HIPAA Compliance and its Relationship to Pharmacovigilance

HIPAA Compliance and its Relationship to

Pharmacovigilance

Christi Cordeiro, Project Manager, Life Sciences, Perficient

2

ABOUT PERFICIENT

Perficient is a leading information

technology consulting firm serving

clients throughout North America.

We help clients implement business-driven technology

solutions that integrate business processes, improve

worker productivity, increase customer loyalty and create

a more agile enterprise to better respond to new

business opportunities.

3

Founded in 1997

Public, NASDAQ: PRFT

2014 revenue $456 million

Major market locations:

Allentown, Atlanta, Ann Arbor, Boston, Charlotte,

Chicago, Cincinnati, Columbus, Dallas, Denver,

Detroit, Fairfax, Houston, Indianapolis, Lafayette,

Milwaukee, Minneapolis, New York City, Northern

California, Oxford (UK), Southern California,

St. Louis, Toronto

Global delivery centers in China and India

>2,600 colleagues

Dedicated solution practices

~90% repeat business rate

Alliance partnerships with major technology vendors

Multiple vendor/industry technology and growth awards

PERFICIENT PROFILE

4

Business Process Management

Customer Relationship Management

Enterprise Performance Management

Enterprise Information Solutions

Enterprise Resource Planning

Experience Design

Portal / Collaboration

Content Management

Information Management

Mobile

BU

SIN

ES

S S

OL

UT

ION

S

50

+ P

AR

TN

ER

S

Safety / PV

Clinical Data Management

Electronic Data Capture

Medical Coding

Clinical Data Warehousing

Clinical Data Analytics

Clinical Trial Management

Healthcare Data Warehousing

Healthcare Analytics

CL

INIC

AL / H

EA

LT

HC

AR

E IT

Consulting

Implementation

Integration

Migration

Upgrade

Managed Services

Private Cloud Hosting

Validation

Study Setup

Project Management

Application Development

Software Licensing

Application Support

Staff Augmentation

Training

SE

RV

ICE

S

OUR SOLUTIONS PORTFOLIO

5

WELCOME & INTRODUCTION

Christi CordeiroProject Manager, Safety and Pharmacovigilance

Life Sciences, Perficient

Safety and Pharmacovigilance Consultant since 2012

Extensive Safety and Pharmacovigilance experience

– 17 years of experience in the biopharmaceutical industry serving a variety of roles

within drug safety:

– Safety Operations

– Business Analysis

– System Implementations

– Data management

6

AGENDA

Topic

Welcome and Introduction

HIPAA Overview

Data Security

Impact of HIPAA on Pharmacovigilance Systems

Q&A

7

WHAT IS HIPAA?

8

HIPAA DEFINITIONS

• Protected Health Information (PHI)

• Electronic Protected Health Information (ePHI)

• Covered Entity

• Business Associate

9

HIPAA REGULATION - 1996

• Comprised of 4 Rules

• Transfer and continuation of health coverage

• Reduce fraud and abuse

• Mandate industry wide standards

10

HITECH ACT - 2009

• Health Information Technology for Economic and Clinical Health

• Enacted to address security and privacy concerns

• Includes sanctions for violations

• Notification of Breach

• Electronic Health Record Access

• Business Associates (and Associate Agreements)

11

OMNIBUS HIPAA RULEMAKING - 2013

• Modifications to the HITECH Act

• Direct liability for business associates of covered entities

• Strengthens limitations on PHI use

• Modifies authorization to facilitate research

12

PATIENT HEALTH DATA

Uses and Disclosures (45 CFR 164.512(b)(1)(i) and (iii)))

• Public Health Authority

• FDA regulated products

• Enable product recalls, repairs, etc.

• Conduct post-marketing surveillance

Patient Data

• Collected as part of standard processes

• Health information

• Personal/Sensitive

13

HIPAA SECURITY & IMPACT ON PHARMACOVIGILANCE SYSTEMS

Physical

Controls

Technical

Controls

Administrative

Controls

14

ADMINISTRATIVE CONTROLS

Administrative Controls

• Corporate privacy policy and integrity agreement

• Licensing partner and vendor contracts

• SOPs/Guidelines

• Training

• Ongoing evaluation

• Disaster recovery

15

PHYSICAL CONTROLS

Physical Controls

• Facility Access

• Contingency operations

• Security plan

• Access control and validation procedures

• Maintenance records

• Workstation security

• Device and media controls

16

TECHNICAL CONTROLS

Technical Controls

• Access Management

• Unique user identification

• Emergency access procedures

• Automatic logoff

• Encryption and decryption

• Audit controls

• Data integrity

17

TECHNICAL CONTROLS – 21 CFR PART 11

• Data Integrity

• Access Management

• Audit Trails

• System Controls

• Part 11.10 (a)

• Part 11.10 (d)

• Part 11.10 (e)

• Part 11.10 (k)

18

DATA BREACHES

Unauthorized access or disclosure of patient personal or health information

• Theft

• Hacking

• Physical loss

• Unauthorized access/disclosure

19

BREACH NOTIFICATIONS

Requirements

• Not required

– Not a CE or BA

Recommended

• Controls to ensure security

• Controls to ensure patient

confidentiality

20

PHARMACOVIGILANCE SYSTEM CONTROLSStrategies for Compliance

• Written policies and procedures

• Training

• Communication

• Compliance oversight

• Auditing and monitoring

• Responding to and correcting errors

21

QUESTIONS?

22

www.facebook.com/perficientwww.twitter.com/perficient_LS

For more information, please contact:

[email protected]

[email protected] (Sales)

+1 303 570 8464 (U.S. Sales)

+44 (0) 1865 910200 (U.K. Sales)

THANK YOU

linkedin.com/company/perficient