Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA 02199 617-239-0585.

Published byEarl Hancock Modified over 9 years ago

Similar presentations

Presentation on theme: "Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA 02199 617-239-0585."— Presentation transcript:

1 Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA 02199 617-239-0585 mschreiber@palmerdodge.com April 8, 2005 On the Frontier of Science and On the Edge of HIPAA

2 2 HIPAA Provisions under which Biotech / Life Sciences Issues Arise n HIPAA provider coverage? n Business Associate applicability? n Authorizations – unspecified research n Research data bases n Accounting for research disclosures n Clinical studies in E.U. – HIPAA interface

3 3 Medical Device / Testing Companies – Covered Entities? n May be “health care provider” under broad HIPAA definition n Most don’t engage in electronic standard transactions n Some may unwittingly send claims, insurance or related e-mails n If so, possible HIPAA coverage n Not all ask right questions of right people l To properly determine status If covered, then what? n Privacy notices, etc. n To whom?

4 4 Are Clinical Researchers / Sponsors or CRO’s Business Associates? n Generally “research” not a BA function performed for covered entities n “We’re not a BA” letter n BA’s often negotiated l Business clout n If researcher / sponsor also provides l Quality assurance, or l Data processing services for covered entity u De-identifying records, or u Creating limited data sets l Then researcher / sponsor is BA n Researcher / sponsor – document in CTA that no BA-triggering services provided

5 5 Sponsors Generally Not Covered Entity or BA No HIPAA concerns, then, right? Not so fast... n Sites will and should impose handling restrictions in CTA’s n Some sites impose informed consent confidentiality limitations l Blending with HIPAA standards, on researchers / sponsors and “downstream” l Restricts marketing use

6 6 Sponsors Generally Not Covered Entity or BA n Confidentiality agreement OK, but modify agreements l To specifically allow u For monitoring services, and u Other purposes in HIPAA-compliant patient authorization n Other agreement “pass-throughs” l Reps and warrantees, indemnity language n Researchers / sponsors – rigorous privacy policies / practices that approximate those of HIPAA l HIPAA treated as de facto standard of care u State law invasion of privacy claims

7 7 Authorizations – Future Unspecified Research n HIPAA authorizations for research l Can broadly cover patient’s entire medical record l Can broadly cover classes or persons to whom and by whom PHI can be used / disclosed l Under “purpose” element, u “Each purpose” must be specified u Valid authorization for unspecified studies s Virtually impossible under HIPAA s Registry or database for unspecified future research – OK

8 8 Research Databases under HIPAA n Database – separate purpose from primary protocol n Must be specifically authorized l In protocol authorization or l In separate subsequent authorization n If database maintained by covered entity l Future disclosures must be pursuant to new authorization n If database disclosed to sponsor l Generally outside HIPAA

9 9 IRB Waivers and Future Researcher Follow Up with Participants If IRB Waiver n Researcher free to use PHI for current research n New, specific waiver necessary l Before researcher can contact study participants about new study

10 10 Accounting for Research Disclosures n NEED NOT be accounted for where l Disclosed under authorization l Disclosed in limited data set form u Needs data use agreement n MUST be accounted for upon individual request where disclosed pursuant to IRB waiver n Less detailed accounting: Where covered entity discloses records of  50 individuals under IRB waiver during requested accounting period

11 11 Coming HIPAA Attractions: Clinical Studies Abroad and Outsourcing E.U. Model different – no HIPAA statute but broader data laws n E.U. Data Protection laws l Each E.U. country n Consent necessary for medical data use (sensitive data) l Specific use, purpose, etc. l English or in local language? n Data transfer out of E.U. country to U.S. l Consent to transfer – different from consent to use / collect l Data protection model clauses / agreements l U.S. Safe Harbor

12 12 Who Follows Up on E.U. Branch Office or E.U. Consents? n Some companies not aware of or abide by these laws n Risk to studies? n Sometimes requires explanation of importance n E.U. clinical directive Is foreign medical PHI subject to HIPAA when transferred to U.S. HIPAA covered entity? n Telemedicine n Medical records of E.U. resident sent to U.S.

13 13 Outsourcing of HIPAA Data Processing Overseas n Canada, India, Pakistan, Philippines n Medical transcription services n Pakistan case – multiple contractors to HIPAA covered entity n Rep. Markey letter to HHS n Possible outsourcing amendments to HIPAA

Download ppt "Advanced HIPAA Issues for Biotech and Life Sciences Companies: Mark E. Schreiber Palmer & Dodge LLP 111 Huntington Avenue Boston, MA 02199 617-239-0585."

Similar presentations

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.

Advanced Issues in HIPAA Research Compliance The Sixth National HIPAA Summit March 27, 2003 Kim P. Gunter Senior Consultant.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.

P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.

1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.
HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy.

HIPAA Privacy Rule Patient’s Right to Amend Their Health Information July 18, 2013 David Holtzman, JD, CIPP/G Senior Health Information Technology & Privacy.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.

HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.

University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Similar presentations

Ads by Google