The Health Insurance Portability and Accountability Act (HIPAA) covers a variety of issues including the Privacy Rule concerning patients' Protected Health Information (PHI) and the Security Rule governing patients’ electronic PHI (ePHI). The Office of Compliance provides consultation and training for compliance with HIPAA, and serves as a point of contact for the Emory research community.
Online and in-person HIPAA training courses are available. Please contact the Office of Compliance at (404) 727-2398 or firstname.lastname@example.org for additional information regarding training.
For information and access to online training, click on the Training tab in the toolbar above or on the HIPAA Training tab on the left-side margin.
HIPAA Rules changes that became effective September 23, 2013 included:
- Compound Authorizations
- Authorization of Future Research Use or Disclosure
- Decedents Information
- Sale of Protected Health Information
- Business Associate Agreement- available on the Office of the General Counsel webpage
- Notice of Privacy Practices
Data Transfer Agreements
Data Transfer Agreements (DTAs) are used to transfer human subject data from one institution to another for research purposes. A DTA is a contract between the providing and recipient institutions that governs the legal obligations and restrictions, as well as compliance with applicable laws and regulations, related to the transfer of such data between parties.