ARCHIVED: HIPAA for researchers at IU

This content has been archived, and is no longer maintained by Indiana University. Resources linked from this page may no longer be available or reliable.

HIPAA applies (or may apply) to you if your research involves human subjects. From an IT perspective, HIPAA is not a concern if your research data are completely anonymized, i.e., stripped of any ePHI. In general, HIPAA should be a consideration if your research:

  • Touches patients in the context of health care providers, health plans, public health authorities, life insurers and clearinghouses, billing agencies, information system vendors, service organizations, and other universities.
  • Involves human subjects or volunteers in any capacity.

HIPAA applies to covered entities, health care providers, health plans, defined by HIPAA as individual or group plans that provide or pay for health care, including employer plans; and health care clearinghouses. Within IU, HIPAA applies to human subjects research conducted at the Schools of Medicine, Nursing, and Dentistry, and other departments that either provide support functions for IU's health care components (e.g., the IUSM's CIO, UITS Research Computing) or conduct research involving human subjects (such as psychology or business).

For more information, visit these IU Office of Research Administration (ORA) pages:

This is document ayza in the Knowledge Base.
Last modified on 2018-01-18 16:21:25.

Contact us

For help or to comment, email the UITS Support Center.