BOX 4-3 IRBs and Privacy Boards

Institutional Review Boards (IRBs) and Privacy Boards have different scopes of review. The Common Rule requires IRBs to review research projects involving human subjects for risk of harm to the subjects and to ensure that the appropriate process of informed consent is followed for all research participants. The Privacy Rule added to IRBs’ jurisdiction by giving them the responsibility of granting waivers of authorization. In contrast, Privacy Boards did not exist under the Common Rule. Privacy Boards were created by the Privacy Rule and only have authority to review applications for waivers of authorization.

The Privacy Rule did not change the IRB membership requirements from the Common Rule (see also Box 3-3). Privacy Boards have similar membership requirements to IRBs, and must be made up of members with varying backgrounds and have appropriate professional competency to review the research protocol. There must be one member who is not affiliated with any entity conducting or sponsoring the research project and not related to any person who is affiliated with any of these entities. Also, all members with conflicts of interest must be removed.

SOURCE: 45 C.F.R. § 164.512(i)(1)(i)(A) and (B) (2006).

From: 4, HIPAA, the Privacy Rule, and Its Application to Health Research

Cover of Beyond the HIPAA Privacy Rule
Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research.
Institute of Medicine (US) Committee on Health Research and the Privacy of Health Information: The HIPAA Privacy Rule; Nass SJ, Levit LA, Gostin LO, editors.
Washington (DC): National Academies Press (US); 2009.
Copyright © 2009, National Academy of Sciences.

NCBI Bookshelf. A service of the National Library of Medicine, National Institutes of Health.