1. Who must comply with the HIPAA Privacy Rule?

2. What is a covered entity?

3. What is protected health information (PHI)?

4. As a site that sees patients as well as research subjects, am I covered under HIPAA?

5. As a site that only conducts research, am I covered under HIPAA?

6. What is a hybrid entity?

7. What is de-identified data?

8. Does HIPAA have a provision for tracking de-identified data?

9. How does HIPAA affect study subject Informed Consent documents?

10. What are the elements that must be included in the authorization agreement?

11. Does HIPAA require changes in the informed consent interview process?

12. Can study subjects withdraw from the study without exercising their right of formal Revocation of Authorization under HIPAA?

13. Must all subjects be re-consented with HIPAA-compliant wording after the compliance date, April 14, 2003?

14. Is recruitment of research subjects considered marketing or a health care operation under HIPAA?

15.  May a physician discuss a research study with his/her patients without first obtaining permission under the HIPAA Privacy Rule?

16.  How does the provision for "review preparatory to research" help a researcher recruit study subjects?

17.  Do research study sites need to have a Business Associate Agreement with the IRB?

18.  What is a Data Use Agreement?

19.  What is a Limited Data Set (LDS)?

20.  What are the elements of a LDS?

21.  What happens when a subject cannot provide consent on his/her own behalf but has a caregiver, relative or another person who has the formal authority to do so?

22.  Does HIPAA require anything different in reporting Adverse Events and Serious Adverse Events to the IRB?

23.  Does HIPAA affect reporting of Adverse Events and Serious Adverse events to FDA?

24.  How does HIPAA affect reporting of adverse events of a study to the sponsor?