HIPAA and financial disclosures in human research

Financial disclosures in research refer to the revelation of financial interests that could influence the study's outcome. These interests include equity interests, intellectual property rights, and service payments. While the HIPAA Privacy Rule primarily governs the confidentiality of PHI, it is relevant in scenarios where financial disclosures could intersect with the use of PHI.

Scenarios where PHI and financial interests intersect

• A researcher receives funding from a pharmaceutical company and uses PHI to study a medication that could impact the company's stock value.
• A researcher with patent rights on a medical device uses PHI to determine the device's efficacy, affecting potential financial returns.
• A researcher consulting for a company uses PHI in research that could affect the company's financial interests.
• An IRB member on the board of a research-sponsoring company has access to PHI that could benefit the company financially.
• A research institution shares PHI with a company in exchange for compensation under a data-sharing agreement.
• A researcher receives royalties from a drug's sales, where research using PHI could influence market success.
• Research staff are given bonuses for participant recruitment, requiring them to access PHI for enrollment.
• A researcher holds stock options in a company, with research findings using PHI potentially affecting the stock's value.

See also: The role of patient consent in research

HIPAA and managing financial disclosures 

For researchers and research institutions

1. Obtain authorization or waiver: Obtain proper authorization from research subjects for using their PHI, or secure a waiver from an Institutional Review Board (IRB) when necessary.
2. Minimize PHI disclosure: Use the minimum necessary PHI when making financial disclosures. If detailed health information is not required for the financial disclosure, avoid using it.
3. De-identify PHI: When possible, de-identify PHI before any financial disclosures are made to reduce the risk of compromising participant privacy.
4. Manage conflicts of interest: Develop a management process that safeguards research subjects' privacy and rights.
5. Secure data: Ensure that all PHI used in financial disclosures is transmitted and stored securely, using encryption and other security measures such as utilizing HIPAA compliant emails to communicate PHI.
6. Consent forms: Ensure that consent forms clearly describe the extent to which PHI may be disclosed for financial purposes and the measures taken to protect it.
7. IRB communication: Maintain clear and open communication with the IRB regarding financial disclosures and the potential impacts on PHI.

For IRBs 

1. Review of privacy safeguards: Ensure that privacy safeguards meet HIPAA standards when reviewing research protocols and related financial disclosures.
2. Assessment of authorization forms: Verify that authorization forms for using PHI in research include all required elements and clearly specify any financial disclosures.
3. Oversight of conflict of interest: Establish procedures to manage financial conflicts of research interest.
4. Evaluation of data protection: Assess the measures in place to protect PHI in the context of any financial disclosures associated with the research.
5. Consent process scrutiny: Ensure that the consent process includes clear communication about any financial interests and the potential use of PHI.
6. Minimization of PHI use: Confirm that only the minimum necessary PHI is used with financial disclosures and research activities.

See also: Does HIPAA apply to Institutional Review Boards?