Confidentiality in medical research MCQs With Answer

Introduction: Confidentiality in medical research MCQs With Answer is designed for M.Pharm students to build a strong foundation in protecting participant information during clinical and pharmaceutical research. This set covers core principles such as privacy, confidentiality, anonymity, pseudonymization, informed consent, legal frameworks, data security, and exceptions to confidentiality. Each multiple-choice question is crafted to deepen understanding of practical and ethical scenarios encountered in research, regulatory expectations, and institutional responsibilities. Regular practice with these MCQs will help students apply theoretical knowledge to real-world situations, prepare for examinations, and promote ethically sound research conduct.

Q1. What is the primary ethical justification for maintaining confidentiality in medical research?

• To comply with institutional policies only
• To protect participants’ privacy and promote trust
• To prevent researchers from sharing data with peers
• To avoid data loss during analysis

Correct Answer: To protect participants’ privacy and promote trust

Q2. Which of the following best distinguishes anonymity from confidentiality in research?

• Anonymity means identifiers are stored separately; confidentiality means data are never collected
• Anonymity means the identity of participants is never known; confidentiality means identity is known but protected
• Anonymity and confidentiality are interchangeable terms
• Anonymity requires written consent; confidentiality does not

Correct Answer: Anonymity means the identity of participants is never known; confidentiality means identity is known but protected

Q3. Which measure is an example of pseudonymization?

• Removing all demographic variables from the dataset
• Replacing participant names with unique codes while keeping a key file separately
• Publishing full identifiers in a locked cabinet
• Encrypting the primary database with no key stored

Correct Answer: Replacing participant names with unique codes while keeping a key file separately

Q4. Under GDPR and similar data protection laws, which principle requires that only data necessary for the research purpose be collected?

• Accountability
• Purpose limitation
• Data minimization
• Storage limitation

Correct Answer: Data minimization

Q5. Which of the following is a valid exception to maintaining confidentiality in medical research?

• Sharing participant names with other researchers for secondary analysis without consent
• Disclosing identifiable data to protect a participant or public from significant harm
• Publishing identifiable case studies to highlight rare outcomes without consent
• Using participant data for a commercial purpose without informing them

Correct Answer: Disclosing identifiable data to protect a participant or public from significant harm

Q6. What is the role of the Institutional/Independent Ethics Committee (IEC/IRB) regarding confidentiality?

• To create encryption software for researchers
• To review and approve plans for data confidentiality and participant protections
• To publicly list participant identities for transparency
• To supervise laboratory procedures only

Correct Answer: To review and approve plans for data confidentiality and participant protections

Q7. Which technical control most directly prevents unauthorized remote access to research data?

• Physical locks on office doors
• Role-based access control and strong authentication
• Keeping data on a researcher’s personal laptop without backup
• Storing printed reports in an unlocked drawer

Correct Answer: Role-based access control and strong authentication

Q8. When sharing de-identified datasets publicly, which residual risk must researchers still consider?

• That de-identification eliminates all re-identification risk
• That combination with other datasets could re-identify individuals
• That public sharing prevents any secondary research uses
• That de-identified data require no governance

Correct Answer: That combination with other datasets could re-identify individuals

Q9. In an informed consent form, how should confidentiality be described to participants?

• Vaguely, using technical legal terms only
• Clearly, including who will access data, how it will be protected, and limits to confidentiality
• Not mentioned, as it is implied by participation
• As a guarantee that no one will ever see their data

Correct Answer: Clearly, including who will access data, how it will be protected, and limits to confidentiality

Q10. Which document is commonly used to formalize data sharing and confidentiality obligations between collaborating institutions?

• Material Transfer Agreement
• Data Transfer Agreement (or Data Use Agreement)
• Recruitment brochure
• Publication authorship list

Correct Answer: Data Transfer Agreement (or Data Use Agreement)

Q11. What is a key difference between encryption and access control as confidentiality tools?

• Encryption is a physical control; access control is a legal policy only
• Encryption protects data at rest or in transit by transforming it; access control limits who can view or modify data
• Access control prevents hacking without authentication; encryption is irrelevant
• They are identical techniques with different names

Correct Answer: Encryption protects data at rest or in transit by transforming it; access control limits who can view or modify data

Q12. Which practice aligns with the principle of storage limitation in research data management?

• Retaining all raw data indefinitely on active servers
• Keeping only metadata and securely destroying identifiable data after retention period
• Publishing participant identifiers to ensure transparency
• Copying datasets to multiple unsecured devices

Correct Answer: Keeping only metadata and securely destroying identifiable data after retention period

Q13. A researcher finds an unexpected adverse event with potential legal implications. What should they consider regarding participant confidentiality?

• Immediately posting full details online to alert others
• Reporting to regulatory authorities while disclosing only necessary identifiers according to law
• Never reporting the event due to confidentiality
• Sharing participant contact details with media for follow-up

Correct Answer: Reporting to regulatory authorities while disclosing only necessary identifiers according to law

Q14. Which of the following best describes ‘privacy’ as distinct from ‘confidentiality’ in research ethics?

• Privacy concerns data storage; confidentiality concerns consent documents
• Privacy relates to individuals’ control over personal information; confidentiality concerns duties to protect information shared
• They are exact synonyms with no practical difference
• Privacy refers only to physical examinations; confidentiality refers only to electronic data

Correct Answer: Privacy relates to individuals’ control over personal information; confidentiality concerns duties to protect information shared

Q15. Which action is most appropriate when planning secondary use of identifiable data collected in a prior study?

• Assume past consent covers all future uses
• Seek additional consent or ensure lawful basis and ethics approval for secondary use
• Share the data immediately with industry partners without review
• Delete all identifiers and proceed with publication without oversight

Correct Answer: Seek additional consent or ensure lawful basis and ethics approval for secondary use

Q16. What is the recommended response when a data breach exposing identifiable participant data is discovered?

• Ignore it to avoid institutional attention
• Contain the breach, notify authorities and affected participants per regulations, and remediate security gaps
• Publicize the breach details to warn the community
• Ask participants to re-sign consent forms retroactively

Correct Answer: Contain the breach, notify authorities and affected participants per regulations, and remediate security gaps

Q17. In multi-center clinical trials, which practice helps maintain confidentiality across sites?

• Using a central coded identifier system and secure transfer protocols
• Allowing each site to publish participant names for recruitment
• Sharing paper files by regular mail without tracking
• Granting all site staff full access to all participant records globally

Correct Answer: Using a central coded identifier system and secure transfer protocols

Q18. Which element should be included in a confidentiality clause for research staff?

• A statement that confidentiality only applies when convenient
• Clear obligations on nondisclosure, permitted access, sanctions for breach, and duration of obligations
• An instruction to freely share data with students
• No mention of penalties to maintain team harmony

Correct Answer: Clear obligations on nondisclosure, permitted access, sanctions for breach, and duration of obligations

Q19. What is ‘re-identification risk assessment’ in the context of releasing de-identified research datasets?

• An evaluation of whether de-identified data can be matched back to individuals given available external data
• A test to ensure identifiers were destroyed physically
• A survey of participants’ willingness to share names publicly
• An audit of publication authorship only

Correct Answer: An evaluation of whether de-identified data can be matched back to individuals given available external data

Q20. Which policy most strongly supports long-term confidentiality in electronic health research databases?

• Allowing unrestricted database exports to personal devices
• Implementing regular access audits, encryption, role-based permissions, and formal data governance
• Keeping a single generic password shared among researchers
• Disabling logging to improve performance

Correct Answer: Implementing regular access audits, encryption, role-based permissions, and formal data governance

Download