Question

Uses and disclosures of data for research that are allowed to bypass the authorization requirement are still subject to the "minimum necessary" standard - that is, the uses/disclosures must be no more than the minimum required for the described research purpose. A covered entity may rely on a researcher's documentation - or the assessment of an IRB or Privacy Board - that the information requested is the minimum necessary for the research purpose. By contrast, research information obtained using an authorization is not bound by the minimum necessary standard - on the theory that the data subject has given explicit permission in accordance with the signed authorization. However, be aware that while HIPAA may not require a minimum necessary justification at all times, an IRB's evaluation of risks and burdens on human subjects arguably does.

a) True
b) False

Answer 1

The statement regarding uses and disclosures of data for research and their adherence to the "minimum necessary" standard is true. IRBs evaluate risks to human subjects, which may encompass the minimum necessary data use.

Step-by-step explanation:

The statement is true. Uses and disclosures of data for research that are allowed to bypass the authorization requirement must adhere to the "minimum necessary" standard, ensuring that only the minimum amount of information needed for the research purpose is used or disclosed. However, when research information is obtained with an individual's authorization, the minimum necessary standard is not applicable since the individual has explicitly agreed to the use of their data. Despite this, Institutional Review Boards (IRBs) are responsible for assessing risks to human subjects and may include considerations for the minimum necessary use of data in their evaluation.