Under HIPAA, how does it apply to research data in dental informatics?

• A. Protects PHI; requires de-identification or authorization
• B. Only applies to clinical trials
• C. Requires public posting of all data
• D. Has no bearing on research data in dental informatics

Answer: (A)

HIPAA protects patient health information and governs how that information can be used or disclosed in research. In dental informatics, any data that could identify a patient—treatment notes, diagnoses, imaging linked to an individual, or demographics—counts as PHI and is subject to HIPAA rules. To use PHI for research, you generally have two routes: obtain a patient authorization specifically for the research, or obtain a waiver of authorization from an IRB/Privacy Board that meets the required criteria (such as minimal risk and impracticability). If you don’t use PHI, you can work with de-identified data—removing identifying elements (the Safe Harbor method or through an Expert Determination) so the data no longer fall under HIPAA. Limited data sets with a data use agreement are another option, but still involve restrictions on identifiers. In short, HIPAA applies to research data in dental informatics by protecting PHI and requiring de-identification or authorization to use that information.