Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Privacy Risk in Your Commercial Practices

Published byMartina Robinson Modified over 5 years ago

Similar presentations

Presentation on theme: "Managing Privacy Risk in Your Commercial Practices"— Presentation transcript:

1 Managing Privacy Risk in Your Commercial Practices
Allison Gassaro, Aventis Paul Sundberg, Takeda

2 Overcoming Misperceptions
“Since HIPAA doesn’t directly cover pharmaceutical companies, there’s not much need to be concerned” Many pharma activities, and activities of pharma business partners, are affected by HIPAA HIPAA is only one of many laws impacting privacy States are passing laws/regulations that directly cover pharma activities “Privacy is the latest flash-in-the-pan. Now that the HIPAA compliance deadline has passed, interest will wane” The trend is in the opposite direction. HIPAA may have only heightened privacy sensitivities

3 Why Privacy Matters Customers are demanding it
Health data is extremely sensitive Access to data is critical to pharma business Clinical research  Targeted marketing Pharmacovigilence Mistakes and lack of safeguards can lead to: Adverse media attention  Loss of trust Litigation  Increased regulation Need to understand how privacy laws/regulations will affect customers/healthcare providers 34% of US consumers have little or no confidence that pharma companies handle personal information properly IBM Multinational Consumer Privacy Survey, 1999 79% of US consumers believe it is very important that pharma companies adopt strong privacy policies

4 Why Privacy Is a Challenge
Requires understanding how personal data is used within the corporation Pharma companies communicate with consumers through a variety of media and for a variety of purposes. Uses and disclosures of personal information vary by program Requires understanding and keeping up-to-date with myriad of privacy regulations and guidance US federal privacy laws  Emerging state privacy laws HIPAA • Texas COPPA • California Consumer protection laws  Foreign laws FTC • EU Data Protection Directive State AGs • Canada PIPEDA

5 Why Privacy Is a Challenge
Need to balance company’s interest in promoting products with public’s demand for privacy need to consider not only legal obligations but what’s “the right thing to do” best practice approach to privacy may in fact be in company’s best interests Requires development of coherent privacy program, including effective training tools

6 Commercial Activities with Privacy Implications
Sales and marketing Field access  Direct marketing Web sites  Physician prescriber data Preceptorships  Market research Sponsorship of third-party programs Adherence  Product awareness  Disease awareness Patient assistance programs

7 Roadmap to Development of a Verifiable Privacy Program

8 Need for Verifiable Privacy Program
Issues will arise, inadvertent mistakes may be made Privacy program elements: Individual Responsible (Appoint Chief Privacy Officer) Policies/Procedures Notice / Choice / Access / Amendment Data collection and retention Security Consideration of vendors Training/Education Reporting/Communication Audit/Monitoring Disciplinary Model Incident Mitigation and Response

9 Privacy Program Development
Begin By Understanding customer concerns and perceptions Planning for multi-regulatory environment Privacy regulation is not just HIPAA… Creating a cross-functional task group to evaluate and propose a comprehensive privacy initiative for the organization Obtain Corporate Support Make management aware of privacy risks and accountable on a function-by-function basis Communicate business case for privacy Unified corporate response is required Obtain resources for establishment of privacy office

10 Privacy Program Development
Get Started Inventory your company’s identifiable information and understand where, when and how it is collected, used, stored, and shared with third parties Analyze business practices and compare with legal requirements and corporate policies Get Organized Internally Incorporate privacy policies into infrastructure Develop comprehensive privacy program, including policies, SOPs, training, monitoring and auditing

11 Privacy Program Development
Don’t Put Form Over Substance Confirm that written policies and procedures accurately reflect actual practices and system capabilities Communicate! Maintain privacy awareness and accountability amongst management, employees, affiliates and business partners Finally, Continue to consider best privacy practices

12 Questions?

Download ppt "Managing Privacy Risk in Your Commercial Practices"

Similar presentations

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
BLG E-COMMERCE RISKS: RISK MANAGEMENT IN PROFESSIONAL INDEMNITY KIT BURDEN PARTNER, BARLOW LYDE & GILBERT KIT BURDEN PARTNER, BARLOW LYDE & GILBERT.

BLG E-COMMERCE RISKS: RISK MANAGEMENT IN PROFESSIONAL INDEMNITY KIT BURDEN PARTNER, BARLOW LYDE & GILBERT KIT BURDEN PARTNER, BARLOW LYDE & GILBERT.
© 2006 IBM Corporation Privacy Matters: Safeguarding Identity, Data and Corporate Reputation Harriet P. Pearson VP Corporate Affairs & Chief Privacy Officer.

© 2006 IBM Corporation Privacy Matters: Safeguarding Identity, Data and Corporate Reputation Harriet P. Pearson VP Corporate Affairs & Chief Privacy Officer.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.
“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.
LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.
© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)

© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Similar presentations

Ads by Google