Can covered entities continue to disclose adverse event reports that contain protected health information to the Department of Health and Human Services (HHS) Office for Human Research Protections?
Yes. The Office for Human Research Protections is a public health authority under the HIPAA Privacy Rule. Therefore, covered entities can continue to disclose protected health information to report adverse events to the Office for Human Research Protections either with patient authorization as provided at 45 CFR 164.508, or without patient authorization for public health activities as permitted at 45 CFR 164.512(b). v Transition Provision Can researchers continue to access existing databanks or repositories that are maintained by covered entities, even if those databases were created prior to the compliance date without patient permission or without a waiver of informed consent by an Institutional Review Board (IRB)? Yes. Under the HIPAA Privacy Rule, covered entities may use or disclose protected health information from existing databases or repositories for research purposes either with individual authorization as required at 45 CFR 164.508, or with a waiver of individual authorizati
Related Questions
- Can covered entities continue to disclose adverse event reports that contain protected health information to the Department of Health and Human Services (HHS) Office for Human Research Protections?
- May covered entities disclose facially identifiable protected health information, such as name, address, and social security number, for public health purposes?
- May a covered entity use or disclose protected health information for litigation?