If unsure about the particulars of HIPAA research requirements at your organization or if you have questions, you can usually consult with an organizational Institutional Review Board (IRB) or Privacy Board, a designated privacy official (sometimes called a Privacy Officer), or a security official (Security Officer), depending on the specific issue. These entities or individuals are responsible for ensuring HIPAA compliance within the organization and can provide guidance on research use and disclosure of protected health information (PHI) under HIPAA regulations.
The IRB often acts as a Privacy Board under HIPAA and reviews requests for access and use of PHI in research, either by requiring study subject authorization or granting waivers of authorization. Consulting these organizational resources helps clarify HIPAA research requirements and compliance measures.
