The Food and Drug Administration (FDA) is an agency of the United States Department of Health and Human Services (HHS). FDA regulations provide for review and monitoring of biomedical research that involves human subjects, by groups known as Institutional Review Boards (IRBs). Institutional Review Boards are required to review and monitor all research that receives federal government funding.

FDA regulations give Institutional Review Boards the authority to approve, require modifications in (so as to secure approval), or disapprove research involving human subjects.  

What Specific Role do Institutional Review Boards Play?

Reviews conducted by Institutional Review Boards assure that ethically appropriate safeguards are implemented to protect human research subjects’ rights and welfare. Reviews are conducted using a group process, through which research protocols are assessed (and, if necessary, modified) to ensure protection of the rights and welfare of human subjects of research.

Research and Protected Health Information

In the course of conducting research, covered entities researchers may obtain, create, use, and/or disclose protected health information or electronic protected health information. Under the HIPAA Privacy Rule, covered entities are permitted to use and disclose protected health information for research with individual authorization, or without individual authorization under limited circumstances set forth in the Privacy Rule. To use or disclose protected health information without authorization by the research participant, a covered entity must follow certain procedures.

Is your organization protected against breaches? Download the free cybersecurity eBook to get tips on how to protect your patient information.

One such procedure involves documented Institutional Review Board approval. Under HIPAA, a covered entity may use or disclose protected health information for research purposes pursuant to a waiver of authorization by an IRB or Privacy Board, provided it has obtained documentation of all of the following:

  • Identification of the Institutional Review Board, and the date on which the waiver of authorization was approved.
  • A statement that the IRB has determined that:
    • The use or disclosure of protected health information involves no more than a minimal risk to the privacy of individuals;
    • The research could not practicably be conducted without the waiver; 
    • The research could not practicably be conducted without access to and use of the protected health information; 
    • A brief description of the protected health information for which use or access has been determined to be necessary by the IRB;
    • A statement that the waiver of authorization has been reviewed and approved under either normal or expedited review procedures; and
    • The signature of the chair or other member, as designated by the chair, of the IRB.

HIPAA and State Privacy Compliance

Satisfy state and federal HIPAA laws with streamlined software.

Global CTAs Image