Research and HIPAA Privacy Protections
This deck covers key concepts about HIPAA's role in protecting health information within research contexts, emphasizing its definitions, requirements, and exceptions.
HIPAA protects a category of information known as protected health information (PHI). PHI includes:
Key Terms
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
HIPAA protects a category of information known as protected health information (PHI). PHI includes: | Identifiable health information that is created or held by covered entities and their business associates. |
HIPAA includes in its definition of 'research,' activities related to ... | Development of generalizable knowledge. |
A covered entity may use or disclose PHI without an authorization, or documentation of a waiver or an alteration of authorization, for all of the following EXCEPT: | Data that does not cross state lines when disclosed by the covered entity. |
If you're unsure about the particulars of HIPAA research requirements at your organization or have questions, you can usually consult with: | An organizational IRB or Privacy Board, privacy officer ('Privacy Officer'), or privacy official ('Privacy Official'), depending on the issue. |
Under HIPAA, a 'disclosure accounting' is required: | For all human subjects research that uses PHI without an authorization from the data subject, except for limited data sets. |
Under HIPAA, 'retrospective research' (a.k.a., data mining) on collections of PHI generally ... | Is research, and so requires either an authorization or meeting one of the criteria for a waiver of authorization. |
Recruiting into research ... | Can qualify as an activity 'preparatory to research,' at least for the initial contact, but data should not leave the covered entity. |
A covered entity may use or disclose PHI without an authorization, or documentation of a waiver or an alteration of authorization, for all of the following EXCEPT: | Data that does not cross state lines when disclosed by the covered entity. |
If you're unsure about the particulars of HIPAA research requirements at your organization or have questions, you can usually consult with: | An organizational IRB or Privacy Board, privacy officer ("Privacy Officer"), or privacy official ("Privacy Official"), depending on the issue. |
HIPAA protects a category of information known as protected health information (PHI). PHI includes: | Identifiable health information that is created or held by covered entities and their business associates. |
If you're unsure about the particulars of HIPAA research requirements at your organization or have questions, you can usually consult with: | An organizational IRB or Privacy Board, privacy officer ('Privacy Officer'), or privacy official ('Privacy Official'), depending on the issue. |
HIPAA's protections for health information used for research purposes... | Supplement those of the Common Rule and FDA. |
The HIPAA "minimum necessary" standard applies... | To all human subjects research that uses PHI without an authorization from the data subject. |
Under HIPAA, "retrospective research" (a.k.a., data mining) on collections of PHI generally ... | Is research, and so requires either an authorization or meeting one of the criteria for a waiver of authorization. |
HIPAA protects a category of information known as protected health information (PHI). PHI includes: | Identifiable health information that is created or held by covered entities and their business associates. |