Question

If the data in question meet the definition of PHI and are being used for purposes that fall within HIPAA's definition of research, HIPAA generally requires explicit written authorization (consent) from the data subject for research uses. However, HIPAA provides several alternatives that can bypass such authorizations:

a) All of the above
b) Only deceased persons' information is used.
c) The research involves only minimal risk.
d) Only a "limited data set" is used, under an approved "data use agreement."

Answer 1

HIPAA generally requires written consent for research uses of PHI that fall under its definition of research, but it provides alternatives that can bypass the need for such consent.

Step-by-step explanation:

HIPAA (Health Insurance Portability and Accountability Act) generally requires explicit written authorization (consent) from the data subject for research uses that meet the definition of PHI and fall within HIPAA's definition of research. However, there are several alternatives provided by HIPAA that can bypass the need for such authorizations. These alternatives include using only deceased persons' information, conducting research that involves only minimal risk, and using a 'limited data set' under an approved 'data use agreement'.