HIPAA for researchers at IU

HIPAA applies (or may apply) to you if your research involves human subjects. From an IT perspective, HIPAA is not a concern if your research data are completely anonymized, i.e., stripped of any ePHI. In general, HIPAA should be a consideration if your research:

• Touches patients in the context of health care providers, health plans, public health authorities, life insurers and clearinghouses, billing agencies, information system vendors, service organizations, and other universities.
  
  
• Involves human subjects or volunteers in any capacity.

HIPAA applies to covered entities, health care providers, health plans, defined by HIPAA as individual or group plans that provide or pay for health care, including employer plans; and health care clearinghouses. Within IU, HIPAA applies to human subjects research conducted at the Schools of Medicine, Nursing, and Dentistry, and other departments that either provide support functions for IU's health care components (e.g., the IUSM's CIO, UITS Research Computing) or conduct research involving human subjects (such as psychology or business).

• For general compliance information, visit the Office of Research Administration's Human Subjects.
  
  
• For further information, including IRB requirements for human subjects research as well as contact information, see the Office of Research Administration's Human Subjects/IRB page.
  
  
• See also the Office of Research Administration's Compliance Services.

Comments/Questions/Corrections