Health Insurance Portability and Protection Act for Research (HIPAA)

HIPAA requires a covered entity to enter into a Business Associate Agreement with someone hired by the entity to perform certain tasks involving Protected Health Information (PHI). In the research context that may involve telephone follow ups, database management, web hosting, etc. The Covered Entity is the entity that holds the PHI—i.e. the entity that is disclosing the information in most cases.

If you already have an agreement, it will be necessary to add the Business Associate Addendum.

If this is a new agreement, you must use the Business Associate Agreement. To complete this form, the services the Business Associate (BA) is performing and the PHI may use are to be listed on Schedule A (alternatively, you may list them in Section 3.a and revise it accordingly). The names of the Covered Entity and the Balso need to be added on the first page and the last page. Please contact the legal department if you have further questions.

Following provides frequently used documents if you need to:

• Request a HIPAA waiver
• Access a data set with no HIPAA identifiers
• INTERNAL USE of Limited Data Sets (both forms required): 
  • LIMITED DATA SET to access a data set with dates, city, state, or zip code, but no other HIPAA identifiers
• Data Use Agreement | For Icahn School of Medicine Researchers
• Access the PHI of persons who are deceased
• Access PHI in preparation of research
• EXTERNAL Sharing of Data with Other Institutions: Please refer to the appropriate Federal Demonstration Partnership (FDP) Template
  

Following provides basic authorization forms:

• Instructions to prepare an Authorization (4/8/03)
• A Standalone HIPAA form
• International HIPAA language

• Icahn School of Medicine | NYC Health + Hospitals/Elmhurst reseach subject authorization
• Icahn School of Medicine |NYC Health+ Hospitals/Elmhurst research subject authorization for children
• Icahn School of Medicine |NYC Health + Hospitals/Elmhurst  Authorization to be used when a signature has been waived. To be used when authorization is gotten by telephone

• Icahn School of Medicine | Queens Hospital Center research subject authorization (7/1/04)
• Icahn School of Medicine | Queens Hospital Center research subject authorization for children (7/1/04)
• Icahn School of Medicine | Queens Hospital Center Authorization to be used when a signature has been waived. To be used when authorization is gotten by telephone

• Notice of Privacy Practices|Mount Sinai
• Notice of Privacy Practices|HHC
• Icahn School of Medicine | The Jewish Home and Hospital Lifecare System  (4/22/03) research subject authorization