Find information about IRB requirements for research at IU that involves HIPAA-regulated PHI

To help Indiana University researchers comply with all applicable laws, regulations, and institutional policies, the IU Human Subjects Office (HSO) and the Institutional Review Board (IRB) Executive Committee established standard operating procedures that specify the requirements for research involving protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act (HIPAA). To view these requirements, as well as details regarding the circumstances under which data containing PHI may (and may not) be used or disclosed in connection with research activities at IU, see Guidance on the conduct of human subjects research.

Note:
IU researchers must use Kuali Protocols in One.IU to enter and manage all IRB submissions, including new protocols, renewals, amendments, personnel updates, and reports. To launch Kuali Protocols, log in with your University account. If you do not have one, complete and submit the IU Affiliate Accounts form to have the Human Subjects Office request an Affiliate account on your behalf; the HSO will follow up with additional instructions once your account is created. If you have an IU username but forgot your IU passphrase, see Reset your IU passphrase.

For more about Kuali Protocols, including links to training resources and answers to frequently asked questions, see Submissions to the IRB. For more about preparing to submit a study to the IRB, see Human Subjects and Institutional Review Boards. If you need help, have a question, or want to provide feedback regarding Kuali Protocols, contact IU Kuali Protocols system support.

If you have questions about securing HIPAA-regulated research data at IU, email securemyresearch@iu.edu. SecureMyResearch provides self-service resources and one-on-one consulting to help IU researchers, faculty, and staff meet cybersecurity and compliance requirements for processing, storing, and sharing regulated and unregulated research data; for more, see About SecureMyResearch. To learn more about properly ensuring the safe handling of PHI on UITS systems, see the UITS IT Training video Securing HIPAA Workflows on UITS Systems. To learn about division of responsibilities for securing PHI, see Shared responsibility model for securing PHI on UITS systems.

Related documents

About dedicated file storage services and IT services with storage components appropriate for sensitive institutional data, including research data containing protected health information Your legal responsibilities for protecting data containing protected health information (PHI) when using UITS Research Technologies systems and services UITS Research Technologies systems and services for researchers working with data containing HIPAA-regulated PHI

This is document ayzl in the Knowledge Base.
Last modified on 2023-08-16 13:09:18.