Forms, Policies & Procedures

Here you will find a repository of forms, policies and procedures related to research at the University of Delaware. This repository draws on sources throughout campus to provide quick and easy access to these resources in a variety of formats, such as html, MSWord and Adobe PDF. We encourage you to explore and use the tools provided to narrow your search by word, resource type or category in order to learn more about the content that governs research at UD.
RO Forms, Policies, and Procedures Search 2019

Animal Subjects in Research

For Forms, Policies and Procedures pertaining to Animal Subjects in Research and other resources

Click Here

Conflict of Interest
Contracts and Grant Management
Effort Certification
Export Regulations (ITAR/EAR/OFAC)
Human Subjects in Research
Intellectual Property
Internal Funding
Material Transfer
Reporting Misconduct
Research Administration
Research Agreement Templates
RO Forms, Policies, and Procedures Search 2019
Forms, Policies and Procedures (3 Policies Entries)
Policy: Human Subjects in Research, Intellectual Property
Guide to Intellectual Property

Guide to Intellectual Property

The Ratner Prestia Document gives an overview of the different aspects of patents, trademarks, copyrights, and trade secrets such as how protection is gained, the duration of that protection, who is entitled to the rights, and more.


Policy Details:

OWNER: Ratner Prestia

RESPONSIBLE OFFICE: Research Office: UD Research Regulatory Affairs


Policy Source Email

Policy: Human Subjects in Research
HIPAA Hybrid Statement

HIPAA Hybrid Statement

  1. Introduction
    As with some other research-intensive institutions1 , the University of Delaware (“UD”) recognizes that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is a consumer protection law intended to protect individually identifiable information relating to the physical or mental health of an individual, the provision of health care to the individual, or the payment for the provision of health care to the individual. HIPAA applies to “Covered Entities,” which include health care providers, health plans and health care clearinghouses that conduct specified transactions electronically (“Covered Entities” or each a “Covered Entity”)2 . UD is engaged in both Covered Entity and non-Covered Entity activities. HIPAA allows entities that are engaged in both Covered Entity functions and other activities that are not Covered Entity functions to designate themselves as “Hybrid Entities,” with the result that the HIPAA regulations do not apply to the non-covered functions.

    1For Example, Vanderbilt University (


  2. Hybrid Entity Status Assessment
    Based upon an assessment of UD units and a review of HIPAA standards, UD designates itself as a Hybrid Entity under HIPAA. Identification of individuals and entities that are part of the UD Covered Entity (“UDCE”) is complicated by the fact that UD is engaged in multiple covered functions and non-covered functions with a mission that includes education, health care, and research. Workforce members often have multiple roles, both covered and non-covered. Therefore, determination of those entities and individuals who are included in the UDCE is a dynamic and ongoing process that is based upon the data used and/or being disclosed, not based upon any particular overall department mission or activity.

    The UDCE includes health-related research centers, interdisciplinary programs, and University-wide programs. Whether a UD function or individual’s activity on behalf of UD is included in the UDCE is hereafter determined based not upon any particular department or unit, but instead upon the data being used and/or disclosed.

  3. Categories of Data
    The following defined categories of data are critical to the determination of covered functions and activities:

    A. Individually identifiable health information (IIHI) is information collected from an individual that is created or received by a health care provider, employer, plan or clearinghouse and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health

    care to an individual; or the past, present, or future payment for the provision of health care to an individual and identifies the individual, or can reasonably be used to identify the individual.

    B. Protected Health information (PHI) is IIHI that is transmitted or maintained in any form or medium by a covered function within the UDCE. This specifically excludes education records, which are protected by other privacy regulations, and employment records held by UD in its role as an employer. This also excludes research health information (see definition below), which is protected by other regulatory requirements.

    C. Research Health Information (RHI) is IIHI that is used for research purposes but that is not PHI, and thus is NOT subject to the requirements of HIPAA. RHI is IIHI that is created in connection with research activity and is not created in connection with patient care activity. When a researcher is not also functioning as a health care provider, and creates IIHI in connection with pure research activities (no patient care involved) the IIHI is not PHI and is not subject to the privacy and security rules of HIPAA. If a researcher is also a health care provider and IIHI is created in connection with the researcher’s health care provider activities, then the IIHI is PHI subject to HIPAA. IIHI that is created as PHI and is needed for research purposes may be disclosed to a researcher (the same individual healthcare provider who is also a researcher may disclose PHI to herself in her research role) pursuant to the IRB approval process, which includes proper patient authorization or IRB waiver of authorization. After the PHI is properly disclosed to the research setting, the IIHI transferred to the research setting becomes RHI, which is no longer subject to the requirements of HIPAA. In certain cases such as interventional clinical trials it is expected there will be two copies of some IIHI: a copy kept in the patient’s medical record which is PHI and subject to HIPAA, and a copy of the same data kept in the research record which is RHI and not subject to HIPAA.

    D. Key Determinants: The key determinants as to whether or not information is IIHI and not protected by the Privacy Rule or PHI and protected are: 1) the function being performed by the provider or health plan; and 2) the purpose for which an entity or workforce member has received, created or maintained the medical information (e.g., treatment, payment, operations). Record keeping practices are not the determinant. For example, an assessment of fitness for duty generates PHI when the UDCE administers or oversees a test of a UD employee. When the employee authorizes UD, the health care provider, to turn over the information to UD, the employer, it is a part of the employee’s employment record and no longer PHI. It is important to note that in most circumstances (exceptions include workplace injury, illness or medical surveillance) the employee must provide a signed authorization to the UD health care provider to release the information to UD, the employer.

  4. Determining Covered Functions Criteria
    The following criteria are used to determine whether a function or individual workforce member is included in the UDCE:

    A. Health care or health plan use or disclosure: When the use or disclosure of IIHI is carried out in connection with a health care provider or health plan function by UD workforce members, the individual’s health information is defined as PHI, and HIPAA privacy and security regulations apply to those functions and to the workforce members who carry out those functions;

    B. Functions that support health care or health plan: When the use or disclosure of IIHI is carried out by business, financial, legal or administrative functions on behalf of UD’s health care provider and health plan activities, the individual’s information is PHI and the HIPAA privacy and security regulations apply to those functions and to the workforce members who carry out those functions;

    C. Employer and education functions: When the use and disclosure of IIHI is carried out by UD in its capacity as an employer or an educational institution, the information is not PHI and those UD functions are not subject to the privacy or security regulations of HIPAA, but the confidentiality of the individual’s health information is protected by other state and federal law, as well as by UD policy; and

    D. IRB functions: PHI may only be disclosed to a researcher for use in connection with an IRB-approved or exempt protocol and pursuant to a waiver or authorization. When a researcher requests access to PHI that has been created, received or maintained by the UDCE, the Privacy Rule requires that the UDCE receive specific assurances that the PHI will be protected once disclosed to the researcher for use as RHI, and UD must account for certain disclosures as required by the HIPAA regulations. UD’s IRB will function as the Privacy Board as defined by HIPAA.

    E. Examples of UD workforce members who may provide services to covered functions: Workforce members of the following components of UD may provide administrative functions on behalf of the UDCE (use of PHI subject to the requirements of HIPAA) and on behalf of non-covered components of UD (IIHI not subject to the requirements of HIPAA):

  5. Protected Health Information transfer between covered and non-covered componentsA. Patient authorization required: When workforce members who provide services to the UDCE perform services on behalf of non-covered components of UD, these non-covered functions are not part of the UDCE. Workforce members must not disclose PHI to non-covered UD components without the individual or patient’s authorization, or waiver of authorization by the IRB in the case of disclosures for research purposes, as required by the Privacy Rule.

    B. Disclosure between Health Plan and Providers: Workforce members who provide business and finance services to both UDCE providers and UDCE health plans cannot use or disclose PHI between those entities unless it is allowed in the Privacy Rule.

Direct Inquiries to:

Sean Hayes, J.D., Ph.D.
Research Advisor
Institutional Privacy Officer
Phone: 302-831-7445


Cordell Overby, Sc.D.
Associate Vice President for Research & Regulatory Affairs
Phone: 302-831-2383


Policy Details:

OWNER: UD Research Regulatory Affairs


Policy Source Email

Policy: Human Subjects in Research
Human Subjects in Research and Research-Related Activities

Human Subjects in Research and Research-Related Activities

    This policy addresses the University of Delaware (“UD” or “University”) obligation to ensure the protection of the rights and welfare of individuals used as subjects in research-related activities and applies to all University departments, units, faculty, staff and students.
    1. “Human Subjects” are living individuals about whom a University researcher conducting research-related activities obtains (1) data through intervention or interaction with the individual, or (2) identifiable private information.
    2. A Principal Investigator (“PI”) is the individual designated in a grant or contract to be responsible for ensuring compliance with the academic, scientific, technical, financial and administrative aspects and for day-to-day management of the Sponsored Project (grant or contract) including programmatic reporting.
    3. The Institutional Official (“IO”) is the individual who is legally authorized to act for the institution and, on behalf of the institution, obligates the institution to the University’s Federal Wide Assurance (“FWA”).
    UD bears full responsibility for the performance of all research involving Human Subjects, including complying with federal, state, and local laws as they may relate to such research. In meeting its obligations in this area, the University is guided by the ethical principles set forth in the report of the Ethical Principles and Guidelines for the Protection of Human Subjects of Research (the “Belmont Report”), and adheres to the regulations of Title 45, Part 46 of the Code of Federal Regulations, 45 CFR 46, and the University’s FWA with the U.S. Department of Health and Human Services (and all other requirements from governmental entities with legal jurisdiction oversight) for the protection of Human Subjects in research.

    The UD Provost appoints the Deputy Provost for Research & Scholarship as IO for research involving Human Subjects. The Deputy Provost for Research & Scholarship may appoint the Associate Deputy Provost for Research & Regulatory Affairs to act in the capacity of IO.

    1. The University requires that all projects involving Human Subjects be reviewed and approved by the University’s Institutional Review Board (“IRB”), which is constituted according to the above-referenced regulations, to assure the following:
      1. The risks to Human Subjects are minimized and reasonable in relation to the anticipated benefits to subjects, and the importance of the knowledge that may be reasonably be expected to result;
      2. The rights and welfare of Human Subjects be adequately protected;
      3. The selection of Human Subjects is equitable;
      4. Informed consent be sought and appropriately documented; and
      5. The activity be reviewed at regular intervals.
    2. The IRB has responsibility for the final review and approval of projects involving Human Subjects.
    3. This policy applies to all research involving Human Subjects if one or more of the following apply:
      1. The research is a University-research activity performed under the auspices of a UD agreement, or
      2. The research is conducted by or under the direction of any employee or agent of this University in connection with his or her institutional responsibilities, or
      3. The research is conducted by or under the direction of any employee or agent of this institution using any property or facility of this institution, or
      4. The research involves access to University’s private identifiable information
    4. University PIs planning research projects involving the use of Human Subjects are required to:
      1. Submit to the IRB the plans for anticipated research protocol before beginning the projects and in sufficient time to allow the board to review;
      2. Make clearly evident in the written research plan, or through any further information that may be needed, precisely how the rights and welfare of the Human Subjects are to be protected, how informed consent of Human Subjects is to be obtained, and whether written consent forms are to be used;
      3. During the course of the project, seek IRB approval of any changes to the research protocol prior to their implementation and/or any problems that may significantly alter the original plan;
      4. Report to the IRB any instances of unexpected problems or adverse events involving risks to Human Subjects according to the IRB standard operating procedures;
      5. Ensure all members of the research team complete formal training addressing Human Subject research protections;
      6. Report progress of approved research to the IRB, as often as and in the manner prescribed by the IRB, but no less than once per year; and
      7. Maintain research records in a manner consistent with the requirements of 45 CFR 46 and IRB direction.

      All matters pertaining to research involving Human Subjects must be submitted to the Research Office, which will facilitate obtaining IRB review and concurrence.

      Specific procedures for submitting proposed research to the IRB and for operation of the IRB are available from the Research Office.

Related Links

General Counsel Page for this Policy


Policy Details:

OWNER: Provost

SECTION: Research, Sponsored Program, Technology Transfer & Intellectual Property Policies


POLICY NUMBER (Legacy): 4-Jun

ORIGINATION DATE: April 15, 1975

REVISION DATE(S): June 5, 1989; March 1, 1996; September 1, 2005; January 18, 2008; February 28, 2008; March 16, 2010; July 21, 2015

Policy Source Email


Compliance Hotline
Phone: (302) 831-2792

UD Research Office
210 Hullihen Hall
Newark, DE 19716
Phone: (302) 831-2136
Fax: (302) 831-2828
Contact us


From our latest Research Magazine to our latest discoveries, keep in touch with UD Research by signing up for our services below.

Share This