REDCap and Vanderbilt’s Human Research Protection Program (VHRPP)

Slides:

Advertisements

Similar presentations

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

Advertisements

Ann Johnson IRB Administrator, IRB Member. Objectives 1. Identify the components necessary for management and oversight of tissue repositories used for.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

HIPAA Regulations What do you need to know?.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

The Institutional Review Board. What is an IRB? An IRB is committee set up by an institution to review, approve, and regulate research conducted under.

Complying with Privacy to Enable Innovation & Research

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Research Involving Human Subjects Review of Risk and Protection from Harm.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

Informed Consent and HIPAA Tim Noe Coordinating Center.

Privacy vs. Confidentiality Presentation for IRB Members.

2012 VA IRB Administrators Meeting Stephania H. Griffin, JD, RHIA, CIPP/G VHA Privacy Officer Director, Information Access and Privacy Privacy Officer.

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

2011 SECURITY REFRESHER Information Security. Agenda HIPAA Update Encryption Overview Mobile Phones and Tablets Cameras USB Drives ing Patient Information.

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.

ORO Reviews: Frequent Findings Related to IRBs Bob Brooks Associate Director Research Compliance Education and Policy VHA Office of Research Oversight.

1 Defense Health Agency Privacy and Civil Liberties Office HIPAA Privacy Board Overview August 6, 2015.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.

Privacy and Information Management ICT Guidelines.

Federal Trade Commission required to issue and enforce regulations concerning children’s online privacy. Initial COPPA Rule effective April 21, 2000;

HIPAA BASIC TRAINING MODULE 1C – Overview (For staff who do not generally create Protected Health Information) Anderson Health Information Systems, Inc.

Imagine a health system that focuses on health, not just health care. Imagine a sustainable health system with one goal: to improve the lives of the people.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.

Office of Research Oversight 1 Core Responsibilities for Human Research Protection Research Compliance Officers Robert Brooks, MD, PhD, MBA Associate Director,

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Western Asset Protection

Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.

1 Role of the Privacy Office in VA Research Stephania H. Putt VHA Privacy Officer.

HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.

TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES #10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to.

Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance.

Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

Technology & Private Practice: Understanding the Legal & Ethical Challenges Bianca Puglia, Ph.D., LPC, NCC/Puglia Counseling Services Panagiotis Markopoulos,

Board of Directors – March 24, 2016 Denise Mannon, AHFI, CHPC Corporate Compliance Officer.

PHASE II OF HIPAA AUDIT PROGRAM June 2016 Presented by John P. Murdoch II, Esq. of Wilentz, Goldman & Spitzer, P.A. Two Industrial Way West Two Industrial.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.

Installation and Maintenance of Health IT Systems System Security Procedures and Standards Lecture a This material Comp8_Unit6a was developed by Duke University,

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Protecting PHI & PII 12/30/2017 6:45 AM

Top Compliance Topics.

Privacy & Information Security Basics

East Carolina University

Stephanie Oppenheimer, MS SUCCESS Center Erica Ellington, CRA, CHRC

Use of BMC Patient Information Privacy & Security

Regulatory Compliance

Contingent Workforce: Global Privacy Laws Overview

By: Eamon Callahan and Wilston Johnston

Refuah Community Health Collaborative (RCHC) PPS

Overview of Changes to the Common Rule

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Disability Services Agencies Briefing On HIPAA

COMPANY NAME  PRIVACY & DATA SECURITY NEWSLETTER  FEBRUARY 2013

Informed Consent (SBER)

Confidentiality Agreement

Move this to online module slides 11-56

School of Medicine Orientation Information Security Training

Presentation transcript:

REDCap and Vanderbilt’s Human Research Protection Program (VHRPP)

Overview of VHRPP uses for REDCap What is important to the IRB in terms of data storage and security? Committees’ Charge with regard to protection of data and how REDCap impacts that role. Confidentiality issues surrounding data collection and the protection of that data. Routine collaboration between VHRPP and Office of Research Informatics involving other projects such as Dynamic Data Pull (DDP), E-Consent, Research Derivative (RD).

Why does VHRPP care about data storage and security? VHRPP supports the work of the IRB and provides HRPP Oversight. VHRPP serves as the privacy board for research which means All research data should be used, stored, and/or disclosed according to HIPAA regulations. Adequate privacy measures to maintain confidentiality of research participants and their data.

How REDCap impacts the Committees’ reviews Vanderbilt IRB Considerations REDCap Web application specifically designed to support data capture of research studies Allows users to build and manage online surveys/databases securely Compliance with HIPAA standards and 21 CFR Part 11 Password protected Secure Data storage

Unencrypted Laptops/Mobile Devices and potential consequences Concentra Health Services Theft of an unencrypted laptop from their facility Encryption was in process but not complete. Concentra agreed to pay HHS Office of Civil Rights (OCR) $1,725,000 to settle potential violations and a corrective action plan. QCA Health Plan, Inc. Theft of unencrypted laptop containing ePHI of 148 individuals stolen from staff member’s car. Lack of compliance with HIPAA privacy rule QCA agreed to pay $250,000 with ongoing compliance reporting and education for staff.

What could really happen to my research data? VHRPP has received reports over the years of lost/stolen mobile devices. Flash drive dropped down an elevator shaft. Flash drive lost on a beach while researcher was on vacation. Stolen laptop that contained unencrypted data.

Ongoing collaboration for a number of other projects. Committee Education when requested E-consent model developed with RSS and managed through REDCap. Dynamic Data Pull Research Derivative IRB Wizard Application

Sources (News: Stolen laptops lead to important HIPAA settlements, 2016) HRPP Policy X.A. and X.A.1.

Questions? For more information, contact our office at 615-322-2918 or visit our website at https://www4.vanderbilt.edu/irb/