SlideShare a Scribd company logo

Hipaa rahul thore 1

Download as PPTX, PDF
R
RahulThore

Privacy and security of phi

Education
1 of 34
HIPAA : A NEW REQUIREMENTS TO THE CLINICAL STUDY PROCESS. PREPARED BY: MR.THORE RAHUL ANNA M.PHARM (PHARMACEUTICS) 1
2
WHAT IS HIPAA ? HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The act, which was signed into law by President Bill Clinton on Aug. 21, 1996, contains five sections, or titles. 3
Additional rules to HIPAA: • ACA By President Barack Obama on March 23, 2010 Approach to regulation that can be properly described as “new governance” ACA updated HIPAA with new expanded requirements. 4
WHAT IS PHI ?  Protected health information  PHI is all individually identifiable health information ,including demographic data and biological specimens , that transmitted or maintained by a covered entity.  PHI Can be any form , including written electronic and verbal. 5
WHAT INFORMATION SHOULD CONTAIN PHI ?  Name  Street address ,city Zip code.  Date(DOB,DOD, Admission Discharge date)  Phone NO.  Medical Record No.  Health plan number  Social security number  Account numbers  Internet protocol Address  Biometric identifiers , including finger and voice print 6
August 1996 – HIPAA Signed into Law by President Bill Clinton April 2003 – Effective Date of the HIPAA Privacy Rule April 2005 – Effective Date of the HIPAA Security Rule. March 2006 – Effective Date of the HIPAA Breach Enforcement RuleSeptember 2009 – Effective date of HITECH and the Breach Notification Rule. March 2013 Effective Date of the Final Omnibus Rule. Key Dates in HIPAA History 7
8
HIPAA was in 1996 with two objectives.  The first part “Health Insurance Portability part of the Act” • To ensure that individuals would be able to maintain their health insurance between jobs.  The second part of the Act is the "Accountability" portion. To ensure the security and confidentiality of patient information/data and mandates uniform standards for electronic data transmission of administrative and financial data relating to patient health information 9
Title I: health care access, portability and renewability Title II: administrative simplification Title III: tax related health provisions Title IV: application and enforcement of group health plan requirements Title V: revenue offsets 10
CASE-1: A Michigan –based health care system accidentally posted the medical record of thousand of subject on the internet ( Reference-the Ann Arbor News February 10, 1999) 11
Case -2 A Nevada woman who purchased a used computer discovered that the previous owner of the computer left a database with the names addresses social security number and a list of all prescription received by the individual ( Reference- New York Times April 4,1997) 12
New requirement to study clinical trial: overview Researchers who conduct interventional clinical research have questioned how the Privacy Rule will affect their research activities. Even before the Privacy Rule, of course, physician-investigators have been concerned about the privacy of the medical and research-related information of their patients and subjects. . 13
In fact, many have been required under the Department of Health and Human Services (HHS) or the Food and Drug Administration (FDA) Protection of Human Subjects Regulations (45 CFR part 46 or 21 CFR parts 50 and 56, respectively) to take measures to protect such personal health information from inappropriate use or disclosure. 14
HIPAA Privacy Rule’s Impact on Clinical Research: • The Privacy Rule permits a covered entity to use or disclose PHI for research under the following circumstances and conditions: • · If the subject of the PHI has granted specific written permission through an Authorization that satisfies section 164.508. • For reviews preparatory to research with representations obtained from the researcher that satisfy section 164.512(i)(1)(ii) of the Privacy Rule • For research solely on decedents’ information with certain representations and, if requested, documentation obtained from the researcher that satisfies section 164.512(i)(1)(iii) of the Privacy Rule. 15
• If the covered entity obtains documentation of an IRB or Privacy Board’s alteration of the Authorization requirement as well as the altered • Authorization from the individual • If the PHI has been de-identified in accordance with the standards set by the Privacy Rule at section 164.514(a)-(c) (in which case, the • health information is no longer PHI) • • Under a “grandfathered” informed consent of the individual to participate in the research, an IRB waiver of such informed consent, 16
Requirements: 1.informed consent: the HIPAA authorisation can be included with informed consent document or can be separated form the informed consent .see PHI authorisation page. Must contain a specific description of the information to be disclosed including; • Name of the person or class of person that will receive the disclosed information e.g principal investigator • Statement that information received by the users may be used for future. Expiration date or expiration event when authorities may disclose the information. Statement containing a subject's right to revoke their authorization for discloser. 17
• Statement containing a subject's right to revoke their authorization for discloser. • Statement documenting the ability to condition enrollment on informed consent. • Statement documenting the possibility that the information may be re disclosed by recipient ( eg. To the FDA). • .Signature of subject and date of the signing of the HIPAA agreement. 18
Institutional Review Boards Where HIPAA requirements are combined with the informed consent requirements, the entire document needs to be reviewed by the Institutional Review Board (IRB). The Office of Civil Rights as well as the FDA's General Counsel, as April 7, 2003, had confirmed that IRB approval of subject authorization for use or disclosure of protected health information required by the HIPPA privacy rule is only required if the authorization language is to be part of the IRB-approved informed consent document for human subjects review. 19
Privacy Boards In cases where IRBs are not responsible for reviewing, the HIPAA Authorization Privacy Board may be formed to undertake this task. Members of privacy boards should have varying backgrounds and appropriate professional Competence. At least one member must not be affiliated with the covered entity or research sponsor. As with the IRB, there must be no conflicts of interest on a case-by-case basis. A quorum consists of a majority of members. Expedited review by the chairperson or designees is allowed for the waiver of authorization. 20
IRB or PrivacyWaivers of Authorization Three criteria must be met for the IRB or Privacy Board to waive authorization for research:  The use or disclosure of protected health information involves no more than a minimal risk to the privacy of the individual.  The research could not practicably be done without the waiver. The research could not practicably be conducted without access to and use of the protected health information (PHI). 21
• The research will not adversely affect privacy rights or welfare. The privacy risks are reasonable in relation to anticipated benefits and the importance of the knowledge of the clinical results. 22
Waiver of a Research Database Research database using protected health information may be created by a non covered entity without individuals' authorizations. Documentation must be obtained from the IRB or the Privacy Board that the specified waiver Criteria were satisfied. Similarly, existing databases or repositories created prior to the April 14, 2003, compliance data can be disclosed for research either with individual authorizations or with a waiver from either the IRB or the Privacy Bord. Approval from both the IRB and the Privacy Board is not required for the covered entity 23
Study Recruitment The covered entity's workforce can use protected health information to identify and contact prospective research subjects. The covered entity's health care provider can discuss the enrollment in a clinical trial with a potential subject before authorization is completed or there has been an Institutional Review Board or Privacy Board waiver of authorization. A clinician may use or disclose the PHI if such information is being used to treat the subject or using an experimental treatment that may benefit a subject. 24
However, at no time can the research health care provider remove the protected data from the covered entity's site according to the HIPAA requirements. If a researcher is not employed by the covered entity, the researcher can still have access to the protected information as a result of a partial waiver of individual authorization by an IRB or Privacy Board 25
 If a CRO wishes to use a physician's records to recruit patients, the study's principal investigator should seek a partial waiver of HIPAA authorization from the institutional review board. (The Privacy Rule waiver criteria are found at 45 C.F.R.§164.512 [i][1][i].)  This waiver, if granted, will apply to the CRO's use of PHI in recruitment. Written HIPAA authorization and informed consent will still be required to enroll a patient in the actual clinical trial. 26
 Although not a HIPAA Requirement, Physicians concerned about patients' privacy expectations should consider limiting recruitment to calls placed by the physician (or office staff), letters signed by the physician, and brochures in the waiting room instructing interested patients to contact the CRO conducting the study. 27
Over $36 Million in resolution agreements and fines for variety of issues 28
Sr no Coverd entity Type of breach Ammount of fine Date 1 QCA health plan Unencpted laptop $25000 Dec 2014 2 Columbia univarcity Discloser of ePHI on the internet $15000 Jun 2014 3 Wellpoint e-PHI published on public sever $1700000 July 2013 4 Shasta regional medical center Discloser to media outlet $275000 June 2013 5 Hospice of north ideho Laptop theft $50,000 Dec 2012 6 BCBS Tennessee Hard drive theft $1500000 March 2012 29
Breach Impermissible acquisition, access, use, or disclosure of PHI which compromises the security or privacy of the PHI. Act of breaking or failing to observe a law, agreement, or code of conduct 30
HIPAA Challenges in health care 31
Conclusion: • HIPAA is the federal Health Insurance Portability and Accountability Act • It consists of a set of standards that provide prescriptive guidance for securing and protecting PHI. • HIPAA provides standards for : General Rules Administrative, Physical, and Technical Safeguards Policies and Procedures Documentation Requirements 32
References: 1.New Drug Approval Process, forth edition Accelelerating Global Registration Edited by Richard A Guarino M.D Published by Marcel Dekker, INC Page no 559 2. Clinical Research and the HIPAA Privacy Rule Department Of Health and Human Services. USA Nh Publication Number04-5495february 2004 3. HIPAA Informed Concent / authorization form (http://www.fda.gov) 4. Privacy regulation (http://www.hhs.gov/ocr/hipaa/.) 33
34

Recommended

Investigation of medicinal product dossier (IMPD)
Investigation of medicinal product dossier (IMPD)Investigation of medicinal product dossier (IMPD)
Investigation of medicinal product dossier (IMPD)
Himal Barakoti
 
Hippa new requirement to clinical study processes
Hippa new requirement to clinical study processesHippa new requirement to clinical study processes
Hippa new requirement to clinical study processes
Kavya S
 
Hipaa in clinical trails
Hipaa in clinical trailsHipaa in clinical trails
Hipaa in clinical trails
Tejaswi Reddy
 
Post approvai regulatory affairs
Post approvai regulatory affairsPost approvai regulatory affairs
Post approvai regulatory affairs
JyotiMhoprekar
 
Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)
Arpitha Aarushi
 
API, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptxAPI, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptx
PawanDhamala1
 
Investigational medical product dossier
Investigational medical product dossierInvestigational medical product dossier
Investigational medical product dossier
SachinFartade
 
Cmc, post approval and regulation
Cmc, post approval and regulationCmc, post approval and regulation
Cmc, post approval and regulation
Himal Barakoti
 

Recommended

Investigation of medicinal product dossier (IMPD)
Investigation of medicinal product dossier (IMPD)Investigation of medicinal product dossier (IMPD)
Investigation of medicinal product dossier (IMPD)
Himal Barakoti
 
Hippa new requirement to clinical study processes
Hippa new requirement to clinical study processesHippa new requirement to clinical study processes
Hippa new requirement to clinical study processes
Kavya S
 
Hipaa in clinical trails
Hipaa in clinical trailsHipaa in clinical trails
Hipaa in clinical trails
Tejaswi Reddy
 
Post approvai regulatory affairs
Post approvai regulatory affairsPost approvai regulatory affairs
Post approvai regulatory affairs
JyotiMhoprekar
 
Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)
Arpitha Aarushi
 
API, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptxAPI, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptx
PawanDhamala1
 
Investigational medical product dossier
Investigational medical product dossierInvestigational medical product dossier
Investigational medical product dossier
SachinFartade
 
Cmc, post approval and regulation
Cmc, post approval and regulationCmc, post approval and regulation
Cmc, post approval and regulation
Himal Barakoti
 
Outsourcing BA and BE to CRO
Outsourcing BA and BE to CROOutsourcing BA and BE to CRO
Outsourcing BA and BE to CRO
Institute of Pharmaceutical Education and Research
 
CMC, post approval regulatory affairs, etc
CMC, post approval regulatory affairs, etcCMC, post approval regulatory affairs, etc
CMC, post approval regulatory affairs, etc
JayeshRajput7
 
Outsourcing BA and BE to CRO
Outsourcing BA and BE to CROOutsourcing BA and BE to CRO
Outsourcing BA and BE to CRO
DhanshreeBhattad
 
Single shot vaccines Naveen Balaji
Single shot vaccines Naveen BalajiSingle shot vaccines Naveen Balaji
Single shot vaccines Naveen Balaji
Naveen Balaji
 
Pharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptxPharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptx
Roshan Yadav
 
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICESREGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
Arunpandiyan59
 
GLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptxGLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptx
MrRajanSwamiSwami
 
Industry and fda laision &
Industry and fda laision &Industry and fda laision &
Industry and fda laision &
BhanuSriChandanaKnch
 
ANDA regulatory approval process
ANDA regulatory approval processANDA regulatory approval process
ANDA regulatory approval process
ROHIT
 
CMC
CMCCMC
CMC
JyotiMhoprekar
 
Mechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptxMechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptx
PawanDhamala1
 
Evaluation of protein & peptide dds
Evaluation of protein & peptide ddsEvaluation of protein & peptide dds
Evaluation of protein & peptide dds
Māľāý Păųļ
 
NDA and ANDA regulatory approval process
NDA and ANDA regulatory approval processNDA and ANDA regulatory approval process
NDA and ANDA regulatory approval process
Nilesh Gawade
 
Regulatory requirement of EU, MHRA and TGA
Regulatory requirement of EU, MHRA and TGARegulatory requirement of EU, MHRA and TGA
Regulatory requirement of EU, MHRA and TGA
Himal Barakoti
 
Combinational products & medical devices
Combinational products & medical devicesCombinational products & medical devices
Combinational products & medical devices
SHUBHAMGWAGH
 
Industry and fda liaison
Industry and fda liaisonIndustry and fda liaison
Industry and fda liaison
Bashant Kumar sah
 
Code of federal regulations {cfr} in pharmaceutical
Code of federal regulations {cfr} in pharmaceuticalCode of federal regulations {cfr} in pharmaceutical
Code of federal regulations {cfr} in pharmaceutical
Arabinda Changmai
 
ICH and WHO Guideline for Validation and Calibration.pptx
ICH and WHO Guideline for Validation and Calibration.pptxICH and WHO Guideline for Validation and Calibration.pptx
ICH and WHO Guideline for Validation and Calibration.pptx
RAHUL PAL
 
Impd
ImpdImpd
Impd
ShresthaPandey1
 
Objectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and controlObjectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and control
Arul Packiadhas
 
hipaa by roy.pptx
hipaa by roy.pptxhipaa by roy.pptx
hipaa by roy.pptx
SubhamRoy63
 
HIPAA Guidance on Recruitment - NIH
HIPAA Guidance on Recruitment - NIHHIPAA Guidance on Recruitment - NIH
HIPAA Guidance on Recruitment - NIH
dhainc
 

More Related Content

What's hot

What's hot (20)

Outsourcing BA and BE to CRO
Outsourcing BA and BE to CROOutsourcing BA and BE to CRO
Outsourcing BA and BE to CRO
 
CMC, post approval regulatory affairs, etc
CMC, post approval regulatory affairs, etcCMC, post approval regulatory affairs, etc
CMC, post approval regulatory affairs, etc
 
Outsourcing BA and BE to CRO
Outsourcing BA and BE to CROOutsourcing BA and BE to CRO
Outsourcing BA and BE to CRO
 
Single shot vaccines Naveen Balaji
Single shot vaccines Naveen BalajiSingle shot vaccines Naveen Balaji
Single shot vaccines Naveen Balaji
 
Pharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptxPharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptx
 
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICESREGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
 
GLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptxGLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptx
 
Industry and fda laision &
Industry and fda laision &Industry and fda laision &
Industry and fda laision &
 
ANDA regulatory approval process
ANDA regulatory approval processANDA regulatory approval process
ANDA regulatory approval process
 
CMC
CMCCMC
CMC
 
Mechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptxMechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptx
 
Evaluation of protein & peptide dds
Evaluation of protein & peptide ddsEvaluation of protein & peptide dds
Evaluation of protein & peptide dds
 
NDA and ANDA regulatory approval process
NDA and ANDA regulatory approval processNDA and ANDA regulatory approval process
NDA and ANDA regulatory approval process
 
Regulatory requirement of EU, MHRA and TGA
Regulatory requirement of EU, MHRA and TGARegulatory requirement of EU, MHRA and TGA
Regulatory requirement of EU, MHRA and TGA
 
Combinational products & medical devices
Combinational products & medical devicesCombinational products & medical devices
Combinational products & medical devices
 
Industry and fda liaison
Industry and fda liaisonIndustry and fda liaison
Industry and fda liaison
 
Code of federal regulations {cfr} in pharmaceutical
Code of federal regulations {cfr} in pharmaceuticalCode of federal regulations {cfr} in pharmaceutical
Code of federal regulations {cfr} in pharmaceutical
 
ICH and WHO Guideline for Validation and Calibration.pptx
ICH and WHO Guideline for Validation and Calibration.pptxICH and WHO Guideline for Validation and Calibration.pptx
ICH and WHO Guideline for Validation and Calibration.pptx
 
Impd
ImpdImpd
Impd
 
Objectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and controlObjectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and control
 

Similar to Hipaa rahul thore 1

Hippa Powerpoint
Hippa PowerpointHippa Powerpoint
Hippa Powerpoint
kvanrandall
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
nobumoto
 
HIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of HawaiiHIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of Hawaii
Atlantic Training, LLC.
 
HIPAA Rights Privacy and Enforcements RD.pptx
HIPAA Rights Privacy and Enforcements RD.pptxHIPAA Rights Privacy and Enforcements RD.pptx
HIPAA Rights Privacy and Enforcements RD.pptx
RAJIV RANJAN DAS
 
Introduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPIntroduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUP
Atlantic Training, LLC.
 

Similar to Hipaa rahul thore 1 (20)

hipaa by roy.pptx
hipaa by roy.pptxhipaa by roy.pptx
hipaa by roy.pptx
 
HIPAA Guidance on Recruitment - NIH
HIPAA Guidance on Recruitment - NIHHIPAA Guidance on Recruitment - NIH
HIPAA Guidance on Recruitment - NIH
 
Hipaa
HipaaHipaa
Hipaa
 
Hippa Powerpoint
Hippa PowerpointHippa Powerpoint
Hippa Powerpoint
 
HIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-WongHIPAA Access Medical Records by Sainsbury-Wong
HIPAA Access Medical Records by Sainsbury-Wong
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA Training
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
 
Privacy & confedentiality
Privacy & confedentialityPrivacy & confedentiality
Privacy & confedentiality
 
Hipaa,obra ariz
Hipaa,obra arizHipaa,obra ariz
Hipaa,obra ariz
 
Hipaa inservice
Hipaa inserviceHipaa inservice
Hipaa inservice
 
HIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of HawaiiHIPAA Privacy Training by University of Hawaii
HIPAA Privacy Training by University of Hawaii
 
HIPAA Audio Presentation
HIPAA Audio PresentationHIPAA Audio Presentation
HIPAA Audio Presentation
 
Hippa presentation
Hippa presentationHippa presentation
Hippa presentation
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentiality
 
HIPAA Rights Privacy and Enforcements RD.pptx
HIPAA Rights Privacy and Enforcements RD.pptxHIPAA Rights Privacy and Enforcements RD.pptx
HIPAA Rights Privacy and Enforcements RD.pptx
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
 
Confidentiality powerpoint
Confidentiality powerpointConfidentiality powerpoint
Confidentiality powerpoint
 
Introduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUPIntroduction to HIPAA for Healthcare Professionals by OUP
Introduction to HIPAA for Healthcare Professionals by OUP
 
Webinar Slides: Biobanking & Future Research: Addressing the "Unknown" in the...
Webinar Slides: Biobanking & Future Research: Addressing the "Unknown" in the...Webinar Slides: Biobanking & Future Research: Addressing the "Unknown" in the...
Webinar Slides: Biobanking & Future Research: Addressing the "Unknown" in the...
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 

Hipaa rahul thore 1

  • 1. HIPAA : A NEW REQUIREMENTS TO THE CLINICAL STUDY PROCESS. PREPARED BY: MR.THORE RAHUL ANNA M.PHARM (PHARMACEUTICS) 1
  • 2. 2
  • 3. WHAT IS HIPAA ? HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The act, which was signed into law by President Bill Clinton on Aug. 21, 1996, contains five sections, or titles. 3
  • 4. Additional rules to HIPAA: • ACA By President Barack Obama on March 23, 2010 Approach to regulation that can be properly described as “new governance” ACA updated HIPAA with new expanded requirements. 4
  • 5. WHAT IS PHI ?  Protected health information  PHI is all individually identifiable health information ,including demographic data and biological specimens , that transmitted or maintained by a covered entity.  PHI Can be any form , including written electronic and verbal. 5
  • 6. WHAT INFORMATION SHOULD CONTAIN PHI ?  Name  Street address ,city Zip code.  Date(DOB,DOD, Admission Discharge date)  Phone NO.  Medical Record No.  Health plan number  Social security number  Account numbers  Internet protocol Address  Biometric identifiers , including finger and voice print 6
  • 7. August 1996 – HIPAA Signed into Law by President Bill Clinton April 2003 – Effective Date of the HIPAA Privacy Rule April 2005 – Effective Date of the HIPAA Security Rule. March 2006 – Effective Date of the HIPAA Breach Enforcement RuleSeptember 2009 – Effective date of HITECH and the Breach Notification Rule. March 2013 Effective Date of the Final Omnibus Rule. Key Dates in HIPAA History 7
  • 8. 8
  • 9. HIPAA was in 1996 with two objectives.  The first part “Health Insurance Portability part of the Act” • To ensure that individuals would be able to maintain their health insurance between jobs.  The second part of the Act is the "Accountability" portion. To ensure the security and confidentiality of patient information/data and mandates uniform standards for electronic data transmission of administrative and financial data relating to patient health information 9
  • 10. Title I: health care access, portability and renewability Title II: administrative simplification Title III: tax related health provisions Title IV: application and enforcement of group health plan requirements Title V: revenue offsets 10
  • 11. CASE-1: A Michigan –based health care system accidentally posted the medical record of thousand of subject on the internet ( Reference-the Ann Arbor News February 10, 1999) 11
  • 12. Case -2 A Nevada woman who purchased a used computer discovered that the previous owner of the computer left a database with the names addresses social security number and a list of all prescription received by the individual ( Reference- New York Times April 4,1997) 12
  • 13. New requirement to study clinical trial: overview Researchers who conduct interventional clinical research have questioned how the Privacy Rule will affect their research activities. Even before the Privacy Rule, of course, physician-investigators have been concerned about the privacy of the medical and research-related information of their patients and subjects. . 13
  • 14. In fact, many have been required under the Department of Health and Human Services (HHS) or the Food and Drug Administration (FDA) Protection of Human Subjects Regulations (45 CFR part 46 or 21 CFR parts 50 and 56, respectively) to take measures to protect such personal health information from inappropriate use or disclosure. 14
  • 15. HIPAA Privacy Rule’s Impact on Clinical Research: • The Privacy Rule permits a covered entity to use or disclose PHI for research under the following circumstances and conditions: • · If the subject of the PHI has granted specific written permission through an Authorization that satisfies section 164.508. • For reviews preparatory to research with representations obtained from the researcher that satisfy section 164.512(i)(1)(ii) of the Privacy Rule • For research solely on decedents’ information with certain representations and, if requested, documentation obtained from the researcher that satisfies section 164.512(i)(1)(iii) of the Privacy Rule. 15
  • 16. • If the covered entity obtains documentation of an IRB or Privacy Board’s alteration of the Authorization requirement as well as the altered • Authorization from the individual • If the PHI has been de-identified in accordance with the standards set by the Privacy Rule at section 164.514(a)-(c) (in which case, the • health information is no longer PHI) • • Under a “grandfathered” informed consent of the individual to participate in the research, an IRB waiver of such informed consent, 16
  • 17. Requirements: 1.informed consent: the HIPAA authorisation can be included with informed consent document or can be separated form the informed consent .see PHI authorisation page. Must contain a specific description of the information to be disclosed including; • Name of the person or class of person that will receive the disclosed information e.g principal investigator • Statement that information received by the users may be used for future. Expiration date or expiration event when authorities may disclose the information. Statement containing a subject's right to revoke their authorization for discloser. 17
  • 18. • Statement containing a subject's right to revoke their authorization for discloser. • Statement documenting the ability to condition enrollment on informed consent. • Statement documenting the possibility that the information may be re disclosed by recipient ( eg. To the FDA). • .Signature of subject and date of the signing of the HIPAA agreement. 18
  • 19. Institutional Review Boards Where HIPAA requirements are combined with the informed consent requirements, the entire document needs to be reviewed by the Institutional Review Board (IRB). The Office of Civil Rights as well as the FDA's General Counsel, as April 7, 2003, had confirmed that IRB approval of subject authorization for use or disclosure of protected health information required by the HIPPA privacy rule is only required if the authorization language is to be part of the IRB-approved informed consent document for human subjects review. 19
  • 20. Privacy Boards In cases where IRBs are not responsible for reviewing, the HIPAA Authorization Privacy Board may be formed to undertake this task. Members of privacy boards should have varying backgrounds and appropriate professional Competence. At least one member must not be affiliated with the covered entity or research sponsor. As with the IRB, there must be no conflicts of interest on a case-by-case basis. A quorum consists of a majority of members. Expedited review by the chairperson or designees is allowed for the waiver of authorization. 20
  • 21. IRB or PrivacyWaivers of Authorization Three criteria must be met for the IRB or Privacy Board to waive authorization for research:  The use or disclosure of protected health information involves no more than a minimal risk to the privacy of the individual.  The research could not practicably be done without the waiver. The research could not practicably be conducted without access to and use of the protected health information (PHI). 21
  • 22. • The research will not adversely affect privacy rights or welfare. The privacy risks are reasonable in relation to anticipated benefits and the importance of the knowledge of the clinical results. 22
  • 23. Waiver of a Research Database Research database using protected health information may be created by a non covered entity without individuals' authorizations. Documentation must be obtained from the IRB or the Privacy Board that the specified waiver Criteria were satisfied. Similarly, existing databases or repositories created prior to the April 14, 2003, compliance data can be disclosed for research either with individual authorizations or with a waiver from either the IRB or the Privacy Bord. Approval from both the IRB and the Privacy Board is not required for the covered entity 23
  • 24. Study Recruitment The covered entity's workforce can use protected health information to identify and contact prospective research subjects. The covered entity's health care provider can discuss the enrollment in a clinical trial with a potential subject before authorization is completed or there has been an Institutional Review Board or Privacy Board waiver of authorization. A clinician may use or disclose the PHI if such information is being used to treat the subject or using an experimental treatment that may benefit a subject. 24
  • 25. However, at no time can the research health care provider remove the protected data from the covered entity's site according to the HIPAA requirements. If a researcher is not employed by the covered entity, the researcher can still have access to the protected information as a result of a partial waiver of individual authorization by an IRB or Privacy Board 25
  • 26.  If a CRO wishes to use a physician's records to recruit patients, the study's principal investigator should seek a partial waiver of HIPAA authorization from the institutional review board. (The Privacy Rule waiver criteria are found at 45 C.F.R.§164.512 [i][1][i].)  This waiver, if granted, will apply to the CRO's use of PHI in recruitment. Written HIPAA authorization and informed consent will still be required to enroll a patient in the actual clinical trial. 26
  • 27.  Although not a HIPAA Requirement, Physicians concerned about patients' privacy expectations should consider limiting recruitment to calls placed by the physician (or office staff), letters signed by the physician, and brochures in the waiting room instructing interested patients to contact the CRO conducting the study. 27
  • 28. Over $36 Million in resolution agreements and fines for variety of issues 28
  • 29. Sr no Coverd entity Type of breach Ammount of fine Date 1 QCA health plan Unencpted laptop $25000 Dec 2014 2 Columbia univarcity Discloser of ePHI on the internet $15000 Jun 2014 3 Wellpoint e-PHI published on public sever $1700000 July 2013 4 Shasta regional medical center Discloser to media outlet $275000 June 2013 5 Hospice of north ideho Laptop theft $50,000 Dec 2012 6 BCBS Tennessee Hard drive theft $1500000 March 2012 29
  • 30. Breach Impermissible acquisition, access, use, or disclosure of PHI which compromises the security or privacy of the PHI. Act of breaking or failing to observe a law, agreement, or code of conduct 30
  • 32. Conclusion: • HIPAA is the federal Health Insurance Portability and Accountability Act • It consists of a set of standards that provide prescriptive guidance for securing and protecting PHI. • HIPAA provides standards for : General Rules Administrative, Physical, and Technical Safeguards Policies and Procedures Documentation Requirements 32
  • 33. References: 1.New Drug Approval Process, forth edition Accelelerating Global Registration Edited by Richard A Guarino M.D Published by Marcel Dekker, INC Page no 559 2. Clinical Research and the HIPAA Privacy Rule Department Of Health and Human Services. USA Nh Publication Number04-5495february 2004 3. HIPAA Informed Concent / authorization form (http://www.fda.gov) 4. Privacy regulation (http://www.hhs.gov/ocr/hipaa/.) 33
  • 34. 34

Editor's Notes

  1. Thank you