The following definitions were established by 45 CFR 46 and are overseen by the Department
of Health and Human Services.
Research means a systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge. Activities which meet this definition constitute research for purposes of this policy, whether or not they are conducted or supported under a program which is considered research for other purposes. For example, some demonstration and service programs may include research activities.
Human subject means a living individual about whom an investigator (whether professional or student) conducting research obtains:
- Data through intervention or interaction with the individual or
- Identifiable private information.
Intervention includes both physical procedures by which data are gathered (for example, venipuncture)
and manipulations of the subject or the subject's environment that are performed for
research purposes. Interaction includes communication or interpersonal contact between investigator and subject.
Private information includes information about behavior that occurs in a context in which an individual
can reasonably expect that no observation or recording is taking place, and information
which has been provided for specific purposes by an individual and which the individual
can reasonably expect will not be made public (for example, a medical record). Private
information must be individually identifiable (i.e., the identity of the subject is
or may readily be ascertained by the investigator or associated with the information)
in order for acquisition of the information to constitute research involving human
Minimal risk means that the probability and magnitude of harm or discomfort anticipated in the research are not greater in and of themselves than those ordinarily encountered in daily life or during the performance of routine physical or psychological examinations or tests.
Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Privacy Rule was issued to implement the requirements of HIPAA. Its standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule—called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used.