Skip Navigation Archive: U.S. Department of Health and Human Services
Archive: Agency for Healthcare Research Quality
Archive print banner

AHCPR to Improve Patient Data Oversight in Research

This information is for reference purposes only. It was current when produced and may now be outdated. Archive material is no longer maintained, and some links may not work. Persons with disabilities having difficulty accessing this information should contact us at: Let us know the nature of the problem, the Web address of what you want, and your contact information.

Please go to for current information.

Press Release Date: November 10, 1999

HHS's Agency for Health Care Policy and Research (AHCPR) today announced it is developing recommendations, or "guiding national principles," for helping institutional review boards and like bodies protect against the disclosure of personal health information in research that could be used to identify individual patients.

The recommendations will help provide guidance to research reviewers as they review research projects using identifiable information and as they implement the Department's privacy regulations mandated by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Proposed regulations for this act were announced by President Clinton on October 29, 1999. Under HIPAA, a final rule is to be issued by February 21, 2000 with a two-year implementation period for most covered entities.

The guiding national principles will be based on a study by the Institute on Medicine of the National Academy of Sciences, which is expected to be completed in the summer of 2000. HHS's Office of the Assistant Secretary for Planning and Evaluation (ASPE) is co-funding the contract with AHCPR.

AHCPR Administrator John M. Eisenberg, M.D., said, "Patient information is the foundation of research for improving the quality of health care that Americans receive. Safeguarding the privacy of this critical resource is paramount."

Institutional review boards (IRBs) are committees formed by universities and other research institutions to review federally funded research projects and research projects funded by other sources at institutions—mostly academic—that voluntarily submit their study applications. These committees possess the authority to approve, disapprove, suspend, or terminate previous approval of such research in order to protect the rights and welfare of human subjects. An IRB approval means the research has been reviewed and may be conducted at an institution within the constraints set forth by the board. However, not enough is known about how IRBs can adequately protect patients from potential harm resulting from the disclosure of personal health information in patient databases used in studies. Furthermore, the ways IRBs review health services research projects may vary.

Dr. Eisenberg said that the recommendations for IRBs and the researchers they oversee will also provide guidance to for-profit and other organizations that use patient databases for marketing research, health benefits management, quality assurance and other analytical purposes. There is currently no federal law requiring privately funded research projects to undergo IRB review to protect the confidentiality of personal health information. However, some privately funded research projects may, in fact, be reviewed by privacy boards convened by the projects' sponsors. The guiding principles and best practices developed under this initiative should provide a basis for identifying how to protect personal health information wherever, and by whomever, it is used for research.

For additional information, please contact: AHCPR Public Affairs, (301) 427-1364—Karen Migdail, (301) 427-1855; IOM Office of News and Public Information, (202) 334-2138.

The information on this page is archived and provided for reference purposes only.


AHRQ Advancing Excellence in Health Care