Most HIM departments file by terminal digits, which is the only way to keep files expanding at an even rate. In a terminal digit filing system the last two, three, or four digits of the file number are treated as a single number. Since all numbers in the file are sorted by their ending digits, each section contains approximately the same number of folders, so the file shelves are divided for easy expansion.

A new, free toolkit from AHIMA offers best practices in terminal digit filing. Managers can use the kit to train new or existing staff by having employees review the kit and complete the exercises.

The online version includes five separate appendixes, linked at the end of the brief:

• Appendix A excerpts portions of the HL7 EHR-System Records Management and Evidentiary Support Functional Profile Standard, which can be used to develop proposals for selecting an EHR system or as a checklist to evaluate current applications for basic record management functionality.
• Appendix B lists the various e-signature laws, regulations, and acts that organizations can refer to in developing and implementing e-signature functionality and policy.
• Appendix C outlines a sample e-signature model policy template, including important legal and compliance recommendations.
• Appendix D provides a glossary of terms that organizations can use in their e-signature policies.
• Appendix E provides practice guidance on making amendments, corrections, and deletions in transcribed reports.

Managing e-signatures is complex, but doing it correctly is critical  in supporting an organization’s legal health record. Successfully implementing and using e-signatures requires proper attention to individual system functionality, regulatory requirements, and organizational policy.

Long-term trouble can start during a brief check-in. A rushed or incomplete search of the organization’s MPI can cause clinical registrars to create duplicate patient records or even select the wrong record.

Faulty information entered at check-in streams straight through the system, risking treatment errors and leading to eventual billing problems. Entities that participate in health information exchange will export bad information into their networks.

Error-ridden MPIs also hamper an organization’s ability to understand its patient population and its own performance, both for internal and external reporting. Patient information spread across multiple records can distort measures of patient severity and overall risk of mortality. And correcting errors consumes time.

HIM departments often are the hub of identifying and mitigating registration errors. HIM staff sift through the MPI, merging duplicate records and  separating out information that has been overlaid into the wrong patient account.

But what HIM learns about the types of MPI errors occurring in patient registration may never be shared with that department. Because HIM and registration are typically managed through different departments, there can be an information exchange disconnect between the two areas. If registration staff do not know what they are doing wrong, how can they correct it?

Some facilities have instituted registration improvement programs, which can feature cross-department committees whose purpose is to reduce registration errors and clean up the MPI.

Providing Feedback to Registration

Not only do these registration improvement processes eventually reduce work for HIM, they also give vital feedback to registration staff about how their actions directly impact the medical record and patient care, according to Gwyndle Kravec, MBA, RHIA, CCS, director of HIM and privacy officer at Peninsula Regional Medical Center, based in Salisbury, MD. Peninsula instituted a registration improvement program that has greatly reduced MPI errors.

“I think this program heightens the awareness that this is an issue of data quality and that these [duplicate MPIs] do impact patient safety,” Kravec says. “When you heighten awareness of what the downstream effects are of having a duplicate medical record, then I think [registrars] are more conscientious of what they are doing. They want to get it right.”

Registration improvement programs can be simple or elaborate, depending on what investment a facility feels is appropriate to clean up its MPI and registration processes.

The HIM department at Christiana Care Health System, based in Newark, DE, has worked with the facility’s registration areas for several years to improve registration processes and reduce MPI duplicates and overlays. The initiative is an important part of ensuring health records are complete and accurate, says Kathy Westhafer, RHIA, CHPS, program manager for clinical information.

“We are looking for that MPI to really be the focus of how we identify the patient, that we have one record for the patient within the health system,” Westhafer says.

Each day a team of Christiana Care HIM professionals uses a clinical system tool that identifies possible MPI duplicates and overlays. A notification tool is also available for all staff to report possible duplicate MPI accounts. HIM staff investigates these suggested cases, merging duplicate MPIs or separating out information in overlay cases.

“That team is doing the research and determining if it is a situation where two people were merged inappropriately, in an overlay situation, or if it is really one person that has multiple records,” Westhafer says.

Because each ancillary area at Christiana Care conducts patient registration, duplicate and overlay MPI cases are compiled by HIM and separated by the specific ancillary area where the error occurred. Reports describing the circumstances of the error are circulated monthly to the various registration area managers. The information is used to create better registration processes as well as develop specific education for registration staff, Westhafer says.

Providing feedback to the registration departments is key to the facility’s MPI cleanup efforts. Instead of HIM doing cleanup work solely on the back end, registration now can use the information to improve accuracy on the front end, Westhafer says.

Since Christiana Care started its improvement processes, registration errors have been significantly reduced. A recent audit showed the organization’s MPI duplication rate accounts for fewer than 2 percent of all MPI records, a typical industry benchmark for MPI best practices, Westhafer says.

“We felt really good that the processes that we have put in place over the years seem to have worked,” she says.

Direct Training for Dramatic Results

In other organizations, HIM may have a more hands-on role in registration improvement efforts. At Peninsula, MPI duplication rates were so high that in 2007 the HIM department staff formed a committee and began direct education with registrars.

At that time, Peninsula’s registration staff was not taking enough time to accurately select or create MPI numbers. HIM staff struggled to fix the resulting duplicate accounts being entered into the system each day.

“We were processing 60 duplicates a week,” Kravec recalls. “Some of those were expected as part of our [trauma] registration process, but a majority of them were errors. So we had to get together because [the registration department] were not taking accountability. They were creating the error, and HIM was cleaning it up.”

The resulting committee, made up of representatives from HIM, patient registration, finance, IT, and labs, meets monthly to review duplication creation rates, discuss trends in registration data errors, and create new processes to correct the mistakes. A registrar is also invited to each meeting to discuss how a registration error occurred and how it could be prevented in the future.

Through the program, HIM collects all MPI account duplicates and sends them to the registration department manager. The registration manager uses the information for educational training in the department and monitoring which registrars are habitually creating errors. Under a disciplinary action program, a registrar who creates three duplicate MPI accounts within a rolling one-year time period is terminated from the organization. The policy holds registrars accountable for their mistakes and has helped reduce the number of errors committed, Kravec says.
 
Also, once a month the HIM operational manager will visit the registration department and conduct quality training with the registrars. The manager provides registrars the recent duplicate MPI rates and shares specific examples of recent registration errors that HIM has found. The HIM manager also observes the registrars at work, watching for any shortcuts that could lead to registration errors, Kravec says.

“There were so many errors and missing information in different records that we knew we needed to get something done,” Kravec says. “So we built in this ad-hoc way to do it where the HIM manager goes up [to registration] and does training on a monthly basis and brings true live examples where they registered a patient incorrectly.”

The registration improvement program has drastically reduced the number of MPI account duplicates at Peninsula.

In the first year of the program, MPI duplication rates dropped 23 percent from the previous year. By the end of the second year, rates had dropped 57 percent compared to rates before the improvement program was implemented.

“It is less resources I’m using, and my identity coordinator can certainly use their time doing better things than merging duplicate records,” Kravec says. “It is not just with one system—we have 17 downstream systems that it impacts. We have to coordinate and synchronize these merges so that patient safety is not impacted in a negative way.”

The registration improvement program at Peninsula is vital in keeping the duplication rates under control. It holds people accountable for their actions, Kravec says. “You do betterwhen you think somebody is watching,” she says. “Now if we stopped the program or stopped the [training] on these, I can see these numbers reversing.”

How Registration Errors Occur

The cause of registration errors varies from simple accidents to negligence.

The turnover rate for registration department employees is especially high in many facilities. With new employees regularly starting work, education on proper MPI creation is constantly needed, Westhafer says.

The rush to register patients can also affect error rates. At Peninsula, the emergency department has a policy that patients should be registered within two minutes so treatment is not delayed. Nearly 65 percent of Peninsula’s patients are admitted through the ED.

Registering a patient within two minutes is a lot of pressure, Kravec says, and with both patients and registrars in such a hurry, mistakes can easily be made. 

The most common registration error at Peninsula is misspelling a patient’s name when searching the MPI. Because of this, the MPI duplication committee has asked registrars to confirm at least three unique identifiers in a patient’s record—such as name, Social Security number, and date of birth—before assuming they have found the correct file.

Many registration mistakes can be avoided by requiring registrars to ask patients if they have ever been to the hospital before. “That is very simple, but there were some registrars that never asked that,” Kravec says.

Technological problems are partly to blame for some registration errors at Christiana Care. The facility’s registration system is nearly 20 years old and in dire need of upgrade, Westhafer says. “There are inherent problems with a 20-year-old system in that you are very limited in how you can search [for MPI records],” she says.

The organization has decided to replace the registration system, and Westhafer says staff is looking for a system that makes it easier for registrars to look up MPI records.

One guideline at Christiana Care contributes to duplicate records, intentionally. Registrars are instructed to create a new record if they cannot confirm they have correctly matched a patient to an existing record. “We have told registers, ‘when in doubt—unless you are positive—it is better for you to create a duplicate than it would be to choose somebody incorrectly,’” Westhafer says. HIM staff would rather merge a duplicate record than sort out patient information from an incorrect account, Westhafer explains.

Getting Started

Improvement programs do not need to be elaborate. Merely sharing duplicate creation rates with registration staff can help reduce errors. Registration management can use the rates to help develop new registration procedures, train registrars, and track improvement progress.

Facilities looking to create programs should first track their duplication rates. Identifying specific MPI issues will help organize a response to the problem. Next, they can create a project assessment and determine which facility departments would be affected by a registration improvement program. Contact those parties and invite them to help develop the project, Kravec recommends.

Regardless of how the errors occur, an important part of a registration improvement program is educating registrars about the impact their work has on the rest of the facility. Registration’s impact on patient care is a focal point of the education sessions HIM conducts at Peninsula, Kravec says.

Just educating registrars on the importance of finding the correct patient MPI during registration can have a positive impact on their work.

“Registrars didn’t have the full picture before this program,” Kravec says. “Now they have the full picture.”

The rule also proposes to:

• prohibit health plans from using or disclosing protected health information that is genetic information for underwriting purposes;
• revise the provisions relating to the notice of privacy practices for health plans that perform underwriting;
• make conforming modifications to definitions and other provisions of the privacy rule; and
• make technical corrections to update the definition of “health plan.”

The interim final rule applies GINA’s prohibitions on using and disclosing protected genetic health information for underwriting to all health plans subject to the privacy rule, rather than solely to the plans GINA explicitly requires be subject to the prohibition. It also proposes applying the prohibition on using or disclosing is genetic information for underwriting purposes to all health plans that are covered entities as defined by the HIPAA privacy rule.

CMS will accept public comments for 60 days.

Signed in 2008, GINA protects individuals against discrimination in health coverage or employment based on their genetic information.

Determining appropriate release of a deceased patient’s medical records can be complex. HIPAA, sometimes blamed for denied requests, is rarely cause for a roadblock, however. The federal law does extend a person’s privacy rights into death, but it also explicitly requires facilities to release records to authorized individuals.

The complications typically come when a patient dies without having named a personal representative. In those instances, HIPAA defers to state law to determine access rights.

Though most state laws are sufficiently clear, the hierarchy may be complex, and some situations will still require judgment calls. Facility staff who are unclear on the law may err on the side of caution and refuse access rather than risk violating privacy laws. On the other extreme, they may release records without requesting proper verification or release them rather than upset or anger the requestor.

The best practice, experts say, is to gain knowledge of the law, share it, and request that patients identify their personal representatives during the admission process.

What Did HIPAA Change?

“The problem is a lot of people don’t really understand how HIPAA operates in collaboration with the existing state regulatory framework that they live in…” says Barry Herrin, JD, FACHE, a partner with the Atlanta-based law firm Smith Moore Leatherwood LLP. “HIPAA is not the bad guy here.”

HIPAA did not create a new rule, Herrin says, and in instances where it does prevent someone from accessing patient records, generally speaking, it is reinforcing existing state laws on how deceased patient matters are handled.

HIPAA leaves it up to states to determine who qualifies as a deceased patient’s personal representative-the person who has legal rights to access another’s medical record. This is clear cut when a patient has signed a HIPAA release or named an executor to his or her estate. But when a patient dies without doing either, HIPAA defaults to state law to determine the hierarchy of rights to that person’s estate and health records.

The privacy rule states that people have the same privacy rights in death as they do in life. But it also requires that healthcare facilities must release medical records to those people either appointed by the patient or who are deemed a personal representative by state law. Because of this, Herrin says that HIPAA law can actually help authorized individuals access deceased patient’s medical records.

HIPAA also requires a covered entity to verify the identity of a person requesting protected health information as well as their authority to such access. Just because someone is related to a deceased patient does not mean they have a right to their record. “There is a difference between identity and status,” Herrin says. “You have to verify both.”

Though HIPAA federalized this requirement, the act of authenticating requestors of protected health information was being done in many facilities long before HIPAA was passed. Aurora Healthcare, based in Milwaukee, WI, updated their information release policies to include specific language about verification following HIPAA implementation. But the rule did not change their practices significantly, says Peg Schmidt, RHIA, Aurora’s chief privacy officer.

Varying State Laws

State laws can get complicated regarding who has rights to access or authorize the release of a person’s record after death.

In Utah, pre-HIPAA policy was to follow a hierarchal next-of-kin list regarding who had authorization to a deceased patient’s record. But after HIPAA was implemented, some providers felt they needed clearer direction from the state on whether it was still legal to discuss a deceased patient’s medical care with his or her spouse, says Mary Thomason, MSA, RHIA, CHPS, CISSP, privacy compliance consultant with Intermountain Healthcare, based in Salt Lake City. Because of this, Utah legislators passed specific state laws to define exactly who qualifies as the personal representative of a deceased patient.

The executor has first rights to the patient’s records. But if no executor was named, the patient’s spouse or adult child can become the deceased’s personal representative. Proving status as a personal representative requires that a person must receive a letter of appointment from a probate court.

Even though the law is relatively clear, Thomason’s facility has had to deny records requests in the past and deal with disputes. A common dispute occurs when adult siblings want to deny record access to brothers and sisters. “In that case we basically say, ‘Hey, we are not the court. Go back to the probate court and find out who gets the letter of appointment to represent the estate, and that is the person we will deal with,’” Thomason says.

The situation in Wisconsin is more complicated. In Wisconsin, different laws govern the release of records for behavioral health records and general medical records.

With behavioral health records, access rights first go to the executor of the estate. If there is no executor, the patient’s spouse has sole rights of access. If there is no spouse or executor, a “responsible member of the patient’s family” comes next, Schmidt explains.

With the general record, the patient’s personal representative and spouse or domestic partner share access rights equally. “None is higher than the other, none can cancel out the other’s authority,” Schmidt says. If those individuals do not exist, then the personal representative is defined as any adult member of the deceased patient’s immediate family, such as children, parents, grandchildren, siblings, and even spouses of siblings.

All share equal rights to the record. Discretion is left up to the healthcare staff handling the request to decide if record requestors meet state law requirements as a personal representative. No one official document is required for access.

Common Disputes

With so many people authorized to access the record in Wisconsin, verification issues can arise. At Aurora Healthcare, the burden of proof lies with the requestor. Providing that proof is not always easy, and it can lead to people being denied access.

“The verification of some of these situations becomes a little difficult,” Schmidt says. “They have to prove their relationship to the deceased, and that is not always easy for them to do.”

A spouse can present a marriage certificate, but brothers and sisters lack comparable documents that show their relationship to the deceased. “They have to be able to just prove their standing in the family and their relationship to that person any way that they feel they can,” she says. It is up to staff to decide whether someone has provided adequate proof that they are authorized to access a deceased patient’s record.

“These are just things that you do to the best of your ability,” Schmidt says. “You are always looking for that comfort feeling of ‘this feels right’ or ‘this doesn’t.’ And sometimes that is all you are left with.”

Wisconsin state law leaves the potential that legally authorized individuals could be denied deceased patients health records due to their inability to prove their authorization. However, Schmidt says the law has worked well at her facility, and she hasn’t encountered many problems with verification.

People become upset when they feel entitled to the patient’s medical record even though state law blocks their access, Thomason says. In most state law, a healthcare agent for a patient loses authority after the patient dies. If that agent was not named as an executor to the deceased patient’s estate, and is not related to the deceased, then that person is denied access, even though they most likely would feel entitled to the records.

Another common situation occurs when a patient dies and the spouse breaks all contact with the deceased’s immediate family, Schmidt says. The deceased’s siblings would not have authorization to access the records because the spouse holds all rights of access. “If the spouse really has moved on, the immediate family probably feels they have a right to that patient’s record, and technically they do not,” Schmidt says. “Those situations get hard.”

In July Wisconsin legislators amended state confidentially laws to allow domestic partners the same authority over a patient’s records as a spouse. However, the change was only for general records, and it did not affect laws governing behavioral health medical records-an oversight Schmidt says could lead to some problems.

But the change will still help with a number of situations. “Somebody who took care of someone for 20 years and suddenly loses all authority, and the family steps in and kicks them out,” she says, “we have seen that. So I think it will help some people.”

Preventing Ambiguity

The most direct way for facilities to prevent record access disputes is to require patients to sign release of information authorizations or name their personal representative upon their admittance, Herrin says. Many healthcare facilities only ask patients for the name of someone they can contact in an emergency or the person who is the responsible party on their account. These questions do not identify who may legally access their medical records.

If a patient has not declared an executor or personal representative, Herrin recommends that a patient advocate or other staff member assist in filling out the proper paper work. A HIPAA authorization form specifically identifies who can access their medical records before and after their death. This form should be filled out during or just after patient registration.

Federal law requires hospitals to ask admitted patients if they have an advance directive. Many facilities merely ask patients if they have an executor of their estate or have assigned a durable power of attorney, but they do not collect the actual advance directive documents, Herrin says. Requiring that these documents be included in the medical record on the front end can save hours of arguing if disputes arise later.

“It is that kind of preparation that HIPAA specifically allowed that people are not taking advantage of,” Herrin says. “They are treating HIPAA as a shield, instead of a sword.”

Best Practices

Unless state law dictates otherwise, healthcare facilities should require that requesters present a court-authorized document showing they have authority to see the record. A hospital is not a court, and staff should not have the responsibly of determining who has first authorization rights.

“Why should the hospital spend all its time and resources hiring a lawyer to fight this fight [between people over records],” Herrin says. “Just tell them, ‘Look, whatever court of whatever county handles disputes about who is in charge. You all go fight about it there and tell me who won.’”

HIM professionals in general err on the conservative side when releasing medical information, Schmidt says. “We are trying to err on protecting that person’s privacy, and [we] just try to make that judgment call thinking in terms of the best interest of the patient as a human being,” she says.

There are varying reasons why patients may not want family members to access their records after death. A common reason for privacy, Herrin says, is when a person is dying from a “catastrophic disease” such as HIV and does not want family members or others to know. The patient deliberately shielded his or her health information from them while alive, and that decision must be protected after death. Release of information staff should not be tempted to simply release a record rather than deal with irate requestors, Herrin says.

“If it is your medical information or your mother’s, and something happens to you or her, do you want everybody in your family poking around in that stuff?” Herrin says. “If the answer to that question is no, then you can’t be mad at HIPAA for making a person go and become the personal representative of a deceased patient’s estate. Because that is precisely what it is intended to do-to stop people from poking around in your stuff.”

Thomason can see how facilities that do not have ample access to legal council could restrict their policies rather than break the law by issuing records to an unauthorized person. But ignorance of the law is not an excuse, she says.

HIM professionals responding to a release of information request have a duty to explain why a record request is denied, Schmidt says. Aurora Healthcare keeps the state’s hierarchical chart of authority on hand for staff to reference. Facilities can also keep a sample copy of a valid court document to show requestors how to become a personal representative or executor, Thomason says.

“Part of our role is to educate the requestor on the true facts of why they can or can’t [access the record] or what the rules are,” Schmidt says. “I would sure hope we never see someone just give an outright ‘Well, it is HIPAA.’ Because that is never really the answer, directly.”

 The “Recovery Audit Contractor (RAC) Toolkit” includes background on the program and an overview of the process, including what entities are eligible to be audited, the basis for the audits, and the type of audits. It also includes appendixes providing:

• A preparation checklist
• The hierarchy of authority samples
• A sample of the RAC coordinator job description
• A sample of a RAC policy and procedure
• A RAC record extension request sample
• How to develop a RAC education program
• A presentation sample
• RAC acronyms
• A RAC determination response
• The appeal process workflow
• The Medicare appeals process
• Sample appeal letters
• An appeals submission checklist

The kit was developed by AHIMA’s Recovery Audit Contractors (RACs) Workgroup, a subgroup of the Clinical Terminology and Classification Practice Council. It is available free of charge.

AHIMA offers additional toolkits online, including “Copy Functionality Toolkit,” which can help HIM professionals and their organizations develop policies and procedures to allow for the review, audit, and testing surrounding this functionality. The “Health Information Exchange (HIE) Resource Toolkit” outlines the HIM issues in health information exchange, as well as useful Web sites that HIM professionals can reference in preparing for HIE.

Look for two more toolkits on amendments to transcribed reports and amendments for EHRs, which will be released in August.

* * *

As healthcare expenses continue to erode household, government, and provider budgets, the industry needs better methods to reduce the cost of care. One tool that can increase efficiency and value is a change management technique called lean thinking.

Lean thinking is based on the Toyota Production Model and is built upon five steps to identify and eliminate waste: value, value stream, flow, pull, and perfection. The ultimate goal of lean thinking as applied to healthcare is to provide services and products that add value to the patient by improving care in the most efficient manner possible.

Lean thinking can also be used to implement technology within healthcare. A leading reason why so many health IT projects fail is because organizations do not perform a workflow analysis.

Workflow analysis examines how current processes are performed and then reengineers those processes to make them more efficient. When health IT is overlaid on efficient processes, chances are greater that healthcare professionals will adopt and use it on a daily basis.

Watch, Assess, Reengineer

At East Carolina University we use a video simulation of a patient transfer to teach health services and health information students how to use lean thinking to perform workflow analysis. The simulation was created by the College of Nursing’s Video Simulation Laboratory and produced by a former emergency room nurse and a former director of a neonatal intensive care unit.

The simulation depicts an infant undergoing a Norwood procedure and the subsequent transfer of the infant from the surgical theater to a neonatal intensive care unit. Throughout the whole process, the nurses and medical and nursing students in the simulation make errors; for example, they contaminate the sterile field and fail to perform a proper SBAR. It is up to the health services and health information students watching the video to detect the errors and reengineer the transfer process to eliminate them.

Students use each step in the lean thinking model to create what is known as a future state. The future state represents how the process will be carried out once appropriate changes have been made. Students also consider how health IT can be used to record important patient health information and make the transfer process flow more efficiently.

The video simulation serves two main purposes. First, it provides students with a visual depiction of a clinical process and the ways a process can be performed incorrectly. This provides students with a mental picture of the process, which allows them to manipulate the process in their minds and think of ways to improve the process.

Second, the video simulation allows students to work with the techniques associated with lean thinking and workflow analysis in a nonthreatening and safe environment. No one will die if the students don’t get the transfer correct the first time.

In particular, Sebelius singled out unequal care. AHRQ’s “2008 National Healthcare Disparities Report,” she told the House Ways and Means Committee, “highlights that severe and pervasive disparities continue to persist in this county. Minority patients still receive disproportionately poor care compared to their Caucasian neighbor.”

Solving healthcare disparities is complicated by a lack of comprehensive data about its prevalence.

Last month in the Journal, Jennifer Hornung Garvin and coauthors wrote, “At the heart of … efforts to develop effective strategies to address healthcare disparities is the need for accurate and complete data. However, data describing racial, ethnic, language, cultural, and socioeconomic characteristics are frequently inaccurate, incomplete, and lacking in detail in the healthcare setting. Sometimes they are not collected at all.”

Addressing healthcare disparities, the authors stress, “requires that providers capture better data about race, ethnicity, and socioeconomic status, an effort complicated by the sensitive nature of the data and the challenges of categorizing them appropriately.” They point to several data sets that providers can adopt to improve their collection of this so-called equity data in support of efforts to create equal care for all.

See “Data Collection and Reporting for Healthcare Disparities” in the April 2008 issue.

The May practice brief “Sanction Guidelines for Privacy and Security Breaches” offers recommendations for the internal application of sanctions related to information privacy and security breaches for healthcare organizations that manage or service protected health information or individually identifiable health information.

The brief includes a sample sanctions determination document that organizations can customize for their investigations and trending. Each incident requires appropriate investigation along with managerial discretion to declare a misdeed.

“No two healthcare organizations will approach sanctioning and enforcement for privacy and security breaches in exactly the same way,” the authors write. “Each healthcare organization needs to show a demonstrated, consistent ability to deal with privacy and security issues in its own way to ensure consumer trust. Inherent to privacy and security professional roles is a firm leadership commitment to consistent policy and enforcement and sanction application for noncompliance.”

“Guidance on the Genetic Information Nondiscrimination Act: Implications for Investigators and Institutional Review Boards” provides background on protections provided by GINA and discusses GINA’s impact on investigators who conduct genetic research and the institutional review boards that review it, particularly on criteria for IRB approval of research and the requirements for obtaining informed consent under the HHS regulations for the protection of human subjects (45 CFR part 46).

Final GINA regulations are expected in May.

To review GINA’s provisions, see the July 2008 “Word from Washington” column “Getting to Know GINA.”