2013 Webinar: PRIMR's Primer on the HIPAA/HITECH Act Omnibus Final Rule

Webinar Archives - Members  Webinar Archives - Non-Members


The new Health Insurance Portability and Accountability Act (HIPAA) Rule is here. On January 25, 2013, the U.S. Department of Health and Human Services published a final rule (78 F.R. 5566) to implement the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act and to make other modifications to the HIPAA administrative simplification regulations. These regulations go into effect March 26, 2013. For institutional review boards (IRBs), this will mean significant discretion to make far reaching decisions.

This webinar focused on the following points of the Final Rule that are of particular relevance to IRBs and human research protection programs (HRPPs) at HIPAA covered entities:

  • An overview of the major changes of the new rule, including the relevant regulatory background and effective and compliance dates
  • The new rule changes the current prohibition of “compound authorizations” (combining an authorization for the use and disclosure of protected health information with any other legal permission). This part of the presentation will address the difference between conditioned and unconditioned authorizations, current prohibition against combining them into a single form, and the changes in the new rule to permit the use of a single form. Discussion will also include flexibility in implementation and implications for revocation of authorization.
  • The new rule permits authorizations for the use and disclosure of protected health information (PHI) for future research purposes beyond a specific study. Discussion will focus on the changes in the new rule to permit authorizations for future research as well as the relationship between authorization for future research and compound authorization.
  • There are additional issues that may have immediate or indirect impact on the work of IRBs, and this final part of the program will focus on the definition of PHI (to explicitly include genetic information and exclude the health information of certain decedents), limited research exception for sale of PHI, access to PHI in electronic format, and the definition of a Breach.


This intermediate-level webinar wasof interest to individuals working within HRPPs and IRBs at HIPAA “covered entities."


Emily Chi Fogler, JD
Emily Chi Fogler is senior legal counsel in the Office of General Counsel at Partners HealthCare System (Boston, MA), which includes Massachusetts General Hospital and Brigham and Women’s Hospital.  At Partners, she has been practicing for over ten years in the areas of human subject research, IRB, and HIPAA-related research matters, including issues arising in industry-sponsored clinical trials and in health care quality measurement and other data-sharing initiatives.  Previously, she was an associate at Ropes & Gray LLP, and a law clerk to the Hon. Patti B. Saris of the U.S. District Court for the District of Massachusetts.  Ms. Fogler is a graduate of Harvard Law School, where she was an executive editor of the Harvard Law Review.

Jennifer S. Geetter, JD
Jennifer S. Geetter is a partner in the law firm of McDermott Will & Emery LLP. Jennifer is a frequent speaker and author on areas within her practice, including life sciences and biomedical innovation, financial relationships and aggregate spend, data sharing strategies and data privacy and security. Jennifer routinely advises global life sciences and health care clients on legal issues attendant to biomedical innovation. Jennifer advises life sciences companies on best practices in financial relationship management, including advice on state and federal Sunshine Law initiatives. A leader in the firm’s data sharing practice, Jennifer works with global clients on development and implementing data sharing strategies and platforms. She chairs the Pro Bono and Community Service Committee for the Washington, D.C., office, and has received the firm's Outstanding Achievement Award for Commitment to Pro Bono and Service to the Community in 2004. Jennifer is admitted to practice in Massachusetts, New York and Washington, D.C.  She is a member of the Firm’s data affinity working group, life sciences and personalized medicine affinity groups, and the Israeli practice group. Jennifer has maintained an academic faculty appointment since 2009 and is currently an adjunct professor at Georgetown University School of Law. Jennifer received her JD (cum laude) from Harvard Law School, and her BA (magna cum laude) from Columbia College.

P. Pearl O’Rourke, MD
Pearl O'Rourke is the Director of Human Research Affairs at Partners HealthCare Systems in Boston and an Associate Professor of Pediatrics at Harvard Medical School.  As the Director of Human Research Affairs, she is responsible for the systems that support the regulatory and ethical oversight of human research and the responsible conduct of research.  Dr. O’Rourke is the past chair of PRIM&R’s Board of Directors, and has been a speaker at a number of PRIM&R meetings, addressing topics such as privacy, human embryonic stem cells, and the reporting of serious adverse events.  She is also Chair of Partners Healthcare System’s newly formed ESCRO Committee. Dr. O’Rourke has worked as a pediatric critical care physician at Children's Hospital, Boston and at the Children's Hospital, University of Washington in Seattle where she was the Director of the Pediatric Intensive Care Unit.  Additionally, in Seattle, she served many years as a member of the IRB.  Dr. O’Rourke has also been involved in international medical care, serving in China and Indonesia with Project HOPE.  In 1995-1996, she did a Robert Wood Johnson Health Policy fellowship and worked for Senator Edward Kennedy (Democrat-MA) as a member of the Labor Committee Staff.  Following this fellowship, she became the Deputy Director of the Office of Science Policy in the Office of the Director at the NIH where she worked on issues such as privacy, gene therapy (transfer) embryonic stem cells, and genetic discrimination.

Certificates of Attendance

Certificates of Attendance for the PRIM&R’s Primer on the HIPAA/HITECH Act Omnibus Final Rule webinar were made available at the conclusion of the webinar.  To access the certificate, you must first complete the online evaluation. Such certificates are useful for obtaining continuing education (CE) credits (not Continuing Medical Education credits) from professional associations. Note that guidelines concerning CE credits may differ, and you should consult the appropriate professional association representative for further guidance.

CE Credit for Certified IRB Professional (CIP®) Recertification
Webinar participants holding the CIP credential who wish to apply credits from PRIM&R’s Primer on the HIPAA/HITECH Act Omnibus Final Rule toward CIP recertification may submit the Certificate of Attendance they received upon completing the online evaluation as documentation of their participation. Participation in this 90-minute webinar counts as 1.5 CE credit hours.

For recertification by CE, CIPs must complete 30 documented hours of continuing education. At least 15 of the 30 hours must either carry credits issued by a recognized accrediting body or have received advanced recognition from the Council for Certification of IRB Professionals (CCIP). Credits from PRIM&R webinars have received such advance recognition, and may be counted towards these 15 hours.

Additional information about CIP recertification can be found here.