HIPAA and Human Subjects Research

The Health Insurance Portability and Accountability Act (HIPAA) regulates the protection of private health information for individuals. HIPAA’s “Privacy Rule” sets standards for the use and disclosure of all individually identifiable health information obtained from a covered entity. All forms of health information that are associated with any of the 18 identifiers specifically defined by HIPAA are considered to be protected health information (PHI) subject to HIPAA regulations. To access this information, all research studies must either 1) obtain an individual’s HIPAA authorization (on the covered entity’s Authorization form) or 2) request a waiver of HIPAA authorization (through a protocol application in eProtocol). The Privacy Rule went into effect on April 14, 2003.

UC Berkeley’s covered entities are the University Health Services (including its health care services on behalf of Intercollegiate Athletics), and the Optometry Clinic. Use of data from these units must receive prior CPHS approval. For more information about UCB covered entities, please contact the UC Berkeley Privacy Office. For more information about protocol review, check with OPHS staff.

HIPAA-Compliant Zoom Meetings

Principal investigators: If you are conducting human subjects research that involves the use/transmission and/or collection of Personal Health Information (PHI) that is covered by HIPAA regulations, UC Berkeley does have access to HIPAA-compliant Zoom meetings, which can be associated either with an individual or department (Special Purpose Account) that can be shared amongst team members. For more information about HIPAA-compliant Zoom, see bIT's knowledge base article.