technology and security in a clinical research environment l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Technology and Security in a Clinical Research Environment PowerPoint Presentation
Download Presentation
Technology and Security in a Clinical Research Environment

Loading in 2 Seconds...

play fullscreen
1 / 19

Technology and Security in a Clinical Research Environment - PowerPoint PPT Presentation


  • 218 Views
  • Uploaded on

Technology and Security in a Clinical Research Environment Clinical Research Organization May 18, 2005 Brett Short, Jim Hilvers Journey to Compliance Privacy, Security to Research and Beyond Privacy Refresher What is the intent of HIPAA for privacy?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Technology and Security in a Clinical Research Environment' - ostinmannual


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
technology and security in a clinical research environment

Technology and Securityin a Clinical ResearchEnvironment

Clinical Research Organization

May 18, 2005

Brett Short, Jim Hilvers

journey to compliance
Journey to Compliance

Privacy, Security to Research and Beyond

2

privacy refresher
Privacy Refresher
  • What is the intent of HIPAA for privacy?
  • Is privacy in a clinical setting possible?
  • How do we ensure privacy?

3

hipaa refresher
HIPAA Refresher
  • Intent of HIPAA privacy?
    • Give patients control of their medical information.
    • New rights as a patient
    • New requirements for research
    • New way of doing “business” in a healthcare setting

4

privacy refresher5
Privacy Refresher
  • New rights for patients; to access their medical records, restrict access by others, request changes, and to learn how they have been accessed
  • Restrict most disclosures of protected health information to the minimum needed for healthcare treatment and business operations
  • Enable patients to decide if they will authorize disclosure of their protected health information (PHI) for uses other than treatment or healthcare business operations
  • Establish new requirements for access to records by researchers and others
  • Establish business associate agreements with business partners that safeguard their use and disclosure of PHI.

5

privacy refresher6
Privacy Refresher
  • Implement a comprehensive compliance program, including:
    • Conducting an impact assessment to determine gaps between existing information practices and policies and HIPAA requirements
    • Reviewing functions and activities of the organization's business partners to determine where Business Associate Agreements are required
    • Developing and implementing enterprise-wise privacy policies and procedures to implement the Rule
    • Assigning a Privacy officer who will administer the organizational privacy program and enforce compliance
    • Training all members of the workforce on HIPAA and organizational privacy and security policies
    • Updating systems to ensure they provide adequate protection of patient data

6

privacy refresher7
Privacy Refresher
  • Things to consider:
    • Business Associates
      • Sending data to anyone to do a task for us?
    • Appropriate Access
      • Work preparatory to research
        • Cannot remove/use without IRB approval
      • How do I access?
        • Paper
        • Electronically

7

hipaa security
HIPAA Security
  • Compliance date of Security Rule was April 20, 2005
  • Privacy Rule addressed Confidentiality of Personal Health Information ( PHI )
  • Security Rule deals with electronic handling of PHI or ePHI

8

hipaa security9
HIPAA Security
  • HIPAA Security deals with ePHI
  • During Transmission
  • At Rest (Stored )

9

hipaa security10
HIPAA Security
  • Changes in how we do business
    • Patient Care Givers:
      • New Procedures and Protocols
      • New Drugs
      • New Equipment
      • New Records
      • Evolving Roles of Care Providers

10

hipaa security11
HIPAA Security
  • Changing Roles
  • As a care provider you have access to clinical records.
  • As a researcher do you have the same access?

As a care provider you may not be authorized to access PHI for research purposes.

11

hipaa security12
HIPAA Security
  • Researchers:
    • Technology Changes
    • Number of Studies
      • Where to gather data?
      • Regulatory Changes

12

hipaa security13
HIPAA Security
  • Researcher’s Concerns and Frustrations
    • Protecting data from improper disclosure
    • No longer use legacy procedures to gather the data
    • Where to find needed data?
    • How to get access to data?
    • Why does it take so long?

13

hipaa security14
HIPAA Security
  • Security Challenges
    • Who is authorized to get data?
    • Update of Organizational Policies and Procedures lag behind technology advancements
    • Timing – eye of requestor vs eye of grantor
    • Delivery of data

14

hipaa security15
HIPAA Security
  • Access to PHI
    • Paper Record
    • Faxed from data source
    • Verbal
    • Consolidated from multiple sources
    • On-Line system
      • Wired Network
      • Wireless Network

15

hipaa security16
HIPAA Security
  • Receiving devices
    • Fixed Workstation
      • Personal
      • Shared
    • Mobile Workstation
      • Laptop Computer
      • Wireless Cart
      • Tablet PC
      • Hand Held Computers and Laptops
      • Cellular Phones/Blackberry devices
      • CD, Diskette, Thumb Drive
    • Remote Access (Not on site)

16

hipaa security17
HIPAA Security
  • How do you protect ePHI in your possession?
  • On the workstation hard drive?
  • In the database?
  • When it is shared?

17

hipaa security18
HIPAA Security
  • As a researcher, how do you get started?

18

hipaa security19
HIPAA Security

Questions???

19