111.12 Organization Policy on Privacy and Confidentiality
May 2005
It is the policy of the Organization that provisions for protecting the confidentiality of identifiable research data and patient health information must be reviewed by the JHM IRB as required by 45 CFR 46.111(a)(7) and 21 CFR 56.111(a)(7). The IRBs are authorized to ask the investigator to describe plans for protecting subject privacy and data confidentiality. The investigator’s plan must preserve the subject’s right to choose how and when his or her private information will be used, withheld, or disclosed. Potential risks of a breach of the subject’s right to privacy must be disclosed to participants. The IRB may determine additional methods as needed to minimize the risk.
The Organization authorizes the JHM IRB to request that the PI secure a Certificate of Confidentiality to protect research data from legal process.
The JHM IRB must ensure that privacy and confidentiality are protected in accordance with all HIPAA Privacy Rule requirements, Organization policies, and State and local law.