Currents in Contemporary Ethics

Abstract

For nearly twenty-five years, federal regulation of privacy issues in research involving human subjects was the primary province of the federal rule for Protection of Human Subjects (Common Rule). As of April 14, 2003, the compliance date for the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA), however, the Common Rule and the Privacy Rule jointly regulate research privacy. Although, in theory, the Privacy Rule is intended to complement the Common Rule, there are several areas in which the rules diverge. In some instances the inconsistencies result in gaps in privacy protection; in other instances the inconsistencies result in added burdens on researchers without additional privacy protections. In all instances, the lack of harmonization of these rules has created confusion, frustration, and misunderstanding by researchers, research subjects, and institutional review boards (IRBs). In this article, I review the major provisions of the Privacy Rule for research, explain the areas in which the Privacy Rule and Common Rule differ, and conclude that the two rules should be revised to promote consistency and maximize privacy protections while minimizing the burdens on research.