Additional Submitter Resources

Privacy Rule Frequently Asked Questions

  1. I plan to submit samples to the NINDS Cell and DNA Repository, and I am not part of a covered entity. Does the Privacy Rule apply to me? 

    If you are not a covered entity and not a workforce member of a covered entity, the Privacy Rule does not apply to you. Therefore, there are no requirements beyond those described in the  Submission of Specimens to the Repository.

     

  2. I plan to submit samples to the NINDS Cell and DNA Repository, and I am part of a covered entity. What are some of the ways I can disclose donors" health information to the repository and still comply with the Privacy Rule? 

    You may de-identify a sample by: 
    (1) Removing the 18 specific elements that can identify an individual ( http://privacyruleandresearch.nih.gov/pdf/HIPAA_Booklet_4-14-2003.pdf), provided that you have no actual knowledge that the remaining information could be used alone or in combination with other information to identify the subject of the information; or 
    (2) Having a qualified statistician determine and document that the information is de-identified. 

    NOTE: Coriell does not database or store any of these 18 identifiable specific elements. Therefore, by submitting only the information included on the Clinical Data Elements, you will be compliant with the privacy rule. 

    For a complete discussion of the various ways to use and disclose health information for research under the Privacy Rule, see:  http://privacyruleandresearch.nih.gov/pr_02.asp.

     

  3. If I choose to obtain an Authorization, what information needs to be in the Authorization? 

    Complete information on Authorizations for research uses or disclosures of protected health information and sample Authorization language can be found at  http://privacyruleandresearch.nih.gov/authorization.asp.

     

  4. What documentation does the Repository require? 

    http://privacyruleandresearch.nih.gov/authorization.asp 

    The Repository does not require you to submit documentation about compliance with the Privacy Rule. However, if the Authorization is part of the informed consent document, you must still submit an unsigned copy of the informed consent document, as described in General Submission Guidelines.