THE OFFICE OF RESEARCH

NEW INVESTIGATORS: A QUICK GUIDE TO STARTING YOUR RESEARCH AT UCSF

Table of Contents

Being Responsible - Other Topics:
| Ethical Conduct of Research | Authorship and Publication | Data Management: Research Records |

CONFIDENTIALITY AND PRIVACY

• What types of confidential information would I see as PI?
• Are there any special requirements for collaborations?
• What are my responsibilities?
• What Does HIPAA Have to do With My Research?
• Relevant Policies and Procedures

What types of confidential information would I see as PI?

As a Principal Investigator, you may be asked to review grant proposals, scientific manuscripts, academic reviews of your colleagues. You may also see confidential records of your staff or collect human subjects data.

All of these activities require that you protect names, unpublished data, concepts, private and personal information that may affect publication, intellectual property rights, reputation and privacy. Research activities that require your protection of confidential information include:

Are there any special requirements for collaborations?

For collaborations involving industry, partnerships and other contracts, confidentiality is usually specified in the terms and conditions of the contract negotiated by the Office of Sponsored Research or Office of Technology Management. Discretion is expected with respect to disclosing information that may affect future patents and licensing agreements.

For other types of collaborations, you should work out in advance with your collaborators what types of information may be made public before publication.

What are my responsibilities?

As UCSF faculty, you are expected to practice discretion and maintain the highest level of confidentiality in all aspects of your research. You are expected to comply with all Federal regulations, State laws, and University of California directives to protect the privacy of individuals. This includes staff, UCSF personnel, your colleagues, human research participants and anyone with whom you may have access to confidential information.

What Does HIPAA Have to do With My Research?

Recent federal regulations, the Health Information Portability and Accountability Act (HIPAA), April 14, 2003, specifically mandated that all identifiable health information must be protected from inappropriate or unauthorized disclosure. This information is referred to as “protected health information” (PHI) and is specifically defined by HIPAA for institutions as well as researchers.

As a UCSF researcher and as part of the UCSF workforce, HIPAA regulations require you to protect PHI. As a researcher, HIPAA applies to both medical and basic research, as you must protect all staff, patient, and human subjects information that you may collect as part of your research. As a member of the UCSF workforce, HIPAA applies to all PHI regardless of it’s whether it for a staff member, faculty, research fellows, students, or UCSF patients.

Specific guidance, forms, and training for UCSF is posted at the following websites:

	UCSF HIPAA Implementation (general HIPAA both privacy and security)
	•	UCSF HIPAA Forms (does not include human research forms)
	•	UCSF HIPAA Handbook
	•	UCSF Training Resources (online modules)
	UCSF Committee for Human Research: (CHR)
	•	HIPAA and human research (guidance, forms)
	•	HIPAA research training for investigators and their staff
	•	Informed consent guidance (Section G (2.C.e)
Top of page

Relevant Policies and Procedures

	University of California:
	•	UC Protection of Personal Information policy
	•	UC Guidance on HIPAA
	Federal:
	•	Bioethics Resources on the Web - National Institutes of Health
	•	NIH guides on HIPAA
	•	ORI - Office of Research Integrity (DHHS)