Dedicated to providing the latest
HIPAA compliance news

Research Institutions Given Additional 6 Months to Comply with Updated Common Rule

Share this article on:

Updates to the Common Rule – The Federal Policy for the Protection of Human Subjects – that were initially due to come into effect on January 19, 2018 have been delayed by 6 months, giving research organizations more time to comply with the new provisions. The new compliance date is July 19, 2018, although the provision covering cooperative research still has a compliance date of Jan 20, 2020.

Several healthcare organizations, including the American Medical Informatics Association (AMIA), the Associated of American Medical Colleges (AAMC), and the Association of American Universities (AAU), called for the compliance date to be pushed back due to uncertainty surrounding the final rule. A delay would allow institutions additional time to ensure compliance and would allow federal agencies more time to issue guidance to researchers to help them implement the updated regulations.

16 federal departments, including the Department of Health and Human Services, made revisions to the Common Rule. In a notice of proposed Rulemaking, the need for the delay to the compliance date was explained. “Without a delay, and without guidance, institutions that have expected a delay who hastily attempt to implement the revised rule without adequate preparation are bound to make mistakes, the consequences of which may jeopardize the proper conduct of research and the safety and wellbeing of human subjects.”

While the delay will be welcomed by many organizations, those that had already prepared to comply with the new provisions of the Common Rule ahead of the January 19 compliance date will now need to continue with their old policies and procedures for a further six months, which may cause some conflicts.

Changes to the Common Rule

The final rule update to the Common Rule was issued on January 19, 2017 on the last day of the Obama administration. One of the main reasons for the update was since the Common Rule was introduced in 1991, there have been many changes to how research is conducted.

At the time, research was mainly conducted in universities and medical institutions, with studies taking place at a single site. Today, the scale of research studies has increased, they often involve multiple sites, data is now digital, and the research is now more diverse. An update to the Common Rule was therefore long overdue.

The changes will improve privacy protections for research participants. The updated Common Rule is closely with the HIPAA Privacy Rule and introduces further safeguards to protect the privacy of research participants, while also improving the availability of health data for secondary research.

The update sees consent requirements changed to require information about research studies to be detailed on consent forms in language that a reasonable person would understand. The changes also make it possible for broad consent for secondary research to be obtained, which will improve the availability of patient-reported data and biospecimens for research.  The changes will also help research institutions obtain up-to-the-minute data from mobile applications and devices used by patients.

The updates clarify that certain public health surveillance activities are exempt from Common Rule restrictions, which will help with monitoring the spread of disease in the United States. Certain low-risk studies conducted by HIPAA Covered entities will also be exempt.

The HHS has also pointed out that the oversight system will not add an unnecessary administrative burden and the update has introduced greater flexibility to match today’s dynamic research environment.

Comments on the Interim Final Rule are being accepted until March 23, 2018 and guidance to help institutions comply with the Common Rule changes will be released over the coming weeks.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On