HyperLink University Pictures
Institutional Review Board

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that was enacted in 1996. The Privacy Rule went into effect on April 14, 2003 requiring researchers to address the privacy of research participants health information. An announcement about the University's HIPAA policies and procedures with regards to research was distributed in a Letter to the Research Community on November 12, 2002.

Regulations implementing the HIPAA privacy rule must be complied with for all health care providers, clearinghouses and third parties who have access to identifiable health information.

HIPAA Privacy Rule Guidance for Researchers

Data Use Agreement

UPMC Honest Broker Certification Policy

HIPAA Research Agreement


  • HIPAA Authorization for Sharing Health Information (Word) (PDF)
  • HIPAA Authorization for Sharing Additional Health Information
    - a sample addendum (Word) (PDF)
  • Sample Research Registry Protocol (Word) (PDF)
  • Sample Research Registry Informed Consent (Word) (PDF)
HIPAA Training Requirements

Frequently Asked Questions (FAQ)