The HIPAA Privacy Rule is a set of federal regulations providing protections for the confidentiality of health information used in clinical practice, research, and the operations of health care facilities. The purpose of the Privacy Rule is to ensure that health information confidentiality risks are minimized. If your study falls under HIPAA, you may need to obtain authorization from participants to use or access their protected health information (see Writing a HIPAA Authorization Form). For information on waivers of authorization and other HIPAA information related to submission of IRB applications, see HIPAA Processes & Documentation.

While the IRB serves as the HIPAA privacy board for UW-Madison, the Office of Compliance is responsible for HIPAA policy and oversight. For additional guidance on HIPAA and its application to human research – including training requirements – please review the Office of Compliance HIPAA website.