Managing Privacy Risk in Your Research and Development Enterprise. Sujata Dayal, Abbott Justin McCarthy, Pfizer

Similar documents
HIPAA Privacy Regulations Governing Research

The HIPAA Privacy Rule and Research: An Overview

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

Module: Research and HIPAA Privacy Protections ( )

The Revised Common Rule

REQUEST TO ACCESS EXISTING MEDICAL RECORDS, CHARTS OR DATABASES FOR RESEARCH

Overview of the Revised Common Rule

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996

HIPAA & Research Overview for the Privacy Board March 22, UAMS HIPAA Office Vera M. Chenault, JD

The Queen s Medical Center HIPAA Training Packet for Researchers

SCREENING PROCEDURES: WHAT IS COVERED BY A

Human Subjects Research Policy Update. Naomi Coll Director of Research Policy and Compliance

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

Authorization and Waiver Frequently Asked Questions

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections

Recruiting subjects for clinical research outside the academic setting

Privacy Rule Overview

WHAT IS AN IRB? WHAT IS AN IRB? 3/25/2015. Presentation Outline

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.

The HIPAA privacy rule and long-term care : a quick guide for researchers

Compliance Policy C-FMS Clinical Research Project Approval Application

Pablo Tebas, M.D. Joseph Quinn, RN, BSN Yan Jiang, RN, BSN, MSN

TRICARE Management Activity s Human Research Protection Program, Data Sharing Agreement Program, and the TMA Privacy Board

Privacy Board Standard Operating Procedures

CINCINNATI CHILDREN S HOSPITAL MEDICAL CENTER CONSENT TO PARTICIPATE IN A RESEARCH STUDY

Common Rule Overview (Final Rule)

HIPAA COMPLIANCE APPLICATION

System-wide Policy: Use and Disclosure of Protected Health Information for Research

Summary of the Common Rule Changes

Setting up a CITI account for users not enrolled at or employed by Georgia Tech. Georgia Institute of Technology December 2016

Office of Human Research Office of Human Research Policy and Procedure Manual. Version: 4/4/18

Changes to the Common Rule

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

University of Colorado Denver Human Research Protection Program Investigator Responsibilities for the Protection of Human Subjects

Roles & Responsibilities of Investigator & IRB

Use And Disclosure Of Protected Health Information (PHI) For Research

1303A West Campus Drive

UA New Common Rule Implementation

Are you participating in any other research studies? Yes No

Office of the Chief Privacy Officer. Privacy & Security in an App Enabled World HIMSS, Tuesday March 1, 2016, Las Vegas, NV

The Impact of The HIPAA Privacy Rule on Research

CLINICIAN S GUIDE TO HIPAA PRIVACY

UNIVERSITY OF PENNSYLVANIA HEALTH SYSTEM

HIPAA IMPLICATIONS: Patient Rights Under HIPAA

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

HIPAA Privacy Rule and Sharing Information Related to Mental Health

Geisinger IRB Member Orientation Session 2. Debra L. Henninger, MHS RN CCRC Associate Director, Research Compliance

Standard Operating Procedure IRB Review of Research Subject to the Revised Common Rule

Notice of Privacy Practices for Protected Health Information (PHI)

Good Documentation Practices. Human Subject Research. for

HCCA PRIVACY COMPLIANCE FOCUS GROUP

Guidance for Investigators Subject Recruitment & Retention

1. Contacts and Title

Implementing the Revised Common Rule Exemptions with Limited IRB Review

LOUIS STOKES CLEVELAND VA MEDICAL CENTER RESEARCH SERVICE Human Subject Protection Standard Operating Procedure (SOP)

REGULATORY AND FUNDING CHANGES FOR HUMAN SUBJECTS RESEARCH

Consent Form Requirements for Multicenter studies when CHOP Relies on an external IRB

Patient Privacy Requirements Beyond HIPAA

National Health Information Privacy and Security Week. Understanding the HIPAA Privacy and Security Rule

Senior Care Pharmacy Wichita

Access to Patient Information for Research Purposes: Demystifying the Process!

HIPAA THE PRIVACY RULE

SAMPLE CARE COORDINATION AGREEMENT

Notice of HIPAA Privacy Practices Updates

I. Preamble: II. Parties:

HIPAA PRIVACY TRAINING

[Enter Organization Logo] CONSENT TO DISCLOSE HEALTH INFORMATION UNDER MINNESOTA LAW. Policy Number: [Enter] Effective Date: [Enter]

Final Rule Material: Overview

EMPOWERING THE NEW HEATHCARE ERA

Ferring Investigator-Initiated Trials (IIT) Submission Guidelines

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

Patient-Level Data. February 4, Webinar Series Goals. First Fridays Webinar Series: Medical Education Group (MEG)

CCSS: HIPAA-Compliant Recruitment. Dennis Deapen, DrPH CCSS Annual Investigators Meeting Memphis, TN October 9-11, 2005

INFORMED CONSENT TO PARTICIPATE IN A DIABETES RESEARCH REGISTRY

Dr. R. Sathianathan. Role & Responsibilities of Principal Investigators in Clinical Trials. 18 August 2015

I. TITLE: RELEASE OF MEDICAL RECORDS FOR THE PURPOSE OF RESEARCH

BANKS ON BANKS. Clinical Research Seminar March 20, 2013 Mary A. Banks Director BUMC IRB

Health Information Exchange 101. Your Introduction to HIE and It s Relevance to Senior Living

General Administration GA STANDARD OPERATING PROCEDURE FOR Sponsor Responsibility and Delegation of Responsibility

New federal requirements for posting of clinical trials information

ETHICAL AND REGULATORY CONSIDERATIONS

FAQs March 12, 2012 FREQUENTLY ASKED QUESTIONS

Information Sharing in Criminal Justice Mental Health Collaborations

PROTOCOL-SPECIFIC DOCUMENT

HIPAA Policies and Procedures Manual

Massachusetts Newborn Screening Public Health Service, Research and. Public Trust

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION

Chapter 19 Section 3. Privacy And Security Of Protected Health Information (PHI)

Section 11. Recruitment of Study Subjects (Revised 7/1/10)

The EU GDPR: Implications for U.S. Universities and Academic Medical Centers

Comparison of Health IT Provisions in H.R. 6 (21 st Century Cures Act) and S (Improving Health Information Technology Act)

Stanford University Privacy Guidelines Fundraising

Failure to comply may result in WU being liable for civil and criminal penalties under the HIPAA regulations.

The Greenville Hospital System Office of Research Compliance and Administration HRPP Policies and Procedures

Establishing and Implementing a Process to Investigate and Resolve Privacy Breaches and Complaints

FERPA 101. December 4, Michael Hawes Director of Student Privacy Policy U.S. Department of Education

HIPAA PRIVACY NOTICE

HIPAA for Drug and Device Companies

Investigator-Initiated Studies: When you re the Sponsor. Cheri Robert & Tammy Mah-Fraser

FDA Medical Device Regulations vs. ISO 14155

Transcription:

Managing Privacy Risk in Your Research and Development Enterprise Sujata Dayal, Abbott Justin McCarthy, Pfizer

Why Privacy Matters Human subject data is extremely sensitive Access to data is critical to pharma business Clinical research Pharmacovigilence Mistakes and lack of safeguards can lead to: Adverse media attention Loss of trust Litigation Increased regulation Researchers, CROs, and IRBs all play a role in protecting privacy of research data

Challenges Increase regulatory hurdles to prove effectiveness and safety of products require Pharma to conduct longer and costlier clinical trials Many programs are conducted at multiple sites and countries Differing interpretations of privacy requirements exist among stakeholders Public and press are beginning to question adequacy of research subject protections

The Good News... Pharma companies have a long history of managing patient data in clinical trials Individuals dedicated to: SOP/guideline development Human subject protections Consent process Communication Training

HIPAA Overview for Sponsors Pharma companies are not HIPAA covered entities (CEs) No direct obligation on pharma sponsors of research to obtain HIPAA authorizations, etc. However, Pharma s access to patient data could be at risk if covered entities do not obtain proper authorizations

HIPAA s General Rule Covering Research Covered entities may only use or disclose PHI to pharma for research purposes in limited circumstances: 1. Individual Authorization 2. Waiver of Authorization 3. Reviews Preparatory to Research 4. De-identified Data and Limited Data Sets

HIPAA Issues in Research Clinical Study Start-Up Identification of Subjects Verification of Eligibility Subject Recruitment Study Conduct Authorizations Post-Study Activities Data Analysis Long-term Follow up

Subject Identification Question: How can CE use PHI to identify eligible subjects? Options under HIPAA: 1. Reviews Preparatory to Research Permits CEs to use/disclose PHI to assist in development of research protocol and aid in recruitment of subjects PHI cannot be removed from CE s site, but records may be flagged PHI disclosed must be necessary for research purpose Sponsor may not contact subject unless authorized

Subject Identification 2. IRB or Privacy Board Partial Waiver of Authorization Criteria: Use/disclosure of PHI results in no more than a minimal risk to privacy Research could not practicably be conducted without waiver Research could not practicably be conducted without access to the information

Issues with Subject Identification Uncertainty about extent to which information can be collected and shared without waiver or authorization Sponsors generally not part of process, so sponsor is not always informed when waivers are requested Waivers for subject identification may be requested when review of records could otherwise take place under exception for reviews prep Partial waivers may impose limitations on trial Individual requests from sites in multi-site trials Recent HHS guidance confirms use of multi-site waivers, but operational aspects are unclear Potential for increased costs and delays in recruitment and enrollment

Subject Recruitment Question: How can researchers contact eligible subjects? Options under HIPAA: 1. Disclosure to the individual CEs may speak directly with individuals about option of enrolling in clinical trial. Individuals could then contact pharma company or third party contractor about interest Non-CE cannot initiate contact with individuals absent waiver or authorization 2. Partial waiver 3. Authorization for recruitment Blanket authorizations for future recruitment not permitted

Issues with Subject Recruitment Waivers sometimes requested when face-to-face exception applies. During recruitment process some investigators ask whether they can transmit certain subject information to sponsor for validation of subject eligibility. If recruiter is not a covered entity, then HIPAA does not apply.

Conduct of Study Question: Once study commences, how can data be collected and transferred? Options under HIPAA HIPAA Authorization (primary vehicle) De-Identification Limited Data Sets

Key Issues with Authorizations Consider whether to include authorization in informed consent document Recent HHS Guidance on IRB review of authorizations Reaction from IRBs Battle of forms Consider use of IRB versus sponsor-generated authorization Consider legal implications of using deficient authorization offered by CE or IRB Consider time/resources impact on clinical study Secondary research issues

Secondary Research Issue: Authorizations must indicate purposes of uses and disclosures of PHI with specificity. PHI disclosed to sponsor is no longer protected by Rule. HHS has indicated that authorizations for future unspecified research by covered entities are overly broad, and authorizations must be study specific. Does study specific mean protocol specific? If potential future uses can be described with specificity, is this permitted? What should sponsors do if IRB/CE refuses to reference future uses in authorization? Is it a misrepresentation to fail to indicate how PHI may be used in future by sponsors? Do de-identification or limited data sets provide practical options?

Secondary Research in Genomics Issue: Researchers may collect samples for future genetic testing. How can these samples be used and disclosed? DNA and tissue samples that cannot be linked to an individual are not PHI Data is PHI if individual identification of data is possible through comparison of DNA sequence characteristics to existing databases What is the status of sample banks under HIPAA? Can uses be specified? Can samples be de-identified? If samples in historic databases will be used, must new consent be obtained if new purpose is intended for sample?

Long-Term Follow Up Issue: FDA encourages long-term follow up with subjects in clinical trials. What are the implications under HIPAA? When may subjects be contacted and for what purpose? Must new HIPAA authorizations be executed?

Managing HIPAA Issues

Managing Privacy Understand privacy concerns and perceptions Make management aware of privacy risks Obtain resources for addressing privacy Confirm that written procedures, consents, and authorizations accurately reflect actual practices Engage in constructive outreach to IRBs, FDA, HHS, others Communicate with other pharma companies to share experiences and understand trends

IPPC International Pharmaceutical Privacy Consortium 15 member company association dedicated to developing compliance tools and best practices for privacy IPPC Working Group on Clinical Research Developed template authorization Dialogued with OCR, FDA, HHS, IRBs regarding authorization issues Engaging in outreach to broader research community Analyzed issues involved in secondary research, subject identification, and recruitment

Best Practices Authorizations Authorizations should be clear, concise, and comprehensive Secondary Research Inform subjects that personal data will be maintained in databases and possibly used for future research Subject Recruitment Provide clear guidance to investigators and third party contractors when waivers are required and when they are not required for recruitment

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback