Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance.

Published byEmil Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance."— Presentation transcript:

1 Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance Officer HealthTronics Inc. American Society for Experimental NeuroTherapeutics | 15 th Annual Meeting

2 Disclosure HealthTronics Inc. and Endo Health Solutions Inc. American Society for Experimental NeuroTherapeutics | 15th Annual Meeting Type of Financial Relationship: Employment/Workforce Member

3 Learning Objectives Identify and obtain a general overview of the federal and state privacy laws that may apply to research and clinical trial activities, including on-line trials; Understanding the differences between privacy and security law application to persons/entities involved in the trials/research; Identify means of complying with key privacy and security laws and mitigating privacy risks that can arise. American Society for Experimental NeuroTherapeutics | 15th Annual Meeting

4 Disclaimer This presentation is provided for informational purposes only and is not intended and should not be construed to constitute legal advice. Please consult your own counsel and/or privacy officer in connection with any questions regarding, or any fact-specific situations under, local, state and/or federal laws and regulations. ©2012 HealthTronics, Inc. All rights reserved. 4

5 Landscape of Federal Laws and Regulations Affecting Privacy in Research –FDA Requirements –Patient Safety Quality Improvement Act (PSQIA) –HIPAA/HITECH and the new “Omnibus Rule” –Genetic Information Nondiscrimination Act (GINA) –The “Common Rule” –FTC – Red Flag Rule; Personal Health Records –The Privacy Act of 1974 ©2012 HealthTronics, Inc. All rights reserved. 5

6 State Privacy and Security Laws –State laws have broader coverage/scope than HIPAA and other federal privacy laws. –State laws have separate privacy and security requirements. The security requirements often cover PII, not just PHI. –State laws can be very restrictive on use of PHI in marketing uses and sales. The terms “marketing” and “sale” can be defined very broadly. –State laws can provide steep fines and penalties, and private rights of actions for security breaches. –States may have additional requirements for patient authorizations. –States are developing rules specific to mobile applications.

7 State Privacy and Security Laws - Examples  California  Mobile applications  Security breach requirements  Texas  Broad Covered Entity definition  Separate security/breach requirements  Massachusetts  201 CMR 17.00 ©2012 HealthTronics, Inc. All rights reserved. 7

8 –Recruitment for trials –Consents/authorizations –Security of data –Communications –Privacy statements and representations –Secondary uses ©2012 HealthTronics, Inc. All rights reserved. 8 Privacy and Security Concerns in Clinical Trial Activities

9 Use of Social Media in Clinical Trial Activities ©2012 HealthTronics, Inc. All rights reserved. 9  Use in recruitment  Third-party websites and third-party web-based applications and tools are technologies that a sponsor/investigator will not own, operate or exclusively use or control.  Do you know how these sites or platforms will work?  If information from users will be collected through interaction on a social networking site, does the site/application address how privacy will be maintained?  What types of data and from whom?  Vulnerable populations?  Sensitive information?  Identification of participants?  Who stores the data and where?  Who has access?  Who will monitor?

10 Use of Social Media in Clinical Trial Activities  How will participants understand the degree to which information may be collected, transmitted, viewed or shared? What is their expectation of privacy? What is the person’s right to control access to his/her information?  Does your recruitment plan address this?  Remember that recruitment using social media may still be subject to protection of human subject regulations at 45 CFR Part 46 (Common Rule), and 21 CFR Part 56 (FDA).  These regulations require IRB review and approval of certain covered research;  OHRP Guidance notes: “Some clinical trial websites ask viewers to answer questions regarding eligibility for a specific clinical trial. If identifiable private information is collected via the clinical trial website, the IRB should review plans for protecting the confidentiality of that information. The IRB should ensure that the website clearly explains how identifiable private information might be used.” http://www.hhs.gov/ohrp/policy/clinicaltrials.html http://www.hhs.gov/ohrp/policy/clinicaltrials.html ©2012 HealthTronics, Inc. All rights reserved. 10

11 Use of Social Media in Clinical Trial Activities  Use in communications  Sending communications during trials – use of mobile devices and mobile applications.  Study reminders  Visit requirements  Privacy and Security of mobile apps.  California  FTC  Considerations through all phases of the trial  What is the process for handling a security or privacy breach?  Due to the real-time nature of social media, it’s important to address privacy issues at the front end. ©2012 HealthTronics, Inc. All rights reserved. 11

12 Patient/Subject Considerations  Privacy policies  Terms of service  Identification and re-identification Issues  Storage and transmission of data – encryption and other security measures  Consents/authorizations  Content and verification  Waivers  Documentation and retention  How informed is the subject? Have you acquired legally-effective informed consent? Static or on-going process?  OHRP FAQ and Guidance  Regulatory requirements (45 CFR 46.117; 21 CFR part 50)  State law requirements  Belmont Report  HIPAA ©2012 HealthTronics, Inc. All rights reserved. 12

13 Recent HIPAA Changes Affecting Research  The Privacy Rule prohibited “compound authorizations”. For example, this prohibited Covered Entities from obtaining a single authorization for the use or disclosure of PHI for a research study that included both treatment as part of a clinical trial and tissue banking of specimens collected.  Under the new “Omnibus” Rule, a Covered Entity will be allowed to combine conditioned and unconditioned authorizations for research, so long as the authorization clearly differentiates between the conditioned and unconditioned components and clearly allows the subject to “opt- in” to the unconditioned research component/activities.  HHS intends this change to allow for the use of compound authorizations for any type of research activities (except research that involves the use or disclosure of psychotherapy notes). ©2012 HealthTronics, Inc. All rights reserved. 13

14 Impact on Clinical Care and Practice Privacy and security are important considerations throughout all aspects of a clinical trial. Use of social media makes privacy and security considerations more complex. Privacy and security must be addressed prospectively and continually. Providing truly informed consent requires consideration of the privacy and security implications and articulating them in a way that the subjects can understand and appreciate all the risks.

Download ppt "Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance."

Similar presentations

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.
Ann Johnson IRB Administrator, IRB Member. Objectives 1. Identify the components necessary for management and oversight of tissue repositories used for.

Ann Johnson IRB Administrator, IRB Member. Objectives 1. Identify the components necessary for management and oversight of tissue repositories used for.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.

“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Criteria For Approval 45 CFR 46.111 25 CFR 56.111 Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.

Criteria For Approval 45 CFR CFR Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Recently Issued OHRP Documents: Guidance on Subject Withdrawal and Draft Revised FWA Secretary’s Advisory Committee on Human Research Protections October.

Recently Issued OHRP Documents: Guidance on Subject Withdrawal and Draft Revised FWA Secretary’s Advisory Committee on Human Research Protections October.

Similar presentations

Ads by Google