HIPAA establishes regulations around the use and disclosure of protected health information (PHI) and electronic protected health information (ePHI). It requires covered entities like healthcare providers and health plans, as well as their business associates, to implement administrative, physical, and technical controls to secure patient data and ensure its confidentiality. Pharmacovigilance systems that collect or use patient health data must incorporate security controls compliant with HIPAA like access management, encryption, audit trails, and data integrity protections to avoid potential penalties for data breaches.
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
HIPAA Compliance and its Impact on Pharmacovigilance
1. HIPAA Compliance and its Relationship to
Pharmacovigilance
Christi Cordeiro, Project Manager, Life Sciences, Perficient
2. 2
ABOUT PERFICIENT
Perficient is a leading information
technology consulting firm serving
clients throughout North America.
We help clients implement business-driven technology
solutions that integrate business processes, improve
worker productivity, increase customer loyalty and create
a more agile enterprise to better respond to new
business opportunities.
3. 3
Founded in 1997
Public, NASDAQ: PRFT
2014 revenue $456 million
Major market locations:
Allentown, Atlanta, Ann Arbor, Boston, Charlotte,
Chicago, Cincinnati, Columbus, Dallas, Denver,
Detroit, Fairfax, Houston, Indianapolis, Lafayette,
Milwaukee, Minneapolis, New York City, Northern
California, Oxford (UK), Southern California,
St. Louis, Toronto
Global delivery centers in China and India
>2,600 colleagues
Dedicated solution practices
~90% repeat business rate
Alliance partnerships with major technology vendors
Multiple vendor/industry technology and growth awards
PERFICIENT PROFILE
4. 4
Business Process
Management
Customer Relationship
Management
Enterprise Performance
Management
Enterprise Information
Solutions
Enterprise Resource
Planning
Experience Design
Portal / Collaboration
Content Management
Information Management
Mobile
BUSINESSSOLUTIONS
50+PARTNERS
Safety / PV
Clinical Data
Management
Electronic Data Capture
Medical Coding
Clinical Data
Warehousing
Clinical Data Analytics
Clinical Trial
Management
Healthcare Data
Warehousing
Healthcare Analytics
CLINICAL/HEALTHCAREIT
Consulting
Implementation
Integration
Migration
Upgrade
Managed Services
Private Cloud Hosting
Validation
Study Setup
Project Management
Application Development
Software Licensing
Application Support
Staff Augmentation
Training
SERVICES
OUR SOLUTIONS PORTFOLIO
5. 5
WELCOME & INTRODUCTION
Christi Cordeiro
Project Manager, Safety and Pharmacovigilance
Life Sciences, Perficient
Safety and Pharmacovigilance Consultant since 2012
Extensive Safety and Pharmacovigilance experience
– 17 years of experience in the biopharmaceutical industry serving a variety of roles
within drug safety:
– Safety Operations
– Business Analysis
– System Implementations
– Data management
8. 8
HIPAA DEFINITIONS
• Protected Health Information (PHI)
• Electronic Protected Health Information (ePHI)
• Covered Entity
• Business Associate
9. 9
HIPAA REGULATION - 1996
• Comprised of 4 Rules
• Transfer and continuation of health coverage
• Reduce fraud and abuse
• Mandate industry wide standards
10. 10
HITECH ACT - 2009
• Health Information Technology for Economic and Clinical Health
• Enacted to address security and privacy concerns
• Includes sanctions for violations
• Notification of Breach
• Electronic Health Record Access
• Business Associates (and Associate Agreements)
11. 11
OMNIBUS HIPAA RULEMAKING - 2013
• Modifications to the HITECH Act
• Direct liability for business associates of covered entities
• Strengthens limitations on PHI use
• Modifies authorization to facilitate research
12. 12
PATIENT HEALTH DATA
Uses and Disclosures (45 CFR 164.512(b)(1)(i) and (iii)))
• Public Health Authority
• FDA regulated products
• Enable product recalls, repairs, etc.
• Conduct post-marketing surveillance
Patient Data
• Collected as part of standard processes
• Health information
• Personal/Sensitive
13. 13
HIPAA SECURITY & IMPACT ON PHARMACOVIGILANCE SYSTEMS
Physical
Controls
Technical
Controls
Administrative
Controls
14. 14
ADMINISTRATIVE CONTROLS
Administrative Controls
• Corporate privacy policy and integrity agreement
• Licensing partner and vendor contracts
• SOPs/Guidelines
• Training
• Ongoing evaluation
• Disaster recovery
15. 15
PHYSICAL CONTROLS
Physical Controls
• Facility Access
• Contingency operations
• Security plan
• Access control and validation procedures
• Maintenance records
• Workstation security
• Device and media controls
16. 16
TECHNICAL CONTROLS
Technical Controls
• Access Management
• Unique user identification
• Emergency access procedures
• Automatic logoff
• Encryption and decryption
• Audit controls
• Data integrity
17. 17
TECHNICAL CONTROLS – 21 CFR PART 11
• Data Integrity
• Access Management
• Audit Trails
• System Controls
• Part 11.10 (a)
• Part 11.10 (d)
• Part 11.10 (e)
• Part 11.10 (k)
18. 18
DATA BREACHES
Unauthorized access or disclosure of patient personal or health information
• Theft
• Hacking
• Physical loss
• Unauthorized access/disclosure
20. 20
PHARMACOVIGILANCE SYSTEM CONTROLS
Strategies for Compliance
• Written policies and procedures
• Training
• Communication
• Compliance oversight
• Auditing and monitoring
• Responding to and correcting errors