SlideShare a Scribd company logo

Hipaa in clinical trails

Download as PPTX, PDF
T
Tejaswi Reddy

This presentation is regarding the rules in hipaa that are implemented by HHS followed by information regarding PHI(protected health information) and MNS(minimum necessary standards)in hipaa ; and how hipaa regulations followed during clinical trials

Education
1 of 30
HIPAA IN CLINICAL TRAILS K TEJASWI M PHARMACY 1 YEAR 170119886010 PHARMACEUTICS REGULATORY AFFAIRS
CONTENTS  Definition  Brief history  HIPAA compliance  Protected health information(PHI)  Minimum necessary standards  HIPAA compliance in clinical trails  HIPAA violations  New updates in HIPAA  References 2 GPULLAREDDYCOLLEGEOFPHARMACY
DEFINITION  HIPAA is defined as the Health Insurance Portability and Accountability Act (HIPAA) is a federal law that provides baseline privacy and security standards for medical information. The U.S. Department of Health and Human Services (HHS) is the federal agency in charge of creating rules that implement HIPAA and also enforcing HIPAA. 3 GPULLAREDDYCOLLEGEOFPHARMACY
BRIEF HISTORY  1996 – Congress passed the Health Insurance Portability and Accountability Act (HIPAA).  2003 – The U.S. Department of Health and Human Services (HHS) issued and adopted the HIPAA Privacy Rule, HIPAA Security Rule, and the HIPAA Enforcement Rule. The Privacy Rule gives individuals rights with respect to their protected health information (PHI). It also explains how covered entities (those who must comply with HIPAA) can use and disclose PHI. . 4 GPULLAREDDYCOLLEGEOFPHARMACY
 The Security Rule sets standards for safeguarding electronic PHI. the Security Rule laid down three security safeguards – administrative, physical and technical – that must be adhered to in full in order to comply with HIPAA. The safeguards had the following goals: Administrative – to create policies and procedures designed to clearly show how the entity will comply with the act. Physical – to control physical access to areas of data storage to protect against inappropriate access. Technical – to protect communications containing PHI when transmitted electronically over open networks. The Enforcement Rule addresses compliance, investigations, and potential penalties for violations of the HIPAA Privacy Rule and Security Rule. The Office for Civil Rights (OCR) within HHS is reponsible for enforcing the HIPAA regulations. 5 GPULLAREDDYCOLLEGEOFPHARMACY
 2009 – The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law. The HITECH Act created financial incentives for healthcare providers and insurers to continue shifting to electronic medical records, and also addressed privacy and security concerns related to the electronic transmission of health information, including unauthorized access and data breaches.  2013 – HHS' Office for Civil Rights issued the HIPAA Omnibus Rule. HHS' Omnibus Rule made several important changes to the HIPAA Privacy, Security, and Enforcement Rules. It implemented many provisions of the HITECH Act. It modified and finalized the Breach Notification Rule. It also implemented changes to the HIPAA Privacy Rule required by the Genetic Information Nondiscrimination Act of 2008 (GINA). 6 GPULLAREDDYCOLLEGEOFPHARMACY
WHO MUST COMPLY WITH HIPAA?  HIPAA only applies to covered entities and their business associates. Some times a subcontractor can also be considered. a. Covered entities: The Privacy Rule defines a Covered HIPAA Entity as any health plan or any healthcare clearinghouse, or any healthcare provider who transmits Protected Health Information (or PHI as per the standards developed by the Department of Health & Human Services) in electronic form. Health care providers get paid to provide health care Doctors, dentists, hospitals, nursing homes, pharmacies, urgent care clinics, and other entities that provide health care in exchange for payment are examples of providers. 7 GPULLAREDDYCOLLEGEOFPHARMACY
Health plans pay the cost of medical care. The following are examples of health plans covered under HIPAA: health insurance companies, health maintenance organizations (HMOs), group health plans sponsored by an employer, government-funded health plans such as Medicare and Medicaid, and most other companies or arrangements that pay for health care. Health care clearinghouses process information so that it can be transmitted in a standard format between covered entities. For example, a clearinghouse may take information from a doctor and put it into a standard coded format that can be used for insurance purposes. 8 GPULLAREDDYCOLLEGEOFPHARMACY
b. Business associates : A "business associate" creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity . c. Subcontractors: A subcontractor that creates, maintains, or transmits protected health information (PHI) on behalf of a business associate has the same legal responsibilities as a business associate under HIPAA. In other words, privacy- and security-related legal responsibilities flow "downstream" to subcontractors performing work for a business associate. For example, a hospital's business associate may hire an outside company to shred documents containing PHI or to provide a cloud service to store the data. 9 GPULLAREDDYCOLLEGEOFPHARMACY
PROTECTED HEALTH INFORMATION(PHI)  Under HIPAA PHI is considered to be any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity – A healthcare provider, health plan or health insurer, or a healthcare clearinghouse – or a business associate of a HIPAA-covered entity, in relation to the provision of healthcare or payment for healthcare services.  PHI is health information in any form, including physical records, electronic records, or spoken information.  Therefore, PHI includes health records, health histories, lab test results, and medical bills. Essentially, all health information is considered PHI when it includes individual identifiers 10 GPULLAREDDYCOLLEGEOFPHARMACY
 The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) by "covered entities.“ Use: How information is used within a healthcare facility. Disclosure: How information is shared outside a health care facility.  Covered entities may disclose PHI to law enforcement if requested to do so by court orders, court-ordered warrants, subpoenas, and administrative requests.  A covered entity may reveal PHI to facilitate treatment, payment, or health care operations without a patient's written authorization. 11 GPULLAREDDYCOLLEGEOFPHARMACY
 Any other disclosures of PHI require the covered entity to obtain prior written authorization.  When a covered entity discloses PHI, it must make a reasonable effort to share only the minimum necessary information.  The Privacy Rule gives individuals the right to demand that a covered entity correct any inaccurate PHI and make reasonable steps to ensure the confidentiality of communications with individuals.  The Privacy Rule requires covered entities to notify individuals of PHI use, keep track of disclosures, and document privacy policies and procedures. 12 GPULLAREDDYCOLLEGEOFPHARMACY
MINIMUM NECESSARY STANDARD(MNS) This rule stipulates that the disclosure of PHI must be limited to the minimum necessary for the stated purpose. Exceptions to the rule exist in a healthcare environment  where it may be necessary for a healthcare provider to access a patient´s complete medical history – but non-routine disclosure requests must be reviewed on a case-by-case basis.  even when the patient has given their authorization for their medical records to be made available for research, marketing or fundraising purposes.  In interest of public health like to control or prevent disease.  Signed patient authorization is necessary for the use/disclosure of psychotherapy notes unless required by healthcare provider or required by law. 13 GPULLAREDDYCOLLEGEOFPHARMACY
The Health Insurance Portability and Accountability Act of 1996 consists of 5 Titles.  Title I: Protects health insurance coverage for workers and their families that change or lose their jobs. It limits new health plans the ability to deny coverage due to a pre-existing condition.  Title II: Prevents Health Care Fraud and Abuse; Medical Liability Reform; Administrative Simplification that requires the establishment of national standards for electronic health care transactions and national identifiers for providers, employers, and health insurance plans.  Title III: Guidelines for pre-tax medical spending accounts. It provides changes to health insurance law and deductions for medical insurance.  Title IV: Guidelines for group health plans. It provides modifications for health coverage.  Title V: Governs company-owned life insurance policies. Makes provisions for treating people without United States Citizenship and repealed financial institution rule to interest allocation rules. 14 GPULLAREDDYCOLLEGEOFPHARMACY
HIPPA COMPLIANCE IN CLINICAL TRAILS  The federal Medical Privacy Rule, authorized by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), limits how covered physicians may use and disclose protected health information (PHI) for any purpose.  Throughout the clinical study process, researchers may need to create, edit, and view PHI. HIPAA stipulates that participant PHI must be used in a “specific and meaningful manner.”  All study participants must submit authorizations in order for the researchers to have access to their pertinent information. This authorization only applies to the current study, and not to any future studies. 15 GPULLAREDDYCOLLEGEOFPHARMACY
1. Pre-Research Review of Medical Records  A prospective sponsor might request summary information about a physician's patients to establish whether the physician's practice is a viable site for a clinical trial.  The Privacy Rule permits the physician to review her medical records for this “pre-research” purpose, provided that no PHI is disclosed to the sponsor.  If a third party, such as a contract research organization (CRO) or another researcher will review medical or billing records for this purpose, the review must occur at the practice and the physician must obtain the following representations: The use or disclosure is sought solely to review PHI as necessary to prepare a research protocol or for similar purposes preparatory to research:  No PHI will be removed from the covered entity during the review; and  The PHI that the researcher [or CRO] seeks to review is necessary for the purpose(s) of the review. 16 GPULLAREDDYCOLLEGEOFPHARMACY
 To document HIPAA compliance, the physician should ask the third party to provide these representations in writing.  Alternatively, the Privacy Rule allows the physician to share “de-identified” data without restriction. The Privacy Rule's standard for de-identification is quite strict, typically requiring removal of eighteen specific identifiers that range from names and social security numbers to dates of treatment and full zip codes.  The de-identification of protected health information enables HIPAA covered entities to share health data for large-scale medical research studies, policy assessments, comparative effectiveness studies, and other studies and assessments without violating the privacy of patients or requiring authorizations to be obtained from each patient prior to data being disclosed. 17 GPULLAREDDYCOLLEGEOFPHARMACY
2. RECRUITMENT  The Privacy Rule permits a physician to recruit her own patients, by, for example, sending a letter to patients potentially eligible to enroll in a clinical trial, or by discussing enrollment during an office visit. (The institutional review board overseeing the study must approve the recruitment plan.)  If a CRO wishes to use a physician's records to recruit patients, the study's principal investigator should seek a partial waiver of HIPAA authorization from the institutional review board. Uses and disclosures for which an authorization or opportunity to agree or object is not required; (a) Uses And Disclosures Required By Law. (B) Uses And Disclosures For Public Health Activities . 18 GPULLAREDDYCOLLEGEOFPHARMACY
(C) Disclosures About Victims Of Abuse, Neglect Or Domestic Violence (D) Uses And Disclosures For Health Oversight Activities - (E) Disclosures For Judicial And Administrative Proceeding (F) Disclosures For Law Enforcement Purposes. (G) Uses And Disclosures About Decedents o participants must first review certain documents to ensure a comprehensive understanding of the study. If you decide to participate in a clinical trial, you may be asked to sign two documents: an authorization form, and an informed consent document. o The informed consent document will detail the study methodology, any potential risks, timeline, participant confidentiality and healthcare coverage during the course of the study. This document may or may not be combined with an authorization form. 19 GPULLAREDDYCOLLEGEOFPHARMACY
A few elements that may be present in the authorization may include:  Your health information will be disclosed when it is required by law  Your health information will be shared when required by law, to prevent or control injury or the spread of disease  No publication or public presentation about the study will reveal your identity  To maintain the integrity of the study, you may not have access to your PHI until the study is complete. You do not have to sign this authorization, but if you decline, you may not be eligible for study participation. Revoking this permission means you will no longer be eligible for participation within the clinical study. 20 GPULLAREDDYCOLLEGEOFPHARMACY
3. ENROLLMENT AND CONDUCT OF STUDY  A physician generally must obtain written HIPAA research authorization to enroll a patient in a clinical trial.  Though a research sponsor may provide a template consent form, typically the research site, which is the covered entity, must supply the HIPAA authorization.  The study's authorization and consent forms are usually combined, which is permitted, provided that the combined form contains all of the elements required by both the Privacy Rule and federal research regulations.  A HIPAA research authorization must contain all the elements of a valid general HIPAA authorization. 21 GPULLAREDDYCOLLEGEOFPHARMACY
To be valid, a HIPAA authorization must satisfy the following : 1.No Compound Authorizations. The authorization may not be combined with any other document such as a consent for treatment.3 An authorization to use or disclose psychotherapy notes may not be combined with an authorization to disclose other forms of PHI. 2.Core Elements: These include a description of the PHI to be used or disclosed that identifies the PHI in a specific and meaningful fashion.  The name or specific identification of the person(s) or class of person(s) authorized to make the use or disclosure.  The date and signature of the patient or the patient’s personal representative.  A description of each purpose for the requested use or disclosure. 22 GPULLAREDDYCOLLEGEOFPHARMACY
3.Required Statements. The authorization must also contain certain required statements regarding patient rights.  The patient or personal representative has the right to revoke the authorization at anytime by submitting a written revocation except to the extent the provider has taken action in reliance on the authorization.  The provider generally may not condition its healthcare on the provision of the authorization except (i) for research-related treatment, or (ii) if the purpose of the healthcare is to create information for disclosure (e.g., an employment physical or independent medical exam), in which case the provider may refuse to provide the healthcare if the patient refuses to execute an authorization.  The information disclosed per the authorization may be subject to re-disclosure by the recipient and no longer protected by HIPAA. 23 GPULLAREDDYCOLLEGEOFPHARMACY
4. Marketing or Sale of PHI. If the authorization is to permit the use or disclosure of PHI for purposes of marketing (as defined by HIPAA) or the sale of PHI, and the provider will receive remuneration for the PHI, the authorization must notify the patient that the provider will receive the remuneration. 5.Completed in Full. The authorization and its required elements must be completely filled out, i.e., there should be no blanks concerning the required terms. 6.Written in Plain Language. The authorization must be written in plain language. For patients with limited English proficiency, the provider may need to translate the authorization for the patient. 7.Give the Patient a Copy. If the provider is requesting the authorization from the patient, the provider must give the patient or personal representative a signed copy of theauthorization. The provider is not required to give a copy if the patient initiated the authorization. 24 GPULLAREDDYCOLLEGEOFPHARMACY
8. Retain the Authorization. The provider must retain a copy of the authorization for six years. o If an authorization is required, HIPAA prevents providers and business associates from using or disclosing more PHI than is allowed or in a manner that is different than as stated in the authorization, so providers should ensure that the authorization is broad enough to cover the requested use or disclosure, including any disclosure of oral information in addition to records. o Every HIPAA authorization must also tell the patient how to revoke authorization. If a patient does revoke authorization, the physician conducting the trial may continue to use and disclose (eg, provide to the research sponsor) PHI obtained before the revocation. After revocation the physician may use and disclose the patient's new PHI only as necessary to maintain the integrity of the research (eg, to report an adverse event or the death of a study subject). 25 GPULLAREDDYCOLLEGEOFPHARMACY
4. PUBLICATION OR PRESENTATION OF RESULTS  HIPAA continues to apply when the results of clinical trials (or case studies) are published or presented to an audience. Except when conducting internal medical education activities, physicians must obtain written HIPAA authorization before publishing papers or making presentations containing PHI. An institutional review board may not waive authorization for the publication or presentation of research.  Physicians whose publications or presentations will contain patient-level data should determine whether the eighteen HIPAA identifiers have been removed, and also whether the remaining information could be combined with other publicly-available information to reveal the identity of a participant. Materials involving photographs, rare diseases, or highly publicized cases should be reviewed with particular care. 26 GPULLAREDDYCOLLEGEOFPHARMACY
WHAT HAPPENS IF YOU BREAK HIPAA RULES? If you break HIPAA Rules there are four potential outcomes:  The violation could be dealt with internally by an employer.  You could be terminated.  You could face sanctions from professional boards.  You could face criminal charges which include fines and imprisonment. 27 GPULLAREDDYCOLLEGEOFPHARMACY
28 GPULLAREDDYCOLLEGEOFPHARMACY
REFERENCES o https://www.ncbi.nlm.nih.gov/books/NBK500019/ 1.Tariq RA, Hackert PB. StatPearls [Internet]. StatPearls Publishing; Treasure Island (FL): Jan 19, 2019. Patient Confidentiality. [PubMed] 2.Mermelstein HT, Wallack JJ. Confidentiality in the age of HIPAA: a challenge for psychosomatic medicine. Psychosomatics. 2008 Mar-Apr;49(2):97- 103. [PubMed] o https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2793939/ o https://www.hipaajournal.com/hipaa-history/ o https://www.law.cornell.edu/cfr/text/45/164.512 o https://www.hhs.gov/hipaa/for-professionals/special- topics/research/index.html o https://www.hhhealthlawblog.com/2014/11/valid-hipaa- authorizations-a-checklist.html 29 GPULLAREDDYCOLLEGEOFPHARMACY
THANKU 30 GPULLAREDDYCOLLEGEOFPHARMACY

Recommended

Outsourcing BA and BE to CRO
Outsourcing BA and BE to CROOutsourcing BA and BE to CRO
Outsourcing BA and BE to CRODhanshreeBhattad
 
Investigation of medicinal product dossier (IMPD)
Investigation of medicinal product dossier (IMPD)Investigation of medicinal product dossier (IMPD)
Investigation of medicinal product dossier (IMPD)Himal Barakoti
 
Impd
ImpdImpd
ImpdShresthaPandey1
 
Global Subbmission of IND, NDA, ANDA
Global Subbmission of IND, NDA, ANDA Global Subbmission of IND, NDA, ANDA
Global Subbmission of IND, NDA, ANDA Maruthi.N
 
Regulation for combination product
Regulation for combination productRegulation for combination product
Regulation for combination productAkashYadav283
 
Post approvai regulatory affairs
Post approvai regulatory affairsPost approvai regulatory affairs
Post approvai regulatory affairsJyotiMhoprekar
 
Cmc, post approval and regulation
Cmc, post approval and regulationCmc, post approval and regulation
Cmc, post approval and regulationHimal Barakoti
 
Us registration for foreign drugs
Us registration for foreign drugsUs registration for foreign drugs
Us registration for foreign drugsNiva Rani Gogoi
 

Recommended

Outsourcing BA and BE to CRO
Outsourcing BA and BE to CROOutsourcing BA and BE to CRO
Outsourcing BA and BE to CRODhanshreeBhattad
 
Investigation of medicinal product dossier (IMPD)
Investigation of medicinal product dossier (IMPD)Investigation of medicinal product dossier (IMPD)
Investigation of medicinal product dossier (IMPD)Himal Barakoti
 
Impd
ImpdImpd
ImpdShresthaPandey1
 
Global Subbmission of IND, NDA, ANDA
Global Subbmission of IND, NDA, ANDA Global Subbmission of IND, NDA, ANDA
Global Subbmission of IND, NDA, ANDA Maruthi.N
 
Regulation for combination product
Regulation for combination productRegulation for combination product
Regulation for combination productAkashYadav283
 
Post approvai regulatory affairs
Post approvai regulatory affairsPost approvai regulatory affairs
Post approvai regulatory affairsJyotiMhoprekar
 
Cmc, post approval and regulation
Cmc, post approval and regulationCmc, post approval and regulation
Cmc, post approval and regulationHimal Barakoti
 
Us registration for foreign drugs
Us registration for foreign drugsUs registration for foreign drugs
Us registration for foreign drugsNiva Rani Gogoi
 
Hippa new requirement to clinical study processes
Hippa new requirement to clinical study processesHippa new requirement to clinical study processes
Hippa new requirement to clinical study processesKavya S
 
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICESREGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICESArunpandiyan59
 
Pharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptxPharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptxRoshan Yadav
 
Impd dossier
Impd dossierImpd dossier
Impd dossierPrakash Ata
 
Hipaa rahul thore 1
Hipaa rahul thore 1Hipaa rahul thore 1
Hipaa rahul thore 1RahulThore
 
GLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptxGLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptxMrRajanSwamiSwami
 
Compression and compaction
Compression and compactionCompression and compaction
Compression and compactionMehak AggarwAl
 
Objectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and controlObjectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and controlArul Packiadhas
 
API, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptxAPI, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptxPawanDhamala1
 
Drug excipient interaction
Drug excipient interactionDrug excipient interaction
Drug excipient interactionAshajagtap1661
 
Evaluation of buccal drug delivery system
Evaluation of buccal drug delivery systemEvaluation of buccal drug delivery system
Evaluation of buccal drug delivery systemSayeda Salma S.A.
 
Preformulation concept
Preformulation conceptPreformulation concept
Preformulation conceptBashant Kumar sah
 
Compaction profiles
Compaction profilesCompaction profiles
Compaction profilesSiddu K M
 
Outsourcing BA and BE to CRO
Outsourcing BA and BE to CROOutsourcing BA and BE to CRO
Outsourcing BA and BE to CROInstitute of Pharmaceutical Education and Research
 
Study of consolidation parameters
Study of consolidation parametersStudy of consolidation parameters
Study of consolidation parametersayesha samreen
 
Mechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptxMechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptxPawanDhamala1
 
MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx
MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx
MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptxPawanDhamala1
 
Single shot vaccines Naveen Balaji
Single shot vaccines Naveen BalajiSingle shot vaccines Naveen Balaji
Single shot vaccines Naveen BalajiNaveen Balaji
 
Mechanically activated drug delivery
Mechanically activated drug deliveryMechanically activated drug delivery
Mechanically activated drug deliveryBharatlal Sain
 
Barriers to protein and peptide delivery.pptx
Barriers to protein and peptide delivery.pptxBarriers to protein and peptide delivery.pptx
Barriers to protein and peptide delivery.pptxMeghajoshi86
 
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...susmitaghosh93
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 

More Related Content

What's hot

Hippa new requirement to clinical study processes
Hippa new requirement to clinical study processesHippa new requirement to clinical study processes
Hippa new requirement to clinical study processesKavya S
 
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICESREGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICESArunpandiyan59
 
Pharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptxPharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptxRoshan Yadav
 
Hipaa rahul thore 1
Hipaa rahul thore 1Hipaa rahul thore 1
Hipaa rahul thore 1RahulThore
 
GLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptxGLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptxMrRajanSwamiSwami
 
Compression and compaction
Compression and compactionCompression and compaction
Compression and compactionMehak AggarwAl
 
Objectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and controlObjectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and controlArul Packiadhas
 
API, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptxAPI, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptxPawanDhamala1
 
Drug excipient interaction
Drug excipient interactionDrug excipient interaction
Drug excipient interactionAshajagtap1661
 
Evaluation of buccal drug delivery system
Evaluation of buccal drug delivery systemEvaluation of buccal drug delivery system
Evaluation of buccal drug delivery systemSayeda Salma S.A.
 
Compaction profiles
Compaction profilesCompaction profiles
Compaction profilesSiddu K M
 
Study of consolidation parameters
Study of consolidation parametersStudy of consolidation parameters
Study of consolidation parametersayesha samreen
 
Mechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptxMechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptxPawanDhamala1
 
MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx
MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx
MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptxPawanDhamala1
 
Single shot vaccines Naveen Balaji
Single shot vaccines Naveen BalajiSingle shot vaccines Naveen Balaji
Single shot vaccines Naveen BalajiNaveen Balaji
 
Mechanically activated drug delivery
Mechanically activated drug deliveryMechanically activated drug delivery
Mechanically activated drug deliveryBharatlal Sain
 
Barriers to protein and peptide delivery.pptx
Barriers to protein and peptide delivery.pptxBarriers to protein and peptide delivery.pptx
Barriers to protein and peptide delivery.pptxMeghajoshi86
 

What's hot (20)

Hippa new requirement to clinical study processes
Hippa new requirement to clinical study processesHippa new requirement to clinical study processes
Hippa new requirement to clinical study processes
 
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICESREGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
REGULATIONS FOR COMBINATION PRODUCTS AND MEDICAL DEVICES
 
Pharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptxPharmacovigilance safety Mon. in clinical trials.pptx
Pharmacovigilance safety Mon. in clinical trials.pptx
 
Impd dossier
Impd dossierImpd dossier
Impd dossier
 
Hipaa rahul thore 1
Hipaa rahul thore 1Hipaa rahul thore 1
Hipaa rahul thore 1
 
GLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptxGLOBAL SUBMISSION OF IND-1.pptx
GLOBAL SUBMISSION OF IND-1.pptx
 
Compression and compaction
Compression and compactionCompression and compaction
Compression and compaction
 
Objectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and controlObjectives and policies of cGMP & Inventory management and control
Objectives and policies of cGMP & Inventory management and control
 
API, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptxAPI, BIOLOGICS,NOVEL,THERAPIES........pptx
API, BIOLOGICS,NOVEL,THERAPIES........pptx
 
Drug excipient interaction
Drug excipient interactionDrug excipient interaction
Drug excipient interaction
 
Evaluation of buccal drug delivery system
Evaluation of buccal drug delivery systemEvaluation of buccal drug delivery system
Evaluation of buccal drug delivery system
 
Preformulation concept
Preformulation conceptPreformulation concept
Preformulation concept
 
Compaction profiles
Compaction profilesCompaction profiles
Compaction profiles
 
Outsourcing BA and BE to CRO
Outsourcing BA and BE to CROOutsourcing BA and BE to CRO
Outsourcing BA and BE to CRO
 
Study of consolidation parameters
Study of consolidation parametersStudy of consolidation parameters
Study of consolidation parameters
 
Mechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptxMechanical and pH activated DDS.pptx
Mechanical and pH activated DDS.pptx
 
MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx
MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx
MECHANISM OF PERMEATION OF DRUG IN BUCCAL DRUG DELIVERY SYSTEM.pptx
 
Single shot vaccines Naveen Balaji
Single shot vaccines Naveen BalajiSingle shot vaccines Naveen Balaji
Single shot vaccines Naveen Balaji
 
Mechanically activated drug delivery
Mechanically activated drug deliveryMechanically activated drug delivery
Mechanically activated drug delivery
 
Barriers to protein and peptide delivery.pptx
Barriers to protein and peptide delivery.pptxBarriers to protein and peptide delivery.pptx
Barriers to protein and peptide delivery.pptx
 

Similar to Hipaa in clinical trails

HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...susmitaghosh93
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentialityjessie66
 
Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Arpitha Aarushi
 
Mha690 presentation by rachael javidan
Mha690 presentation by rachael javidanMha690 presentation by rachael javidan
Mha690 presentation by rachael javidanRachaelJavidan
 
Health Insurance Portability and Accountability Act of 1996.docx
Health Insurance Portability and Accountability Act of 1996.docxHealth Insurance Portability and Accountability Act of 1996.docx
Health Insurance Portability and Accountability Act of 1996.docxAlesandriaPablo
 
What is HIPAA Why was it passed What arc the potential benefits to .pdf
What is HIPAA Why was it passed What arc the potential benefits to .pdfWhat is HIPAA Why was it passed What arc the potential benefits to .pdf
What is HIPAA Why was it passed What arc the potential benefits to .pdfarchigallery1298
 
The Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayThe Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayJamie Boyd
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA TrainingJonathan Montes
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingvrgill22
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxamartya2087
 

Similar to Hipaa in clinical trails (20)

HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...HIPAA , REGULATORY AFFAIRS , M.PHARM ...
HIPAA , REGULATORY AFFAIRS , M.PHARM ...
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guide
 
Knowing confidentiality
Knowing confidentialityKnowing confidentiality
Knowing confidentiality
 
HIPAA Privacy & Security
HIPAA Privacy & SecurityHIPAA Privacy & Security
HIPAA Privacy & Security
 
Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)Health Insurance Portability & Accountability Act (HIPAA)
Health Insurance Portability & Accountability Act (HIPAA)
 
Mha690 presentation by rachael javidan
Mha690 presentation by rachael javidanMha690 presentation by rachael javidan
Mha690 presentation by rachael javidan
 
Health Insurance Portability and Accountability Act of 1996.docx
Health Insurance Portability and Accountability Act of 1996.docxHealth Insurance Portability and Accountability Act of 1996.docx
Health Insurance Portability and Accountability Act of 1996.docx
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA Training
 
Hippa training v2
Hippa training v2Hippa training v2
Hippa training v2
 
Hipaa,obra ariz
Hipaa,obra arizHipaa,obra ariz
Hipaa,obra ariz
 
What is HIPAA Why was it passed What arc the potential benefits to .pdf
What is HIPAA Why was it passed What arc the potential benefits to .pdfWhat is HIPAA Why was it passed What arc the potential benefits to .pdf
What is HIPAA Why was it passed What arc the potential benefits to .pdf
 
The Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act EssayThe Health Insurance Portability And Accountability Act Essay
The Health Insurance Portability And Accountability Act Essay
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibus
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
 
Hipaa inservice
Hipaa inserviceHipaa inservice
Hipaa inservice
 
Welcome to HIPAA Training
Welcome to HIPAA TrainingWelcome to HIPAA Training
Welcome to HIPAA Training
 
HIPAA regulations
HIPAA regulationsHIPAA regulations
HIPAA regulations
 
Hipaa
HipaaHipaa
Hipaa
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy training
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 

Recently uploaded

Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 

Recently uploaded (20)

Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 

Hipaa in clinical trails

  • 1. HIPAA IN CLINICAL TRAILS K TEJASWI M PHARMACY 1 YEAR 170119886010 PHARMACEUTICS REGULATORY AFFAIRS
  • 2. CONTENTS  Definition  Brief history  HIPAA compliance  Protected health information(PHI)  Minimum necessary standards  HIPAA compliance in clinical trails  HIPAA violations  New updates in HIPAA  References 2 GPULLAREDDYCOLLEGEOFPHARMACY
  • 3. DEFINITION  HIPAA is defined as the Health Insurance Portability and Accountability Act (HIPAA) is a federal law that provides baseline privacy and security standards for medical information. The U.S. Department of Health and Human Services (HHS) is the federal agency in charge of creating rules that implement HIPAA and also enforcing HIPAA. 3 GPULLAREDDYCOLLEGEOFPHARMACY
  • 4. BRIEF HISTORY  1996 – Congress passed the Health Insurance Portability and Accountability Act (HIPAA).  2003 – The U.S. Department of Health and Human Services (HHS) issued and adopted the HIPAA Privacy Rule, HIPAA Security Rule, and the HIPAA Enforcement Rule. The Privacy Rule gives individuals rights with respect to their protected health information (PHI). It also explains how covered entities (those who must comply with HIPAA) can use and disclose PHI. . 4 GPULLAREDDYCOLLEGEOFPHARMACY
  • 5.  The Security Rule sets standards for safeguarding electronic PHI. the Security Rule laid down three security safeguards – administrative, physical and technical – that must be adhered to in full in order to comply with HIPAA. The safeguards had the following goals: Administrative – to create policies and procedures designed to clearly show how the entity will comply with the act. Physical – to control physical access to areas of data storage to protect against inappropriate access. Technical – to protect communications containing PHI when transmitted electronically over open networks. The Enforcement Rule addresses compliance, investigations, and potential penalties for violations of the HIPAA Privacy Rule and Security Rule. The Office for Civil Rights (OCR) within HHS is reponsible for enforcing the HIPAA regulations. 5 GPULLAREDDYCOLLEGEOFPHARMACY
  • 6.  2009 – The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law. The HITECH Act created financial incentives for healthcare providers and insurers to continue shifting to electronic medical records, and also addressed privacy and security concerns related to the electronic transmission of health information, including unauthorized access and data breaches.  2013 – HHS' Office for Civil Rights issued the HIPAA Omnibus Rule. HHS' Omnibus Rule made several important changes to the HIPAA Privacy, Security, and Enforcement Rules. It implemented many provisions of the HITECH Act. It modified and finalized the Breach Notification Rule. It also implemented changes to the HIPAA Privacy Rule required by the Genetic Information Nondiscrimination Act of 2008 (GINA). 6 GPULLAREDDYCOLLEGEOFPHARMACY
  • 7. WHO MUST COMPLY WITH HIPAA?  HIPAA only applies to covered entities and their business associates. Some times a subcontractor can also be considered. a. Covered entities: The Privacy Rule defines a Covered HIPAA Entity as any health plan or any healthcare clearinghouse, or any healthcare provider who transmits Protected Health Information (or PHI as per the standards developed by the Department of Health & Human Services) in electronic form. Health care providers get paid to provide health care Doctors, dentists, hospitals, nursing homes, pharmacies, urgent care clinics, and other entities that provide health care in exchange for payment are examples of providers. 7 GPULLAREDDYCOLLEGEOFPHARMACY
  • 8. Health plans pay the cost of medical care. The following are examples of health plans covered under HIPAA: health insurance companies, health maintenance organizations (HMOs), group health plans sponsored by an employer, government-funded health plans such as Medicare and Medicaid, and most other companies or arrangements that pay for health care. Health care clearinghouses process information so that it can be transmitted in a standard format between covered entities. For example, a clearinghouse may take information from a doctor and put it into a standard coded format that can be used for insurance purposes. 8 GPULLAREDDYCOLLEGEOFPHARMACY
  • 9. b. Business associates : A "business associate" creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity . c. Subcontractors: A subcontractor that creates, maintains, or transmits protected health information (PHI) on behalf of a business associate has the same legal responsibilities as a business associate under HIPAA. In other words, privacy- and security-related legal responsibilities flow "downstream" to subcontractors performing work for a business associate. For example, a hospital's business associate may hire an outside company to shred documents containing PHI or to provide a cloud service to store the data. 9 GPULLAREDDYCOLLEGEOFPHARMACY
  • 10. PROTECTED HEALTH INFORMATION(PHI)  Under HIPAA PHI is considered to be any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity – A healthcare provider, health plan or health insurer, or a healthcare clearinghouse – or a business associate of a HIPAA-covered entity, in relation to the provision of healthcare or payment for healthcare services.  PHI is health information in any form, including physical records, electronic records, or spoken information.  Therefore, PHI includes health records, health histories, lab test results, and medical bills. Essentially, all health information is considered PHI when it includes individual identifiers 10 GPULLAREDDYCOLLEGEOFPHARMACY
  • 11.  The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) by "covered entities.“ Use: How information is used within a healthcare facility. Disclosure: How information is shared outside a health care facility.  Covered entities may disclose PHI to law enforcement if requested to do so by court orders, court-ordered warrants, subpoenas, and administrative requests.  A covered entity may reveal PHI to facilitate treatment, payment, or health care operations without a patient's written authorization. 11 GPULLAREDDYCOLLEGEOFPHARMACY
  • 12.  Any other disclosures of PHI require the covered entity to obtain prior written authorization.  When a covered entity discloses PHI, it must make a reasonable effort to share only the minimum necessary information.  The Privacy Rule gives individuals the right to demand that a covered entity correct any inaccurate PHI and make reasonable steps to ensure the confidentiality of communications with individuals.  The Privacy Rule requires covered entities to notify individuals of PHI use, keep track of disclosures, and document privacy policies and procedures. 12 GPULLAREDDYCOLLEGEOFPHARMACY
  • 13. MINIMUM NECESSARY STANDARD(MNS) This rule stipulates that the disclosure of PHI must be limited to the minimum necessary for the stated purpose. Exceptions to the rule exist in a healthcare environment  where it may be necessary for a healthcare provider to access a patient´s complete medical history – but non-routine disclosure requests must be reviewed on a case-by-case basis.  even when the patient has given their authorization for their medical records to be made available for research, marketing or fundraising purposes.  In interest of public health like to control or prevent disease.  Signed patient authorization is necessary for the use/disclosure of psychotherapy notes unless required by healthcare provider or required by law. 13 GPULLAREDDYCOLLEGEOFPHARMACY
  • 14. The Health Insurance Portability and Accountability Act of 1996 consists of 5 Titles.  Title I: Protects health insurance coverage for workers and their families that change or lose their jobs. It limits new health plans the ability to deny coverage due to a pre-existing condition.  Title II: Prevents Health Care Fraud and Abuse; Medical Liability Reform; Administrative Simplification that requires the establishment of national standards for electronic health care transactions and national identifiers for providers, employers, and health insurance plans.  Title III: Guidelines for pre-tax medical spending accounts. It provides changes to health insurance law and deductions for medical insurance.  Title IV: Guidelines for group health plans. It provides modifications for health coverage.  Title V: Governs company-owned life insurance policies. Makes provisions for treating people without United States Citizenship and repealed financial institution rule to interest allocation rules. 14 GPULLAREDDYCOLLEGEOFPHARMACY
  • 15. HIPPA COMPLIANCE IN CLINICAL TRAILS  The federal Medical Privacy Rule, authorized by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), limits how covered physicians may use and disclose protected health information (PHI) for any purpose.  Throughout the clinical study process, researchers may need to create, edit, and view PHI. HIPAA stipulates that participant PHI must be used in a “specific and meaningful manner.”  All study participants must submit authorizations in order for the researchers to have access to their pertinent information. This authorization only applies to the current study, and not to any future studies. 15 GPULLAREDDYCOLLEGEOFPHARMACY
  • 16. 1. Pre-Research Review of Medical Records  A prospective sponsor might request summary information about a physician's patients to establish whether the physician's practice is a viable site for a clinical trial.  The Privacy Rule permits the physician to review her medical records for this “pre-research” purpose, provided that no PHI is disclosed to the sponsor.  If a third party, such as a contract research organization (CRO) or another researcher will review medical or billing records for this purpose, the review must occur at the practice and the physician must obtain the following representations: The use or disclosure is sought solely to review PHI as necessary to prepare a research protocol or for similar purposes preparatory to research:  No PHI will be removed from the covered entity during the review; and  The PHI that the researcher [or CRO] seeks to review is necessary for the purpose(s) of the review. 16 GPULLAREDDYCOLLEGEOFPHARMACY
  • 17.  To document HIPAA compliance, the physician should ask the third party to provide these representations in writing.  Alternatively, the Privacy Rule allows the physician to share “de-identified” data without restriction. The Privacy Rule's standard for de-identification is quite strict, typically requiring removal of eighteen specific identifiers that range from names and social security numbers to dates of treatment and full zip codes.  The de-identification of protected health information enables HIPAA covered entities to share health data for large-scale medical research studies, policy assessments, comparative effectiveness studies, and other studies and assessments without violating the privacy of patients or requiring authorizations to be obtained from each patient prior to data being disclosed. 17 GPULLAREDDYCOLLEGEOFPHARMACY
  • 18. 2. RECRUITMENT  The Privacy Rule permits a physician to recruit her own patients, by, for example, sending a letter to patients potentially eligible to enroll in a clinical trial, or by discussing enrollment during an office visit. (The institutional review board overseeing the study must approve the recruitment plan.)  If a CRO wishes to use a physician's records to recruit patients, the study's principal investigator should seek a partial waiver of HIPAA authorization from the institutional review board. Uses and disclosures for which an authorization or opportunity to agree or object is not required; (a) Uses And Disclosures Required By Law. (B) Uses And Disclosures For Public Health Activities . 18 GPULLAREDDYCOLLEGEOFPHARMACY
  • 19. (C) Disclosures About Victims Of Abuse, Neglect Or Domestic Violence (D) Uses And Disclosures For Health Oversight Activities - (E) Disclosures For Judicial And Administrative Proceeding (F) Disclosures For Law Enforcement Purposes. (G) Uses And Disclosures About Decedents o participants must first review certain documents to ensure a comprehensive understanding of the study. If you decide to participate in a clinical trial, you may be asked to sign two documents: an authorization form, and an informed consent document. o The informed consent document will detail the study methodology, any potential risks, timeline, participant confidentiality and healthcare coverage during the course of the study. This document may or may not be combined with an authorization form. 19 GPULLAREDDYCOLLEGEOFPHARMACY
  • 20. A few elements that may be present in the authorization may include:  Your health information will be disclosed when it is required by law  Your health information will be shared when required by law, to prevent or control injury or the spread of disease  No publication or public presentation about the study will reveal your identity  To maintain the integrity of the study, you may not have access to your PHI until the study is complete. You do not have to sign this authorization, but if you decline, you may not be eligible for study participation. Revoking this permission means you will no longer be eligible for participation within the clinical study. 20 GPULLAREDDYCOLLEGEOFPHARMACY
  • 21. 3. ENROLLMENT AND CONDUCT OF STUDY  A physician generally must obtain written HIPAA research authorization to enroll a patient in a clinical trial.  Though a research sponsor may provide a template consent form, typically the research site, which is the covered entity, must supply the HIPAA authorization.  The study's authorization and consent forms are usually combined, which is permitted, provided that the combined form contains all of the elements required by both the Privacy Rule and federal research regulations.  A HIPAA research authorization must contain all the elements of a valid general HIPAA authorization. 21 GPULLAREDDYCOLLEGEOFPHARMACY
  • 22. To be valid, a HIPAA authorization must satisfy the following : 1.No Compound Authorizations. The authorization may not be combined with any other document such as a consent for treatment.3 An authorization to use or disclose psychotherapy notes may not be combined with an authorization to disclose other forms of PHI. 2.Core Elements: These include a description of the PHI to be used or disclosed that identifies the PHI in a specific and meaningful fashion.  The name or specific identification of the person(s) or class of person(s) authorized to make the use or disclosure.  The date and signature of the patient or the patient’s personal representative.  A description of each purpose for the requested use or disclosure. 22 GPULLAREDDYCOLLEGEOFPHARMACY
  • 23. 3.Required Statements. The authorization must also contain certain required statements regarding patient rights.  The patient or personal representative has the right to revoke the authorization at anytime by submitting a written revocation except to the extent the provider has taken action in reliance on the authorization.  The provider generally may not condition its healthcare on the provision of the authorization except (i) for research-related treatment, or (ii) if the purpose of the healthcare is to create information for disclosure (e.g., an employment physical or independent medical exam), in which case the provider may refuse to provide the healthcare if the patient refuses to execute an authorization.  The information disclosed per the authorization may be subject to re-disclosure by the recipient and no longer protected by HIPAA. 23 GPULLAREDDYCOLLEGEOFPHARMACY
  • 24. 4. Marketing or Sale of PHI. If the authorization is to permit the use or disclosure of PHI for purposes of marketing (as defined by HIPAA) or the sale of PHI, and the provider will receive remuneration for the PHI, the authorization must notify the patient that the provider will receive the remuneration. 5.Completed in Full. The authorization and its required elements must be completely filled out, i.e., there should be no blanks concerning the required terms. 6.Written in Plain Language. The authorization must be written in plain language. For patients with limited English proficiency, the provider may need to translate the authorization for the patient. 7.Give the Patient a Copy. If the provider is requesting the authorization from the patient, the provider must give the patient or personal representative a signed copy of theauthorization. The provider is not required to give a copy if the patient initiated the authorization. 24 GPULLAREDDYCOLLEGEOFPHARMACY
  • 25. 8. Retain the Authorization. The provider must retain a copy of the authorization for six years. o If an authorization is required, HIPAA prevents providers and business associates from using or disclosing more PHI than is allowed or in a manner that is different than as stated in the authorization, so providers should ensure that the authorization is broad enough to cover the requested use or disclosure, including any disclosure of oral information in addition to records. o Every HIPAA authorization must also tell the patient how to revoke authorization. If a patient does revoke authorization, the physician conducting the trial may continue to use and disclose (eg, provide to the research sponsor) PHI obtained before the revocation. After revocation the physician may use and disclose the patient's new PHI only as necessary to maintain the integrity of the research (eg, to report an adverse event or the death of a study subject). 25 GPULLAREDDYCOLLEGEOFPHARMACY
  • 26. 4. PUBLICATION OR PRESENTATION OF RESULTS  HIPAA continues to apply when the results of clinical trials (or case studies) are published or presented to an audience. Except when conducting internal medical education activities, physicians must obtain written HIPAA authorization before publishing papers or making presentations containing PHI. An institutional review board may not waive authorization for the publication or presentation of research.  Physicians whose publications or presentations will contain patient-level data should determine whether the eighteen HIPAA identifiers have been removed, and also whether the remaining information could be combined with other publicly-available information to reveal the identity of a participant. Materials involving photographs, rare diseases, or highly publicized cases should be reviewed with particular care. 26 GPULLAREDDYCOLLEGEOFPHARMACY
  • 27. WHAT HAPPENS IF YOU BREAK HIPAA RULES? If you break HIPAA Rules there are four potential outcomes:  The violation could be dealt with internally by an employer.  You could be terminated.  You could face sanctions from professional boards.  You could face criminal charges which include fines and imprisonment. 27 GPULLAREDDYCOLLEGEOFPHARMACY
  • 29. REFERENCES o https://www.ncbi.nlm.nih.gov/books/NBK500019/ 1.Tariq RA, Hackert PB. StatPearls [Internet]. StatPearls Publishing; Treasure Island (FL): Jan 19, 2019. Patient Confidentiality. [PubMed] 2.Mermelstein HT, Wallack JJ. Confidentiality in the age of HIPAA: a challenge for psychosomatic medicine. Psychosomatics. 2008 Mar-Apr;49(2):97- 103. [PubMed] o https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2793939/ o https://www.hipaajournal.com/hipaa-history/ o https://www.law.cornell.edu/cfr/text/45/164.512 o https://www.hhs.gov/hipaa/for-professionals/special- topics/research/index.html o https://www.hhhealthlawblog.com/2014/11/valid-hipaa- authorizations-a-checklist.html 29 GPULLAREDDYCOLLEGEOFPHARMACY