Managing Privacy Risk in Your Commercial Practices

Slides:

Advertisements

Similar presentations

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Advertisements

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

BLG E-COMMERCE RISKS: RISK MANAGEMENT IN PROFESSIONAL INDEMNITY KIT BURDEN PARTNER, BARLOW LYDE & GILBERT KIT BURDEN PARTNER, BARLOW LYDE & GILBERT.

© 2006 IBM Corporation Privacy Matters: Safeguarding Identity, Data and Corporate Reputation Harriet P. Pearson VP Corporate Affairs & Chief Privacy Officer.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Chapter 6 CRISIS MANAGEMENT. Introduction - Crisis: ◦is a situation that specifically involves a pharmaceutical product, medical device or activity with.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.

Conducting Clinical Risk Assessments And Implementing Compliance Practices Jane L. Stratton Chiron Corporation VP/Associate General Counsel Chief Compliance.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

Compliance August 18, Agenda Outline Status Draft of Answers.

PHARMACEUTICAL REGULATORY AND COMPLIANCE CONGRESS AND BEST PRACTICES FORUM Privacy Regulation of the Pharmaceutical Sector 14 November 2003 Washington,

Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.

Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

1 Privacy Lessons from Other Industries Chris Zoladz, CIPP, Vice President, Information Protection Marriott International, President, International Association.

Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance.

1 HIPAA Privacy Rule Clean-Up Following Compliance Date Tracie Hanna & Emily McConkey American Republic Insurance Company.

Information Security and Privacy in HRIS

NY DFS Cyber Regulation and the Impact on PA Mutual Insurers

HIPAA Privacy Rule Training

Law Firm Data Security: What In-house Counsel Need to Know

Implementing SMS in Civil Aviation: the Canadian Perspective

Data Minimization Framework

Privacy principles Individual written policies

HIPAA Administrative Simplification

Decrypting Data Compliance in China

Privacy principles Individual written policies

Chapter 3: IRS and FTC Data Security Rules

Refuah Community Health Collaborative (RCHC) PPS

Internal Data Destruction Audit

General Counsel and Chief Privacy Officer

G.D.P.R General Data Protection Regulations

Current Privacy Issues That May Affect Your Credit Union

Employee Privacy and Privacy of Employee Information

Health Care: Privacy in a Digital Age

Healthcare Privacy: The Perspective of a Privacy Advocate

GDPR enforcement begins

Presentation to The Fourth National HIPAA Summit

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Enforcement and Policy Challenges in Health Information Privacy

 GDPR Readiness Quiz Quick Insight: Quick Insight: Quick Insight:

Making Your IRBs and Clinical Investigators HIPAA-Ready

Privacy Policy the Law….

PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG

Upcoming PIPEDA Changes

Data Privacy by Design Expanding Security for bepress Users

Process and Procedure Documentation

Colorado “Protections For Consumer Data Privacy” Law

Implementing Controls Around Grants, Consulting Agreements, CME, Preceptorships, and Other Promotional Practices Paul E. Kalb Heidi C. Chen Fourth Annual.

Presentation transcript:

Managing Privacy Risk in Your Commercial Practices Allison Gassaro, Aventis Paul Sundberg, Takeda

Overcoming Misperceptions “Since HIPAA doesn’t directly cover pharmaceutical companies, there’s not much need to be concerned” Many pharma activities, and activities of pharma business partners, are affected by HIPAA HIPAA is only one of many laws impacting privacy States are passing laws/regulations that directly cover pharma activities “Privacy is the latest flash-in-the-pan. Now that the HIPAA compliance deadline has passed, interest will wane” The trend is in the opposite direction. HIPAA may have only heightened privacy sensitivities

Why Privacy Matters Customers are demanding it Health data is extremely sensitive Access to data is critical to pharma business Clinical research  Targeted marketing Pharmacovigilence Mistakes and lack of safeguards can lead to: Adverse media attention  Loss of trust Litigation  Increased regulation Need to understand how privacy laws/regulations will affect customers/healthcare providers 34% of US consumers have little or no confidence that pharma companies handle personal information properly IBM Multinational Consumer Privacy Survey, 1999 79% of US consumers believe it is very important that pharma companies adopt strong privacy policies

Why Privacy Is a Challenge Requires understanding how personal data is used within the corporation Pharma companies communicate with consumers through a variety of media and for a variety of purposes. Uses and disclosures of personal information vary by program Requires understanding and keeping up-to-date with myriad of privacy regulations and guidance US federal privacy laws  Emerging state privacy laws HIPAA • Texas COPPA • California Consumer protection laws  Foreign laws FTC • EU Data Protection Directive State AGs • Canada PIPEDA

Why Privacy Is a Challenge Need to balance company’s interest in promoting products with public’s demand for privacy need to consider not only legal obligations but what’s “the right thing to do” best practice approach to privacy may in fact be in company’s best interests Requires development of coherent privacy program, including effective training tools

Commercial Activities with Privacy Implications Sales and marketing Field access  Direct marketing Web sites  Physician prescriber data Preceptorships  Market research Sponsorship of third-party programs Adherence  Product awareness  Disease awareness Patient assistance programs

Roadmap to Development of a Verifiable Privacy Program

Need for Verifiable Privacy Program Issues will arise, inadvertent mistakes may be made Privacy program elements: Individual Responsible (Appoint Chief Privacy Officer) Policies/Procedures Notice / Choice / Access / Amendment Data collection and retention Security Consideration of vendors Training/Education Reporting/Communication Audit/Monitoring Disciplinary Model Incident Mitigation and Response

Privacy Program Development Begin By Understanding customer concerns and perceptions Planning for multi-regulatory environment Privacy regulation is not just HIPAA… Creating a cross-functional task group to evaluate and propose a comprehensive privacy initiative for the organization Obtain Corporate Support Make management aware of privacy risks and accountable on a function-by-function basis Communicate business case for privacy Unified corporate response is required Obtain resources for establishment of privacy office

Privacy Program Development Get Started Inventory your company’s identifiable information and understand where, when and how it is collected, used, stored, and shared with third parties Analyze business practices and compare with legal requirements and corporate policies Get Organized Internally Incorporate privacy policies into infrastructure Develop comprehensive privacy program, including policies, SOPs, training, monitoring and auditing

Privacy Program Development Don’t Put Form Over Substance Confirm that written policies and procedures accurately reflect actual practices and system capabilities Communicate! Maintain privacy awareness and accountability amongst management, employees, affiliates and business partners Finally, Continue to consider best privacy practices

Questions?