1 / 28

AMC Security & Privacy Progress & Prospects

AMC Security & Privacy Progress & Prospects. September 26-28, 2005 Research Triangle Park, NC.

traci
Télécharger la présentation

AMC Security & Privacy Progress & Prospects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AMC Security & PrivacyProgress & Prospects September 26-28, 2005 Research Triangle Park, NC

  2. International Security & PrivacyEffects from Outsourced Services,International Medicine & ResearchJohn E. Steiner, Jr., Esq.Chief Compliance Officer and Privacy OfficialCleveland Clinic Health SystemCleveland, Ohio

  3. International Trial Issues Sponsors and researchers need to determine: • What legal or professional standards apply to international research? • What has the foreign entity agreed to in its FWA? • FDA Compliance • How to assure data integrity and record keeping? • Does HIPAA Apply? • EU Data Protection Directive • Site of research: national laws must always be obeyed

  4. Key “Environmental” Factors • Minimal coordination between governments for mandated privacy protection, e.g. storage, transmission, use, and disclosure of personal information • Some international laws prohibit importation of personal information if a country lacks adequate privacy protections

  5. Key “Environmental” Factors • Desire for harmonized legal framework, especially in Europe • European Union ( EU) Directives • EU Data Protection Directive • International Conference on Harmonization (ICH) of Technical Requirements for Regulation of Human Use

  6. EU Clinical Trials Directive • Member states to implement national laws regulating clinical trials by May 1, 2004 • FOCUS: Impose new clinical trials administrative requirements

  7. International Research A U.S. institution collaborates with a foreign institution on a U.S. federally funded research project • Both institutions foreign and domestic need to file an FWA, and • Comply with the FWA’s terms

  8. ICH and ICH-GCP • ICH standards accepted by the FDA and European regulatory agencies • ICH Harmonized Tripartite Guideline for Good Clinical Practice ( IHC – GCP) • IHC-GCP intended to promote best practices in clinical trials, also includes specifics for data collection, data handling, documentation, and records retention

  9. Applicability of FDA Regulations • International Studies under IND or IDE must meet the same requirements in FDA regulations that apply to U.S. Studies under an IND or IDE. • 21 CFR Part 50: Informed Consent • 21 CFR Part 56: IRB Oversight • 21 CFR Part 312: IND Requirements • 21 CFR Part 812: IDE Requirements

  10. Applicability of FDA Regulations • FDA may accept data from foreign studies not conducted under an IND or IDE if the study conforms with the more stringent of: • The principles contained in the Declaration of Helsinki; or • The laws and regulations of the country in which research was conducted

  11. International Research • AMC – receives healthcare information about a research subjects from a PI abroad - becomes PHI can not use or disclose unless de-identified or is in a limited data set • If AMC wants to coordinate an international trial, for industry sponsors there is a danger that HIPAA standards apply abroad (may need to obtain HIPAA authorization Foreign Research Subjects)

  12. How do We Measure Cybersecurity Risk? Ben Mazzotta Research Director for Health Care US Cyber Consequences Unit 3rd AMC Security and Privacy Conference: Progress and Prospects 27 September 2005

  13. Overview • US Cyber Consequences Unit • Health care report • Risk valuation for cybersecurity • Methodology • Preliminary insights • Looking ahead Ben Mazzotta Research Director for Health Care

  14. Risk Valuation • Threats • Consequences • Vulnerabilities Ben Mazzotta Research Director for Health Care

  15. Value Creation Analysis • Willingness to pay curve • Opportunity cost curve • Transactions generate surpluses for consumers and producers Ben Mazzotta Research Director for Health Care

  16. Methodology • Interviews • Red team exercises • Economic analysis • The goal: cost-effectiveness of cybersecurity measures Ben Mazzotta Research Director for Health Care

  17. Preliminary insights • Network crashes • Reconnaissance activities • Latent identities • Software patches • Computer calibrated equipment • Hiring agencies • Offshore radiology Ben Mazzotta Research Director for Health Care

  18. AMC Security & PrivacyHIT / Security / Privacy – “On the Horizon” John Quinn – CTO Health Practice September 27, 2005

  19. Future HIT Drivers • The slow continuation of HIPAA… • Interoperable Electronic Health Records • Electronic Prescribing • The potential of structured clinical information in the hands of payers and pharmaceutical companies

  20. HIPAA • After 9+ years pieces of HIPAA continue on the journey of getting their “final” rules and implementation days. • National Provider Identifier (NPI) is in-process. • HIPAA transaction 275 (attachments) starts its journey now • Attachments for both claims and referrals • Structured clinical documentation and envelopes • X12 275 envelope • HL7 CDA R1 (moving to R2) content.

  21. Interoperable Electronic Health Records • A Very wide range of privacy and security issues • Identifiable structured clinical information • Accessed and stored by a covered entity (in possibly a different state) with different privacy policies and procedures, consents and releases. • A very high value producer and user of clinical trial information.

  22. Electronic Prescribing (ERx) • Direct Mandate from Medicare Modernization Act 2003. • Statue has enough technical detail to qualify as “EHR Light”. • Privacy & Security concerns are much the same as EHR • Some payers have already demonstrated investment interest in ERx. • Adherence to Formulary & Generic Shift • Payer financed pay-for-performance

  23. Dispersed Structured Clinical Information • There is almost no limit to the number of ideas for good uses of both identifiable and anonymous clinical information. • The is also almost no limit to the challenges to privacy and security. • Under the right circumstances, in the world of interoperable EHRs “identity theft” could result in serious injury or death.

  24. AMC Privacy and Security Conference International Security and Privacy Futures Track International Security and Privacy Panel Discussion

  25. Objectives To engage you (the audience) in exploring this topic To learn how your AMC peers see the topic and how their AMCs are handling it To encourage you to share information about how your AMC is handling the topic

  26. Instant Poll Rules • Facilitator’s role: • Ask audience members and panelist to shut their eyes (to promote more honest voting) • Ask for a show of hands for each item to be voted on. • Audience role: • Vote as you see fit. • Voting is anonymous. • Follow-up questions may ask voters to describe why they voted as they did, if they are comfortable doing so.

  27. Audience Discussion Points • How has your AMC been affected by international privacy and security laws and regulations? • Has your AMC implemented the appropriate measures to meet legal and professional standards for privacy and security in international studies?

  28. Session Feedback Poll Engagement Quality Instant Poll • This session did a good job of engaging the panelists and the audience on the topic. 1 - Strongly Disagree ___ 2 - Disagree ___ 3 - Neither agree not disagree ___ 4 – Agree ____ 5 - Strongly agree ____

More Related