Presentation is loading. Please wait.

Presentation is loading. Please wait.

The HIPAA Colloquium Harvard University August 22, 2002 HIPAA Compliance Strategies for the Pharmaceutical Industry John T. Bentivoglio 202.942.5508

Published byRachel Harper Modified over 11 years ago

Similar presentations

Presentation on theme: "The HIPAA Colloquium Harvard University August 22, 2002 HIPAA Compliance Strategies for the Pharmaceutical Industry John T. Bentivoglio 202.942.5508"— Presentation transcript:

1 The HIPAA Colloquium Harvard University August 22, 2002 HIPAA Compliance Strategies for the Pharmaceutical Industry John T. Bentivoglio 202.942.5508 john_bentivoglio@aporter.com

2 Overview n Obtaining Management Support -- Stressing Legal and Business Drivers n Initial Assessment of Information Practices and Procedures n Development of Business Plan n Specific Compliance Tips

3 Securing Management Support n Focus on the legal and business drivers -- too many privacy professionals focus solely on legal/regulatory mandates n Business drivers: n Key customers and partners are covered under new Federal health privacy law (HIPAA) n Many customers and business partners are pushing to impose privacy safeguards via contract n Other customers may simply refuse to share information used in important activities, particularly in sales/marketing area

4 Business Drivers (contd) n Sales and marketing (examples): n Current activities (e.g., preceptorships, chart pulls) may need to be restructured to address privacy rules, some changes may be impractical n Sales reps may get resistance from physicians (e.g., prohibiting them from coming into the back office where personal health information could be seen or overheard) n Disease management programs with healthcare providers (e.g., hospitals, health systems) may need to be modified to comply with authorization requirements n Some customers (e.g., hospitals) are requiring pharmaceutical manufacturers to sign contracts obligating them to establish privacy safeguards, indemnify the customer for violations n Practical implications (particularly authorizations)

5 Business Drivers (contd) n Clinical research (examples) n To share information with sponsors, investigators will be required to provide notice, obtain authorization from patients enrolled in clinical trials n Current informed consent forms may need to be modified n Current procedures regarding de-identification of data (e.g., assigning codes in lieu of patient names) will need to be modified n Notice/authorization may make patient recruitment more difficult n Procedures under which data is obtained from clinical trials in Europe may need to be modified under EU Privacy Directive

6 Business Drivers (contd) Other impacts n Certain functions (e.g., on-site health clinics, ERISA health plan) may be covered under HIPAA -- requiring designation of privacy officer and establishment of privacy safeguards Reputational harm n Example: As a result of an email mistake (involving 600 individuals using prozac.com website) Eli Lilly & Co. is now the poster child for misuse of sensitive personal information by the private sector (in addition to onerous FTC settlement)

7 Legal Drivers n HIPAA (including criminal provisions) n Other Federal Laws n State Laws, Attorneys General n Private litigation

8 Initial Assessment n Scope and purpose n Domestic vs. international n Potential areas: sales/marketing, clinical research, regulatory affairs, human resources, e-business activities n The assessment can be a means to (1) collect information, (2) increase awareness, (3) identify potential privacy advocates/supporters n Support development of business plan for privacy program n Methodology n Steering Committee or Task Force (sales/marketing, clinical research, regulatory affairs, human resources, e-business activities, public affairs, finance, contracting) n Written surveys (benefits, limits) n Collection, analysis of existing policies/procedures n Leverage current efforts (particularly Part 11 initiatives)

9 Initial Assessment (contd) n Use of outside professional services n Benefits: n can provide needed expertise; n may be necessary where internal resources/people are not available n outside experts may be influential in convincing management to devote resources (management time, financial, etc.) to privacy program n Limits: n Beware of firms trying to sell you their last privacy assessment n Excessive reliance on outside advisers can result in missed opportunities for CPO to promote privacy, identify potential internal allies

10 Business Plan for Privacy Program n Benefits of a business plan n Can foster management support n Establishes expectations, responsibilities n Identifies the key needs that can make or break a privacy program (e.g., resources) n Key elements (examples) n Roles/responsibilities of CPO, Privacy Task Force n Overall goals and objectives n Specific goals and objectives in key areas (sales/marketing, clinical research, etc.) n Policies and procedures n Training n Resources n Timetable and milestones

11 Special Compliance Tips -- Business Associates n Under HIPAA, business associates are entities performing activities on behalf of covered entities n Disclosures of PHI to pharmaceutical companies pursuant to business associates agreements may not be permissible under HIPAA n Some customers (e.g., hospitals, health systems) are requiring business associate agreements even where no PHI is disclosed n Consider developing templates for addressing privacy issues with your customers -- and raise these issues in advance, rather than in the late stages of contract negotiations

12 Special Compliance Tips -- Sales and Marketing n Some activities -- e.g., preceptorships -- may need to be discontinued n Analyze whether sharing is necessary for treatment, payment, or operations -- may be permissible in some consulting contexts, particularly for medical device manufacturers n Develop authorization language for covered entities that would allow sharing in appropriate circumstances n Consider working with local or state medical societies that are drafting model authorizations for their members

13 Resources n Government resources: n HHS Office for Civil Rights (responsible for enforcement of HIPAA rule)-- www.hhs.gov/ocr/hipaa n Professional/trade associations n American Health Information Management Association (AHIMA) -- www.ahima.org n Health Care Compliance Association (HCCA) --www.hcca-info.org n International Association of Privacy Officers (IAPO) -- www.privacyassociation.org (which was established a Pharmaceutical Working Group)

Download ppt "The HIPAA Colloquium Harvard University August 22, 2002 HIPAA Compliance Strategies for the Pharmaceutical Industry John T. Bentivoglio 202.942.5508"

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
HIPAA and Joint Commission Requirements Compared and Contrasted

HIPAA and Joint Commission Requirements Compared and Contrasted
Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,
Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.
Minimum Necessary Standard Version 1.0

Minimum Necessary Standard Version 1.0
Frequently Asked Questions…. …about HIPAA Notice of Privacy Practices and Acknowledgement.

Frequently Asked Questions…. …about HIPAA Notice of Privacy Practices and Acknowledgement.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.

HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Similar presentations

Ads by Google