HIPAA Regulations

In the research context, HIPAA establishes the conditions under which PHI may be created, obtained, used or disclosed by covered entities for research purposes. As defined by HIPAA, the term “covered entity” includes, health care providers who engage in certain financial or administrative transactions electronically. Because the University’s activities include both HIPAA covered and non-covered functions, the University has a status as a “hybrid” HIPAA entity.

Please note that Georgetown University IRBs and MHRI-GU Oncology IRB act as Privacy Boards for those studies for which it provides IRB oversight at Georgetown University Hospital (GUH) and other MedStar institutions.

If you conduct research at covered entity sites outside MedStar Health, Inc. including GUH, please contact those covered entities directly and provide GU IRB with copies of HIPAA Authorization and/or HIPAA Waivers approved by their Privacy Boards.