Here's a roadmap to guide you safely down the rocky recruitment path.
While most of the medical community has effectively carved out HIPAA privacy rule policies, the medical research community continues to hit roadblocks. But you can successfully recruit study participants and comply with HIPAA if you follow our experts' advice.
Getting Started
While once "you would talk to your patients about potential research opportunities and then give colleagues your patients' names, you can't do that easily anymore," says Mark Barnes, a partner in the New York, NY office of Ropes & Gray.
Instead, you must jump through more hoops merely to access the names of potential study participants. Recruiting potential participants was already difficult, so the added burden of the HIPAA regulation has only created more barriers in getting these studies off the ground, explains Bill Sarraille, an attorney at Sidley Austin Brown & Wood in Washington, DC. "Though researchers can't quantify [HIPAA's effect], it's made a bad recruitment situation worse," Sarraille says. This type of problem has forced researchers to call into question both the necessity and the applicability of the regulation in the realm of research.
The Road Map
However, the concerns haven't arisen because researchers don't want to comply with HIPAA. Rather, "most researchers want to do the right thing for their research subjects and want to protect them and their information," clarifies Kim Gunter, a senior consultant at Philadelphia's Pricewaterhouse Coopers.
How to be in compliance isn't set in stone for the research community, experts agree. Yet, in order for the community to move forward and really quantify the effect HIPAA has had on research, there has to be a uniform standard across the board. For now, you "have to craft and document what you're doing in such a way that it can be interpreted that you were in the confines of the rule," Gunter says.
Let's Talk About It
As always, communication is the key. You need to convey what is, and always has been, the rule of research: Participants' privacy is important. "The study coordinator needs to convey the sincere and committed nature of the institution to handling PHI appropriately," Sarraille asserts. The message many participants are receiving is less that their information will be protected than it is "your information may not be protected," he adds.
You also "have to educate the subjects," Barnes reminds. Clear communication and education that enforces researchers' commitment to patient privacy will take the sting out of the paperwork, he says.
"If you give the communication that surrounds these documents short shrift, you run the risk of losing that [participant] and losing the meaning you're trying to convey," Sarraille warns.
The Bottom Line
The overwhelming response to HIPAA from the research community is confusion. That's where most experts are calling on the Department of Health and Human Services to step in. "Everyone has interpreted it differently and there needs to be a clear directive," Gunter expresses.
If the rules are revised to more naturally reflect the research community, or if guidance is issued that clearly defines how the research community should implement the HIPAA regulation, research can go from being a regulatory murky area to possibly thriving, she posits.
Lesson Learned: For now, you must take the time and expense to put potential participants at ease. Through effective communication and education about the privacy rule, you can "improve the sense of security subjects have in their personal health information," and turn medical research into a positive and rewarding experience that benefits all involved, Sarraille predicts.