Forms, Policies & Procedures

Here you will find a repository of forms, policies and procedures related to research at the University of Delaware. This repository draws on sources throughout campus to provide quick and easy access to these resources in a variety of formats, such as html, MSWord and Adobe PDF. We encourage you to explore and use the tools provided to narrow your search by word, resource type or category in order to learn more about the content that governs research at UD.


*NOTE: As of October 2020 Google Chrome changed how it handles file downloads. If you encounter difficulties, right click on the “Download” button/link and select “save link as.” Once selected the file download will be executed and can be saved to the desktop. A second method is to use a different browser.

FILTER BY
RO Forms, Policies, and Procedures Search 2019

Animal Subjects in Research

For Forms, Policies and Procedures pertaining to Animal Subjects in Research and other resources

Click Here

Conflict of Interest
Contracts and Grant Management
Effort Certification
Export Regulations (ITAR/EAR/OFAC)
Human Subjects in Research
Intellectual Property
Internal Funding
Material Transfer
Reporting Misconduct
Research Administration
Research Agreement Templates
Research Development
RO Forms, Policies, and Procedures Search 2019

Forms, Policies and Procedures (5 Policies Entries)
Policy: Research Office
Case Study vs. Research UD Guidance
Policy: Research Office

Case Study vs. Research UD Guidance

Does a Case Report or Case Series Require an IRB Submission?

Review of medical records can constitute human subjects research (HSR) requiring Institutional Review Board (IRB) review and approval. The following is guidance offered in determining when a project involving study of records may be considered HSR by the University of Delaware IRB.

The complete policy and more can be found on the UD Research Office’s web site.

 

Policy Details:

OWNER: Maria Palazuelos

RESPONSIBLE OFFICE: Research Office: UD Research Regulatory Affairs

ORIGINATION DATE: June 1, 2022

Policy Source Email https://research.udel.edu/forms-policies-procedures/?entry=98098

Policy: Research Office
Guide to Intellectual Property
Policy: Research Office

Guide to Intellectual Property

The Ratner Prestia Document gives an overview of the different aspects of patents, trademarks, copyrights, and trade secrets such as how protection is gained, the duration of that protection, who is entitled to the rights, and more.

The complete policy and more can be found on the UD Research Office’s web site.

 

Policy Details:

OWNER: Ratner Prestia

RESPONSIBLE OFFICE: Research Office: UD Research Regulatory Affairs

ORIGINATION DATE: July 20, 2007

Policy Source Email https://research.udel.edu/forms-policies-procedures/?entry=51621

Policy: Research Office
HIPAA Hybrid Statement
Policy: Research Office

HIPAA Hybrid Statement

  1. Introduction
    As with some other research-intensive institutions1 , the University of Delaware (“UD”) recognizes that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is a consumer protection law intended to protect individually identifiable information relating to the physical or mental health of an individual, the provision of health care to the individual, or the payment for the provision of health care to the individual. HIPAA applies to “Covered Entities,” which include health care providers, health plans and health care clearinghouses that conduct specified transactions electronically (“Covered Entities” or each a “Covered Entity”)2 . UD is engaged in both Covered Entity and non-Covered Entity activities. HIPAA allows entities that are engaged in both Covered Entity functions and other activities that are not Covered Entity functions to designate themselves as “Hybrid Entities,” with the result that the HIPAA regulations do not apply to the non-covered functions.

    1For Example, Vanderbilt University (https://ww2.mc.vanderbilt.edu/osp/51235).

    2https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html.

  2. Hybrid Entity Status Assessment
    Based upon an assessment of UD units and a review of HIPAA standards, UD designates itself as a Hybrid Entity under HIPAA. Identification of individuals and entities that are part of the UD Covered Entity (“UDCE”) is complicated by the fact that UD is engaged in multiple covered functions and non-covered functions with a mission that includes education, health care, and research. Workforce members often have multiple roles, both covered and non-covered. Therefore, determination of those entities and individuals who are included in the UDCE is a dynamic and ongoing process that is based upon the data used and/or being disclosed, not based upon any particular overall department mission or activity.

    The UDCE includes health-related research centers, interdisciplinary programs, and University-wide programs. Whether a UD function or individual’s activity on behalf of UD is included in the UDCE is hereafter determined based not upon any particular department or unit, but instead upon the data being used and/or disclosed.

  3. Categories of Data
    The following defined categories of data are critical to the determination of covered functions and activities:

    A. Individually identifiable health information (IIHI) is information collected from an individual that is created or received by a health care provider, employer, plan or clearinghouse and relates to the past, present, or future physical or mental health or condition of an individual; the provision of health

    care to an individual; or the past, present, or future payment for the provision of health care to an individual and identifies the individual, or can reasonably be used to identify the individual.

    B. Protected Health information (PHI) is IIHI that is transmitted or maintained in any form or medium by a covered function within the UDCE. This specifically excludes education records, which are protected by other privacy regulations, and employment records held by UD in its role as an employer. This also excludes research health information (see definition below), which is protected by other regulatory requirements.

    C. Research Health Information (RHI) is IIHI that is used for research purposes but that is not PHI, and thus is NOT subject to the requirements of HIPAA. RHI is IIHI that is created in connection with research activity and is not created in connection with patient care activity. When a researcher is not also functioning as a health care provider, and creates IIHI in connection with pure research activities (no patient care involved) the IIHI is not PHI and is not subject to the privacy and security rules of HIPAA. If a researcher is also a health care provider and IIHI is created in connection with the researcher’s health care provider activities, then the IIHI is PHI subject to HIPAA. IIHI that is created as PHI and is needed for research purposes may be disclosed to a researcher (the same individual healthcare provider who is also a researcher may disclose PHI to herself in her research role) pursuant to the IRB approval process, which includes proper patient authorization or IRB waiver of authorization. After the PHI is properly disclosed to the research setting, the IIHI transferred to the research setting becomes RHI, which is no longer subject to the requirements of HIPAA. In certain cases such as interventional clinical trials it is expected there will be two copies of some IIHI: a copy kept in the patient’s medical record which is PHI and subject to HIPAA, and a copy of the same data kept in the research record which is RHI and not subject to HIPAA.

    D. Key Determinants: The key determinants as to whether or not information is IIHI and not protected by the Privacy Rule or PHI and protected are: 1) the function being performed by the provider or health plan; and 2) the purpose for which an entity or workforce member has received, created or maintained the medical information (e.g., treatment, payment, operations). Record keeping practices are not the determinant. For example, an assessment of fitness for duty generates PHI when the UDCE administers or oversees a test of a UD employee. When the employee authorizes UD, the health care provider, to turn over the information to UD, the employer, it is a part of the employee’s employment record and no longer PHI. It is important to note that in most circumstances (exceptions include workplace injury, illness or medical surveillance) the employee must provide a signed authorization to the UD health care provider to release the information to UD, the employer.

  4. Determining Covered Functions Criteria
    The following criteria are used to determine whether a function or individual workforce member is included in the UDCE:

    A. Health care or health plan use or disclosure: When the use or disclosure of IIHI is carried out in connection with a health care provider or health plan function by UD workforce members, the individual’s health information is defined as PHI, and HIPAA privacy and security regulations apply to those functions and to the workforce members who carry out those functions;

    B. Functions that support health care or health plan: When the use or disclosure of IIHI is carried out by business, financial, legal or administrative functions on behalf of UD’s health care provider and health plan activities, the individual’s information is PHI and the HIPAA privacy and security regulations apply to those functions and to the workforce members who carry out those functions;

    C. Employer and education functions: When the use and disclosure of IIHI is carried out by UD in its capacity as an employer or an educational institution, the information is not PHI and those UD functions are not subject to the privacy or security regulations of HIPAA, but the confidentiality of the individual’s health information is protected by other state and federal law, as well as by UD policy; and

    D. IRB functions: PHI may only be disclosed to a researcher for use in connection with an IRB-approved or exempt protocol and pursuant to a waiver or authorization. When a researcher requests access to PHI that has been created, received or maintained by the UDCE, the Privacy Rule requires that the UDCE receive specific assurances that the PHI will be protected once disclosed to the researcher for use as RHI, and UD must account for certain disclosures as required by the HIPAA regulations. UD’s IRB will function as the Privacy Board as defined by HIPAA.

    E. Examples of UD workforce members who may provide services to covered functions: Workforce members of the following components of UD may provide administrative functions on behalf of the UDCE (use of PHI subject to the requirements of HIPAA) and on behalf of non-covered components of UD (IIHI not subject to the requirements of HIPAA):

  5. Protected Health Information transfer between covered and non-covered componentsA. Patient authorization required: When workforce members who provide services to the UDCE perform services on behalf of non-covered components of UD, these non-covered functions are not part of the UDCE. Workforce members must not disclose PHI to non-covered UD components without the individual or patient’s authorization, or waiver of authorization by the IRB in the case of disclosures for research purposes, as required by the Privacy Rule.

    B. Disclosure between Health Plan and Providers: Workforce members who provide business and finance services to both UDCE providers and UDCE health plans cannot use or disclose PHI between those entities unless it is allowed in the Privacy Rule.

Direct Inquiries to:

Sean Hayes, J.D., Ph.D.
Research Advisor
Institutional Privacy Officer
Email: hayes@udel.edu
Phone: 302-831-7445

OR

Cordell Overby, Sc.D.
Associate Vice President for Research & Regulatory Affairs
Email: overbyc@udel.edu
Phone: 302-831-2383

The complete policy and more can be found on the UD Research Office’s web site.

 

Policy Details:

OWNER: UD Research Regulatory Affairs

RESPONSIBLE OFFICE: Research Office

Policy Source Email https://research.udel.edu/forms-policies-procedures/?entry=51465

Policy: General Counsel
Human Subjects in Research and Research-Related Activities
Policy: General Counsel

Human Subjects in Research and Research-Related Activities

  1. SCOPE OF POLICY
    This policy addresses the University of Delaware (“UD” or “University”) obligation to ensure the protection of the rights and welfare of individuals used as subjects in research-related activities and applies to all University departments, units, faculty, staff and students.
  2. POLICY
    UD bears full responsibility for the performance of all research involving Human Subjects, including complying with federal, state, and local laws as they may relate to such research. In meeting its obligations in this area, the University is guided by the ethical principles set forth in the report of the Ethical Principles and Guidelines for the Protection of Human Subjects of Research (the “Belmont Report”), and adheres to the regulations of Title 45, Part 46 of the Code of Federal Regulations, 45 CFR 46, and the University’s FWA with the U.S. Department of Health and Human Services (and all other requirements from governmental entities with legal jurisdiction oversight) for the protection of Human Subjects in research.

    The UD Provost appoints the Deputy Provost for Research & Scholarship as IO for research involving Human Subjects. The Deputy Provost for Research and Scholarship may appoint the Associate Deputy Provost for Research & Regulatory Affairs to act in the capacity of IO. …

The complete policy and more can be found on the General Counsel’s web site.

 

Policy Details:

OWNER: Provost

SECTION: Research, Sponsored Program, Technology Transfer & Intellectual Property Policies

RESPONSIBLE OFFICE: UD Research Office

POLICY NUMBER (Legacy): 4-Jun

ORIGINATION DATE: April 15, 1975

REVISION DATE(S): June 5, 1989; March 1, 1996; September 1, 2005; January 18, 2008; February 28, 2008; March 16, 2010; July 21, 2015

Policy Source Email https://research.udel.edu/forms-policies-procedures/?entry=51410

Policy: Research Office
Research vs. Quality Assurance / Improvement Guidance
Policy: Research Office

Research vs. Quality Assurance / Improvement Guidance

The Department of Health and Human Services (DHHS), Office of Human Research Protections (OHRP), federal regulations that govern human subjects research (45 CFR 46) requires research with human subjects to be reviewed and approved by an Institutional Review Board (IRB) prior to initiation.

To determine whether a project constitutes research or QA/QI can be challenging. The IRB does not have the authority to retrospectively review a protocol or provide retroactive approval. It is therefore important to determine whether an activity meets the criteria for human subjects research or a QA/QI initiative BEFORE the activity is initiated.

Use this resource for additional guidance.

The complete policy and more can be found on the UD Research Office’s web site.

 

Policy Details:

OWNER: Maria Palazuelos

RESPONSIBLE OFFICE: Research Office: UD Research Regulatory Affairs

ORIGINATION DATE: June 1, 2022

Policy Source Email https://research.udel.edu/forms-policies-procedures/?entry=98100

ASSISTANCE

Compliance Hotline
Phone: (302) 831-2792

UD Research Office
210 Hullihen Hall
Newark, DE 19716
Phone: (302) 831-2136
Fax: (302) 831-2828
Contact us

SUBSCRIBE & CONNECT

From our latest Research Magazine to our latest discoveries, keep in touch with UD Research by signing up for our services below.

Share This