JMCP Key Subjects

JMCP Policy for Protecting Patient Safety and Privacy



 JMCP manuscripts that involve collection of data from human subjects must describe the methods used by the researchers to ensure appropriate handling of protected (identifiable) health information (PHI), as well as review by institutional review boards (IRBs) when applicable. 

Review by an institutional review board (IRB) is required for every article published in JMCP that involves: (1) research that involves the collection of data from human subjects as defined in HHS regulation 45 CFR Part 46 ( or (2) analyses of administrative claims data that contain protected health information (PHI), also known as individually identifiable health information.1 As a general rule, JMCP expects all studies submitted for publication that involve such data to have been reviewed by the relevant IRB. 

Exemption from the requirement for IRB review will be granted for analyses of administrative claims datasets that have been de-identified by an independent third party, prior to initial review by the authors.1 Exemption from the IRB requirement may also be granted for analyses of administrative claims datasets for which all of the following requirements are met:  

(1) the manuscript does not include any individually identifiable health information,1 

(2) the author(s) is/are authorized by the covered entity2 (e.g., a payer or pharmacy benefits manager) to use the PHI in conducting analyses performed under the “Treatment, Payment, Health Care Operations” provision2 of HIPAA, and  

(3) the author(s) is/are bound to the covered entity by confidentiality standards that protect individually identifiable health information, including HIPAA compliant procedures for storage, transmission, release, and disposal of PHI. Manuscripts submitted to JMCP should be accompanied by documentation of IRB review or, for manuscripts reporting analyses of administrative claims datasets, should be accompanied by a statement explaining why the work is exempt from IRB review. JMCP reserves the right to request from authors seeking exemption from IRB review description of the procedures followed for protection of PHI. Principal authors are responsible for HIPAA compliance and for adherence to this JMCP policy. 

1 Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule. National Institutes of Health, April 14, 2003. Available at: for definitions of Protected Health Information (p. 8), Individually Identifiable Health Information (p. 2), covered entity (p. 5), and a list of 18 “identifiers” that should be removed to de-identify health information (p. 10).  

2 Summary of the HIPAA Privacy Rule. U.S. Department of Health and Human Services. Available at The specific definition of the “Treatment, Payment, Health Care Operations” provision (45 CFR 164.506) of the HIPAA Privacy Rule is available at: 

Content for class "break" Goes Here