Information