Challenge Area (02) Ethics and specific Challenge Topic 02-OD(OSP)-101, Unique Ethical Issues Posed by Emerging Technologies. The Privacy Rule adopted by the Department of Health and Human Services under the Health Insurance Portability and Accountability Act imposes significant restrictions on health research. Those restrictions are magnified by the Privacy Rule's inconsistencies with the Common Rule. To address these restrictions, the Institute of Medicine convened the Committee on Health Research and the Privacy of Health Information, which in February 2009 issued its final report. The report reached two broad conclusions: "the HIPAA Privacy Rule does not protect privacy as well as it should" and "as currently implemented, the HIPAA Privacy Rule impedes important health research." While the burden placed on health research by the Privacy Rule is considerable today, it will only become more acute as research becomes even more information-based, especially through genomic research. To address these critical issues, the IOM committee recommended "first and foremost" that Congress should authorize HHS to develop "a new approach in protecting privacy in health research" that would "exempt health research from the HIPAA Privacy Rule." The committee outlined the broad contours of this bold new approach, but left it to other bodies, better constituted for the purpose, to develop the details. That is the focus of this proposal. This proposal assembles a blue-ribbon panel of experts in medical research, privacy, law, ethics, and patient advocacy to flesh out the IOM's innovative proposal and to provide the details necessary for its practical consideration. Specifically, the panel would address five broad elements highlighted by the IOM committee's report: 1. The meaning of "strong security safeguards";2. The ethical and technical dimensions of conducting research with deidentified PHI under the Common Rule without first obtaining individual consent;3. The use of PHI for multi-center research and practical measures for making data broadly available for research, both domestically and internationally;4. The regulatory framework necessary to achieve the high degree of privacy protection promised by the IOM committee report;and 5. Oversight mechanisms to facilitate efficient and effective compliance. In each of these areas, the panel would draw on existing research, the members'extensive experience, and other input to develop specific, detailed, practical proposals. These would, in turn, be vetted not only among the diverse membership of the panel, but also with key constituencies, including patient advocates, privacy advocates, health researchers, treatment and research facility administrators, IRB staff, attorneys and legal scholars, and ethicists. The project would have three primary deliverables. It would result in: 1. A more fully developed version of the IOM's primary recommendation: a new approach that would enhance both privacy and research by moving away from HIPAA's reliance on narrow, bureaucratic measures. This deliverable could serve as the basis for legislation or regulation. It would be clear, principle-based, and pragmatic, and would address in detail the five sets of issues raised by the committee and identified above. 2. A written explanation of its recommendations-a legislative history that would summarize the existing research, highlight the key policy choices, and identify why the panel made the specific recommendations that it did. 3. A process of socialization of the IOM committee's recommendation and the panel's further development of it. No endorsement would be sought, and there would be no lobbying of administrative or legislative officials, but rather a concerted effort to expand the discussion and lay the groundwork for action. The proposed project advances efficient and effective health research, and ultimately the quality of health care provided to the public, by removing unnecessary barriers to that research created by inappropriate and inconsistent privacy regulations. Moreover, it advances the ethical quality of research and public support for health research by providing improved, ethically sound protection for individual privacy. It addresses a need repeatedly identified by diverse reports and research, and responds directly to the FOA's request for proposals assessing "current oversight and regulatory structures and identify[ing] where there may be gaps and/or need for revised or new oversight approaches."