SlideShare a Scribd company logo
Privacy and Confidentiality
                     in
            Clinical Research
                               BY
                         HEMANG PATEL
                          YOGESH PATEL
                          JAIMIN PATEL
                         TEJAS GOSWAMI

ICRI- AHMEDABAD MSc. CT & CR (2011-13)
Whatsoever things I see or hear, in my
 attendance on the sick or even apart there
from, which on no account one must spread
                    abroad,
 I will keep to myself holding such things as
                sacred secrets.

  - Hippocratic Oath, 4th Century, B.C.E.
The desire of a person to control the disclosure of
            personal health information.

The federal regulations define ‘private information’ as
“information about behaviour that occurs in a context
         in which an individual can reasonably
   expect that no observation or recording is taking
 place, and information which has been provided for
     specific purposes by an individual and which
 the individual can reasonably expect will not be made
                        public.”
   Confidentiality has been defined as the
         of maintaining the security of
information elicited from an individual in the
  privileged circumstances of a professional
                 Relationship.
   The delicate balance between all employee‟s,
    physician‟s and volunteer‟s need to know and
    the patient‟s right to privacy is at the heart of
    HIPAA – Privacy.
Respect for
  persons



Beneficence
 It   helps establish trust between the research
  participant and the researcher.
 It   reduces worry on the part of the individual.
 It   maintains the participant‟s dignity.
 The    participant feels respected.
 It   gives the participant control and promotes
  autonomy.
Privacy Applies to the                         Confidentiality Applies
                                               to the Data:
Person:                                 o An extension of privacy
o The way potential participants        o Pertains to identifiable data
  are identified and contacted          o An agreement about maintenance
o The setting that potential               and who has access to identifiable
  participants will interact with the      data
  researcher team and who is            o What procedures will be put in
  present during research                  place to ensure that only
  procedures                               authorized individuals will have
o The methods used to collect              access to the information, and
  information about participants        o Limitations (if any) to these
oThe type of information being             confidentiality procedures
  Collected                             oIn regards to HIPAA, protection of
o Access to the minimum amount of          patients from inappropriate
  information necessary to conduct         disclosures of Protected Health
  the research                            Information (PHI)
   Title 45, Part 46 of the Code of Federal Regulations (45 CFR
    46) also known as the Common Rule.

   The common rule is clear that these data need to be
    protected.

   data through intervention/interaction with the individual, or
   identifiable private information.


   Protecting data is the key to protecting privacy
 The Food and Drug Administration (FDA)
  requires statements in the Informed Consent
  Form:
 that describe the extent to which
  confidentiality of records that can identify the
  participant in the research will be
  maintained, and
 that inform the participant that the FDA may
  view the research records.
 Certificates of Confidentiality (CoCs), issued
 by the National Institutes of Health
 (NIH), allow the researcher to refuse to
 disclose identifying information on research
 participants in any
 civil, criminal, administrative, legislative, or
 other proceeding, whether at the
 federal, state, or local level, unless the
 participant consents.
The U.S. Federal government passed a law in 1996 that created
 national standards to protect patient medical records and
             other personal health information.




          This Federal legislation is called the
Health Insurance Portability and Accountability
                 Act (HIPAA)
                                                                12
The Health Insurance Portability and Accountability
Act (HIPAA) is a federal law that specifies
administrative simplification provisions that:
 Protect the privacy of patient information

 Provide for electronic and physical
  security of patient health information
 Require “minimum necessary” use and
  disclosure
 Specify patient rights to approve the
  access and use of their medical
  information
At the completion of this study packet, the participant will:

• Have a basic understanding of HIPAA Privacy Standards

• Be able to provide examples of patient privacy protection

• Be able to define Protected Health Information (PHI)

• Have a basic understanding of the role of the Facility Privacy

 Official (FPO)
   1996 - In Tampa, a public health worker sent to two
    newspapers a computer disk containing the names of
    4,000 people who tested positive for HIV.

   2000 - Darryl Strawberry‟s medical records from a
    visit to a New York hospital were reviewed 365
    times. An audit determined less than 3% of those
    reviewing his records had even a remote connection
    to his care.

   2001 – An e-mail was sent out to a Prozac
    informational listserv members revealing the
    identities of other Prozac users.
 Theft of Patient Data
       Identity Theft
       Stolen lap top

   Loss of Patient Data
     incorrect disposal of
       documents
     Portable devices increases the
       possibility of data loss

   Misuse of Patient Data
     Privacy Breach
HIPAA guarantees these rights to patients:
     Right to privacy

     Right to confidential use of protected health
      information (PHI) for treatment, billing, and
      other health care operations (such as quality
      improvement)

     Right to access and amend their health
      information upon request

                                                      17
   Right to provide specific authorization for use of
    their health information other than for
    treatment, billing and other operation.

   Right to have their name withheld from patient
    directories (having their name not listed as being
    present in a facility other than for
    treatment, billing, and other operations).

   Right to request that information concerning their
    care is not released to specific individuals.

   Right to request that specific individuals are not
    told of their presence in a facility.
Every patient should receive a
                              document called a Notice and be
                              asked to sign an Authorization.

This Notice gives patients:
   Information about their rights.
   A description of how their PHI may be used by the
    facility.
   A comprehensive list of others to whom their health
    information may be disclosed.

      The Notice must be given to the patient on the first
     treatment date or as soon as is practical in an emergent
                            situation.                          19
Continue…
   An Authorization is a form:
     signed by the patient for use and disclosure of
      specific PHI that are not related to
      treatment, payment, or health care operations.

   There are some uses and disclosures where an
    authorization is not required.

   When in doubt about information for which a signed
    authorization is required….

         ~ Please ASK your instructor ~
                                                         20
o Every health care organization is expected to develop
  policies and procedures to guide HIPAA practices within
  their facility.
o Every person who provides care or assistance to
  patients in that facility is expected to understand and
  comply with HIPAA regulations. It is essential that all
  patient health information be kept confidential.

oOrganizations or individuals that violate HIPAA rules
    are subject to monetary fines (up to $250,000!) and civil
    or criminal charges (up to 10 years in jail!).

oFailure to comply may also:
    o hurt the reputation of the facility
    o put accreditation at risk
    o result in costly lawsuits
                                                                21
   Patients have the right to register complaints
    with Federal agencies and with the facility if they
    feel their rights have been violated.
   Every facility has a Privacy Officer who is
    responsible for overseeing HIPAA
    implementation.
   If you are uncertain about what information may
    be given out, talk to your instructor, a nurse on
    the unit where you are assigned, or contact the
    Privacy Officer.

                                                          22
One of the biggest threats to patient privacy is
UNINTENTIONAL disclosure of information ~
Examples include:
     Discussing patient information where other
      patients, visitors or staff may overhear ~ such as in
      elevators, hallways, dining facilities, or other common
      areas.
     Leaving sensitive information in a location where
      patients or visitors could possibly see it.



                                                                23
continue….
Another threat to patient privacy is when a staff member
  intentionally uses or discloses information in an
  unauthorized way:
   Copying information and taking it home
   Removing medical records and giving them to those
     with no legal right of possession
   Deliberately sharing information with unauthorized
     person(family members, friends, colleagues, news
     reporters, etc)
   Using confidential information to gossip about
     patients
   Leaving a computer unattended after logging in to an
     application                                         24
continue….
 Always be cognizant of:
   • Where you are
   • Who is around you
   • What information can be seen or heard
   • How you can “minimize possible incidental
     disclosure to others”

 You must ensure that PHI is only shared:
  •   With those who need to know
  •   At the minimum level necessary


                                                 25
continue….
As a   Nurse:
  •   Don’t browse through a patient charts or
      files out of curiosity
  •   Access only portions of medical record that
      you need to perform your role as a student
      nurse

It is essential that everyone with access to PHI be
aware of what is going on in their surroundings.
1.  User ID or Log-In Name (aka. User Access Controls)
2.  Passwords
3.  Workstation Security
4.  Portable Device Security – USB, Laptops
5.  Data Management, e.g., back-up, archive, restore.
6. Remote Access - VPN
7. Recycling Electronic Media & Computers
8. E-Mail –
9. Safe Internet Use – virus
10. Reporting Security Incidents / Breach
Laptop and File Encryption:

o WinZip (password protect + encrypt)
o 7-zip (free, password protect + encrypt)

oTrue crypt (free, complete folder encryption)

oFile Vault (folder encryption on Macintosh)



Encrypted USB Drives:
     Kingston Data Traveler
     Iron Key (Fully encrypted)                  28
   Sharing Passwords
–    You are responsible for your password. If you shared
     your password, you will be disciplined even if other
     person does no inappropriate access

   Not signing off systems
–   You are responsible and will be disciplined if another
    person uses your „not-signed-off‟ system and
    application

                                                             29
continue….
   Sending EPHI outside the institution without
    encryption
–   Under HITECH you may be personally liable for
    losing EPHI data

   Losing PDA and Laptop in transit with
    unencrypted PHI or PII
–   Under HITECH and NY State SSN Laws, you may
    be personally liable, and you will be disciplined for
    loss of PHI or PII
Study on Data Breaches (Nov 2007)
                      Malicious code
                            4%               Undisclosed
 Hacked system                                   2%
      5%
Electronic backup
       7%

  Malicious insider                                Lost
         9%                                   laptop/Device
                                                   48%

  Paper records
      9%

        Third
  Party/Outsourcer
        16%


                                                              31
This section explains:
  •   What information must be protected
  •   PHI identifiers
  •   The Notice of Privacy Practices (NOPP) for PHI
  •   Purposes other than Treatment, Payment, or
      Operations (TPO)
  •   Examples of TPO
  •   Exceptions to the “Minimum Necessary” standard
  •   When you should view, use, or share PHI
You must protect an individual’s PHI which is
    collected or created as a consequence of a health care
   PHI:                  provision.
       Is information related to a patient‟s past, present or
        future physical and/or mental health or condition
       Can be in any form: written, spoken, or electronic
        (including video, photographs, and x-rays)
       Includes at least one of the 18 personal identifiers in
        association with health information
continue….

These  rules apply to you when you
 view, use, and share PHI
Any  health information with identifiers (on the
 following page) is Protected Health
 Information (PHI)
The 18 Identifiers defined by HIPAA are:
   Name
                             Medical record number
   Postal address
                             Health plan beneficiary #
   All elements of dates
    except year              Device identifiers and
                                their serial numbers
   Telephone number
                               Vehicle identifiers and
   Fax number                  serial number
   Email address              Biometric identifiers
   URL address                  (finger and voice prints)
   IP address                 Full face photos and
   Social security             other comparable images
    number                     Any other unique
   Account numbers             identifying
   License numbers             number, code, or
                                characteristic
The Notice of Privacy Practices (NOPP) allows PHI to
          be used and disclosed for purposes of TPO
       Treatment (T), Payment (P), Operations (O)

   TPO includes teaching, medical
                staff/peer
    review, legal, auditing, customer
            service, business
       management, and releases
            mandated by law
   Patients have the right to:
       Request restrictions on release of their PHI
       Receive confidential communications
       Inspect and copy medical records (access)
       Request amendment to medical records
       Make a complaint
       Receive an accounting of any external releases.
       Obtain a paper copy of the Notice of Privacy
        Practices on request
Written Authorization required to
release medical information
Physician or care team may share
information with referring physician
without an authorization “patient in
common”
All legal requests for release of
information should be forwarded to
the HIPAA Compliance Office for
review

                                       40
Good Clinical Practice (GCP) is an international ethical and
scientific quality standard for designing, conducting, recording and
reporting trials that involve the participation of human subjects.

Compliance with this standard provides public assurance that the
rights, safety and well-being of trial subjects are
protected, consistent with the principles that have their origin in the
Declaration of Helsinki, and that the clinical trial data are
credible”
           ICH HARMONISED TRIPARTITE GUIDELINE
                       ,GUIDELINE
                           FOR
                GOOD CLINICAL PRACTICE , E6
         (http://www.ich.org/LOB/media/MEDIA482.pdf)
                                      41
Department Health and Human Services (HHS)

                FDA Regulated                              Federally Funded
21 Code of Federal Regulations (CFR)             45 CFR 46, “Common Rule”
21 CFR Parts 50: Human Subject                      The Federal Policy for the protection of
   Protection                                        human subjects and is codified by a number
                                                     of federal agencies.
21 CFR PART 54: Financial Disclosure             45 CFR subpart B: Protection for Pregnant
21 CFR 56: Institutional Review Boards               Women, Human Fetuses & Neonates
21 CFR 312: Investigational New Drug             45 CFR subpart C: Protection for
   Application                                       Prisoners
                                                 45 CFR subpart D: Protection for Children
21 CFR 803,812: Devices
 • Health Insurance Portability and Accountability Act (HIPAA) – Office of Civil Rights
 • National Coverage Decision (NCD) –Office of Inspector General (OIG)
 • VA Policies & Procedures
                                                          42
PATIENT PRIVACY

At some point in our lives we will all be a patient
Treat all information as though it was your own




                                                      43
Reference
 http://hipaa.ucsf.edu/education/downloads/C
    onfidentialityStatement.pdf

 http://www.research.uci.edu/ora/hrpp/privacyA
    ndConfidentiality.htm

 archhttp://privacyruleandrese.nih.gov/clin_res
    earch.asp.

   www.ncbi.nlm.nih.gov/pubmed/10107515

More Related Content

What's hot

Rights of the patient
Rights of the patientRights of the patient
Rights of the patient
Bakul Arora
 
Confidentiality
Confidentiality Confidentiality
Confidentiality
pcsamuels10
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
Sierra Swain
 
Bio ethics - Beneficence & Non-maleficence
Bio ethics - Beneficence & Non-maleficenceBio ethics - Beneficence & Non-maleficence
Bio ethics - Beneficence & Non-maleficence
Uthamalingam Murali
 
Patients’ privacy and confidentiality
Patients’ privacy and confidentialityPatients’ privacy and confidentiality
Patients’ privacy and confidentiality
bernardsanch
 
Medical Ethics and Professional Misconduct
Medical Ethics and Professional MisconductMedical Ethics and Professional Misconduct
Medical Ethics and Professional Misconduct
EvilDoctor666
 
Patient rights ppt
Patient rights pptPatient rights ppt
Patient rights ppt
Sandhya M
 
Health care confidentiality and privacy
Health care confidentiality and privacyHealth care confidentiality and privacy
Health care confidentiality and privacy
sawanda
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
DeniseMHA
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bev
blk70130
 
Patient rights and responsibilities
Patient rights and responsibilitiesPatient rights and responsibilities
Patient rights and responsibilities
د/ ايناس كلية التمريض
 
An introduction to medical ethics
An introduction to medical ethicsAn introduction to medical ethics
An introduction to medical ethics
عامر التواتي
 
SCHS Topic 5: Privacy, Confidentiality and Medical Records
SCHS Topic 5: Privacy, Confidentiality and Medical RecordsSCHS Topic 5: Privacy, Confidentiality and Medical Records
SCHS Topic 5: Privacy, Confidentiality and Medical Records
Dr Ghaiath Hussein
 
introduction to medical ethics and bioethics
 introduction to medical ethics and bioethics introduction to medical ethics and bioethics
introduction to medical ethics and bioethics
RamiAboali
 
Medical Ethics
Medical EthicsMedical Ethics
Medical Ethics
Marie Colline
 
The importance of confidentiality
The importance of confidentialityThe importance of confidentiality
The importance of confidentiality
MOTHOM0556
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
kajal pradhan
 
Healthcare Information Privacy & Confidentiality: How To Work Very Well With ...
Healthcare Information Privacy & Confidentiality: How To Work Very Well With ...Healthcare Information Privacy & Confidentiality: How To Work Very Well With ...
Healthcare Information Privacy & Confidentiality: How To Work Very Well With ...
Nawanan Theera-Ampornpunt
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
LLSS64
 
Ethical And Legal Aspects Of Health Care
Ethical And Legal Aspects Of Health CareEthical And Legal Aspects Of Health Care
Ethical And Legal Aspects Of Health Care
Lajpat Rai
 

What's hot (20)

Rights of the patient
Rights of the patientRights of the patient
Rights of the patient
 
Confidentiality
Confidentiality Confidentiality
Confidentiality
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Bio ethics - Beneficence & Non-maleficence
Bio ethics - Beneficence & Non-maleficenceBio ethics - Beneficence & Non-maleficence
Bio ethics - Beneficence & Non-maleficence
 
Patients’ privacy and confidentiality
Patients’ privacy and confidentialityPatients’ privacy and confidentiality
Patients’ privacy and confidentiality
 
Medical Ethics and Professional Misconduct
Medical Ethics and Professional MisconductMedical Ethics and Professional Misconduct
Medical Ethics and Professional Misconduct
 
Patient rights ppt
Patient rights pptPatient rights ppt
Patient rights ppt
 
Health care confidentiality and privacy
Health care confidentiality and privacyHealth care confidentiality and privacy
Health care confidentiality and privacy
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Healthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bevHealthcare confidentiality training.2013bev
Healthcare confidentiality training.2013bev
 
Patient rights and responsibilities
Patient rights and responsibilitiesPatient rights and responsibilities
Patient rights and responsibilities
 
An introduction to medical ethics
An introduction to medical ethicsAn introduction to medical ethics
An introduction to medical ethics
 
SCHS Topic 5: Privacy, Confidentiality and Medical Records
SCHS Topic 5: Privacy, Confidentiality and Medical RecordsSCHS Topic 5: Privacy, Confidentiality and Medical Records
SCHS Topic 5: Privacy, Confidentiality and Medical Records
 
introduction to medical ethics and bioethics
 introduction to medical ethics and bioethics introduction to medical ethics and bioethics
introduction to medical ethics and bioethics
 
Medical Ethics
Medical EthicsMedical Ethics
Medical Ethics
 
The importance of confidentiality
The importance of confidentialityThe importance of confidentiality
The importance of confidentiality
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Healthcare Information Privacy & Confidentiality: How To Work Very Well With ...
Healthcare Information Privacy & Confidentiality: How To Work Very Well With ...Healthcare Information Privacy & Confidentiality: How To Work Very Well With ...
Healthcare Information Privacy & Confidentiality: How To Work Very Well With ...
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Ethical And Legal Aspects Of Health Care
Ethical And Legal Aspects Of Health CareEthical And Legal Aspects Of Health Care
Ethical And Legal Aspects Of Health Care
 

Viewers also liked

Violation of privacy
Violation of privacyViolation of privacy
Violation of privacy
Lauren2342
 
Philippine Republic Act No. 10173 Data Privacy Act of 2012
Philippine Republic Act No. 10173 Data Privacy Act of 2012Philippine Republic Act No. 10173 Data Privacy Act of 2012
Philippine Republic Act No. 10173 Data Privacy Act of 2012Macoy Mejia
 
Violation of ethics By Pakistani Media In Election 2013
Violation of ethics By Pakistani Media In Election 2013Violation of ethics By Pakistani Media In Election 2013
Violation of ethics By Pakistani Media In Election 2013
Saqib Naveed
 
Right to privacy
Right to privacyRight to privacy
Right to privacy
Roopanshi Virang
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
johnzinn
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
charvill
 
Invasion of Privacy
Invasion of PrivacyInvasion of Privacy
Invasion of Privacy
StudentPressLawCenter
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
Kittelson & Carpo Consulting
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
tomasztopa
 
MAGNA CARTA for WOMEN R.A. 9710
MAGNA CARTA for WOMEN R.A. 9710MAGNA CARTA for WOMEN R.A. 9710
MAGNA CARTA for WOMEN R.A. 9710
UNV Philippines
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
Hajarul Cikyen
 
R.A. 9710 Magna Carta for Women
R.A. 9710 Magna Carta for WomenR.A. 9710 Magna Carta for Women
R.A. 9710 Magna Carta for Women
Government Employee
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
realpeterz
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Cain Ransbottyn
 

Viewers also liked (15)

Violation of privacy
Violation of privacyViolation of privacy
Violation of privacy
 
Philippine Republic Act No. 10173 Data Privacy Act of 2012
Philippine Republic Act No. 10173 Data Privacy Act of 2012Philippine Republic Act No. 10173 Data Privacy Act of 2012
Philippine Republic Act No. 10173 Data Privacy Act of 2012
 
Violation of ethics By Pakistani Media In Election 2013
Violation of ethics By Pakistani Media In Election 2013Violation of ethics By Pakistani Media In Election 2013
Violation of ethics By Pakistani Media In Election 2013
 
Right to privacy
Right to privacyRight to privacy
Right to privacy
 
Privacy and confidentiality
Privacy and confidentialityPrivacy and confidentiality
Privacy and confidentiality
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
 
Invasion of Privacy
Invasion of PrivacyInvasion of Privacy
Invasion of Privacy
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
MAGNA CARTA for WOMEN R.A. 9710
MAGNA CARTA for WOMEN R.A. 9710MAGNA CARTA for WOMEN R.A. 9710
MAGNA CARTA for WOMEN R.A. 9710
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
 
R.A. 9710 Magna Carta for Women
R.A. 9710 Magna Carta for WomenR.A. 9710 Magna Carta for Women
R.A. 9710 Magna Carta for Women
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 

Similar to Privacy & confedentiality

Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
maggie_Platt
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
Karna *
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
nobumoto
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
Heather Poythress
 
Hipaa inservice
Hipaa inserviceHipaa inservice
Hipaa inservice
Kelly Snyder
 
MHA 690 week 2 discussin
MHA 690 week 2 discussinMHA 690 week 2 discussin
MHA 690 week 2 discussin
Brooke A Thomas
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690
AMSIMM9932
 
HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 HIPAA INSERVICE 2017
HIPAA INSERVICE 2017
Meg Oser
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690   health care capstone - confidentiality 9-26-2013Mha690   health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
LeRoy Ulibarri
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690   health care capstone - confidentiality 9-26-2013Mha690   health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
LeRoy Ulibarri
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690   health care capstone - confidentiality 9-26-2013Mha690   health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
LeRoy Ulibarri
 
Mha 690 w1 d2
Mha 690 w1 d2Mha 690 w1 d2
Mha 690 w1 d2
letarius_90
 
Hipaa
HipaaHipaa
Hipaa
elo1972
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
smallwoods
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
smallwoods
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
smallwoods
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
schmoikel987
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
elo1972
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
elo1972
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
elo1972
 

Similar to Privacy & confedentiality (20)

Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
HIPAA and RHIOs
HIPAA and RHIOsHIPAA and RHIOs
HIPAA and RHIOs
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Hipaa inservice
Hipaa inserviceHipaa inservice
Hipaa inservice
 
MHA 690 week 2 discussin
MHA 690 week 2 discussinMHA 690 week 2 discussin
MHA 690 week 2 discussin
 
Patient confidentiality MHA 690
Patient confidentiality MHA 690Patient confidentiality MHA 690
Patient confidentiality MHA 690
 
HIPAA INSERVICE 2017
HIPAA INSERVICE 2017 HIPAA INSERVICE 2017
HIPAA INSERVICE 2017
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690   health care capstone - confidentiality 9-26-2013Mha690   health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690   health care capstone - confidentiality 9-26-2013Mha690   health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Mha690 health care capstone - confidentiality 9-26-2013
Mha690   health care capstone - confidentiality 9-26-2013Mha690   health care capstone - confidentiality 9-26-2013
Mha690 health care capstone - confidentiality 9-26-2013
 
Mha 690 w1 d2
Mha 690 w1 d2Mha 690 w1 d2
Mha 690 w1 d2
 
Hipaa
HipaaHipaa
Hipaa
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
 
Hipaa.pptx
Hipaa.pptxHipaa.pptx
Hipaa.pptx
 

Recently uploaded

How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
Celine George
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE”           .MARY JANE WILSON, A “BOA MÃE”           .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
Celine George
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
Assessment and Planning in Educational technology.pptx
Assessment and Planning in Educational technology.pptxAssessment and Planning in Educational technology.pptx
Assessment and Planning in Educational technology.pptx
Kavitha Krishnan
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
ak6969907
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
mulvey2
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
Celine George
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 

Recently uploaded (20)

How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE”           .MARY JANE WILSON, A “BOA MÃE”           .
MARY JANE WILSON, A “BOA MÃE” .
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
Assessment and Planning in Educational technology.pptx
Assessment and Planning in Educational technology.pptxAssessment and Planning in Educational technology.pptx
Assessment and Planning in Educational technology.pptx
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024World environment day ppt For 5 June 2024
World environment day ppt For 5 June 2024
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
 
How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17How to Fix the Import Error in the Odoo 17
How to Fix the Import Error in the Odoo 17
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 

Privacy & confedentiality

  • 1. Privacy and Confidentiality in Clinical Research BY HEMANG PATEL YOGESH PATEL JAIMIN PATEL TEJAS GOSWAMI ICRI- AHMEDABAD MSc. CT & CR (2011-13)
  • 2. Whatsoever things I see or hear, in my attendance on the sick or even apart there from, which on no account one must spread abroad, I will keep to myself holding such things as sacred secrets. - Hippocratic Oath, 4th Century, B.C.E.
  • 3. The desire of a person to control the disclosure of personal health information. The federal regulations define ‘private information’ as “information about behaviour that occurs in a context in which an individual can reasonably expect that no observation or recording is taking place, and information which has been provided for specific purposes by an individual and which the individual can reasonably expect will not be made public.”
  • 4. Confidentiality has been defined as the of maintaining the security of information elicited from an individual in the privileged circumstances of a professional Relationship.
  • 5. The delicate balance between all employee‟s, physician‟s and volunteer‟s need to know and the patient‟s right to privacy is at the heart of HIPAA – Privacy.
  • 6. Respect for persons Beneficence
  • 7.  It helps establish trust between the research participant and the researcher.  It reduces worry on the part of the individual.  It maintains the participant‟s dignity.  The participant feels respected.  It gives the participant control and promotes autonomy.
  • 8. Privacy Applies to the Confidentiality Applies to the Data: Person: o An extension of privacy o The way potential participants o Pertains to identifiable data are identified and contacted o An agreement about maintenance o The setting that potential and who has access to identifiable participants will interact with the data researcher team and who is o What procedures will be put in present during research place to ensure that only procedures authorized individuals will have o The methods used to collect access to the information, and information about participants o Limitations (if any) to these oThe type of information being confidentiality procedures Collected oIn regards to HIPAA, protection of o Access to the minimum amount of patients from inappropriate information necessary to conduct disclosures of Protected Health the research Information (PHI)
  • 9. Title 45, Part 46 of the Code of Federal Regulations (45 CFR 46) also known as the Common Rule.  The common rule is clear that these data need to be protected.  data through intervention/interaction with the individual, or  identifiable private information.  Protecting data is the key to protecting privacy
  • 10.  The Food and Drug Administration (FDA) requires statements in the Informed Consent Form:  that describe the extent to which confidentiality of records that can identify the participant in the research will be maintained, and  that inform the participant that the FDA may view the research records.
  • 11.  Certificates of Confidentiality (CoCs), issued by the National Institutes of Health (NIH), allow the researcher to refuse to disclose identifying information on research participants in any civil, criminal, administrative, legislative, or other proceeding, whether at the federal, state, or local level, unless the participant consents.
  • 12. The U.S. Federal government passed a law in 1996 that created national standards to protect patient medical records and other personal health information. This Federal legislation is called the Health Insurance Portability and Accountability Act (HIPAA) 12
  • 13. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that specifies administrative simplification provisions that:  Protect the privacy of patient information  Provide for electronic and physical security of patient health information  Require “minimum necessary” use and disclosure  Specify patient rights to approve the access and use of their medical information
  • 14. At the completion of this study packet, the participant will: • Have a basic understanding of HIPAA Privacy Standards • Be able to provide examples of patient privacy protection • Be able to define Protected Health Information (PHI) • Have a basic understanding of the role of the Facility Privacy Official (FPO)
  • 15. 1996 - In Tampa, a public health worker sent to two newspapers a computer disk containing the names of 4,000 people who tested positive for HIV.  2000 - Darryl Strawberry‟s medical records from a visit to a New York hospital were reviewed 365 times. An audit determined less than 3% of those reviewing his records had even a remote connection to his care.  2001 – An e-mail was sent out to a Prozac informational listserv members revealing the identities of other Prozac users.
  • 16.  Theft of Patient Data  Identity Theft  Stolen lap top  Loss of Patient Data  incorrect disposal of documents  Portable devices increases the possibility of data loss  Misuse of Patient Data  Privacy Breach
  • 17. HIPAA guarantees these rights to patients:  Right to privacy  Right to confidential use of protected health information (PHI) for treatment, billing, and other health care operations (such as quality improvement)  Right to access and amend their health information upon request 17
  • 18. Right to provide specific authorization for use of their health information other than for treatment, billing and other operation.  Right to have their name withheld from patient directories (having their name not listed as being present in a facility other than for treatment, billing, and other operations).  Right to request that information concerning their care is not released to specific individuals.  Right to request that specific individuals are not told of their presence in a facility.
  • 19. Every patient should receive a document called a Notice and be asked to sign an Authorization. This Notice gives patients:  Information about their rights.  A description of how their PHI may be used by the facility.  A comprehensive list of others to whom their health information may be disclosed. The Notice must be given to the patient on the first treatment date or as soon as is practical in an emergent situation. 19
  • 20. Continue…  An Authorization is a form:  signed by the patient for use and disclosure of specific PHI that are not related to treatment, payment, or health care operations.  There are some uses and disclosures where an authorization is not required.  When in doubt about information for which a signed authorization is required…. ~ Please ASK your instructor ~ 20
  • 21. o Every health care organization is expected to develop policies and procedures to guide HIPAA practices within their facility. o Every person who provides care or assistance to patients in that facility is expected to understand and comply with HIPAA regulations. It is essential that all patient health information be kept confidential. oOrganizations or individuals that violate HIPAA rules are subject to monetary fines (up to $250,000!) and civil or criminal charges (up to 10 years in jail!). oFailure to comply may also: o hurt the reputation of the facility o put accreditation at risk o result in costly lawsuits 21
  • 22. Patients have the right to register complaints with Federal agencies and with the facility if they feel their rights have been violated.  Every facility has a Privacy Officer who is responsible for overseeing HIPAA implementation.  If you are uncertain about what information may be given out, talk to your instructor, a nurse on the unit where you are assigned, or contact the Privacy Officer. 22
  • 23. One of the biggest threats to patient privacy is UNINTENTIONAL disclosure of information ~ Examples include:  Discussing patient information where other patients, visitors or staff may overhear ~ such as in elevators, hallways, dining facilities, or other common areas.  Leaving sensitive information in a location where patients or visitors could possibly see it. 23
  • 24. continue…. Another threat to patient privacy is when a staff member intentionally uses or discloses information in an unauthorized way:  Copying information and taking it home  Removing medical records and giving them to those with no legal right of possession  Deliberately sharing information with unauthorized person(family members, friends, colleagues, news reporters, etc)  Using confidential information to gossip about patients  Leaving a computer unattended after logging in to an application 24
  • 25. continue….  Always be cognizant of: • Where you are • Who is around you • What information can be seen or heard • How you can “minimize possible incidental disclosure to others”  You must ensure that PHI is only shared: • With those who need to know • At the minimum level necessary 25
  • 26. continue…. As a Nurse: • Don’t browse through a patient charts or files out of curiosity • Access only portions of medical record that you need to perform your role as a student nurse It is essential that everyone with access to PHI be aware of what is going on in their surroundings.
  • 27. 1. User ID or Log-In Name (aka. User Access Controls) 2. Passwords 3. Workstation Security 4. Portable Device Security – USB, Laptops 5. Data Management, e.g., back-up, archive, restore. 6. Remote Access - VPN 7. Recycling Electronic Media & Computers 8. E-Mail – 9. Safe Internet Use – virus 10. Reporting Security Incidents / Breach
  • 28. Laptop and File Encryption: o WinZip (password protect + encrypt) o 7-zip (free, password protect + encrypt) oTrue crypt (free, complete folder encryption) oFile Vault (folder encryption on Macintosh) Encrypted USB Drives: Kingston Data Traveler Iron Key (Fully encrypted) 28
  • 29. Sharing Passwords – You are responsible for your password. If you shared your password, you will be disciplined even if other person does no inappropriate access  Not signing off systems – You are responsible and will be disciplined if another person uses your „not-signed-off‟ system and application 29
  • 30. continue….  Sending EPHI outside the institution without encryption – Under HITECH you may be personally liable for losing EPHI data  Losing PDA and Laptop in transit with unencrypted PHI or PII – Under HITECH and NY State SSN Laws, you may be personally liable, and you will be disciplined for loss of PHI or PII
  • 31. Study on Data Breaches (Nov 2007) Malicious code 4% Undisclosed Hacked system 2% 5% Electronic backup 7% Malicious insider Lost 9% laptop/Device 48% Paper records 9% Third Party/Outsourcer 16% 31
  • 32. This section explains: • What information must be protected • PHI identifiers • The Notice of Privacy Practices (NOPP) for PHI • Purposes other than Treatment, Payment, or Operations (TPO) • Examples of TPO • Exceptions to the “Minimum Necessary” standard • When you should view, use, or share PHI
  • 33. You must protect an individual’s PHI which is collected or created as a consequence of a health care  PHI: provision.  Is information related to a patient‟s past, present or future physical and/or mental health or condition  Can be in any form: written, spoken, or electronic (including video, photographs, and x-rays)  Includes at least one of the 18 personal identifiers in association with health information
  • 34. continue…. These rules apply to you when you view, use, and share PHI Any health information with identifiers (on the following page) is Protected Health Information (PHI)
  • 35. The 18 Identifiers defined by HIPAA are:  Name  Medical record number  Postal address  Health plan beneficiary #  All elements of dates except year  Device identifiers and their serial numbers  Telephone number  Vehicle identifiers and  Fax number serial number  Email address  Biometric identifiers  URL address (finger and voice prints)  IP address  Full face photos and  Social security other comparable images number  Any other unique  Account numbers identifying  License numbers number, code, or characteristic
  • 36. The Notice of Privacy Practices (NOPP) allows PHI to be used and disclosed for purposes of TPO  Treatment (T), Payment (P), Operations (O)  TPO includes teaching, medical staff/peer review, legal, auditing, customer service, business management, and releases mandated by law
  • 37.
  • 38.
  • 39. Patients have the right to:  Request restrictions on release of their PHI  Receive confidential communications  Inspect and copy medical records (access)  Request amendment to medical records  Make a complaint  Receive an accounting of any external releases.  Obtain a paper copy of the Notice of Privacy Practices on request
  • 40. Written Authorization required to release medical information Physician or care team may share information with referring physician without an authorization “patient in common” All legal requests for release of information should be forwarded to the HIPAA Compliance Office for review 40
  • 41. Good Clinical Practice (GCP) is an international ethical and scientific quality standard for designing, conducting, recording and reporting trials that involve the participation of human subjects. Compliance with this standard provides public assurance that the rights, safety and well-being of trial subjects are protected, consistent with the principles that have their origin in the Declaration of Helsinki, and that the clinical trial data are credible” ICH HARMONISED TRIPARTITE GUIDELINE ,GUIDELINE FOR GOOD CLINICAL PRACTICE , E6 (http://www.ich.org/LOB/media/MEDIA482.pdf) 41
  • 42. Department Health and Human Services (HHS) FDA Regulated Federally Funded 21 Code of Federal Regulations (CFR) 45 CFR 46, “Common Rule” 21 CFR Parts 50: Human Subject The Federal Policy for the protection of Protection human subjects and is codified by a number of federal agencies. 21 CFR PART 54: Financial Disclosure 45 CFR subpart B: Protection for Pregnant 21 CFR 56: Institutional Review Boards Women, Human Fetuses & Neonates 21 CFR 312: Investigational New Drug 45 CFR subpart C: Protection for Application Prisoners 45 CFR subpart D: Protection for Children 21 CFR 803,812: Devices • Health Insurance Portability and Accountability Act (HIPAA) – Office of Civil Rights • National Coverage Decision (NCD) –Office of Inspector General (OIG) • VA Policies & Procedures 42
  • 43. PATIENT PRIVACY At some point in our lives we will all be a patient Treat all information as though it was your own 43
  • 44. Reference  http://hipaa.ucsf.edu/education/downloads/C onfidentialityStatement.pdf  http://www.research.uci.edu/ora/hrpp/privacyA ndConfidentiality.htm  archhttp://privacyruleandrese.nih.gov/clin_res earch.asp.  www.ncbi.nlm.nih.gov/pubmed/10107515