Technology and Security in a Clinical Research Environment - PowerPoint PPT Presentation

ostinmannual
technology and security in a clinical research environment l.
Skip this Video
Loading SlideShow in 5 Seconds..
Technology and Security in a Clinical Research Environment PowerPoint Presentation
Download Presentation
Technology and Security in a Clinical Research Environment

play fullscreen
1 / 19
Download Presentation
Technology and Security in a Clinical Research Environment
224 Views
Download Presentation

Technology and Security in a Clinical Research Environment

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Technology and Securityin a Clinical ResearchEnvironment Clinical Research Organization May 18, 2005 Brett Short, Jim Hilvers

  2. Journey to Compliance Privacy, Security to Research and Beyond 2

  3. Privacy Refresher • What is the intent of HIPAA for privacy? • Is privacy in a clinical setting possible? • How do we ensure privacy? 3

  4. HIPAA Refresher • Intent of HIPAA privacy? • Give patients control of their medical information. • New rights as a patient • New requirements for research • New way of doing “business” in a healthcare setting 4

  5. Privacy Refresher • New rights for patients; to access their medical records, restrict access by others, request changes, and to learn how they have been accessed • Restrict most disclosures of protected health information to the minimum needed for healthcare treatment and business operations • Enable patients to decide if they will authorize disclosure of their protected health information (PHI) for uses other than treatment or healthcare business operations • Establish new requirements for access to records by researchers and others • Establish business associate agreements with business partners that safeguard their use and disclosure of PHI. 5

  6. Privacy Refresher • Implement a comprehensive compliance program, including: • Conducting an impact assessment to determine gaps between existing information practices and policies and HIPAA requirements • Reviewing functions and activities of the organization's business partners to determine where Business Associate Agreements are required • Developing and implementing enterprise-wise privacy policies and procedures to implement the Rule • Assigning a Privacy officer who will administer the organizational privacy program and enforce compliance • Training all members of the workforce on HIPAA and organizational privacy and security policies • Updating systems to ensure they provide adequate protection of patient data 6

  7. Privacy Refresher • Things to consider: • Business Associates • Sending data to anyone to do a task for us? • Appropriate Access • Work preparatory to research • Cannot remove/use without IRB approval • How do I access? • Paper • Electronically 7

  8. HIPAA Security • Compliance date of Security Rule was April 20, 2005 • Privacy Rule addressed Confidentiality of Personal Health Information ( PHI ) • Security Rule deals with electronic handling of PHI or ePHI 8

  9. HIPAA Security • HIPAA Security deals with ePHI • During Transmission • At Rest (Stored ) 9

  10. HIPAA Security • Changes in how we do business • Patient Care Givers: • New Procedures and Protocols • New Drugs • New Equipment • New Records • Evolving Roles of Care Providers 10

  11. HIPAA Security • Changing Roles • As a care provider you have access to clinical records. • As a researcher do you have the same access? As a care provider you may not be authorized to access PHI for research purposes. 11

  12. HIPAA Security • Researchers: • Technology Changes • Number of Studies • Where to gather data? • Regulatory Changes 12

  13. HIPAA Security • Researcher’s Concerns and Frustrations • Protecting data from improper disclosure • No longer use legacy procedures to gather the data • Where to find needed data? • How to get access to data? • Why does it take so long? 13

  14. HIPAA Security • Security Challenges • Who is authorized to get data? • Update of Organizational Policies and Procedures lag behind technology advancements • Timing – eye of requestor vs eye of grantor • Delivery of data 14

  15. HIPAA Security • Access to PHI • Paper Record • Faxed from data source • Verbal • Consolidated from multiple sources • On-Line system • Wired Network • Wireless Network 15

  16. HIPAA Security • Receiving devices • Fixed Workstation • Personal • Shared • Mobile Workstation • Laptop Computer • Wireless Cart • Tablet PC • Hand Held Computers and Laptops • Cellular Phones/Blackberry devices • CD, Diskette, Thumb Drive • Remote Access (Not on site) 16

  17. HIPAA Security • How do you protect ePHI in your possession? • On the workstation hard drive? • In the database? • When it is shared? 17

  18. HIPAA Security • As a researcher, how do you get started? 18

  19. HIPAA Security Questions??? 19