SEKESC-IRB HIPAA Data

The Health Insurance Portability and Accountability Act of 1996 (otherwise known as “HIPAA” or the “Privacy Rule”) outlines specific standards and obligations regarding the privacy of certain protected health information (PHI). Since the primary function of SEKESC as an educational institution of Kansas is not to provide health care, SEKESC recognizes itself as a “hybrid entity.” SEKESC voluntarily complies with PHI standards.

PHI consists of information created or received by a health care provider, health plan or health care clearing house that relates to past, present, or future physical or mental health of an individual. It may also include information about health care services or payment for health care services. The Privacy Rule governs PHI in any form: oral, written, or electronic.

If a researcher obtains PHI from a coveted entity (either within or outside of SEKESC,) the subject of the information must have granted permission via a written authorization form, OR one of the following criteria is met:

1. The information is “De-Identified”
2. The information is compiled into a limited data set and a data use agreement is executed
3. The activity qualifies as preparatory to research
4. A waiver of the individual authorization requirement is obtained from the SEKESC-IRB
5. The researcher is accessing information solely on decedents.