A:
Yes. A Department of Defense (DOD) Institutional Review Board (IRB) must review the data request prior to accessing the patient records for research purposes. Researchers who work for the Military Health System (MHS) as either an employee or contracted business associate who has a contract that includes services in creating datasets may create the subset of data required for the research project. However, prior to creating the subset of data for research, the DOD IRB must review the research protocol and determine the minimum necessary type of data required for the research project and, if protected health information is required, provide a HIPAA Privacy Rule review that ensures obtaining the relevant documentation necessary for the researcher to access patient records for research purposes.
In addition, if the researcher intends to review patient records to prepare for a clinical research study, such as identifying qualified study participants, the researcher must first get approval from the DOD IRB to access the records for review preparatory to research. If the researcher is an MHS employee or business associate, the researcher may sign Representations for Review Preparatory to Research to conduct the review of records and then contact patients to obtain HIPAA Authorizations to use their records for research. If the researcher is not an MHS employee or business associate, the researcher may sign Representations for Review Preparatory to Research to conduct the review of records but will not be able to contact the patients identified in the review. In this case, the researcher can ask an employee or business associate to obtain the HIPAA Authorizations from patients, or the researcher can obtain a partial Waiver of HIPAA Authorization, which enables the researcher to review the records and contact study participants to obtain a HIPAA Authorization. Finally, if the researcher will not be able to obtain HIPAA Authorizations from study participants, the researcher will need to obtain a full Waiver of Authorization before accessing the patient records for research purposes.