Privacy Rule (cont.)
lEstablishes criminal and civil penalties for improper use or disclosure lEstablishes new requirements for access to records by researchers
l
Before HIPAA, no national standard existed for the protection of a person’s medical information. The Privacy Rule establishes a minimum level (“floor”) of protection nationwide.  HIPAA does not preempt  existing laws but allows the application of more stringent state laws.

Seeks to protect the privacy of individually identifiable health information while ensuring that researchers continue to have access to medical information necessary to conduct research

Before the Privacy Rule, protection of human subjects in research focused primarily on assuring that the research project was performed ethically and that the human subjects participated on the basis of informed consent.

Common Rule and FDA Regulations – supplemented by Privacy Rule