HIPAA Security Rule and Research Data
The Health Insurance Portability and Accountability Act (HIPAA) security rule requires that everyone with access to electronic personal health information (ePHI) implement safeguards to protect against inappropriate and unauthorized access to patient health data. As stipulated in HIPAA rules and regulations:
- Protect all ePHI created, received, maintained, or transmitted.
- Ensure that patient data is safeguarded against potential hacking and unauthorized access.
- Partner with HIPAA experts at CWRU to ensure compliance with the requirements of the HIPAA Security Rule.
- Any data sharing solution involving ePHI would fall under the HIPAA Security Rule.
Find out more about the CWRU HIPAA policy
Research Data Repository security:
- As creator of the data, the researcher owns the copyright to it. The copyright holder determines access and reuse of the data.
- It is a best practice to create a rights statement explaining what use others may make of your data.
- Consider a repository that allows an embargo of your data.
- For a set period of time, only metadata about your data will appear
- An embargo note will indicate that the data is not currently available for re-use.
- Permits awareness of your data, so that others will not duplicate your work.
- Allows peers to contact you about your data and its availability.