What is required by HIPAA for the use and disclosure of protected health information (PHI), unless waived by the IRB or privacy board?

The requirement specified by HIPAA is that protected health information (PHI) cannot be used or disclosed without obtaining the individual's authorization, particularly for purposes relating to clinical investigations. This is particularly relevant in research contexts where PHI may be necessary to conduct studies involving human subjects.

In clinical investigations, there are specific privacy protections in place to ensure that participants' sensitive information is handled appropriately. Unless a research study qualifies for certain exemptions, such as those granted by an Institutional Review Board (IRB) or a privacy board, obtaining patient authorization is crucial to maintain compliance with HIPAA regulations and protect individuals' rights. This ensures that participants are informed about how their health information will be used and that they have control over its release.

Other options may involve circumstances where PHI is used in valid contexts, but they do not align with the specific requirements for research purposes under HIPAA as explicitly stated in the context of clinical investigations. Hence, the emphasis on obtaining patient authorization specifically for clinical investigation purposes is vital in safeguarding individuals' privacy while complying with legal standards.