Federal rules and regulations exist to ensure the protection of human subjects involved in research (Belmont Report 1979; Title 45, Code of Federal Regulations, part 46 2001); but it is the institutional review board (IRB) that interprets, implements, and applies these guidelines in a given health care or research facility (Moreno, Caplan, and Wolpe 1998; Title 45, Code of Federal Regulations, part 46 2001). Additional federal research regulations, the Health Insurance Portability and Accountability Act (HIPAA) “Privacy Rule,” and the requirement for federalwide assurances have recently been implemented with the intent of further protecting patient privacy and standardizing institutional research standards (Title 45, Code of Federal Regulations, part 46 2001; Title 45, Code of Federal Regulations, parts 160 and 164 2002). The Privacy Rule, as applied to research, requires strict confidentiality and limited access to individual protected health information unless informed consent is provided or the research qualifies for a waiver. Federalwide assurances serve as a document or agreement that defines an institutional obligation to comply with federal research regulations (Newgard and Lewis 2002). Such “assurances” have existed for many years, being provided to centers for multiple studies or for a single study after central (i.e., federal) review of a given research protocol. In 1998, the Office for Human Research Protections began a paradigm shift of decentralizing responsibility for protocol review, changing accountability, “simplifying” assurances, and promoting the concept of accreditation and education with a single, broadly applicable federal assurance (i.e., the federalwide assurance) for all institutions participating in federally supported or federally conducted research (Newgard and Lewis 2002). While the Privacy Rule and federalwide assurances are only strictly applicable to federally supported or federally conducted research and to hospitals receiving federal funds, they have been broadly applied throughout the health care system. Whether these regulations confer any additional protection for human subjects involved in research is unclear, and concerns have been raised about the potentially negative effect of these regulations on research, particularly on population-based health services research (Kulynych and Korn 2002). In the case of federalwide assurances, there is no evidence to suggest that such an assurance further improves the protection of human subjects, particularly for minimal risk research conducted in nonacademic institutions where the individual tasked with obtaining and signing the assurance often has no involvement in or direct supervision over such research activities. Including patients from many different practice settings (e.g., academic, tertiary, and community) in health services research is important to produce valid results with broad generalizability. Regulatory burden may threaten broad participation (Kulynych and Korn 2002), especially among centers that would rarely, if ever, participate in research activities. Policies that effectively restrict the selection of research subjects to those in academic centers may have the unintentional result of reducing the generalizability of subsequent study results and raise concerns about whether important findings truly apply to the vast majority of patients who receive care in nonacademic centers. Finally, such restricted selection of research subjects potentially violates the principle of justice in research (Belmont Report 1979). The objective of this study was to describe (1) the institutional variability in study approval and willingness to obtain federalwide assurance documents for a federally supported, minimal risk health services research project conducted during the implementation of the Privacy Rule and federalwide assurances, and (2) the potential impact of such policy on selection of research subjects and generalizability of study results.