Transition Provisions

Under the HIPAA Privacy Rule, covered entities may use or disclose protected health information from existing databases or repositories for research purposes either with individual authorization as required at 45 CFR 164.508, or with a waiver of individual authorization as permitted at 45 CFR 164.512(i).

Read the full answer

If informed consent or reconsent (ie., asked to sign a revised consent or another informed consent) is obtained from research subjects after the compliance date, the covered entity must obtain individual authorization as required at 45 CFR 164.508 for the use or disclosure of protected health information once the consent obtained before the compliance date is no longer valid for the research.

Read the full answer

There are two deadlines for compliance with the HIPAA Privacy Rule on April 14, 2004:

Read the full answer

Transition Provisions

306-Can researchers access existing databanks or repositories created prior to the compliance date without permission

319-If consent was obtained before the compliance date but the IRB modifies the document is authorization required

494-Were there Privacy Rule compliance deadlines in 2004