Technology and Security in a Clinical Research Environment - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Technology and Security in a Clinical Research Environment

Description:

Technology and Security in a Clinical Research Environment – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 20
Provided by: ukm8
Category:

less

Transcript and Presenter's Notes

Title: Technology and Security in a Clinical Research Environment


1
Technology and Securityin a Clinical
ResearchEnvironment
  • Clinical Research Organization
  • May 18, 2005
  • Brett Short, Jim Hilvers

2
Journey to Compliance
  • Privacy, Security to Research and Beyond

3
Privacy Refresher
  • What is the intent of HIPAA for privacy?
  • Is privacy in a clinical setting possible?
  • How do we ensure privacy?

4
HIPAA Refresher
  • Intent of HIPAA privacy?
  • Give patients control of their medical
    information.
  • New rights as a patient
  • New requirements for research
  • New way of doing business in a healthcare
    setting

5
Privacy Refresher
  • New rights for patients to access their medical
    records, restrict access by others, request
    changes, and to learn how they have been accessed
  • Restrict most disclosures of protected health
    information to the minimum needed for healthcare
    treatment and business operations
  • Enable patients to decide if they will authorize
    disclosure of their protected health information
    (PHI) for uses other than treatment or healthcare
    business operations
  • Establish new requirements for access to records
    by researchers and others
  • Establish business associate agreements with
    business partners that safeguard their use and
    disclosure of PHI.

6
Privacy Refresher
  • Implement a comprehensive compliance program,
    including
  • Conducting an impact assessment to determine gaps
    between existing information practices and
    policies and HIPAA requirements
  • Reviewing functions and activities of the
    organization's business partners to determine
    where Business Associate Agreements are required
  • Developing and implementing enterprise-wise
    privacy policies and procedures to implement the
    Rule
  • Assigning a Privacy officer who will administer
    the organizational privacy program and enforce
    compliance
  • Training all members of the workforce on HIPAA
    and organizational privacy and security policies
  • Updating systems to ensure they provide adequate
    protection of patient data

7
Privacy Refresher
  • Things to consider
  • Business Associates
  • Sending data to anyone to do a task for us?
  • Appropriate Access
  • Work preparatory to research
  • Cannot remove/use without IRB approval
  • How do I access?
  • Paper
  • Electronically

8
HIPAA Security
  • Compliance date of Security Rule was April
    20, 2005
  • Privacy Rule addressed Confidentiality of
    Personal Health Information ( PHI )
  • Security Rule deals with electronic handling of
    PHI or ePHI

9
HIPAA Security
  • HIPAA Security deals with ePHI
  • During Transmission
  • At Rest (Stored )

10
HIPAA Security
  • Changes in how we do business
  • Patient Care Givers
  • New Procedures and Protocols
  • New Drugs
  • New Equipment
  • New Records
  • Evolving Roles of Care Providers

11
HIPAA Security
  • Changing Roles
  • As a care provider you have access to clinical
    records.
  • As a researcher do you have the same access?
  • As a care provider you may not be authorized
    to access PHI for research purposes.

12
HIPAA Security
  • Researchers
  • Technology Changes
  • Number of Studies
  • Where to gather data?
  • Regulatory Changes

13
HIPAA Security
  • Researchers Concerns and Frustrations
  • Protecting data from improper disclosure
  • No longer use legacy procedures to gather the
    data
  • Where to find needed data?
  • How to get access to data?
  • Why does it take so long?

14
HIPAA Security
  • Security Challenges
  • Who is authorized to get data?
  • Update of Organizational Policies and Procedures
    lag behind technology advancements
  • Timing eye of requestor vs eye of grantor
  • Delivery of data

15
HIPAA Security
  • Access to PHI
  • Paper Record
  • Faxed from data source
  • Verbal
  • Consolidated from multiple sources
  • On-Line system
  • Wired Network
  • Wireless Network

16
HIPAA Security
  • Receiving devices
  • Fixed Workstation
  • Personal
  • Shared
  • Mobile Workstation
  • Laptop Computer
  • Wireless Cart
  • Tablet PC
  • Hand Held Computers and Laptops
  • Cellular Phones/Blackberry devices
  • CD, Diskette, Thumb Drive
  • Remote Access (Not on site)

17
HIPAA Security
  • How do you protect ePHI in your possession?
  • On the workstation hard drive?
  • In the database?
  • When it is shared?

18
HIPAA Security
  • As a researcher, how do you get started?

19
HIPAA Security
  • Questions???
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Technology and Security in a Clinical Research Environment" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!