Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA 02199 617-239-0585.

Slides:



Advertisements
Similar presentations
Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.
Advertisements

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.
Informed Consent and HIPAA Tim Noe Coordinating Center.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Health Insurance Portability and Accountability Act (HIPAA)
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
Health Insurance Portability and Accountability Act (HIPAA)
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA and Research Basics for IRB Tim Atkinson Director, Research and Sponsored Programs Director, Institutional Review Board Research Privacy Officer.
HIPAA – How Will the Regulations Impact Research?.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
H I P A A T R A I N I N G Self Directed Module 7 Research Disclosures For Data Custodians START Click to begin…
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
HIPAA Privacy The Morning After Panel What do we do now? William R. Braithwaite, MD, PhD (moderator) Washington, DC Ross Hallberg, Corporate Compliance.
1 Role of the Privacy Officer on the IRB Stephania H. Griffin, RHIA, CIPP/G VHA Privacy Officer.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?
Health Insurance portability and Accountability Act (HIPAA)‏
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
The Medical College of Georgia HIPAA Privacy Rule Orientation.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA Administrative Simplification
Introduction to Clinical Trials: Documents and Processes
Disability Services Agencies Briefing On HIPAA
HIPAA Pros - Minimum Necessary
The HIPAA Privacy Rule and Research
Making Your IRBs and Clinical Investigators HIPAA-Ready
Presentation transcript:

Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA April 8, 2005 On the Frontier of Science and On the Edge of HIPAA

2 HIPAA Provisions under which Biotech / Life Sciences Issues Arise n HIPAA provider coverage? n Business Associate applicability? n Authorizations – unspecified research n Research data bases n Accounting for research disclosures n Clinical studies in E.U. – HIPAA interface

3 Medical Device / Testing Companies – Covered Entities? n May be “health care provider” under broad HIPAA definition n Most don’t engage in electronic standard transactions n Some may unwittingly send claims, insurance or related s n If so, possible HIPAA coverage n Not all ask right questions of right people l To properly determine status If covered, then what? n Privacy notices, etc. n To whom?

4 Are Clinical Researchers / Sponsors or CRO’s Business Associates? n Generally “research” not a BA function performed for covered entities n “We’re not a BA” letter n BA’s often negotiated l Business clout n If researcher / sponsor also provides l Quality assurance, or l Data processing services for covered entity u De-identifying records, or u Creating limited data sets l Then researcher / sponsor is BA n Researcher / sponsor – document in CTA that no BA-triggering services provided

5 Sponsors Generally Not Covered Entity or BA No HIPAA concerns, then, right? Not so fast... n Sites will and should impose handling restrictions in CTA’s n Some sites impose informed consent confidentiality limitations l Blending with HIPAA standards, on researchers / sponsors and “downstream” l Restricts marketing use

6 Sponsors Generally Not Covered Entity or BA n Confidentiality agreement OK, but modify agreements l To specifically allow u For monitoring services, and u Other purposes in HIPAA-compliant patient authorization n Other agreement “pass-throughs” l Reps and warrantees, indemnity language n Researchers / sponsors – rigorous privacy policies / practices that approximate those of HIPAA l HIPAA treated as de facto standard of care u State law invasion of privacy claims

7 Authorizations – Future Unspecified Research n HIPAA authorizations for research l Can broadly cover patient’s entire medical record l Can broadly cover classes or persons to whom and by whom PHI can be used / disclosed l Under “purpose” element, u “Each purpose” must be specified u Valid authorization for unspecified studies s Virtually impossible under HIPAA s Registry or database for unspecified future research – OK

8 Research Databases under HIPAA n Database – separate purpose from primary protocol n Must be specifically authorized l In protocol authorization or l In separate subsequent authorization n If database maintained by covered entity l Future disclosures must be pursuant to new authorization n If database disclosed to sponsor l Generally outside HIPAA

9 IRB Waivers and Future Researcher Follow Up with Participants If IRB Waiver n Researcher free to use PHI for current research n New, specific waiver necessary l Before researcher can contact study participants about new study

10 Accounting for Research Disclosures n NEED NOT be accounted for where l Disclosed under authorization l Disclosed in limited data set form u Needs data use agreement n MUST be accounted for upon individual request where disclosed pursuant to IRB waiver n Less detailed accounting: Where covered entity discloses records of  50 individuals under IRB waiver during requested accounting period

11 Coming HIPAA Attractions: Clinical Studies Abroad and Outsourcing E.U. Model different – no HIPAA statute but broader data laws n E.U. Data Protection laws l Each E.U. country n Consent necessary for medical data use (sensitive data) l Specific use, purpose, etc. l English or in local language? n Data transfer out of E.U. country to U.S. l Consent to transfer – different from consent to use / collect l Data protection model clauses / agreements l U.S. Safe Harbor

12 Who Follows Up on E.U. Branch Office or E.U. Consents? n Some companies not aware of or abide by these laws n Risk to studies? n Sometimes requires explanation of importance n E.U. clinical directive Is foreign medical PHI subject to HIPAA when transferred to U.S. HIPAA covered entity? n Telemedicine n Medical records of E.U. resident sent to U.S.

13 Outsourcing of HIPAA Data Processing Overseas n Canada, India, Pakistan, Philippines n Medical transcription services n Pakistan case – multiple contractors to HIPAA covered entity n Rep. Markey letter to HHS n Possible outsourcing amendments to HIPAA

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.