HIPAA Regulations

In the research context, HIPAA establishes the conditions under which PHI may be created, obtained, used or disclosed by covered entities for research purposes. As defined by HIPAA, the term “covered entity” includes, health care providers who engage in certain financial or administrative transactions electronically. Because the University’s activities include both HIPAA covered and non-covered functions, the University has a status as a “hybrid” HIPAA entity.

• MedStar Health HIPAA information and forms
• NIH HIPAA resources
• Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule

Please note that Georgetown University IRBs and MHRI-GU Oncology IRB act as Privacy Boards for those studies for which it provides IRB oversight at Georgetown University Hospital (GUH) and other MedStar institutions.

If you conduct research at covered entity sites outside MedStar Health, Inc. including GUH, please contact those covered entities directly and provide GU IRB with copies of HIPAA Authorization and/or HIPAA Waivers approved by their Privacy Boards.