Health Insurance Portability and Accountability Act (HIPAA) and the
Experiment Scheduling System
HIPAA addresses the mechanisms that are in place for protecting private patient health information. Many departments simply do not obtain private health information in the normal course of conducting Psychology experiments. If this is the case for your department then the HIPAA regulations may not apply to your research activities or to the activities that the Momentum Experiment Scheduling System helps you monitor. Of course, because each department is unique it is best for members of your department or University to determine if the HIPAA privacy rule will apply to your use of the Momentum Experiment Scheduling System.
It is possible, however, depending on decisions made by your institution, that some or all researchers would be required to comply with the HIPAA privacy rules. This may occur if some part of your institution provides health care even though components of your institution may be involved only in research and may not provide health care. In this case the HIPAA regulations might apply.
In some departments there is a possibility that health information about a participant would be obtained during the course of research and that such information would be affected by the HIPAA regulations. With respect to the Momentum Experiment Scheduling System, this might occur if a person’s credit in a particular experiment would serve to identify them as having a particular health condition, or if a person’s ability or inability to schedule themselves to participate in a particular experiment or experiments indicates that they do or do not meet certain eligibility criteria and such criteria indicate the presence or absence of specific health conditions. These conditions would be met only if the subject pool coordinator in your department chooses to use the features of the Momentum software such as experiment authorization codes, or if they use experiment numbers to code health-related characteristics of the research participants. If you do not use these features, or if you do not use these features to code the type of health information covered by HIPAA then you do not have to be concerned with the manner in which Experimetrix® Inc. maintains your data.
What if HIPAA does apply -- how will MomentumTM help me comply with the HIPAA regulations?
If health related information is included in the data that you choose to include in your Momentum database, or if your institution requires that you comply with the HIPAA privacy rule then Experimetrix® Inc. may be what the HIPAA regulations consider to be a “business associate”. Because we maintain your database for you it is necessary for us to have access to the information contained in the database. As a covered entity your obligation is to obtain a written agreement from us in which we describe the mechanisms that are in place to protect the privacy of the health related information in your database. To be in compliance with HIPAA you must simply decide that the mechanisms and procedures that we describe are reasonable.
Our agreement regarding the treatment of data is as follows:
® Sona Systems, Ltd.
Experimetrix® is a registered trademark of Sona Systems, Ltd.