hipaa compliance and its relationship to pharmacovigilance
TRANSCRIPT
HIPAA Compliance and its Relationship to
Pharmacovigilance
Christi Cordeiro, Project Manager, Life Sciences, Perficient
2
ABOUT PERFICIENT
Perficient is a leading information
technology consulting firm serving
clients throughout North America.
We help clients implement business-driven technology
solutions that integrate business processes, improve
worker productivity, increase customer loyalty and create
a more agile enterprise to better respond to new
business opportunities.
3
Founded in 1997
Public, NASDAQ: PRFT
2014 revenue $456 million
Major market locations:
Allentown, Atlanta, Ann Arbor, Boston, Charlotte,
Chicago, Cincinnati, Columbus, Dallas, Denver,
Detroit, Fairfax, Houston, Indianapolis, Lafayette,
Milwaukee, Minneapolis, New York City, Northern
California, Oxford (UK), Southern California,
St. Louis, Toronto
Global delivery centers in China and India
>2,600 colleagues
Dedicated solution practices
~90% repeat business rate
Alliance partnerships with major technology vendors
Multiple vendor/industry technology and growth awards
PERFICIENT PROFILE
4
Business Process Management
Customer Relationship Management
Enterprise Performance Management
Enterprise Information Solutions
Enterprise Resource Planning
Experience Design
Portal / Collaboration
Content Management
Information Management
Mobile
BU
SIN
ES
S S
OL
UT
ION
S
50
+ P
AR
TN
ER
S
Safety / PV
Clinical Data Management
Electronic Data Capture
Medical Coding
Clinical Data Warehousing
Clinical Data Analytics
Clinical Trial Management
Healthcare Data Warehousing
Healthcare Analytics
CL
INIC
AL / H
EA
LT
HC
AR
E IT
Consulting
Implementation
Integration
Migration
Upgrade
Managed Services
Private Cloud Hosting
Validation
Study Setup
Project Management
Application Development
Software Licensing
Application Support
Staff Augmentation
Training
SE
RV
ICE
S
OUR SOLUTIONS PORTFOLIO
5
WELCOME & INTRODUCTION
Christi CordeiroProject Manager, Safety and Pharmacovigilance
Life Sciences, Perficient
Safety and Pharmacovigilance Consultant since 2012
Extensive Safety and Pharmacovigilance experience
– 17 years of experience in the biopharmaceutical industry serving a variety of roles
within drug safety:
– Safety Operations
– Business Analysis
– System Implementations
– Data management
6
AGENDA
Topic
Welcome and Introduction
HIPAA Overview
Data Security
Impact of HIPAA on Pharmacovigilance Systems
Q&A
8
HIPAA DEFINITIONS
• Protected Health Information (PHI)
• Electronic Protected Health Information (ePHI)
• Covered Entity
• Business Associate
9
HIPAA REGULATION - 1996
• Comprised of 4 Rules
• Transfer and continuation of health coverage
• Reduce fraud and abuse
• Mandate industry wide standards
10
HITECH ACT - 2009
• Health Information Technology for Economic and Clinical Health
• Enacted to address security and privacy concerns
• Includes sanctions for violations
• Notification of Breach
• Electronic Health Record Access
• Business Associates (and Associate Agreements)
11
OMNIBUS HIPAA RULEMAKING - 2013
• Modifications to the HITECH Act
• Direct liability for business associates of covered entities
• Strengthens limitations on PHI use
• Modifies authorization to facilitate research
12
PATIENT HEALTH DATA
Uses and Disclosures (45 CFR 164.512(b)(1)(i) and (iii)))
• Public Health Authority
• FDA regulated products
• Enable product recalls, repairs, etc.
• Conduct post-marketing surveillance
Patient Data
• Collected as part of standard processes
• Health information
• Personal/Sensitive
13
HIPAA SECURITY & IMPACT ON PHARMACOVIGILANCE SYSTEMS
Physical
Controls
Technical
Controls
Administrative
Controls
14
ADMINISTRATIVE CONTROLS
Administrative Controls
• Corporate privacy policy and integrity agreement
• Licensing partner and vendor contracts
• SOPs/Guidelines
• Training
• Ongoing evaluation
• Disaster recovery
15
PHYSICAL CONTROLS
Physical Controls
• Facility Access
• Contingency operations
• Security plan
• Access control and validation procedures
• Maintenance records
• Workstation security
• Device and media controls
16
TECHNICAL CONTROLS
Technical Controls
• Access Management
• Unique user identification
• Emergency access procedures
• Automatic logoff
• Encryption and decryption
• Audit controls
• Data integrity
17
TECHNICAL CONTROLS – 21 CFR PART 11
• Data Integrity
• Access Management
• Audit Trails
• System Controls
• Part 11.10 (a)
• Part 11.10 (d)
• Part 11.10 (e)
• Part 11.10 (k)
18
DATA BREACHES
Unauthorized access or disclosure of patient personal or health information
• Theft
• Hacking
• Physical loss
• Unauthorized access/disclosure
19
BREACH NOTIFICATIONS
Requirements
• Not required
– Not a CE or BA
Recommended
• Controls to ensure security
• Controls to ensure patient
confidentiality
20
PHARMACOVIGILANCE SYSTEM CONTROLSStrategies for Compliance
• Written policies and procedures
• Training
• Communication
• Compliance oversight
• Auditing and monitoring
• Responding to and correcting errors
22
www.facebook.com/perficientwww.twitter.com/perficient_LS
For more information, please contact:
[email protected] (Sales)
+1 303 570 8464 (U.S. Sales)
+44 (0) 1865 910200 (U.K. Sales)
THANK YOU
linkedin.com/company/perficient