CITI Responsible Conduct of Research (RCR)
– Basic questions with correct answers 2024
Latest Already Graded A+ 100% Pass
With respect to permissions for uses and disclosures, HIPAA divides health information
into three categories. Into which category does information related to research,
marketing, and fundraising go?
✓ Uses or disclosures that generally require specific written authorization.
With respect to permissions for uses and disclosures, HIPAA divides health information
into three categories. Into which category does information related to "treatment,
payment and health care operations" go?
✓ Uses or disclosures that can generally occur without any specific permission from the
patient.
HIPAA privacy protections cover identifiable personal information about the "past,
present or future physical or mental health condition." What does that include?
✓ Health information in any form or medium, as long as it is identified (or identifiable)
as a particular person's information.
Under the federal HIPAA regulations, state health privacy laws:
✓ Can remain in force if "more stringent" than HIPAA, complementing HIPAA's
foundation of protections, provided there is no direct conflict in requirements.
What does HIPAA's "minimum necessary" and related standards require of healthcare
workers?
✓ Use or disclose only the minimum necessary amount of health information to
accomplish a task.
HIPAA includes in its definition of "research," activities related to:
✓ Development of generalizable knowledge.
,If you're unsure about the particulars of HIPAA research requirements at your
organization or have questions, you can usually consult with:
✓ An organizational IRB or Privacy Board, privacy official ("Privacy Officer"), or security
official ("Security Officer"), depending on the issue.
Recruiting into research ...
✓ Can qualify as an activity "preparatory to research," at least for the initial contact,
but data should not leave the covered entity.
Under HIPAA, a "disclosure accounting" is required:
✓ For all human subjects research that uses PHI without an authorization from the data
subject, except for limited data sets.
HIPAA's protections for health information used for research purposes...
✓ Supplement those of the Common Rule and FDA.
Under HIPAA, "retrospective research" (a.k.a., data mining) on collections of PHI generally
...
✓ Is research, and so requires either an authorization or meeting one of the criteria for
a waiver of authorization.
When required, the information provided to the data subject in a HIPAA disclosure
accounting ...
✓ must be more detailed for disclosures that involve fewer than 50 subject records.
The HIPAA "minimum necessary" standard applies...
✓ To all human subjects research that uses PHI without an authorization from the data
subject.
A HIPAA authorization has which of the following characteristics:
✓ Uses "plain language" that the data subject can understand, similar to the
requirement for an informed consent document.
, A covered entity may use or disclose PHI without an authorization, or documentation of a
waiver or an alteration of authorization, for all of the following EXCEPT:
✓ Data that does not cross state lines when disclosed by the covered entity.
HIPAA protects a category of information known as protected health information (PHI).
PHI covered under HIPAA includes:
✓ Identifiable health information that is created or held by covered entities and their
business associates.
Which of these is not generally a good practice for fax machine use?
✓ Sensitive faxes -- inbound or outbound -- are left sitting in or around the machine.
Which of these is not a good practice for physical security?
✓ To preserve good customer relations, visitors are generally allowed access to all
areas of a facility unless it appears they are doing something suspicious.
Which of these is generally not a good practice with respect to oral communications (that
is, talking) in organizations like healthcare facilities?
✓ Use of full names in public areas or on intercom/paging systems, because there is no
security issue with identifying persons in public areas and using full names helps
avoid misidentification.
Which of the following is a correct statement about the balance among prevention,
detection, and response (PDR)?
✓ The greater the sensitivity and quantity of the data at issue, the more carefully the
balance among these three must be evaluated.
Which of these is not generally a good practice for telephone use?
✓ Using voicemail systems and answering machines that do not require a password or
PIN for access.
Fines and jail time (occasionally) for information security failures are:
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller NURSEBERNARD. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.
