ICH-GCP 4.3 Confidentiality & Privacy(3)
kuaidi.ping-jia.net 作者:佚名 更新日期:2024-07-06
Part 8: HIPAA Rights, Privacy, and Enforcement
Part 9: Summary of Key Points
The Privacy Rule defines two new rights for research participants.
隐私规则为研究参与者定义了两项新的权利。
Participants have a right to ask researchers for an accounting of their protected health information (PHI) that has been obtained under a waiver of or exception to the HIPAA Privacy Rule. An accounting of such disclosures may be requested for the previous six years.
参与者有权要求研究人员对根据HIPAA隐私规则豁免或例外情况获得的受保护健康信息(PHI)进行说明。可能要求对过去六年的此类披露进行会计核算
A researcher is not required to account for disclosures that were:
Ⅰ、Authorized by the participant;
Ⅱ、Contained in a limited data set; or
Ⅲ、Released as de-identified data.
研究人员无需解释以下披露:
1、参与者授权;
2、包含在有限的数据集中;或
3、作为取消识别数据发布。
Other instances where accounting is not required include for national security or intelligence purposes, and disclosure to correctional institutions or law enforcement officials.
其他不需要会计的情况包括出于 国家安全或情报目的 ,以及 向惩教机构或执法官员披露信息 。
Participants have the right to revoke their authorization of the use or disclosure of their protected health information (PHI). However, the revocation has no effect if the researcher has already made a disclosure in accordance with the participant's original authorization.
参与者有权撤销其使用或披露其受保护健康信息(PHI)的授权。但是,如果研究人员已经按照参与者的原始授权进行了披露,则撤销无效。
The DHHS Office of Civil Rights is responsible for enforcing compliance with the HIPAA Privacy Rule and for investigating complaints about lack of compliance. Failure to comply with the Privacy Rule may result in the levying of civil or criminal penalties. For more information about enforcement of the Privacy Rule, go to http://www.hhs.gov/ocr/hipaa/ .
卫生和人权部(DHHS)民权办公室 负责强制执行 HIPAA 隐私规则,并 调查有关不遵守规则的投诉 。 不遵守隐私规则可能导致民事或刑事处罚的征收 。要了解更多关于隐私规则执行的信息,请访问 http://www.hhs.gov/ocr/hipaa/。
A breach of confidentiality is usually defined as any disclosure of protected information about a participant to a third party without either a court order or consent of the participant. The breach of confidentiality may be oral or written and may occur by telephone, fax, or electronic means (e.g., electronic mail or other internet- based method of communication).
违反保密性通常被定义为未经法院命令或参与者同意而向第三方披露参与者的受保护信息。 违反保密的行为可以是口头或书面的,也可以通过电话、传真或电子手段(如电子邮件或其他基于互联网的通信方式)发生。
There are five scenarios described below. Based on the scenario, classify whether there was a breach of confidentiality by choosing Breach or that there is no breach of confidentiality by choosing No Breach.
下面描述了五种情况。根据场景,通过选择“违反”来分类是否存在违反保密性的行为,或者通过选择“不违反”来分类是否存在违反保密性的行为。
An investigator completed a clinical trial and later published on the results of the study. A researcher for another study read the publication and contacted the study’s investigator to request the data sets, with de- identified participant data, for secondary analyses. The study’s investigator shared the de-identified data sets with the researcher.
一名研究人员完成了一项临床试验,随后发表了研究结果。 另一项研究 的一名研究人员阅读了该出版物,并联系了该研究的研究人员, 要求获得数据集,以及不确定的参与者数据 ,以便进行二次分析。该研究的研究者与研究者分享了未鉴定的数据集。
A study clinician shared a participant’s test results with the study physician to confirm the participant’s eligibility to participate in the clinical trial.
研究临床医生与研究医生分享 了参与者的测试结果,以确认参与者有资格参与临床试验。
Mary, a 25 year old woman who is being treated as an outpatient at Mercy Hospital’s Research Center, was enrolled in a clinical trial at the center. When asked to complete a HIPAA form, Mary authorized release of medical records to her general practitioner only. Mary’s mother was interested in learning more about her daughter’s treatment, but she did not want to confront Mary about her concern. When Mary’s mom contacted the research center directly, the front office staff immediately transferred the call to the study counselor. After confirming Mary’s date of birth and social security number with her mom, the study counselor explained that she understands the situation and disclosed that Mary is enrolled in a HIV clinical trial at the center. However, she cannot go into the details of Mary’s treatment.
玛丽是一名25岁的女性,目前正在梅西医院研究中心接受门诊治疗,她参加了该中心的一项临床试验。当要求填写HIPAA表格时,Mary授权仅向其全科医生发布医疗记录。 玛丽的母亲 有兴趣了解更多关于她女儿治疗的情况,但她不想与玛丽对质。当玛丽的妈妈直接联系研究中心时,前台工作人员立即将电话转接给研究顾问。在与母亲确认玛丽的出生日期和社会保险号码后,研究顾问解释说,她了解情况,并透露玛丽参加了该中心的艾滋病毒临床试验。然而,她无法深入了解玛丽治疗的细节。
A study on opioid substance use disorder is being conducted at Physicians General, a local research site. The investigator has obtained a Certificate of Confidentiality over the study. Jim, a parolee, is enrolled in the study at Physicians General. Parole Officer Bridges visits the research site and demands a copy of Jim’s drug test results, with a court order. The study physician releases Jim’s drug test results to Officer Bridges.
一项关于阿片类物质使用障碍的研究正在当地的一家研究机构内科医生协会进行。研究人员已获得研究的保密证书。吉姆是一名 假释犯 ,在内科医生总医院参加了这项研究。假释官布里奇斯访问了研究现场,要求提供吉姆的药检结果副本,并附上法庭命令。研究医生向布里奇斯警官公布吉姆的药物测试结果。
Immediately after having been administered study medication, a participant is having an allergic reaction at the research site. When the ambulance arrives, the study clinician provides to the paramedics the status of the participant’s emergent medical condition prior to transporting her to the hospital.
服用研究药物后,参与者立即在研究现场出现 过敏反应 。当救护车到达时,研究临床医生在将受试者送往医院之前向护理人员提供受试者的紧急医疗状况。
Feedback 1: How would you classify this scenario: Breach or No Breach? The correct response is No Breach. Study data may be disclosed for research purposes as long as the data shared is de-identified.
反馈1: 您如何对这种情况进行分类:违约还是无违约?正确的回答是没有违约。 只要共享的数据未被识别,研究数据可能会出于研究目的而披露 。
Feedback 2: How would you classify this scenario: Breach or No Breach? The correct response is No Breach. Information in a participant's medical record can be disclosed to people who need this information to perform duties related to the participant's diagnosis and treatment.
反馈2 :您如何对这种情况进行分类:违约还是无违约?正确的回答是没有违约。参与者病历中的信息可以披露给需要这些信息的人员,以 履行与参与者诊断和治疗相关的职责 。
Feedback 3: How would you classify this scenario: Breach or No Breach? The correct response is Breach. Clinical research staff may not disclose that a participant is enrolled in a study without either the consent of the participant or a court order along with a subpoena or other legal mandate.
反馈3 :您如何对这种情况进行分类:违约还是无违约?正确的回答是违约。临床研究人员不得披露未经参与者同意或法院命令以及传票或其他法律授权的参与者参与研究。
Feedback 4: How would you classify this scenario: Breach or No Breach? The correct response is Breach. A court order alone does not compel disclosure of confidential information. A subpoena or other legal mandate must be issued to compel disclosure.
反馈4 :您如何对这种情况进行分类:违约还是不违约?正确的回答是违约。 法院命令本身并不强制披露机密信息。必须发出传票或其他法律授权,以强制披露。
Feedback 5: How would you classify this scenario: Breach or No Breach? The correct response is No Breach. Information in a participant's medical record can be disclosed to people who need this information to perform duties related to the participant's diagnosis and treatment.
反馈5 :您如何对这种情况进行分类:违约还是不违约?正确的回答是没有违约。参与者 病历中的信息可以披露给需要这些信息的人员 ,以履行与参与者诊断和治疗相关的职责。
Ⅰ、Federal law and regulations protect the confidentiality of participant records. In addition, Federal law protects the confidentiality of identifiable health information for all research participants.
1、联邦法律法规保护参与者 记录的机密性 。此外,联邦法律保护所有研究参与者 可识别健康信息的机密性 。
Ⅱ、In general, all records of the identity, diagnosis, prognosis, or treatment of any person that are maintained in connection with alcohol or drug abuse prevention, education, training, treatment, rehabilitation, or research must be kept confidential.
2、一般而言, 所有与酗酒或吸毒预防、教育、培训、治疗、康复或研究有关的任何人的身份、诊断、预后或治疗记录都必须保密 。
Ⅲ、The regulations identify certain exceptions to the confidentiality requirements. Information in a participant's medical record can be disclosed:
i、To people performing duties related to the participant's diagnosis, treatment, or referral for treatment of alcohol or drug abuse.
ii、To law enforcement officers when the participant has committed, or threatened to commit, a crime on program premises or against program staff.
iii、When reporting suspected child abuse or neglect to state or local authorities.
iv、To medical personnel in a medical emergency.
v、For research purposes, with certain conditions.
vi、For management audits, financial audits, or program evaluation.
vii、If a participant is found to be at risk for suicide or if he or she makes a credible threat to harm another person.
viii、When the participant has a communicable disease that poses a risk to public health.
ix、When authorized by a court order.
x、When required by state law.
3、规定确定了保密要求的某些 例外情况 。参与者医疗记录中的信息可以披露:
(1)对履行与参与者 酗酒或吸毒诊断、治疗或转诊治疗有关职责 的人员。
(2)当参与者在项目场所或针对项目工作人员 实施威胁或实施犯罪 时,向执法人员报告。
(3)向州或地方当局报告 涉嫌虐待或忽视儿童 时。
(4) 医疗紧急 情况下的医务人员。
(5)为 研究目的 ,有一定条件。
(6)用于 管理审核 、 财务审核 或 项目评估 。
(7)如果参与者被发现有 自杀的危险 ,或者他或她做出了 伤害他人的可信威胁 。
(8)参与者患有 对公众健康构成威胁的传染病 。
(9)经 法院命令授权 时。
(10)当 州法律 要求时。
Ⅳ、If a program discontinues operation or is acquired by another program, there are certain medical record responsibilities that must be followed regarding the clinical records. Each site Principal Investigator must be aware of the procedures and retention period requirements for medical and study related records established by the sponsor and regulatory entities with oversight authority.
4、如果 一个项目停止运营或被另一个项目收购 ,则必须对临床记录履行一定的病历责任。每个现场主要研究人员必须了解申办方和监管机构制定的医疗和研究相关记录的程序和保留期要求。
Ⅴ、A Certificate of Confidentiality provides an additional level of protection for the privacy of participants involved in research studies.
5、 保密证书 为参与研究的参与者的隐私提供了额外的保护。
Ⅵ、Except under certain conditions, a researcher who has obtained a Certificate of Confidentiality cannot be compelled to identify research participants in any federal, state, or local civil, criminal, administrative, legislative, or other proceeding.
6、除非在某些条件下,否则 不得强迫获得保密证书的研究人员 在任何 联邦、州 或 地方民事、刑事、行政、立法或其他程序中 确定研究参与者的身份。
Ⅶ、Participants must be told that a research project has been granted a Certificate of Confidentiality.
7、必须 告知参与者某项研究项目已获得保密证书 。
Ⅷ、The HIPAA Privacy Rule protects all individually identifiable health information that is held or transmitted by covered entities and their business associates. The information may be in any form (e.g., paper, electronic, oral). The Privacy Rule calls this information protected health information (PHI). A covered entity may not use or disclose PHI except as permitted or required by the Privacy Rule.
8、 HIPAA隐私规则 保护受保实体及其业务伙伴持有或传输的所有个人可识别健康信息。信息可以是任何形式(例如,纸质、电子、口头)。 隐私规则称此信息为受保护的健康信息(PHI) 。受保实体不得使用或披露PHI,除非隐私规则允许或要求。
Ⅸ、Covered entities may use or disclose the “minimum necessary” amount of PHI to or among themselves, without the individual's authorization, for purposes of treatment, payment, and health care operations.
9、被覆盖实体可以在未经个人授权的情况下,为 治疗、支付和医疗保健操作目的 ,向个人或相互之间使用或披露“最低必要”PHI。
Ⅹ、PHI may be disclosed for research purposes when the disclosure is authorized by the research participant. Authorization for disclosures is obtained routinely from participants during the informed consent process. Treatment programs do not need to keep track of disclosures that are authorized by the participant.
10、当研究参与者授权披露时,可出于研究目的披露PHI。在知情同意过程中,披露授权通常从参与者处获得。 治疗计划不需要跟踪参与者授权的披露 。
Ⅺ、Health information that has been de-identified by the removal of all elements that could identify an individual is no longer considered PHI and is not subject to the Privacy Rule.
11、通过 删除可能识别个人的所有元素而取消识别的健康信息 不再被视为PHI,不受隐私规则的约束。
Part 9: Summary of Key Points
The Privacy Rule defines two new rights for research participants.
隐私规则为研究参与者定义了两项新的权利。
Participants have a right to ask researchers for an accounting of their protected health information (PHI) that has been obtained under a waiver of or exception to the HIPAA Privacy Rule. An accounting of such disclosures may be requested for the previous six years.
参与者有权要求研究人员对根据HIPAA隐私规则豁免或例外情况获得的受保护健康信息(PHI)进行说明。可能要求对过去六年的此类披露进行会计核算
A researcher is not required to account for disclosures that were:
Ⅰ、Authorized by the participant;
Ⅱ、Contained in a limited data set; or
Ⅲ、Released as de-identified data.
研究人员无需解释以下披露:
1、参与者授权;
2、包含在有限的数据集中;或
3、作为取消识别数据发布。
Other instances where accounting is not required include for national security or intelligence purposes, and disclosure to correctional institutions or law enforcement officials.
其他不需要会计的情况包括出于 国家安全或情报目的 ,以及 向惩教机构或执法官员披露信息 。
Participants have the right to revoke their authorization of the use or disclosure of their protected health information (PHI). However, the revocation has no effect if the researcher has already made a disclosure in accordance with the participant's original authorization.
参与者有权撤销其使用或披露其受保护健康信息(PHI)的授权。但是,如果研究人员已经按照参与者的原始授权进行了披露,则撤销无效。
The DHHS Office of Civil Rights is responsible for enforcing compliance with the HIPAA Privacy Rule and for investigating complaints about lack of compliance. Failure to comply with the Privacy Rule may result in the levying of civil or criminal penalties. For more information about enforcement of the Privacy Rule, go to http://www.hhs.gov/ocr/hipaa/ .
卫生和人权部(DHHS)民权办公室 负责强制执行 HIPAA 隐私规则,并 调查有关不遵守规则的投诉 。 不遵守隐私规则可能导致民事或刑事处罚的征收 。要了解更多关于隐私规则执行的信息,请访问 http://www.hhs.gov/ocr/hipaa/。
A breach of confidentiality is usually defined as any disclosure of protected information about a participant to a third party without either a court order or consent of the participant. The breach of confidentiality may be oral or written and may occur by telephone, fax, or electronic means (e.g., electronic mail or other internet- based method of communication).
违反保密性通常被定义为未经法院命令或参与者同意而向第三方披露参与者的受保护信息。 违反保密的行为可以是口头或书面的,也可以通过电话、传真或电子手段(如电子邮件或其他基于互联网的通信方式)发生。
There are five scenarios described below. Based on the scenario, classify whether there was a breach of confidentiality by choosing Breach or that there is no breach of confidentiality by choosing No Breach.
下面描述了五种情况。根据场景,通过选择“违反”来分类是否存在违反保密性的行为,或者通过选择“不违反”来分类是否存在违反保密性的行为。
An investigator completed a clinical trial and later published on the results of the study. A researcher for another study read the publication and contacted the study’s investigator to request the data sets, with de- identified participant data, for secondary analyses. The study’s investigator shared the de-identified data sets with the researcher.
一名研究人员完成了一项临床试验,随后发表了研究结果。 另一项研究 的一名研究人员阅读了该出版物,并联系了该研究的研究人员, 要求获得数据集,以及不确定的参与者数据 ,以便进行二次分析。该研究的研究者与研究者分享了未鉴定的数据集。
A study clinician shared a participant’s test results with the study physician to confirm the participant’s eligibility to participate in the clinical trial.
研究临床医生与研究医生分享 了参与者的测试结果,以确认参与者有资格参与临床试验。
Mary, a 25 year old woman who is being treated as an outpatient at Mercy Hospital’s Research Center, was enrolled in a clinical trial at the center. When asked to complete a HIPAA form, Mary authorized release of medical records to her general practitioner only. Mary’s mother was interested in learning more about her daughter’s treatment, but she did not want to confront Mary about her concern. When Mary’s mom contacted the research center directly, the front office staff immediately transferred the call to the study counselor. After confirming Mary’s date of birth and social security number with her mom, the study counselor explained that she understands the situation and disclosed that Mary is enrolled in a HIV clinical trial at the center. However, she cannot go into the details of Mary’s treatment.
玛丽是一名25岁的女性,目前正在梅西医院研究中心接受门诊治疗,她参加了该中心的一项临床试验。当要求填写HIPAA表格时,Mary授权仅向其全科医生发布医疗记录。 玛丽的母亲 有兴趣了解更多关于她女儿治疗的情况,但她不想与玛丽对质。当玛丽的妈妈直接联系研究中心时,前台工作人员立即将电话转接给研究顾问。在与母亲确认玛丽的出生日期和社会保险号码后,研究顾问解释说,她了解情况,并透露玛丽参加了该中心的艾滋病毒临床试验。然而,她无法深入了解玛丽治疗的细节。
A study on opioid substance use disorder is being conducted at Physicians General, a local research site. The investigator has obtained a Certificate of Confidentiality over the study. Jim, a parolee, is enrolled in the study at Physicians General. Parole Officer Bridges visits the research site and demands a copy of Jim’s drug test results, with a court order. The study physician releases Jim’s drug test results to Officer Bridges.
一项关于阿片类物质使用障碍的研究正在当地的一家研究机构内科医生协会进行。研究人员已获得研究的保密证书。吉姆是一名 假释犯 ,在内科医生总医院参加了这项研究。假释官布里奇斯访问了研究现场,要求提供吉姆的药检结果副本,并附上法庭命令。研究医生向布里奇斯警官公布吉姆的药物测试结果。
Immediately after having been administered study medication, a participant is having an allergic reaction at the research site. When the ambulance arrives, the study clinician provides to the paramedics the status of the participant’s emergent medical condition prior to transporting her to the hospital.
服用研究药物后,参与者立即在研究现场出现 过敏反应 。当救护车到达时,研究临床医生在将受试者送往医院之前向护理人员提供受试者的紧急医疗状况。
Feedback 1: How would you classify this scenario: Breach or No Breach? The correct response is No Breach. Study data may be disclosed for research purposes as long as the data shared is de-identified.
反馈1: 您如何对这种情况进行分类:违约还是无违约?正确的回答是没有违约。 只要共享的数据未被识别,研究数据可能会出于研究目的而披露 。
Feedback 2: How would you classify this scenario: Breach or No Breach? The correct response is No Breach. Information in a participant's medical record can be disclosed to people who need this information to perform duties related to the participant's diagnosis and treatment.
反馈2 :您如何对这种情况进行分类:违约还是无违约?正确的回答是没有违约。参与者病历中的信息可以披露给需要这些信息的人员,以 履行与参与者诊断和治疗相关的职责 。
Feedback 3: How would you classify this scenario: Breach or No Breach? The correct response is Breach. Clinical research staff may not disclose that a participant is enrolled in a study without either the consent of the participant or a court order along with a subpoena or other legal mandate.
反馈3 :您如何对这种情况进行分类:违约还是无违约?正确的回答是违约。临床研究人员不得披露未经参与者同意或法院命令以及传票或其他法律授权的参与者参与研究。
Feedback 4: How would you classify this scenario: Breach or No Breach? The correct response is Breach. A court order alone does not compel disclosure of confidential information. A subpoena or other legal mandate must be issued to compel disclosure.
反馈4 :您如何对这种情况进行分类:违约还是不违约?正确的回答是违约。 法院命令本身并不强制披露机密信息。必须发出传票或其他法律授权,以强制披露。
Feedback 5: How would you classify this scenario: Breach or No Breach? The correct response is No Breach. Information in a participant's medical record can be disclosed to people who need this information to perform duties related to the participant's diagnosis and treatment.
反馈5 :您如何对这种情况进行分类:违约还是不违约?正确的回答是没有违约。参与者 病历中的信息可以披露给需要这些信息的人员 ,以履行与参与者诊断和治疗相关的职责。
Ⅰ、Federal law and regulations protect the confidentiality of participant records. In addition, Federal law protects the confidentiality of identifiable health information for all research participants.
1、联邦法律法规保护参与者 记录的机密性 。此外,联邦法律保护所有研究参与者 可识别健康信息的机密性 。
Ⅱ、In general, all records of the identity, diagnosis, prognosis, or treatment of any person that are maintained in connection with alcohol or drug abuse prevention, education, training, treatment, rehabilitation, or research must be kept confidential.
2、一般而言, 所有与酗酒或吸毒预防、教育、培训、治疗、康复或研究有关的任何人的身份、诊断、预后或治疗记录都必须保密 。
Ⅲ、The regulations identify certain exceptions to the confidentiality requirements. Information in a participant's medical record can be disclosed:
i、To people performing duties related to the participant's diagnosis, treatment, or referral for treatment of alcohol or drug abuse.
ii、To law enforcement officers when the participant has committed, or threatened to commit, a crime on program premises or against program staff.
iii、When reporting suspected child abuse or neglect to state or local authorities.
iv、To medical personnel in a medical emergency.
v、For research purposes, with certain conditions.
vi、For management audits, financial audits, or program evaluation.
vii、If a participant is found to be at risk for suicide or if he or she makes a credible threat to harm another person.
viii、When the participant has a communicable disease that poses a risk to public health.
ix、When authorized by a court order.
x、When required by state law.
3、规定确定了保密要求的某些 例外情况 。参与者医疗记录中的信息可以披露:
(1)对履行与参与者 酗酒或吸毒诊断、治疗或转诊治疗有关职责 的人员。
(2)当参与者在项目场所或针对项目工作人员 实施威胁或实施犯罪 时,向执法人员报告。
(3)向州或地方当局报告 涉嫌虐待或忽视儿童 时。
(4) 医疗紧急 情况下的医务人员。
(5)为 研究目的 ,有一定条件。
(6)用于 管理审核 、 财务审核 或 项目评估 。
(7)如果参与者被发现有 自杀的危险 ,或者他或她做出了 伤害他人的可信威胁 。
(8)参与者患有 对公众健康构成威胁的传染病 。
(9)经 法院命令授权 时。
(10)当 州法律 要求时。
Ⅳ、If a program discontinues operation or is acquired by another program, there are certain medical record responsibilities that must be followed regarding the clinical records. Each site Principal Investigator must be aware of the procedures and retention period requirements for medical and study related records established by the sponsor and regulatory entities with oversight authority.
4、如果 一个项目停止运营或被另一个项目收购 ,则必须对临床记录履行一定的病历责任。每个现场主要研究人员必须了解申办方和监管机构制定的医疗和研究相关记录的程序和保留期要求。
Ⅴ、A Certificate of Confidentiality provides an additional level of protection for the privacy of participants involved in research studies.
5、 保密证书 为参与研究的参与者的隐私提供了额外的保护。
Ⅵ、Except under certain conditions, a researcher who has obtained a Certificate of Confidentiality cannot be compelled to identify research participants in any federal, state, or local civil, criminal, administrative, legislative, or other proceeding.
6、除非在某些条件下,否则 不得强迫获得保密证书的研究人员 在任何 联邦、州 或 地方民事、刑事、行政、立法或其他程序中 确定研究参与者的身份。
Ⅶ、Participants must be told that a research project has been granted a Certificate of Confidentiality.
7、必须 告知参与者某项研究项目已获得保密证书 。
Ⅷ、The HIPAA Privacy Rule protects all individually identifiable health information that is held or transmitted by covered entities and their business associates. The information may be in any form (e.g., paper, electronic, oral). The Privacy Rule calls this information protected health information (PHI). A covered entity may not use or disclose PHI except as permitted or required by the Privacy Rule.
8、 HIPAA隐私规则 保护受保实体及其业务伙伴持有或传输的所有个人可识别健康信息。信息可以是任何形式(例如,纸质、电子、口头)。 隐私规则称此信息为受保护的健康信息(PHI) 。受保实体不得使用或披露PHI,除非隐私规则允许或要求。
Ⅸ、Covered entities may use or disclose the “minimum necessary” amount of PHI to or among themselves, without the individual's authorization, for purposes of treatment, payment, and health care operations.
9、被覆盖实体可以在未经个人授权的情况下,为 治疗、支付和医疗保健操作目的 ,向个人或相互之间使用或披露“最低必要”PHI。
Ⅹ、PHI may be disclosed for research purposes when the disclosure is authorized by the research participant. Authorization for disclosures is obtained routinely from participants during the informed consent process. Treatment programs do not need to keep track of disclosures that are authorized by the participant.
10、当研究参与者授权披露时,可出于研究目的披露PHI。在知情同意过程中,披露授权通常从参与者处获得。 治疗计划不需要跟踪参与者授权的披露 。
Ⅺ、Health information that has been de-identified by the removal of all elements that could identify an individual is no longer considered PHI and is not subject to the Privacy Rule.
11、通过 删除可能识别个人的所有元素而取消识别的健康信息 不再被视为PHI,不受隐私规则的约束。
