CITI IRB (Conflicts of Interest & Basics of Info Security)
Security measures are sometimes described as a combination of physical, technical, and administrative (PTA) safeguards. Which of these would be considered a technical safeguard?
Measures including device data encryption, anti-malware software, and communications encryption.
A researcher calls you stating that he plans to submit a proposal to the NIH for a human subjects research study. He wants to know at what point he and his study team must submit COI disclosures to comply with the PHS regulation.
No later than the time of proposal submission
Which of these is not generally a good practice for fax machine use?
Sensitive faxes -- inbound or outbound -- are left sitting in or around the machine.
The COI management plan aims to:
Provide procedures or extras steps to be taken to minimize the risk of bias when a COI is disclosed
An example of a COI is:
An industry sponsor pays for the construction of a new research laboratory at the organization
The FDA regulations governing disclosure of individual COIs require:
Applicants submitting marketing applications to disclose financial COIs of researchers who conducted clinical studies.
During an Institutional Review Board (IRB) meeting, an IRB member who may have a potential COI with a study under review should:
Disclose their potential COI and may answer questions, but recuse themselves from voting
A researcher's membership on an advisory board with an organization sponsoring research can create a COI because:
It may be difficult for the researcher to appear neutral, as the researcher may have an interest in the research's success
The peer review process can create conflicts of interest because the choice of who reviews a potentially publishable project may show:
There may be bias by the peer reviewer as to the area of research
Which of these is not a good practice for physical security?
To preserve good customer relations, visitors are generally allowed access to all areas of a facility unless it appears they are doing something suspicious.
What is the term for management controls that are build in to a research study (for example, independent data analysis)?
Inherent controls
Which of these is generally not a good practice with respect to oral communications (that is, talking) in organizations like healthcare facilities?
Use of full names in public areas or on intercom/paging systems, because there is no security issue with identifying persons in public areas and using full names helps avoid misidentification.
Which of these is not generally a good practice for telephone use?
Using voicemail systems and answering machines that do not require a password or PIN for access.