HIPAA Privacy Protections Overview
10 Questions
100 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What does 'retrospective research' under HIPAA generally require?

Either an authorization or meeting one of the criteria for a waiver of authorization.

What must be obtained for the use or disclosure of PHI for retrospective research studies?

Patient authorization or a waiver, alteration, or exception determination from an IRB or Privacy Board.

A covered entity may use or disclose PHI without authorization, documentation of waiver, or alteration of authorization for all of the following EXCEPT:

  • Data that crosses state lines
  • Data that does not cross state lines (correct)
  • Data for internal purposes
  • Data for research purposes
  • Under HIPAA, what is generally required if data in question meet the definition of PHI for research purposes?

    <p>Explicit written authorization (consent) from the data subject.</p> Signup and view all the answers

    Who can you consult with if you have questions about HIPAA research requirements at your organization?

    <p>An organizational IRB or Privacy Board, privacy official, or security official.</p> Signup and view all the answers

    Which protections do HIPAA's regulations supplement for health information used for research purposes?

    <p>The Common Rule and FDA protections.</p> Signup and view all the answers

    Under HIPAA, when is a disclosure accounting required?

    <p>For all human subjects research that uses PHI without authorization from the data subject, except for limited data sets.</p> Signup and view all the answers

    What remains the responsibility of Institutional Review Boards (IRBs) in relation to HIPAA's requirements?

    <p>Addressing HIPAA's additional requirements in their reviews.</p> Signup and view all the answers

    What characteristics does a HIPAA authorization have?

    <p>Uses 'plain language' that the data subject can understand.</p> Signup and view all the answers

    When are authorizations required under HIPAA?

    <p>When the proposed use meets one of the exceptions listed in the HIPAA regulation</p> Signup and view all the answers

    Study Notes

    HIPAA and Retrospective Research

    • Retrospective research involves data mining of Protected Health Information (PHI) and requires either patient authorization or criteria for a waiver.
    • Use or disclosure of PHI for retrospective studies mandates patient authorization, or necessitates a waiver or determination from an Institutional Review Board (IRB) or Privacy Board.

    Disclosure of PHI

    • A covered entity can disclose PHI without authorization for various reasons, except when data does not cross state lines.
    • Explicit written authorization is generally required for research involving PHI, unless specific exemptions apply, such as minimal risk research or use of de-identified data.

    Approval Necessities

    • It is important to consult an organizational IRB, Privacy Board, or privacy/security officials for questions regarding HIPAA research requirements.
    • Generic advice from colleagues or representatives of funding entities may not be authoritative or suitable for a specific organization’s rules.

    HIPAA's Protections

    • HIPAA provides protections that supplement existing regulations from the Common Rule and FDA, enhancing the safeguarding of health information in research.
    • Disclosures using PHI for human subjects research require accounting unless they involve limited data sets.

    Institutional Review Board (IRB) Protocols

    • HIPAA's data protections, effective since 2003, complement rather than replace the Common Rule and FDA criteria.
    • IRBs may review HIPAA's additional requirements or delegate responsibilities to Privacy Boards or privacy officers.

    Disclosure Accounting Requirements

    • Disclosure accounting is not required for instances where consent or authorization has been obtained or where information pertains to the subject themselves.
    • Accounting is also not mandated for limited data set disclosures under data use agreements or for de-identified information.

    Characteristics of HIPAA Authorization

    • HIPAA authorizations must be written in "plain language" for understanding, similar to informed consent documents.
    • Authorizations are mandatory unless the use conforms to specific exemptions; they must be signed by the research subject or their authorized representative.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This flashcard set covers essential concepts related to HIPAA privacy protections, specifically focusing on retrospective research and the use of Protected Health Information (PHI). Gain a deeper understanding of the regulations and the criteria for research authorization. Ideal for students studying health law or those in healthcare professions.

    More Like This

    Use Quizgecko on...
    Browser
    Browser