Informed Consent for Use of Health Data in Research¶

⚠️ Disclaimer: This is a template for demonstration purposes only. Use in actual research requires IRB/legal review. All placeholders must be replaced with real values before implementation.

Project/Study Title: Example Health Data Study Institution/Organization: HiPerHealth Research Institute Version Date: 2025-10-21 IRB Protocol Number: IRB-2025-12345

1. Key Information¶

You are being asked to allow the use of your health information for research. Before you decide, please read this form carefully and ask any questions you may have. Your participation is completely voluntary.

2. Purpose of the Research¶

The purpose of this research is to improve understanding of health conditions and care delivery by analyzing de-identified patient data. Your data may help develop better tools, treatments, and technologies for patients in the future.

3. Procedures¶

If you agree:

Researchers will use data already collected as part of your care.
No additional tests or visits are required.
HIPAA de-identification categories:
De-identified under HIPAA §164.514(b): Not PHI; no Authorization required.
Limited Data Set (LDS) under HIPAA §164.514(e): External disclosures for research, public health, or health care operations require a Data Use Agreement (DUA); Authorization or waiver is not required for those purposes; institutional/IRB approvals may still apply.
Identifiable PHI: Requires your HIPAA Authorization or an IRB/Privacy Board–approved waiver of Authorization.
Note: “Coded”/pseudonymized data that can be re-identified by the holder remain PHI under HIPAA.
Data may be shared with approved research partners or institutions under strict confidentiality agreements and Data Use Agreements where applicable.
Only authorized personnel will access your information.

4. Risks and Discomforts¶

There are no physical risks to you. Although every effort will be made to protect your privacy, there is a small risk that someone could identify you from shared data.

Security measures:

Data will be encrypted in transit and at rest.
Access is role-based (least privilege), logged, and audited.
Regular security assessments are performed.

5. Benefits¶

There may be no direct benefit to you. However, your data may help researchers advance medical knowledge, improve diagnostic tools, or develop better treatments.

6. Confidentiality and Data Protection¶

We take your privacy seriously and will implement strict safeguards to protect your information.

De-identification: Personal identifiers (e.g., name, address) will be removed or replaced with a study code.
Data retention: Data will be retained for an undetermined period, or for a maximum of 10 years, then securely destroyed or archived in de-identified form.
Access control: Only authorized personnel will access your information. Access is role-based (least privilege), logged, and audited.
Data security: Data will be encrypted in transit and at rest. Regular security assessments are performed.
Data sharing: Data may be shared with approved research partners or institutions under strict confidentiality agreements and Data Use Agreements where applicable.
International transfers: Transfers of data outside your country will follow appropriate safeguards (e.g., Standard Contractual Clauses, Transfer Impact Assessment). Participants can request copies.
Compliance: All use of your information will comply with applicable privacy laws (e.g., HIPAA, GDPR).
Sensitive information: Agreements with research partners may be partially redacted to protect confidential or commercially sensitive information.

⚠️ Note: Despite these measures, there is a small risk that someone could identify you from shared data.

7. Voluntary Participation¶

Taking part in this research is your choice. Refusing will not affect your medical care or relationship with your healthcare providers.

You may withdraw your consent at any time by contacting the research team. After withdrawal:

New uses of your data will cease.
Downstream partners will be instructed to stop processing and delete/destroy data where feasible.
Data already used in analyses, publications, or shared de-identified datasets cannot be retracted.

9. Future Use of Data¶

Please select one option for each item to indicate your choice:

Commercial research consent: Use of de-identified data for commercial research, including AI/ML model training
[ ] I consent
[ ] I do not consent
Recontact consent: Recontact for future studies
[ ] I wish to be recontacted
[ ] I do not wish to be recontacted
Receipt of results: Receipt of individual research results
[ ] I wish to receive results
[ ] I do not wish to receive results
No financial benefit acknowledgment: Understanding of no financial benefits from downstream products
[ ] I acknowledge

Note: Identifiable PHI will not be used for any future research without a new Authorization or an IRB/Privacy Board–approved waiver.

10. Return of Results Disclaimer¶

Any returned results are research information, not a medical diagnosis, and should not be used to make clinical decisions. Clinically actionable findings, if any, will be managed per institutional policy.

11. Contact Information¶

If you have questions, wish to withdraw consent, or need more information about this research, please contact:

Research Contact / General Inquiries: connect@telehealthcareai.org

⚠️ Note: We do not currently have an IRB. All research activities follow internal organizational review and oversight. Participation is voluntary, and your questions or concerns will be addressed via the above contact.

By submitting this form, you confirm that you have read and understood this Informed Consent document and agree to participate in this research study.

All HIPAA Authorization elements listed below are acknowledged by checking the corresponding boxes in the online form. No physical signature is required.

HIPAA Authorization Elements (US-specific)¶

Authorized discloser: I acknowledge the person(s) authorized to use or disclose my PHI as described.
Description of PHI: I confirm the types of data (PHI) to be used or disclosed.
Recipients: I understand who will receive my data.
Purpose of disclosure: I understand why my data will be used or shared.
Expiration date/event: I understand when this authorization ends.
Right to revoke: I may revoke this authorization at any time by contacting connect@telehealthcareai.org. Revocation will not affect disclosures already made.
Notice of potential re-disclosure: I understand that information disclosed may no longer be protected by HIPAA.
Treatment/payment/eligibility: I acknowledge whether treatment, payment, or eligibility is conditioned on submitting this form.
Copy of Authorization: After submission, I will receive a copy of my consent via email for my records.

Submission instructions: Please complete and submit your consent through the online form [Insert Google Form link here].

Once submitted, your responses will be stored securely and linked to this research study.

If you reside in a region covered by GDPR, the following applies to your data rights.
Purposes and legal basis of processing (Art. 6(1), Art. 9(2) for special-category data)
Categories of personal data
Recipients and transfers
Retention period and anonymization strategy
International transfer safeguards
Data subject rights: access, rectification, erasure, restriction, portability, objection
Right to lodge a complaint with supervisory authority
Any applicable research derogations/limitations to rights under GDPR Art. 89 and Member State laws, and how rights requests will be handled subject to those limits.
Note: “De-identified” under HIPAA may still be “personal data” under GDPR unless irreversibly anonymized. Pseudonymized data remains personal data under GDPR.