How long does research data need to be kept?

Federal regulations require research records to be retained for at least 3 years after the completion of the research (45 CFR 46) and UVA regulations require that data are kept for at least 5 years. Additional standards from your discipline may also be applicable to your data storage plan.

How long does the Hipaa require storage of trial related records?

6 years

What makes a good research coordinator?

A great CRC possesses excellent verbal and written communication skills. Ensure Participant Understanding: When communicating with participants, the CRC should be able to explain a complex research protocol at the patient’s level of understanding.

How long can a researcher use or disclose PHI for research?

If a covered entity has used or disclosed PHI for research with an IRB or Privacy Board approval of waiver or alteration of Authorization, documentation of that approval must be retained by the covered entity for 6 years from the date of its creation or the date it was last in effect, whichever is later.

Is DOB alone considered PHI?

Demographic information is also considered PHI under HIPAA Rules, as are many common identifiers such as patient names, Social Security numbers, Driver’s license numbers, insurance details, and birth dates, when they are linked with health information.

Which is a direct identifier that must be removed from research subjects records in order to comply with the use of a limited data set?

The following direct identifiers must be removed for PHI to qualify as a limited data set: (1) Names; (2) postal address information, other than town or city, state, and ZIP code; (3) telephone numbers; (4) fax numbers; (5) email addresses; (6) social security numbers; (7) medical record numbers; (8) health plan …

What is a Hipaa limited data set?

‘A “limited data set” is a limited set of identifiable patient information as defined in the Privacy Regulations issued under the Health Insurance Portability and Accountability Act, better known as “HIPAA”. A “limited data set” is information from which “facial” identifiers have been removed.

What are the 18 identifiers for Hipaa?

18 HIPAA IdentifiersName.Address (all geographic subdivisions smaller than state, including street address, city county, and zip code)All elements (except years) of dates related to an individual (including birthdate, admission date, discharge date, date of death, and exact age if over 89)Telephone numbers.Fax number.Email address.

What is the minimum necessary standard for Phi?

The minimum necessary standard generally requires a covered entity—and now, business associates—to make reasonable efforts to limit access to PHI to those persons who need access to PHI to carry out their duties, and to disclose only an amount of PHI reasonably necessary to achieve the purpose of any particular use or …

Which of the following patient information must be removed for a limited data set?

What Information Must be Removed From a Limited Data Set Under HIPAA? Under HIPAA Rules, a limited data set cannot contain any of the following information: Names. Street addresses or postal address information with the exception of town/city, state and zip code.

Which HHS Office is charged with protecting patients health information?

HHS Office for Civil Rights

Which of the following is not an example of limited data set?

Geographic data is not an example of a limited data set.

What PHI can be disclosed?

Covered entities may disclose protected health information to: (1) public health authorities authorized by law to collect or receive such information for preventing or controlling disease, injury, or disability and to public health or other government authorities authorized to receive reports of child abuse and neglect …

What are 4 examples of PHI?

Examples of PHIPatient names.Addresses — In particular, anything more specific than state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes.Dates — Including birth, discharge, admittance, and death dates.Telephone and fax numbers.Email addresses.

What are the 3 rules of Hipaa?

Broadly speaking, the HIPAA Security Rule requires implementation of three types of safeguards: 1) administrative, 2) physical, and 3) technical. In addition, it imposes other organizational requirements and a need to document processes analogous to the HIPAA Privacy Rule.

What four items must be included in a record of disclosures of protected health information?

The accounting is required to include the following: (1) disclosures of protected health information that occurred during the six years prior to the date of the request for an accounting; and (2) for each disclosure: the date of the disclosure; the name of the entity or person who received the protected health …

What is included on a patient’s accounting of disclosures?

For each disclosure, the accounting must include: (1) The date of the disclosure; (2) the name (and address, if known) of the entity or person who received the protected health information; (3) a brief description of the information disclosed; and (4) a brief statement of the purpose of the disclosure (or a copy of the …

What are the six patient rights under the Privacy Rule?

Right of access, right to request amendment of PHI, right to accounting of disclosures, right to request restrictions of PHI, right to request confidential communications, and right to complain of Privacy Rule violations.