Letting Your Personal Health Information
Be Used and Shared for Research The Privacy Rule Authorization Form and
Clinical Research: What You Should Know
Medical research helps us learn new information about health, illness,
and disease and how we can improve health for everyone. You have been asked
to join a clinical research study. If you agree to be in this study after
learning about it, the research team will ask you to sign certain important
forms. One of these may be an authorization form. This form may ask you
to let your doctors or other health care providers give your personal health
information to the research team. The authorization form could also ask
you to let the research team use or share your personal health information
with others for the research study. The research team might need to use
and share different types of personal health information, such as:
- Your name and address
- Your health background
- Your health care provider's name
- Your birthday
- Your Social Security number
|
- Your medical records
- Your ethnic origin
- Your lab test results and X-rays
- Notes taken by a doctor or nurse
- Your medical diagnosis
|
Why am I being asked to sign an authorization form?
Many
people have concerns about who can see and use information about them,
particularly information about their health. The U.S. Government created
a rule, called the Privacy Rule, under the Health Insurance Portability
and Accountability Act (HIPAA) to help protect your personal health information
from being used or shared when it shouldn't be.
Examples
of
Covered Entities
Many hospitals
Many doctors or nurses
Some researchers
Health insurers
Medicare and Medicaid plans
|
|
Since 2003, most hospitals, doctors, and health plans that have your
personal health information must follow the Privacy Rule. These
hospitals, doctors, and health plans are called "covered entities."
People who work for "covered entities" also may have to follow the Privacy
Rule. This usually means that research teams (such as scientists,
nurses, and other hospital staff) that work for "covered entities" can
use and share your personal health information for this study only after
getting your okay. This also usually means that your doctor can't share
your personal health information with the research team for this study
unless you give your okay. You give your okay by signing the authorization
form.
The research team may need information in your medical records for the
research study. For example, they may need to know your medical diagnosis
or know about allergies you may have. The research team may also need to
collect health information about you from other health care providers because
the information may be important to the study. For example, the research
team may need to get your lab test results from your doctor.
What information will be in the authorization
form?
The authorization form will tell you:
- Who will use, share, and receive your
personal health information. This could be your doctor, other doctors
and nurses taking care of you, or the researchers and other members of
the research team. This could also be other institutions or companies
that pay for the research.
- What personal health information is needed
for the research study. This may include some or all of your medical records,
information about the medicines you take, the results of blood tests or X-rays,
and other health information.
- Why your personal health information will
be used or shared. This part will describe the research study. It also may
tell you the title of the research study.
- Your Right to change your mind and cancel
your authorization at any time.
- Information on what happens if you do not
sign the authorization form, how to cancel your authorization, and how long
your information will be used or shared.
Will everyone who sees my personal health information
have to protect it under the Privacy Rule?
Not always. There may be times when your personal health information
is shared with someone who doesn't have to follow the Privacy Rule.
Examples of people and organizations that may not have to follow the Privacy
Rule are:
- Sponsors of the research study
- Makers of drugs for the study
- Some researchers
Authorization
form checklist:
|
|
I have read
the authorization form completely, either on my own or
with someone from the research team. |
|
I understand
what the authorization form is saying. |
|
I understand
who may be using my personal health information as part
of the research study. |
|
I have asked
a member of the research team any questions I have, and
I understand the answers. |
|
I have received
a signed copy of my authorization form for the research
study I am joining. |
|
|
Even though some doctors, researchers, or organizations aren't covered entities
under the
Privacy Rule, many of them know it's important to keep your
information private. They also may have to follow state or other national
laws that protect your information.
I don't understand why the authorization form
says that the Privacy Rule may not protect my personal health
information if it's shared. Why does the authorization form say this?
There may be times when your personal health information is shared with
some doctors, researchers, or organizations (such as makers of drugs for
the study or study sponsors) that don't have to follow the Privacy Rule.
The authorization form tells you that the Privacy Rule may not protect
your personal health information when it is shared with others so that
you are aware of this before you decide to sign the form.
I am not sure if I should sign the authorization.
What happens if I don't sign?
If you don't sign the form, you may not be able to join the research
study. However, your decision to not sign the authorization form won't
affect the regular treatment you receive from your regular doctors, nurses,
or other professionals normally involved in your health care.
I want to let the research team have my personal
health information so I can join the study. How do I give my authorization?
To give your authorization, you need to sign and date the authorization
form. Signing the form means that you give your okay for the research team
to use or share your personal health information for the research study.
Signing the authorization form may also mean that you will give your doctor
or hospital your okay to share your health information with the research
team.
The authorization form might be given to you as a separate form, or it
may be included with the informed consent form you must sign to become
part of the study. In either case, the form will tell you how the research
team or your doctor or hospital may use or share your personal health information
for the study.
Once I have signed the authorization, can I change
my mind and cancel it?
Yes, you may change your mind and cancel your authorization at any time.
How
do I cancel my authorization?
You must cancel your authorization in writing. The authorization form
will give you instructions on where to send the written notice or will
direct you to another place to find this information. Once the research
study team receives your written cancellation, it won't be allowed to collect,
use, or share more personal health information about you except in limited
cases. For example, they may need to use or share this information to make
sure the research study is still reliable, to report when you cancelled
your authorization, or to report any unexpected health problems that started
before you cancelled your authorization.
Will I still be able to stay in the study if I
cancel my authorization?
It's up to the research team to decide if you may stay in the research
study if you cancel your authorization. Many times a research study can
only be helpful if all of the people stay in the study and all of their
information can be used and studied for the entire time of the study.
Can my doctor use my authorization for the research
study as my okay to share my information for marketing?
No. The Privacy Rule does not allow a doctor or another "covered
entity" to use your authorization to use or share your information for
research as an authorization for marketing.
What can I do if I think someone has not protected
my personal health information?
If
you think your privacy rights under the Privacy Rule were violated,
you may complain to the "covered entity" (such as the doctor or hospital
you visit for the research study). You may also complain to the Office
for Civil Rights (OCR). Your complaint must be in writing. To complain
to OCR:
- Send the complaint electronically by email to OCRComplaint@hhs.gov,
or as a letter or fax to the OCR regional office where the possible violation
happened. These regional offices are on the map and chart shown on the
back cover, or you can find them on the OCR website at http://www.hhs.gov/ocr/privacyhowtofile.htm.
- Print and fill out the form found on the above website or send the same
information to the OCR regional office. Name the person or organization you
are complaining about, and describe how you think they didn't follow the Privacy
Rule.
- Send in your complaint within 180 days of when you learned about the possible
violation.
- Make sure that any possible violation happened on or after April 14, 2003,
which is when the Privacy Rule protection started.
For more information on the Privacy Rule and for filing complaints
go to the OCR website: http://www.hhs.gov/ocr/hipaa.
You can also call OCR for free at 1 (800) 368-1019.
NIH Publication Number 05-5613
 |
Region I - CT, ME,
MA, NH, RI, VT
Office for Civil Rights
U.S. Department of Health and Human Services
JFK Federal Building - Room 1875
Boston, MA 02203
(617) 565-1340
(617) 565-1343 (TDD)
(617) 565-3809 FAX
Region II - NJ, NY, PR, VI
Office for Civil Rights
U.S. Department of Health and Human Services
26 Federal Plaza - Suite 3313
New York, NY 10278
(212) 264-3313
(212) 264-2355 (TDD)
(212) 264-3039 FAX
Region III - DE, DC, MD, PA, VA, WV
Office for Civil Rights
U.S. Department of Health and Human Services
150 S. Independence Mall West - Suite 372
Philadelphia, PA 19106-3499
(215) 861-4441
(215) 861-4440 (TDD)
(215) 861-4431 FAX
Region IV - AL, FL, GA, KY, MS, NC, SC, TN
Office for Civil Rights
U.S. Department of Health and Human Services
61 Forsyth Street, SW - Suite 3B70
Atlanta, GA 30323
(404) 562-7886
(404) 331-2867 (TDD)
(404) 562-7881 FAX
Region V - IL, IN, MI, MN, OH, WI
Office for Civil Rights
U.S. Department of Health and Human Services
233 N. Michigan Avenue - Suite 240
Chicago, IL 60601
(312) 886-2359
(312) 353-5693 (TDD)
(312) 886-1807 FAX
|
Region VI - AR, LA,
NM, OK, TX
Office for Civil Rights
U.S. Department of Health and Human Services
1301 Young Street - Suite 1169
Dallas, TX 75202
(214) 767-4056
(214) 767-8940 (TDD)
(214) 767-0432 FAX
Region VII - IA, KS, MO, NE
Office for Civil Rights
U.S. Department of Health and Human Services
601 East 12th Street - Room 248
Kansas City, MO 64106
(816) 426-7278
(816) 426-7065 (TDD)
(816) 426-3686 FAX
Region VIII - CO, MT, ND, SD, UT, WY
Office for Civil Rights
U.S. Department of Health and Human Services
1961 Stout Street - Room 1426
Denver, CO 80294
(303) 844-2024
(303) 844-3439 (TDD)
(303) 844-2025 FAX
Region IX - AZ, CA, HI, NV, AS, GU,The U.S.
Affiliated Pacific Island Jurisdictions
Office for Civil Rights
U.S. Department of Health and Human Services
50 United Nations Plaza - Room 322
San Francisco, CA 94102
(415) 437-8310
(415) 437-8311 (TDD)
(415) 437-8329 FAX
Region X - AK, ID, OR, WA
Office for Civil Rights
U.S. Department of Health and Human Services
2201 Sixth Avenue - Mail Stop RX-11
Seattle, WA 98121
(206) 615-2290
(206) 615-2296 (TDD)
(206) 615-2297 FAX
|
