UAB Policy on Confidentiality of Data
It is UAB policy that research involving human subjects will account for the confidentiality of data. When appropriate in order to approve research, the IRB will determine that there are adequate provisions to protect the confidentiality of research data in accordance with federal regulations at 45 CFR Part 46, 21 CFR Part 56 if applicable, or the regulations of federal agencies (see SUP428 DOEd guidance) and applicable state or local laws and regulations. This standard will apply to initial review, continuing review, and review of modifications of research by the convened IRB or expedited review procedures. (See also: PRO112 Procedure for Confidentiality of Data.)
Investigators will describe in the research protocol the methods of accessing, storing, and safeguarding the data to preserve confidentiality. When research involves activities or information of a particularly sensitive or potentially damaging nature, the IRB is authorized to request that the investigator seek a certificate of confidentiality.
Research involving human subjects is a covered function for UAB designated health care components under HIPAA. Covered research activities will be conducted in accordance with the HIPAA privacy regulations at 45 CFR Parts 160, 164. The IRB is authorized to review proposed authorizations for research to assess whether the standards and specifications for a valid authorization for research at 45 CFR §164.508 are satisfied and to implement the standards for use and disclosure of protected health information for research purposes (i.e., HIPAA waivers of authorization) in accordance with 45 CFR §164.512(i).
Approved on March 1, 2010, by:
Richard B. Marchase, PhD
Vice President for Research and Economic Development
Ferdinand Urthaler, MD
Sheila Deters Moore, CIP