The Keuka College IRB Committee is authorized to review, approve, require modifications (to secure approval) or disapprove all Human Subject Research at the College in accordance with all Federal, State or Local regulatory requirements, as well as Institutional policies and procedures.

When Protected Health Information (PHI) is used in research, the researcher must follow HIPAA privacy protections. In research involving PHI, the Keuka College IRB acts as a privacy board (as required by HIPAA) to review the use and/or disclosure of PHI and to determine whether subjects should sign an “Authorization” or if a waiver or alteration of authorization may be granted.

The Keuka College IRB applications include a section that asks whether the study will create or use PHI. If yes, there are two choices: 1) Subjects sign an authorization to release PHI, or 2) researchers request a waiver of this authorization. In some cases a partial waiver or alteration may also be requested.

When the IRB determines that subjects should sign a HIPAA authorization in order to use or disclose PHI for research, researchers must complete--and subjects must sign--the Keuka College HIPAA Authorization for Research as a part of the informed consent process for participation in the study.

It is preferable to obtain subjects’ permission to use protected health information, however HIPAA permits research using PHI without obtaining permission in specific cases. In order to waive HIPAA authorization, the IRB must determine that the study meets the following criteria:

• The use or disclosure of PHI involves no more than minimal risk

• Granting of the waiver will not adversely affect privacy rights and welfare of the individuals whose records will be used

• The project could not practicably be conducted without a waiver

• The project could not practicably be conducted without use of PHI

• The privacy risks are reasonable relative to the anticipated benefits of research

• An adequate plan to protect identifiers from improper use and disclosure is included in the research proposal

• Adequate plan to destroy the identifiers at the earliest opportunity unless there is a health or research justification for retaining identifiers, is included in the research proposal

• The project plan includes adequate written assurances that PHI will not be re-used or disclosed to any other person or entity, except as required by law, for other purposes

• Whenever appropriate, the subjects will be provided with additional pertinent information after participation in the study

Forms for obtaining authorization to release PHI and requesting a waiver of authorization can be found at the page on Forms for Investigators & Reviewers