Current policies related to the Duke Health IRB and Human Research Protection Program (HRPP) are located here. View the complete list of policies.The policies are below, and you can search for policies in the following categories:

De-Identification of Protected Health Information

Database, Repository, & Retrospective Research

This policy discusses methods for de-identifying protected health information (PHI) as per the HIPAA Privacy Rule.

Research Databases, Specimen Repositories, and Contact Lists

Database, Repository, & Retrospective Research

The policy describes IRB requirements when investigators use databases and specimen repositories for research purposes.  Databases/specimen repositories require consent and HIPAA authorization by subjects for the storage and potential future research use of their data/specimens, or a waiver of consent and HIPAA authorization by the IRB.  Exemption from IRB review is not an option if the data/specimens retain an identifier or a link that would permit anyone to identify, directly or indirectly, the person whose data/specimens are stored.

Research Using Coded Private Information or Biospecimens

Database, Repository, & Retrospective Research

Research that uses coded specimens or coded identifiable private information, including protected health information, can be determined to be research not involving a human subject, and therefore not subject to IRB review, if the requirements outlined in this policy are met.