A researcher conducting behavioral research collects individually identifiable sensitive information about illicit drug use and other illegal behaviors by surveying college students. The data are stored on a laptop computer without encryption, and the laptop computer is stolen from the researcher’s car on the way home from work. This is an unanticipated problem that must be reported because the incident was (a) unexpected (in other words, the researchers did not anticipate the theft); (b) related to participation in the research; and (c) placed the subjects at a greater risk of psychological and social harm from the breach in confidentiality of the study data than was previously known or recognized. According to OHRP, this unanticipated problem must be reported to the IRB in which timeframe? Within two weeks Promptly Within 48 hours Within 24 hours

Which of the following constitutes both a breach of confidentiality (the research data have been disclosed, counter to the agreement between researcher and subjects) and a violation of subjects’ privacy (the right of the individuals to be protected against intrusion into their personal lives or affairs)? A researcher, who is a guest, audio-records conversations at a series of private dinner parties to assess gender roles, without informing participants. In order to eliminate the effect of observation on behavior, a researcher attends a support group and records interactions without informing the attendees. A faculty member makes identifiable data about sexual behavior available to graduate students, although the subjects were assured that the data would be de-identified. A researcher asks cocaine users to provide names and contact information of other cocaine users who might qualify for a study.

Which ethical principle describes safeguarding personal information from unauthorized use?1 pointHonestyPrivacy protection Incident investigationNon-bias

Which of the following BYOD risks can emerge by intentional misuse of the corporate data stored on mobile devices?Group of answer choicesLost or stolen devicesSharing confidential data on an unsecured networkDisgruntled employeesInfrastructure issuesNext

Question 1An investigator obtains consent and HIPAA authorization from subjects to review their medical records and HIV status. She plans to go back to the medical record, so the HIV status information is stored along with subject identifiers in a database that she keeps on her laptop computer. What are some safeguards she could use to protect subject privacy and data confidentiality? Having multi-factor authentication on her laptop to prevent others from accessing her device Using data encryption and storing data on a secure cloud environment, not on her laptop Storing her laptop in a secure, locked environment when not using it All of the aboveQuestion 2In order to grant a waiver or alteration of the requirements of informed consent, an IRB must find which of the following: The research plan includes a data safety monitoring board. The research could not practicably be carried out without the waiver of consent. The research involves benefit to the subjects. The research plan includes data from individuals no longer living.Question 3A researcher wants to conduct a secondary analysis using a Centers for Disease Control and Prevention (CDC) database that was collected by the agency solely for surveillance purposes from 1996-2006. The researcher did not participate in the initial collection of the data. The database is publicly available. The database does not include any identifiers. The IRB makes a determination that the individuals whose records will be reviewed do not meet the federal definition of human subjects.Which of the following considerations was relevant to the IRB's determination that this activity does not constitute research with human subjects? The database reflects data collected originally for surveillance purposes. The data was collected between 1996-2006. The CDC is a federal agency. The researcher will not be interacting/intervening with subjects and the data has no identifiers.Question 4An investigator obtains consent and HIPAA authorization from subjects to review their medical records and HIV status. He plans to go back to the medical record, so the HIV status information is stored along with subject identifiers in a database that he keeps on his laptop computer. His laptop is stolen. This incident constitutes: A breach of confidentiality An invasion of privacy A FERPA violation All of the above None of the above

Which Act makes it a crime for unauthorized persons even to view—let alone copy or damage—data using any computer across state lines?