The Health Insurance Portability and Accountability Act (HIPAA) regulates the protection of private health information for individuals. HIPAA’s “Privacy Rule” sets standards for the use and disclosure of all individually identifiable health information obtained from a covered entity. All forms of health information that are associated with any of the 18 identifiers specifically defined by HIPAA are considered to be protected health information (PHI) subject to HIPAA regulations. To access this information, all research studies must either 1) obtain an individual’s HIPAA authorization (on the covered entity’s Authorization form) or 2) request a waiver of HIPAA authorization (through a protocol application in eProtocol). The Privacy Rule went into effect on April 14, 2003.

UC Berkeley’s covered entities are the University Health Services (including its health care services on behalf of Intercollegiate Athletics), and the Optometry Clinic. Specifically, these are the Tang Health Center, Optometry Clinic, Human Resources Health Plan, and Athletics and Recreational Sports. Use of data from these units must receive prior CPHS approval. For more information about UCB covered entities, contact Lisa Ho, Campus Privacy Officer. For more information about protocol review, check with OPHS staff.

Guidance

Training

  • Online Tutorial Assessment on Research Aspects of HIPAA
    • This tutorial was developed by the UC San Diego Human Subjects Protection Program and has been made available to the UC research community.
    • It is targeted to research investigators - just fill in the requested information to begin.
    • You will be able to download a certificate of completion to attach to your CPHS protocol.

Form

  • UC Research Authorization for Release and Use of Personal Health Information and Personally Unidentified Study Data (for individual subjects) - PDF or Word

On this page