Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance.

Slides:

Advertisements

Similar presentations

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.

Advertisements

Ann Johnson IRB Administrator, IRB Member. Objectives 1. Identify the components necessary for management and oversight of tissue repositories used for.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

Criteria For Approval 45 CFR CFR Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

HIPAA Regulations What do you need to know?.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Recently Issued OHRP Documents: Guidance on Subject Withdrawal and Draft Revised FWA Secretary’s Advisory Committee on Human Research Protections October.

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

Informed Consent and HIPAA Tim Noe Coordinating Center.

IRB Monthly Investigator Meeting Columbia University Medical Center IRB October 11, 2005.

Human Investigation Committee  Is it research?  If yes, does it involve human subjects?  If yes, can it be exempt?  If no, will a Request for.

Health Insurance Portability and Accountability Act (HIPAA)

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.

Help us Help you: IRB Policy Updates Susan Bankowski, MS, JD IRB Chair.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA

Compliance with FDA Regulations: Collecting, Transmitting and Managing Clinical Information Dan C Pettus Senior Vice President iMetrikus, Inc.

Office of the Secretary Office for Civil Rights (OCR) The HITECH NPRM: Overview of Research Comments October 19, 2010 Christina Heide, JD HHS Office for.

Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Understanding HIPAA (Health Insurandce Portability and Accountability Act)

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Institutional Review Board Issues for Classroom Research Sharon McWhorter IRB Administrator, The University of Akron (With assistance from Phil Allen,

Snowe Amendment to the Wired Act William F. Pewen, Ph.D., M.P.H. Office of Senator Olympia J. Snowe, ME (202)

Integrating a Federated Healthcare Data Query Platform With Electronic IRB Information Systems Shan He IPHIE 2010.

Health Insurance portability and Accountability Act (HIPAA)‏

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

What Institutional Researchers Should Know about the IRB Susan Thompson Senior Research Analyst Office of Institutional Research Presented at the Texas.

CUNY Human Research Protection Program (HRPP) School of Professional Studies April 18, 2013

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.

Human Specimen Repositories Requirements of 21 CFR Parts 50 & 56 PRIM & R May 5, 2004 Sally A. Hojvat, Ph.D. Director of Microbiology Devices Office of.

Human Subjects Update E. Wethington, Chair, UCHS.

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

The Medical College of Georgia HIPAA Privacy Rule Orientation.

HIPAA and RESEARCH 5 th Thursday May 31, Page 2.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

HIPAA 2017 JHSPH IRB Clarifications and Changes

Privacy & Information Security Basics

What’s Top Secret and What’s Just Secret?

The HIPAA Privacy Rule: Implications for Medical Research

Refuah Community Health Collaborative (RCHC) PPS

Disability Services Agencies Briefing On HIPAA

Current Privacy Issues That May Affect Your Credit Union

The HIPAA Privacy Rule and Research

Secondary Research with Identifiable Information and Biospecimens

Informed Consent (SBER)

Making Your IRBs and Clinical Investigators HIPAA-Ready

Research Compliance: The Research/Privacy Nexus

Research with Human Subjects

Presentation transcript:

Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance Officer HealthTronics Inc. American Society for Experimental NeuroTherapeutics | 15 th Annual Meeting

Disclosure HealthTronics Inc. and Endo Health Solutions Inc. American Society for Experimental NeuroTherapeutics | 15th Annual Meeting Type of Financial Relationship: Employment/Workforce Member

Learning Objectives Identify and obtain a general overview of the federal and state privacy laws that may apply to research and clinical trial activities, including on-line trials; Understanding the differences between privacy and security law application to persons/entities involved in the trials/research; Identify means of complying with key privacy and security laws and mitigating privacy risks that can arise. American Society for Experimental NeuroTherapeutics | 15th Annual Meeting

Disclaimer This presentation is provided for informational purposes only and is not intended and should not be construed to constitute legal advice. Please consult your own counsel and/or privacy officer in connection with any questions regarding, or any fact-specific situations under, local, state and/or federal laws and regulations. ©2012 HealthTronics, Inc. All rights reserved. 4

Landscape of Federal Laws and Regulations Affecting Privacy in Research –FDA Requirements –Patient Safety Quality Improvement Act (PSQIA) –HIPAA/HITECH and the new “Omnibus Rule” –Genetic Information Nondiscrimination Act (GINA) –The “Common Rule” –FTC – Red Flag Rule; Personal Health Records –The Privacy Act of 1974 ©2012 HealthTronics, Inc. All rights reserved. 5

State Privacy and Security Laws –State laws have broader coverage/scope than HIPAA and other federal privacy laws. –State laws have separate privacy and security requirements. The security requirements often cover PII, not just PHI. –State laws can be very restrictive on use of PHI in marketing uses and sales. The terms “marketing” and “sale” can be defined very broadly. –State laws can provide steep fines and penalties, and private rights of actions for security breaches. –States may have additional requirements for patient authorizations. –States are developing rules specific to mobile applications.

State Privacy and Security Laws - Examples  California  Mobile applications  Security breach requirements  Texas  Broad Covered Entity definition  Separate security/breach requirements  Massachusetts  201 CMR ©2012 HealthTronics, Inc. All rights reserved. 7

–Recruitment for trials –Consents/authorizations –Security of data –Communications –Privacy statements and representations –Secondary uses ©2012 HealthTronics, Inc. All rights reserved. 8 Privacy and Security Concerns in Clinical Trial Activities

Use of Social Media in Clinical Trial Activities ©2012 HealthTronics, Inc. All rights reserved. 9  Use in recruitment  Third-party websites and third-party web-based applications and tools are technologies that a sponsor/investigator will not own, operate or exclusively use or control.  Do you know how these sites or platforms will work?  If information from users will be collected through interaction on a social networking site, does the site/application address how privacy will be maintained?  What types of data and from whom?  Vulnerable populations?  Sensitive information?  Identification of participants?  Who stores the data and where?  Who has access?  Who will monitor?

Use of Social Media in Clinical Trial Activities  How will participants understand the degree to which information may be collected, transmitted, viewed or shared? What is their expectation of privacy? What is the person’s right to control access to his/her information?  Does your recruitment plan address this?  Remember that recruitment using social media may still be subject to protection of human subject regulations at 45 CFR Part 46 (Common Rule), and 21 CFR Part 56 (FDA).  These regulations require IRB review and approval of certain covered research;  OHRP Guidance notes: “Some clinical trial websites ask viewers to answer questions regarding eligibility for a specific clinical trial. If identifiable private information is collected via the clinical trial website, the IRB should review plans for protecting the confidentiality of that information. The IRB should ensure that the website clearly explains how identifiable private information might be used.” ©2012 HealthTronics, Inc. All rights reserved. 10

Use of Social Media in Clinical Trial Activities  Use in communications  Sending communications during trials – use of mobile devices and mobile applications.  Study reminders  Visit requirements  Privacy and Security of mobile apps.  California  FTC  Considerations through all phases of the trial  What is the process for handling a security or privacy breach?  Due to the real-time nature of social media, it’s important to address privacy issues at the front end. ©2012 HealthTronics, Inc. All rights reserved. 11

Patient/Subject Considerations  Privacy policies  Terms of service  Identification and re-identification Issues  Storage and transmission of data – encryption and other security measures  Consents/authorizations  Content and verification  Waivers  Documentation and retention  How informed is the subject? Have you acquired legally-effective informed consent? Static or on-going process?  OHRP FAQ and Guidance  Regulatory requirements (45 CFR ; 21 CFR part 50)  State law requirements  Belmont Report  HIPAA ©2012 HealthTronics, Inc. All rights reserved. 12

Recent HIPAA Changes Affecting Research  The Privacy Rule prohibited “compound authorizations”. For example, this prohibited Covered Entities from obtaining a single authorization for the use or disclosure of PHI for a research study that included both treatment as part of a clinical trial and tissue banking of specimens collected.  Under the new “Omnibus” Rule, a Covered Entity will be allowed to combine conditioned and unconditioned authorizations for research, so long as the authorization clearly differentiates between the conditioned and unconditioned components and clearly allows the subject to “opt- in” to the unconditioned research component/activities.  HHS intends this change to allow for the use of compound authorizations for any type of research activities (except research that involves the use or disclosure of psychotherapy notes). ©2012 HealthTronics, Inc. All rights reserved. 13

Impact on Clinical Care and Practice Privacy and security are important considerations throughout all aspects of a clinical trial. Use of social media makes privacy and security considerations more complex. Privacy and security must be addressed prospectively and continually. Providing truly informed consent requires consideration of the privacy and security implications and articulating them in a way that the subjects can understand and appreciate all the risks.