Waiver approved by a Privacy Board or IRB
As rule of thumb, many IRBs are using the minimal risk criteria from Common Rule.
Others in health care organizations are
being guided by use and disclosure.
Use
= within organization = usually minimal risk.
Disclosure outside is held to a higher standard = likely to be
considered more than minimal
A CE is permitted to disclose PHI for research purposes without authorization if
an IRB or Privacy Board has either waived authorization or approved a modified
authorization.
CE may use its own IRB
or Privacy Board or accept the review of some other IRB/PB.
Privacy Board functions much like an IRB with regard to the review of requests
for waivers of authorization.
Role is
to assure that there is legitimate and compelling reason for allowing access
to health information without patients consent
Make up of PB is prescribed in regulation – similar to that of IRB
IRB granting waiver must follow Common Rule plus added privacy criteria using
either full or expedited review.
Waiver of authorization criteria
similar to that already used by IRB to waive informed consent
Some university IRBs have already expressed an unwillingness to take on the dual
role and responsibilities of a privacy board.
Not yet decided at USC, but initial inclination is to serve dual
role.