Revised Common Rule Now In Effect

HIPAA Compliance Certification

The Federal Policy for the Protection of Human Subjects (45 CFR part 46), also called the Common Rule, has been updated and is now in effect. January 21, 2019 is the compliance date for the revised Common Rule.

The Common Rule, which was introduced in 1991, regulates federally financed research on human subjects. It was modified in 2015 and had a significant revision in 2017 to enhance protections for research subjects and at the same time reduce the administrative load on researchers, particularly for low-risk research.

The revised Common Rule’s compliance date was initially set as January 19, 2018; but, it was delayed for six months in an interim final rule that was published two days before the compliance date. The July compliance deadline was subsequently extended for a further 6 months. Covered entities needed to comply with the Common Rule’s pre-2018 version until January 20, 2019, except for three conditions of the revised Common Rule which focused on reducing the administrative load on researchers.

Those three conditions, which were permitted to be implemented from July 19, 2018 to January 20, 2019, were:

  • An alteration to the definition of research, which exempted some research activities including public surveillance actions to keep track of the spread of diseases, criminal investigations and journalistic activities.
  • Removing the requirement for ongoing reviews of particular categories of research which are deemed as low-risk
  • Removing the need for institutional review boards (IRB) to evaluate grant applications or other financing proposals associated with the research

Since the compliance date has already arrived, covered entities that acquire federal financing for research now must work quickly to change policies and procedures to meet the new requirements for the Common Rule, which include the three principles above if they have not yet been implemented.

Significant adjustments in the revised Common Rule are mentioned below:


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Consent Forms

Consent forms need to be made less difficult for voluntary research subjects to get the data they require.

Consent forms must have a brief explanation at the beginning of the document wherein all of the important data concerning the study is clearly described, which includes the objective of the research, the risks and rewards, and alternative optional treatments that could be helpful to the research subject.

Potential uses of research information should also be specifically stated on the consent form explaining if and when the study results will become available to the research subject.

A statement must be provided, if appropriate, explaining that biospecimens could be utilized for commercial gain and if the research subject is going to have a share of that income.

IRBs need not acquire informed consent when getting data or biospecimens for assessing, recruiting, or determining if prospective subjects are eligible, under particular conditions.

Consent forms used for clinical trials that are carried out by or promoted by a Federal department should be published online or made accessible on a federal website that acts as a storage repository for consent forms.

Broad Consent

The final rule permits the use of broad consent for the storage and secondary utilization of identifiable private data and biospecimens instead of acquiring study-specific informed permission.

Study Reviews by One IRB

One change for federally funded research that needs IRB approval is to have one IRB oversee research studies that are performed at several sites. Compliance with this facet of the updated Common Rule isn’t compulsory until January 21, 2020.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: