Skip to main content

HIPAA in Research


The HIPAA Privacy Rule establishes the conditions under which protected health information (PHI) may be used or disclosed by covered entities (e.g., health care providers, such clinics and other units at FSU), including for example treatment, health care operations, education and even research. HIPAA stands for the Health Insurance Portability and Accountability Act, and the Privacy Rule was enacted pursuant to federal law, Public Law 104-191. Federal regulations were promulgated to implement Public Law 104-191; these regulations are titled "Administrative Data Standards and Related Requirements" and are located at Title 45 of the U.S. Code of Federal Regulations, Parts 160-164.

Generally, the laws were intended to facilitate sharing of PHI among those with a need to know, but also to better protect patient privacy and confidentiality. For instance, the Privacy Rule establishes the means by which individuals must be informed of or authorize uses and disclosures of their PHI for research. In many ways the Privacy Rule adds to existing federal laws for protecting human research participants.

More about the HIPAA Privacy Rule may be found at this federal agency web site. Check out our links below to learn more.

How the HIPAA Privacy Rule Works; Key Definitions

Decision Chart

HIPAA Applies to Research