Privacy Board

When Protected Health Information (PHI) is used or disclosed for research purposes, you must do so in accordance with HIPAA Privacy Protections.  For most projects regulated under the Common Rule, you generally may only use or disclose PHI in connection with research after the potential subject has given written authorization. 

In certain situations, you may request and be granted a Waiver of HIPAA Authorization; this will allow you to use or disclose certain PHI without the written authorization of the subject.  A Waiver of HIPAA Authorization may be granted by either an IRB or a Privacy Board.

The Privacy Board operates under the authority of and in accordance with HIPAA and applicable University policies and procedures. The Privacy Board is authorized to review and approve the following:

  • Waivers of HIPAA Authorization for applications exempt from IRBMED oversight under OHRP or FDA regulations, but study team members will be accessing PHI. 
  • Waivers of HIPAA Authorization for research not subject to IRBMED oversight under OHRP or FDA regulations, but study team members will be accessing PHI; these types of projects include (but are not limited to) the following:
    • Investigator certifications for reviews of PHI preparatory to research submitted in the eResearch application.
    • Investigator certifications for research involving decedents’ information submitted in the eResearch application.
    • In consultation with other units (e.g., the UMHS Privacy Office and ORSP), any use or disclosure of limited data sets under data use agreements.
  • Multi-site research where U-M has ‘ceded’ IRB review but retains review responsibilities under HIPAA.

For studies subject to IRBMED review and approval under the full regulatory requirements, the Full Convened Board or Expedited Reviewer(s) makes applicable determinations regarding HIPAA compliance along with determinations required by other federal regulations.


Overall process flowchart



The Privacy Board operates under the authority of and in accordance with HIPAA Privacy Rule and applicable University policies and procedures.


Chair: Alan Sugar, MD


  • Robertson Davenport, MD
  • William Ensminger, MD
  • Michael Geisser, PhD
  • Duke Morrow, DMin
  • Joy Stair, MS, RN

Coordinator: Lark Speyer, BS


If you have any questions or comments regarding Privacy Board, Waivers of HIPAA Authorization, or project submission, please contact:


Lark-Aeryn Speyer, BS
Privacy Board Coordinator, IRBMED
734.763.3969 (Direct)
734.763.1234 (Fax)


S. Joseph Austin, JD, LL.M
Assistant Director of Regulatory Operations, IRBMED
734.763.1236 (Direct)
734.763.1234 (Fax)



Updated: May 8, 2015



Contact us at or 734-763-4768 / (Fax 734-763-1234)

2800 Plymouth Road, Building 520, Room 3214, Ann Arbor, MI 48109-2800

A list of IRBMED staff is available in the Personnel Directory, or view the list of Regulatory Teams.