1 HIPAA Compliance Strategies for Pharmaceutical Manufacturers, PBMs and Pharmacies Jean-Paul Hepp, Ph.D. Director, Global Privacy HIPAA Colloquium Harvard.

Slides:



Advertisements
Similar presentations
Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.
Advertisements

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training
HIPAA Privacy Training Your Name Here. © 2004 MHM Resources Inc.2 HIPAA Background Health Insurance Portability and Accountability Act of 1996.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Presented by the Office of the General Counsel An Overview of HIPAA.
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
1 Research & Accounting for Disclosures March 12, 2008 Leslie J. Pfeffer, BS, CHP Office of the Vice President for Research Administration Office of Compliance.
Health Insurance Portability and Accountability Act (HIPAA)
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA – How Will the Regulations Impact Research?.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Health Insurance portability and Accountability Act (HIPAA)‏
HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,
HIPAA The Health Insurance Portability and Accountability Act of 1996 (Public Law ) Impact on Pathologist Trina Shanks University Pathology Services,
Privacy Officers’ Perspective In the Pharmaceutical Industry Jean-Paul Hepp, Ph.D. Director, Global Privacy HIPAA Audio-conferences May, 29th 2002.
PwC Issues in HIPAA Research Compliance William R. Braithwaite, MD, PhD “Dr. HIPAA” HIPAA Summit 6 Washington, DC 27 March 2003.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
HIPAA and RESEARCH 5 th Thursday May 31, Page 2.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA Administrative Simplification
HOGAN & HARTSON, L.L.P. “Publications” “Health”
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Disability Services Agencies Briefing On HIPAA
Employee Privacy and Privacy of Employee Information
The HIPAA Privacy Rule and Research
HIPAA Privacy & Security: Medical Research Context
Issues in HIPAA Research Compliance
Analysis of Final HIPAA Privacy Modification Rule
Colorado “Protections For Consumer Data Privacy” Law
The Health Insurance Portability and Accountability Act
Presentation transcript:

1 HIPAA Compliance Strategies for Pharmaceutical Manufacturers, PBMs and Pharmacies Jean-Paul Hepp, Ph.D. Director, Global Privacy HIPAA Colloquium Harvard MA; August 22, 2002

2 Agenda Privacy ~ Definitions and ContextPrivacy ~ Definitions and Context HIPAA ~ Pharmaceutical CompaniesHIPAA ~ Pharmaceutical Companies HIPAA ~ Online MarketingHIPAA ~ Online Marketing HIPAA ~ R&DHIPAA ~ R&D Privacy ~ Current PHA ApproachPrivacy ~ Current PHA Approach

3 Right of Privacy The claim of individuals to determine for themselves when, how and to what extent information about them is communicated.The claim of individuals to determine for themselves when, how and to what extent information about them is communicated. 1.What kind of Information 2.How we use it 3.Who we are sharing it with

4 PII, PHI Personal identifiable information (PII) means any confidential or sensitive information that can be related back to an individual. Personal identifiable health information (PHI) means information about an individual’s health.

Name 2. 2.Address Address 4. 4.Social Security Number 5. 5.Password (if used to access the site) 6. 6.Bank Account Information 7. 7.Credit Card Information 8. 8.Any combination of Data that could be used to identify a consumer, such as the consumer's birth date, zip code and gender.PII

6 Right of Privacy The claim of individuals to determine for themselves when, how and to what extent information about them is communicated.The claim of individuals to determine for themselves when, how and to what extent information about them is communicated. 1.What kind of Information 2.How we use it 3.Who we are sharing it with

7 Mapping Mapping Identification of Regulations and Legal Pitfalls and Tracking of Information Flow: RegionsRegions CustomersCustomers ChannelsChannels TechnologyTechnology

8 Right of Privacy The claim of individuals to determine for themselves when, how and to what extent information about them is communicated.The claim of individuals to determine for themselves when, how and to what extent information about them is communicated. 1.What Information 2.How we use it 3.Who we are sharing it with

9 Points of Access Pharmaceutical Company EmployeesPharmaceutical Company Employees Third Party Developers/ContractorsThird Party Developers/Contractors Third Party Hosting CompanyThird Party Hosting Company Subcontractors of Third Party Hosting CompanySubcontractors of Third Party Hosting Company Third Party Transmission CompanyThird Party Transmission Company Third Party Service ProviderThird Party Service Provider Other Points of Access or LinksOther Points of Access or Links

10 Regulatory/Legal Environment Privacy & Security Federal RegulationsFederal Regulations State lawsState laws Attorney General’s actionsAttorney General’s actions LitigationLitigation EU Safe HarborEU Safe Harbor Canada…..Canada…..

11 Agenda Privacy ~ Definitions and ContextPrivacy ~ Definitions and Context HIPAA ~ Pharmaceutical CompaniesHIPAA ~ Pharmaceutical Companies HIPAA ~ Online MarketingHIPAA ~ Online Marketing HIPAA ~ R&DHIPAA ~ R&D Privacy ~ Current PHA ApproachPrivacy ~ Current PHA Approach

12 HIPAA HIPAA (Health Insurance Portability and Accountability Act) HIPAA (Health Insurance Portability and Accountability Act) Requires (DHHS) to develop standards and requirements for maintenance and transmission of health information that identifies individual patients.Requires (DHHS) to develop standards and requirements for maintenance and transmission of health information that identifies individual patients. Protect the security and confidentiality of electronic and other health information.Protect the security and confidentiality of electronic and other health information.

13 Covered Entities Health PlansHealth Plans Healthcare ClearinghouseHealthcare Clearinghouse Healthcare ProvidersHealthcare Providers Business Associate Access of Protected Information through or from Covered EntityAccess of Protected Information through or from Covered Entity Either acts on behalf of or acts as part of an Organized Health Care ArrangementEither acts on behalf of or acts as part of an Organized Health Care Arrangement

14 For The Pharmaceutical Industry The Rule May Affect: –HR –(online) Marketing –Reimbursement Programs –Disease management programs –Pharmacy benefits programs

15 For The Pharmaceutical Industry The Rule May Affect: – –R&D –DNA ? –Clinical trials ? –Drug safety monitoring –Biostatistical analysis –Outcomes or economics studies ?

16 Agenda Privacy ~ Definitions and ContextPrivacy ~ Definitions and Context HIPAA ~ Pharmaceutical CompaniesHIPAA ~ Pharmaceutical Companies HIPAA ~ Online MarketingHIPAA ~ Online Marketing HIPAA ~ R&DHIPAA ~ R&D Privacy ~ Current PHA ApproachPrivacy ~ Current PHA Approach

17

18 Privacy Statement

19

20

21

22 Workshop ~ Case Study

23

24 HIPAA April 14, 2003 Uses and disclosures of Protected InformationUses and disclosures of Protected Information Consent, Authorization and Opportunity to Agree RequirementsConsent, Authorization and Opportunity to Agree Requirements Organizational RequirementsOrganizational Requirements - Privacy Officer - Training - Safeguards - Enforcement Program - Policy and Procedure Standards

25 Agenda Privacy ~ Definitions and ContextPrivacy ~ Definitions and Context HIPAA ~ Pharmaceutical CompaniesHIPAA ~ Pharmaceutical Companies HIPAA ~ Online MarketingHIPAA ~ Online Marketing HIPAA ~ R&DHIPAA ~ R&D Privacy ~ Current PHA ApproachPrivacy ~ Current PHA Approach

26 R&D/Clinical

27 GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT ATTCTTGTGT GTTTGCAGAT TTCTACTTTC CATGGCTCTT AATTATTATC TTTGGAATAT TTGGGCTAAC AGTGATGCTA TTTGTATTCT TATTTTCTAA GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT ATTCTTGTGT GTTTGCAGAT TTCTACTTTC CATGGCTCTT AATTATTATC TTTGGAATAT TTGGGCTAAC AGTGATGCTA TTTGTATTCT TATTTTCTAA GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT ATTCTTGTGT GTTTGCAGAT TTCTACTTTC CATGGCTCTT AATTATTATC TTTGGAATAT TTGGGCTAAC AGTGATGCTA TTTGTATTCT TATTTTCTAA GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT ATTCTTGTGT GTTTGCAGAT TTCTACTTTC CATGGCTCTT AATTATTATC TTTGGAATAT TTGGGCTAAC AGTGATGCTA TTTGTATTCT TATTTTCTAA GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT ATTCTTGTGT GTTTGCAGAT TTCTACTTTC CATGGCTCTT AATTATTATC TTTGGAATAT TTGGGCTAAC AGTGATGCTA TTTGTATTCT TATTTTCTAA GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT ATTCTTGTGT GTTTGCAGAT TTCTACTTTC CATGGCTCTT AATTATTATC TTTGGAATAT TTGGGCTAAC AGTGATGCTA TTTGTATTCT TATTTTCTAA GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT ATTCTTGTGT GTTTGCAGAT TTCTACTTTC CATGGCTCTT AATTATTATC TTTGGAATAT TTGGGCTAAC AGTGATGCTA TTTGTATTCT TATTTTCTAA GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT ATTCTTGTGT GTTTGCAGAT TTCTACTTTC CATGGCTCTT AATTATTATC TTTGGAATAT TTGGGCTAAC AGTGATGCTA TTTGTATTCT TATTTTCTAA GAAACTGTGC TTCAACTAGT CGTAATTCTG AAAGCGAAAT FINDING TARGETS Human Genome Project

28 Clinical Trials Who is covered ?Who is covered ? -Healthcare providers who transmit health information in electronic transactions: including researchers who provide treatment to research participants -Health Plans -Healthcare Clearinghouse

29 Clinical Trials What is covered ?What is covered ? -Protected Health Information -Decedents Health Information -Transmitted or maintained in any form or medium -For Research that involves treatment -For Records research - History of Patient Data

30 Clinical Trials The Privacy Rule permits covered entities to use and disclose PHI for research conducted:The Privacy Rule permits covered entities to use and disclose PHI for research conducted: -With individual authorization, or -Without individual authorization under limited circumstances

31 Clinical Trials Patient authorization elements under NPRM (public comments, expected Final Aug ‘02):Patient authorization elements under NPRM (public comments, expected Final Aug ‘02): –The information –Who may use or disclose the information –Who may receive the information –Purpose of the use or disclosure –Expiration date or event –Right to revoke authorization

32 Clinical Trials Use and disclosure of PHI Without Individual Authorization * (current Final Rule):Use and disclosure of PHI Without Individual Authorization * (current Final Rule): 1.Obtain documentation that an IRB or privacy board has determined specified criteria were satisfied 2.Obtain representation that the use or disclosure is necessary to prepare a research protocol or for similar purposes preparatory to research * DHHS Office for Human Research Protections, May 2002

33 Clinical Trials Use and disclosure of PHI Without Individual Authorization * (current Final Rule):Use and disclosure of PHI Without Individual Authorization * (current Final Rule): 3.Obtain representation that the use or disclosure is solely for research on decedents’ PHI 4.Only use or disclose “indirect identifiers” for research, public health, or health care operations AND Require a data use agreement from recipient agreeing to use only for purpose provided and not to re-identify or contact individual DHHS Office for Human Research Protections, May 2002

34 Clinical Trials The Privacy Rule does not override the Common Rule of FDA’s human subjects regulations

35 Agenda Privacy ~ Definitions and ContextPrivacy ~ Definitions and Context HIPAA ~ Pharmaceutical CompaniesHIPAA ~ Pharmaceutical Companies HIPAA ~ Online MarketingHIPAA ~ Online Marketing HIPAA ~ R&DHIPAA ~ R&D Privacy ~ Current PHA ApproachPrivacy ~ Current PHA Approach

36 Pharmacia Approach Pharmacia Approach 1/ Mapping 2/ ‘Data Privacy Agreement’ 3/ Implementation 4/ Certifications 5/ Privacy Officer

37 1. Mapping 1. Mapping Identify Regulations and Legal Pitfalls for RegionsRegions CustomersCustomers ChannelsChannels TechnologyTechnology

38 2. Data Privacy Agreement for each Business Trust Partner Permitted uses and disclosures of Protected InformationPermitted uses and disclosures of Protected Information Appropriate safeguards of recordsAppropriate safeguards of records Report any unauthorized disclosures to entityReport any unauthorized disclosures to entity PHI available for inspection, amendment, accountingPHI available for inspection, amendment, accounting Books and records available for inspection by DHHSBooks and records available for inspection by DHHS Destroy/Return PHI at termination of contractDestroy/Return PHI at termination of contract

39 3. Implementation Implement Privacy/Security rules: Implement Privacy/Security rules: - Front-end: informed Consent, Statement, Terms and conditions… - Front-end: informed Consent, Statement, Terms and conditions… - Back-end: Security, Business Partners... - Back-end: Security, Business Partners...

40 4. Certification Internet Healthcare Coalition "e-Health Code of Ethics"Internet Healthcare Coalition "e-Health Code of Ethics" Health Internet Ethics Alliance "HI-Ethics” Health Internet Ethics Alliance "HI-Ethics” Health on the Net Foundation Code of Health on the Net Foundation Code of Conduct "HON code” Conduct "HON code” Other (TRUSTe, BBB, PWC, URAC...) Other (TRUSTe, BBB, PWC, URAC...)

41 5. Privacy Officer “The PO has the responsibility for the creation, implementation and maintenance of the company’s privacy compliance related activities”

42 Thank you !

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.