St. Luke's Institutional Review Board (IRB)
Information For the Researcher

Qualified Minimal Risk Study

In accordance with regulations, St. Luke’s IRB uses an expedited review process to review certain minimal risk studies meeting specific regulatory criteria. If a proposed minimal risk study qualifies to be reviewed by expedited review, or is qualified as exempt, the IRB Chairperson or other qualified IRB member can approve the research or conditionally approve with minor modifications. For more information regarding minimal risk studies, please contact the IRB Office at 381-1406.

Human Subjects Protection Training

In order to conduct human research, all researchers and their support staff are to complete the on-line CITI human subject protections training program. 

For more information, please see Education.
For applications and forms for HIPAA and General forms, click here.
To view our meeting dates, click here.

HIPAA Regulation for Researchers and Research Staff


Protected Health Information (PHI): Protected health information includes all individually identifiable health information transmitted or maintained by an organization covered by the HIPAA regulations (a “covered entity”), regardless of form.  Specifically, it is Individually Identifiable Health Information (IIHI) that is:

  • Transmitted by electronic
  • media Maintained in any electronic media;
  • or Transmitted or maintained in any other form or medium (e.g., paper or oral).

Covered Entity (CE): Covered Entities are health care providers, health plans, and health care clearing houses.  St. Luke’s is a covered entity.

Authorization: This is the HIPAA equivalent of consent to use and disclose data.

What are the Types of Health Information?

There are three categories of health information and the requirements for use are different for each category:

  • Individually Identifiable Health Information (IIHI)
  • De-Identified Information
  • Limited Data Set

HIPAA Authorization

The HIPAA “authorization” is the equivalent to the consent form.  It is the process through which a patient allows researchers to access protected health information.  The HIPAA Authorization can be incorporated into the research consent form or be a separate document. 

  • Authorization Requirements
  • Waiver of Authorization

A waiver of HIPAA Authorization may potentially be granted for fully de-identified research data.  Requests for a waiver of HIPAA Authorization must meet certain criteria.


  • Research
  • St. Luke's Health System