|
HIPS
Series >
Privacy
Issues for Researchers > Quiz
 The
questions are below. If you need to review, the course content
is here.
The correct answers,
and explanations for why we believe them to be correct, are
provided here.
Please note that
Better Samaritan Hospital (BSH) and Big State University (BSU)
are fictional organizations. Any resemblance to existing institutions
or persons is purely coincidental.
• • • •
•
1.
Better Samaritan Hospital conducts a large number of research
studies -- some on its own, some in partnership with the affiliated
Big State University School of Medicine. Does HIPAA prohibit
BSH's or BSU's physicians from discussing recruitment into
studies with patients for whom involvement might be appropriate?
A. This sort of discussion always requires a prior authorization,
unless there is an IRB waiver or exception determination.
B. Physicians can continue to discuss such options with
their own patients, since this would be part of treatment.
C. Physicians can approach any patient in the hospital about
recruitment, since this would be part of treatment.
D. HIPAA has no effect on such matters.
•
• • • •
2. BSH-BSU physicians and research staff commonly "mine"
the clinical information systems looking for interesting patterns
that might suggest a fundable research question. Is this sort
of exploration prohibited unless there is prior "clearance"
from the IRB and/or the Privacy Board or Privacy Officer?
A. No, because the efforts are merely "preparatory"
to the development of a research protocol.
B. No, because the efforts clearly only present a minimal
risk to the data subjects, and such explorations are clearly
essential.
C. No, because even though it is research, protected information
does not leave the facility and the work is entirely retrospective.
D. Yes, because exploration of identifiable health information
for such purposes is research, even if entirely retrospective.
•
• • • •
3. What about retrospective data explorations that apply
only to deceased individuals? Surely that can be undertaken
without any permission?
A. Yes, because there is a specific exemption for deceased
persons.
B. Yes, because there is a specific exemption for deceased
persons, as long as the data access is considered essential.
C. No, the researcher must still receive clearance if the
information is identifiable.
D. No, information on deceased persons receives exactly
the same protection as any other, and requires IRB approval.
•
• • • •
4. For a particular research protocol, it is
determined that a HIPAA research authorization is necessary
for the data analysis effort. But once that document is signed
by research subjects, is there any need for other review?
A. No. The patient's (research subject's) authorization
is all that is required for data analysis.
B.Yes. IRB review is still required.
•
• • • •
5. BSH-BSU privacy officials are urging researchers
to use "limited data sets" whenever possible, particularly
for exploratory efforts. What is required for that?
A. Nothing is required, since this is de-identified data.
B. The researcher must enter into a "data use agreement,"
which eliminates the need for any other review.
C. The researcher must enter into a "data use agreement."
IRB approval may also be required.
D. The researchers must obtain authorizations from research
subjects.
•
• • • •
6. BSH-BSU has re-written its research policies
to reflect the HIPAA disclosure accounting requirement. Which
of the following items must be provided to patients whose
protected health information has been used for research?
A. Researcher contact information.
B. Researcher contact information and protocol name.
C. Researcher contact information, protocol name and study
purpose.
D. Researcher contact information, protocol name, study
purpose, and timeframe of the use/disclosure.
•
• • • •
7. BSH-BSU is creating a new Joint Center for
Research, and as part of that effort wants to create a large,
separate database of patient information under its control
for unspecified future research. Does it need some kind of
permission to do this?
A. No. Setting up repositories of data doesn't count as
research, but merely as preparation for research, so no authorization
is required.
B. Yes. But it is permissible to use a one-time general
HIPAA authorization for "unspecified future research."
C. Yes. And HIPAA requires that research authorizations
be specific.
D. Yes. And aside from a specific HIPAA authorization, one
should remember to check with the IRB.
•
• • • •
8. Can the authorizations for such an effort
have a vague expiration date -- say "end of the study
effort" ? BSH-BSU researchers are adamant that they cannot
predict how long the associated research efforts will last.
A. No. HIPAA also requires a specific expiration date for
a research authorization.
B. Yes. HIPAA permits an authorization date like "end
of the study" or even "none."
•
• • • •
9. BSU-BSH staff are very concerned about the
environment, particularly the preservation of pine trees,
and so wish to merge all the research documents into a single
form in order to save paper. Does HIPAA permit its authorizations
to be combined with other documents?
A. No. Authorizations must be kept separate from other documents
associated with the research, particularly the informed consent
required by the Common Rule or FDA regulations.
B. No. Authorizations must also be printed on recycled paper.
C. Yes. Authorizations may be combined with any other legal
permission related to the research study, including another
authorization or a consent to participate.
D. Yes. HIPAA is entirely silent on what documents may be
combined with others.
•
• • • •
10. The information technology departments at BSH and BSU's
School of Medicine are enquiring about the level and kind
of computer security protections for research databases. What
do you advise?
A. Less security is necessary than for the clinical information
system, because these databases have much less information
in them.
B. Identifiable health information must receive exactly
the same level of protection, no matter where it resides.
C. More security is necessary, because research is an "additional"
use of patients' data and requires minimal additional risk.
D. It depends on the kind and amount of patient information
in the research database. Larger collections, or those with
more sensitive data, appropriately receive greater security
•
• • • •
The
correct answers, and explanations for why we believe them
to be correct, are provided here.
•
• • • •
More
information
|
