|
HIPAA protects a category of information known as protected health information (PHI). PHI includes: |
Identifiable health information that is created or held by covered entities and their business associates. |
|
HIPAA includes in its definition of "research," activities related to … |
Development of generalizable knowledge. |
|
A covered entity may use or disclose PHI without an authorization, or documentation of a waiver or an alteration of authorization, for all of the following EXCEPT: |
Data that does not cross state lines when disclosed by the covered entity. |
|
If you’re unsure about the particulars of HIPAA research requirements at your organization or have questions, you can usually consult with: |
An organizational IRB or Privacy Board, privacy officer ("Privacy Officer"), or privacy official ("Privacy Official"), depending on the issue. |
|
Under HIPAA, a "disclosure accounting" is required: |
For all human subjects research that uses PHI without an authorization from the data subject, except for limited data sets. |
|
Under HIPAA, "retrospective research" (a.k.a., data mining) on collections of PHI generally … |
Is research, and so requires either an authorization or meeting one of the criteria for a waiver of authorization. |
|
Recruiting into research … |
Can qualify as an activity "preparatory to research," at least for the initial contact, but data should not leave the covered entity. |
|
A covered entity may use or disclose PHI without an authorization, or documentation of a waiver or an alteration of authorization, for all of the following EXCEPT: |
Data that does not cross state lines when disclosed by the covered entity. |
|
If you’re unsure about the particulars of HIPAA research requirements at your organization or have questions, you can usually consult with: |
An organizational IRB or Privacy Board, privacy officer ("Privacy Officer"), or privacy official ("Privacy Official"), depending on the issue. |
|
HIPAA protects a category of information known as protected health information (PHI). PHI includes: |
Identifiable health information that is created or held by covered entities and their business associates. |
|
If you’re unsure about the particulars of HIPAA research requirements at your organization or have questions, you can usually consult with: |
An organizational IRB or Privacy Board, privacy officer ("Privacy Officer"), or privacy official ("Privacy Official"), depending on the issue. |
|
HIPAA’s protections for health information used for research purposes… |
Supplement those of the Common Rule and FDA. |
|
The HIPAA "minimum necessary" standard applies… |
To all human subjects research that uses PHI without an authorization from the data subject. |
|
Under HIPAA, "retrospective research" (a.k.a., data mining) on collections of PHI generally … |
Is research, and so requires either an authorization or meeting one of the criteria for a waiver of authorization. |
|
HIPAA protects a category of information known as protected health information (PHI). PHI includes: |
Identifiable health information that is created or held by covered entities and their business associates. |
Share This
Flashcard
