The Health Insurance Portability and Accountability Act (HIPAA) of 1996 addresses the security and privacy of health data. Research utilizing health-related data is required to be in compliance with the provisions of HIPAA, including The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule). The Privacy Rule covers health plans, health care clearinghouses, and those health care providers who conduct certain financial and administrative transactions electronically. The rule creates national standards to protect individuals’ personal health information, and gives patients increased access to their medical records. In the course of conducting research, researchers may create, use, and/or disclose individually identifiable health information. Under the Privacy Rule, covered entities are permitted to use and disclose such information for research with individual authorization, or without individual authorization, under limited circumstances set forth in the Privacy Rule. Because of certain activities conducted within the institution, Palm Beach Atlantic University may be considered a covered entity under HIPAA.

The Privacy Rule also defines the means by which individuals/human research participants are informed of how medical information about themselves will be used or disclosed and their rights with regard to gaining access to information about themselves when such information is held by covered entities. Where research is concerned, the Privacy Rule protects the privacy of individually identifiable health information, while at the same time, ensuring that researchers continue to have access to medical information necessary to conduct vital research.