PARTNERS HUMAN RESEARCH COMMITTEE

Partners_Logo

 

HIPAA Privacy Rule and Adverse Event Reporting

Federal regulations and existing PHRC/IRB policies require the reporting of adverse events in clinical trials to various entities inside and outside the Partners system. These entities include the PHRC/IRB (and certain institutional officials) at the relevant Partners institutions, the FDA, the NIH or other federal agencies funding the research, the sponsor, and in some circumstances the Office for Human Research Protections. When a Data Safety Monitoring Board (DSMB) is involved in the trial, the researcher must report adverse events to the DSMB as well. The researcher may also under certain circumstances report adverse events to non-Partners' investigators who would in turn report them to their site responsible IRBs (e.g., if the Partners' site is a coordinating center for a multicenter study).

Beginning on April 14, 2003, internal review and external disclosure of identifiable health information in adverse events will also be subject to the requirements of the HIPAA Privacy Rule. Accordingly, Partners will require the following:

  • Investigators must indicate in the consent/authorization form that they may use and disclose subjects' protected health information to assess and report adverse events. The consent/authorization must list the specific categories of entities outside of Partners to which the investigator may disclose adverse event information in connection with the research. See the Partners authorization template for language concerning adverse events.

    In rare cases it may be necessary or advisable to report an adverse event to an outside entity that is in a category not specifically named in the consent/authorization. In such a case the investigator should consult with the PHRC/IRB before doing so. The PHRC/IRB will determine if the disclosure can be made without the subject's authorization or a waiver of authorization. (N.B., if a waiver is required, remember that disclosures made pursuant to a waiver of authorization must be tracked.)

  • When reporting any adverse events to entities outside of the Partners system, investigators should disclose only the minimum amount of protected health information that is necessary to accomplish the required reporting. When it is possible to de-identify individual health information concerning an adverse event, and still meet the goals of reporting, the investigator should make a good faith effort to do so.