The National Institutes of Health (NIH) has awarded $538,595 to the Center for Applied Cybersecurity Research, led by Indiana University, to support a two-year project titled, "Protecting Privacy in Health Research."

Funds for the grant award were made available through the NIH as part of the American Recovery and Reinvestment Act (ARRA) of 2009.

Panel members will seek to develop new approaches to protecting the privacy and security of personal data used in health research, while striving to reduce the challenges imposed upon that research by current laws. The group intends to address the HIPAA Privacy Rule, which they contend “falls short of adequately protecting privacy, yet impedes medical research by placing unreasonable burdens upon life scientists.”

The grant proposal was crafted in response to a February report by the Institute of Medicine (IOM) Committee on Health Research and the Privacy of Health Information which stated "first and foremost" that Congress should authorize Health and Human Services (HHS) to develop "a new approach in protecting privacy in health research" that would "exempt health research from the HIPAA Privacy Rule."

In accordance with the IOM’s recommendations, the project proposed three primary deliverables: a new approach that would enhance both privacy and research by moving away from HIPAA's reliance on narrow, bureaucratic measures; a written, legislative history that would summarize the existing research, highlight the policy choices and identify why the panel made the specific recommendations; and a process of socialization of the IOM committee's recommendation and the panel's further development of it that is free from lobbying or outside influence.

Panelists will convene several times over the next 18 months with the goal of submitting their recommendations by May 2011.