UI Health Care has not established a Privacy Board as provided for by the Privacy Rule; however, in accordance with §164.512(i)(1)(i)(A) and pursuant to a memorandum dated November 12, 2002, the University of Iowa Institutional Review Board (IRB-01) serves as the Privacy Board for UI Health Care relating to the use/disclosure of Protected Health Information (PHI) in human subjects research. Specifically, the UI IRB serves the following limited Privacy Board functions in the course of its regular review process: 

1. Approval of written authorizations from the subject (or, where appropriate, from the subject’s legally authorized representative) that meet the requirements of 45 CFR §164.508(c) for the use/disclosure of PHI for research; and 
2. Approval of alterations to, or waivers of (in whole or in part), the authorization requirement, and maintenance of documentation of the same. 

For certain human subjects research projects, the UI has designated external IRBs to act as the IRB of record for those particular studies. In those cases, neither IRB review nor Privacy Board functions are performed by a UI IRB-01. Pursuant to a memorandum date April 8, 2014 the UI IRB-01 is authorized to delegate its Privacy Board role on behalf of UI Health Care to an external IRB in the following circumstances: 

1. The external IRB is listed on the UI’s Federal Wide Assurance; 
2. The UI has in place an Institutional Authorization Agreement authorizing the external IRB to act as the IRB of record for certain designated studies; and 
3. The external IRB is accredited by a recognized organization such as the Association for the Accreditation of Human Research Protection Programs (AAHRPP). 

UI Health Care accepts sole responsibility for delegations of Privacy Board functions that meet these requirements, as well as for the performance of those functions by the external IRB to which they have been delegated. 

The National Institutes of Health also offers specific information about the role and responsibilities of Privacy Boards on their website under the section “What Is a Privacy Board and What is its Role under the Privacy Rule?” 

Activities not covered by this authority

The National Institutes of Health offers specific information about the limitations of the IRBs role under the privacy rule on their website under the section “IRB Role under the Privacy Rule”.