Question 1An investigator obtains consent and HIPAA authorization from subjects to review their medical records and HIV status. She plans to go back to the medical record, so the HIV status information is stored along with subject identifiers in a database that she keeps on her laptop computer. What are some safeguards she could use to protect subject privacy and data confidentiality? Having multi-factor authentication on her laptop to prevent others from accessing her device Using data encryption and storing data on a secure cloud environment, not on her laptop Storing her laptop in a secure, locked environment when not using it All of the aboveQuestion 2In order to grant a waiver or alteration of the requirements of informed consent, an IRB must find which of the following: The research plan includes a data safety monitoring board. The research could not practicably be carried out without the waiver of consent. The research involves benefit to the subjects. The research plan includes data from individuals no longer living.Question 3A researcher wants to conduct a secondary analysis using a Centers for Disease Control and Prevention (CDC) database that was collected by the agency solely for surveillance purposes from 1996-2006. The researcher did not participate in the initial collection of the data. The database is publicly available. The database does not include any identifiers. The IRB makes a determination that the individuals whose records will be reviewed do not meet the federal definition of human subjects.Which of the following considerations was relevant to the IRB's determination that this activity does not constitute research with human subjects? The database reflects data collected originally for surveillance purposes. The data was collected between 1996-2006. The CDC is a federal agency. The researcher will not be interacting/intervening with subjects and the data has no identifiers.Question 4An investigator obtains consent and HIPAA authorization from subjects to review their medical records and HIV status. He plans to go back to the medical record, so the HIV status information is stored along with subject identifiers in a database that he keeps on his laptop computer. His laptop is stolen. This incident constitutes: A breach of confidentiality An invasion of privacy A FERPA violation All of the above None of the above

Describe What data privacy and security measures are necessary to maintain patient confidentiality and comply with healthcare regulations?

A healthcare organization is concerned about employees accessing patient records without proper authorization. What physical control should they implement to prevent such incidents?1.0 MarksTwo-factor authenticationRole-based access controlSecurity awareness trainingData encryptionPrivacy screens on monitors

Question 1Additional protections researchers can include in their practice to protect subject privacy and data confidentiality include: Keeping the key linking names to responses in a secure location. Destroying all identifiers connected to the data. Reporting data in aggregate form in publications resulting from the research. Requiring all members of the research team to sign confidentiality agreements. All of the aboveQuestion 2In a longitudinal study that will follow children from kindergarten through high school and will collect information about illegal activities, which of the following confidentiality procedures would protect against compelled disclosure of individually identifiable information? Securing a Certificate of Confidentiality Using pseudonyms in research reports Waiving documentation of consent Using data encryption for stored filesQuestion 3When a focus group deals with a potentially sensitive topic, which of the following statements about providing confidentiality to focus group participants is correct? Using pseudonyms in reports removes the concern about any confidences shared in the group. If group participants sign confidentiality agreements, the researcher can guarantee confidentiality. The researcher cannot control what participants repeat about others outside the group. If group members know each other confidentiality is not an issue.Question 4Which of the following constitutes both a breach of confidentiality (the research data have been disclosed, counter to the agreement between researcher and subjects) and a violation of subjects’ privacy (the right of the individuals to be protected against intrusion into their personal lives or affairs)? A researcher asks cocaine users to provide names and contact information of other cocaine users who might qualify for a study. A faculty member makes identifiable data about sexual behavior available to graduate students, although the subjects were assured that the data would be de-identified. In order to eliminate the effect of observation on behavior, a researcher attends a support group and records interactions without informing the attendees. A researcher, who is a guest, audio-records conversations at a series of private dinner parties to assess gender roles, without informing participants.Question 5A researcher leaves a research file in her car while she attends a concert and her car is stolen. The file contains charts of aggregated numerical data from a research study with human subjects, but no other documents. The consent form said that no identifying information would be retained, and the researcher adhered to that component. Which of the following statements best characterizes what occurred? The subjects’ privacy has been violated. There was both a violation of privacy and a breach of confidentiality. Confidentiality of the data has been breached. There was neither a violation of privacy nor a breach of confidentiality.

Question 1An employee trained to handle PII and SPII leaves confidential patient information unlocked in a public area. Which ethical principles does this violate? Select all that apply.1 pointConfidentialityRemaining unbiasedLawsPrivacy protections2.Question 2Fill in the blank: Privacy protection means safeguarding _____ from unauthorized use.1 pointdocumentationbusiness networkspersonal information compliance processes3.Question 3You receive a text message on your personal device from your manager stating that they cannot access the company’s secured online database. They’re updating the company’s monthly party schedule and need another employee’s birth date right away. Your organization’s policies and procedures state that employee information should never be accessed or shared through personal communication channels. What should you do?1 pointRequest identification from your manager to ensure the text message is authentic; then, provide the birth date.Ask your manager to provide proof of their inability to access the database. Respectfully decline, then remind your manager of the organization's guidelines.Give your manager the employee's birth date; a party is a friendly gesture.4.Question 4You work for a U.S.-based utility company that suffers a data breach. Several hacktivist groups claim responsibility for the attack. However, there is no evidence to verify their claims. What is the most ethical way to respond to this incident?1 pointConduct cyberattacks against each hacktivist group that claimed responsibility.Escalate the situation by involving other organizations that have been targeted.Improve the company's defenses to help prevent future attacks.Target a specific hacktivist group as a warning to the others.

A researcher conducting behavioral research collects individually identifiable sensitive information about illicit drug use and other illegal behaviors by surveying college students. The data are stored on a laptop computer without encryption, and the laptop computer is stolen from the researcher’s car on the way home from work. This is an unanticipated problem that must be reported because the incident was (a) unexpected (in other words, the researchers did not anticipate the theft); (b) related to participation in the research; and (c) placed the subjects at a greater risk of psychological and social harm from the breach in confidentiality of the study data than was previously known or recognized. According to OHRP, this unanticipated problem must be reported to the IRB in which timeframe? Within two weeks Promptly Within 48 hours Within 24 hours