1 / 19

Technology and Security in a Clinical Research Environment

Technology and Security in a Clinical Research Environment Clinical Research Organization May 18, 2005 Brett Short, Jim Hilvers Journey to Compliance Privacy, Security to Research and Beyond Privacy Refresher What is the intent of HIPAA for privacy?

ostinmannual
Télécharger la présentation

Technology and Security in a Clinical Research Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Technology and Securityin a Clinical ResearchEnvironment Clinical Research Organization May 18, 2005 Brett Short, Jim Hilvers

  2. Journey to Compliance Privacy, Security to Research and Beyond 2

  3. Privacy Refresher • What is the intent of HIPAA for privacy? • Is privacy in a clinical setting possible? • How do we ensure privacy? 3

  4. HIPAA Refresher • Intent of HIPAA privacy? • Give patients control of their medical information. • New rights as a patient • New requirements for research • New way of doing “business” in a healthcare setting 4

  5. Privacy Refresher • New rights for patients; to access their medical records, restrict access by others, request changes, and to learn how they have been accessed • Restrict most disclosures of protected health information to the minimum needed for healthcare treatment and business operations • Enable patients to decide if they will authorize disclosure of their protected health information (PHI) for uses other than treatment or healthcare business operations • Establish new requirements for access to records by researchers and others • Establish business associate agreements with business partners that safeguard their use and disclosure of PHI. 5

  6. Privacy Refresher • Implement a comprehensive compliance program, including: • Conducting an impact assessment to determine gaps between existing information practices and policies and HIPAA requirements • Reviewing functions and activities of the organization's business partners to determine where Business Associate Agreements are required • Developing and implementing enterprise-wise privacy policies and procedures to implement the Rule • Assigning a Privacy officer who will administer the organizational privacy program and enforce compliance • Training all members of the workforce on HIPAA and organizational privacy and security policies • Updating systems to ensure they provide adequate protection of patient data 6

  7. Privacy Refresher • Things to consider: • Business Associates • Sending data to anyone to do a task for us? • Appropriate Access • Work preparatory to research • Cannot remove/use without IRB approval • How do I access? • Paper • Electronically 7

  8. HIPAA Security • Compliance date of Security Rule was April 20, 2005 • Privacy Rule addressed Confidentiality of Personal Health Information ( PHI ) • Security Rule deals with electronic handling of PHI or ePHI 8

  9. HIPAA Security • HIPAA Security deals with ePHI • During Transmission • At Rest (Stored ) 9

  10. HIPAA Security • Changes in how we do business • Patient Care Givers: • New Procedures and Protocols • New Drugs • New Equipment • New Records • Evolving Roles of Care Providers 10

  11. HIPAA Security • Changing Roles • As a care provider you have access to clinical records. • As a researcher do you have the same access? As a care provider you may not be authorized to access PHI for research purposes. 11

  12. HIPAA Security • Researchers: • Technology Changes • Number of Studies • Where to gather data? • Regulatory Changes 12

  13. HIPAA Security • Researcher’s Concerns and Frustrations • Protecting data from improper disclosure • No longer use legacy procedures to gather the data • Where to find needed data? • How to get access to data? • Why does it take so long? 13

  14. HIPAA Security • Security Challenges • Who is authorized to get data? • Update of Organizational Policies and Procedures lag behind technology advancements • Timing – eye of requestor vs eye of grantor • Delivery of data 14

  15. HIPAA Security • Access to PHI • Paper Record • Faxed from data source • Verbal • Consolidated from multiple sources • On-Line system • Wired Network • Wireless Network 15

  16. HIPAA Security • Receiving devices • Fixed Workstation • Personal • Shared • Mobile Workstation • Laptop Computer • Wireless Cart • Tablet PC • Hand Held Computers and Laptops • Cellular Phones/Blackberry devices • CD, Diskette, Thumb Drive • Remote Access (Not on site) 16

  17. HIPAA Security • How do you protect ePHI in your possession? • On the workstation hard drive? • In the database? • When it is shared? 17

  18. HIPAA Security • As a researcher, how do you get started? 18

  19. HIPAA Security Questions??? 19

More Related