I plan to submit samples to the NINDS Cell and DNA Repository, and I am not part of a covered entity. Does the Privacy Rule apply to me?
If you are not a covered entity and not a workforce member of a covered entity, the Privacy Rule does not apply to you. Therefore, there are no requirements beyond those described in the
Submission of Specimens to the Repository.
I plan to submit samples to the NINDS Cell and DNA Repository, and I am part of a covered entity. What are some of the ways I can disclose donors" health information to the repository and still comply with the Privacy Rule?
You may de-identify a sample by:
(1) Removing the 18 specific elements that can identify an individual (
http://privacyruleandresearch.nih.gov/pdf/HIPAA_Booklet_4-14-2003.pdf), provided that you have no actual knowledge that the remaining information could be used alone or in combination with other information to identify the subject of the information; or
(2) Having a qualified statistician determine and document that the information is de-identified.
NOTE: Coriell does not database or store any of these 18 identifiable specific elements. Therefore, by submitting only the information included on the Clinical Data Elements, you will be compliant with the privacy rule.
The Repository does not require you to submit documentation about compliance with the Privacy Rule. However, if the Authorization is part of the informed consent document, you must still submit an unsigned copy of the informed consent document, as described in General Submission Guidelines.
