HIPAA

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA 

HIPAA regulations are applicable to anyone at Rowan University depending upon their job responsibilities, which includes having direct or indirect access to patients or their health information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains provisions to protect the confidentiality and security of personally-identifiable information that arises in the course of providing health care. Faculty, staff, students and residents must complete the HIPAA basic training and HIPAA and Medical Research training if their study involves access to patients and health information with or without the use of identifiers.

HIPAA and Medical Research

Health Insurance Portability and Accountability Act (HIPAA) Data / Protected Health Information (PHI)

If your research will access and/or use patient HIPAA/PHI data, whether it is from a RowanMedicine clinical practice or external, non-Rowan entity, in a prospective or retrospective chart review IRB study, then HIPAA training must be completed and included in the IRB submission. Certificates for {101 and 109 HIPAA/PHI-for students} and {113 and 109 HIPAA/PHI-for employees} compliance training must be attached in the IRB submission, and the Rowan University Office of Compliance & Corporate Integrity is the office responsible for oversight related to the access and use of RowanMedicine HIPAA/PHI data and information. Any HIPAA/PHI data that will be used for research purposes and coming from a non-Rowan, external institution may require a Data Use Agreement. Access, use, storage and disposal of HIPAA/PHI data governed by a Data Use Agreement between Rowan and the non-Rowan, external institution must be incorporated into the IRB protocol and submission.

Faculty and Staff Training

Faculty and staff can complete HIPAA 113 and 109 training via Healthstream. Certificates, indicating HIPAA training was completed, must be attached to the IRB submission.

Student Training

Student HIPAA 101 and 109 training can be completed via KnowBe4. For student training, the Rowan faculty Principal Investigator(PI) or designee of PI must submit a list of students that will be identified as research personnel in an IRB submission to the Rowan IRT - Information Security Office (ISO). Emails listing the students must be sent to Information Security Office staff Eric Wilson and/or Michael Davie, and Rowan University Office of Compliance & Corporate Integrity staff, Kathy Alburger, should be cced in the email request. Rowan IRT ISO will assign HIPAA training to the students (101 & 109), and the student will be able to use the KnowBe4 application and complete the training. Student certificates, indicating HIPAA training was completed, must be attached to the Rowan IRB submission.

To open a ticket with the Information Security Office you can email ISO@rowan.edu

If 1-5 students need to be added, write the following in the ticket:

Please assign <Name> <Email> (<BannerID>) (Enrollement Year i.e 2022) to KnowBe4 HIPAA OCCI109 training

If there are more than 5 students that need to be added please attach an Excel sheet with the student's information and write the following in the ticket:

Please assign students to KnowBe4 HIPAA OCCI109 training. Attached is an Excel sheet with the student's information.

Links for information and access to training applications are listed below.