PREP Course # 25: Going Electronic?
|
|
- Elfreda Wells
- 8 years ago
- Views:
Transcription
1 PREP Course # 25: Going Electronic? Presented by: Cerdi Beltre, Administrative Director, Clinical Research Service Martin L. Lesser, PhD, EMT-CC, Director and Investigator, Biostatistics Unit David Ballard, PhD, Director of Research Informatics, Assistant Investigator
2 CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any individuals in a position to control the content of a CME activity, including faculty, planners, and managers, are required to disclose all financial relationships with commercial interests. All identified potential conflicts of interest are thoroughly vetted by the North Shore-LIJ for fair balance and scientific objectivity and to ensure appropriateness of patient care recommendations. Course Director, Kevin Tracey, has disclosed a commercial interest in Setpoint, Inc. as the cofounder, for stock and consulting support. He has resolved his conflicts by identifying a faculty member to conduct content review of this program who has no conflicts. Cerdi Beltre, Martin L. Lesser, and David Ballard have nothing to disclose.
3 Objectives Provide overview of regulations and policies relating to electronic records. Discuss current solutions within our health system for: Safeguarding electronic PHI Resources available: Research Data Informed Consent Regulatory Binder
4 Research - Going Electronic In 2003, an estimated 95% of clinical trials relied on paper record. In the past several years, a dramatic increase in the adoption of electronic records A recent study suggests that 24% of physicians currently using some form of electronic health record, with the adoption rate much higher in larger practices than in small practices. Lots of EMR s are being rolled-out throughout the health system Reference: 1. Tufts Center for the Study of Drug Development, CROs Provide Gateway to Worldwide Clinical Trial Recruitment Efforts, Impact Report, July/August Kristin Brooks, CRO Industry Update: Growth, Expansion, and New Opportunities, Contract Pharma, May 2006.
5 New Era In 2011, Pfizer announced that it is conducting the first all-electronic clinical trial. The FDA has approved Pfizer s trial, which is being conducted under an investigational new drug (IND) application. The 16-week trial will evaluate the safety and efficacy of the drug Detrol la, which treats overactive bladder. It will compare the results of this electronic trial with the results of a traditional Phase IV trial completed in The aim is to replicate the results; if this happens, it will signal the electronic approach as a very viable and improved option for future clinical trial conduct. Reference: Pfizer Conducts First Electronic Clinical Trial Beginning of a New Era in Clinical Research? Link:
6 How do we go paperless? Comply with HIPAA Security Standards, HITECH, policies, etc. Ensure CRF Part 11 compliance (FDA when regulated) Have electronic means of capturing study data CRFs, Source, Regulatory Documents 6
7 The HIPAA Security Rule Establishes national standards to protect e-phi that is created, received, used, or maintained by a covered entity (we are an organized healthcare arrangement). Requires administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of e-phi. Office of Civil Rights (OCR) is responsible for issuing periodic guidance Check-out CMS HIPAA Security Series (Google it or follow link: tml) Reference: U.S. Department of health & Human Services. Improving the health, safety, and well-being of America. Health Information Privacy The Security Rule. Link: 7
8 HITECH Breach Notification rule HHS issued regulations requiring health care providers, health plans, and other entities covered by HIPAA to notify individuals when their health information is breached. The breach notification requirements only apply to breaches of "unsecured" PHI. The HITECH Act mentions only two methods for securing PHI: encryption and destruction. >500 Individuals <500 HHS Secretary on a annual basis HHS Secretary Individuals Media 8
9 21 CFR Part CRF Part 11 - defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records. Applies to e-records created, modified, maintained, archived, retrieved, or transmitted under any records requirements set by the FDA or any e-records sent to the FDA even if not specified in regulations. Being re-evaluated but FDA intends to exercise enforcement discretion with certain parts (i.e. validation, audit trail, record retention, record copying). HIPAA security still applies. Source: Guidance for Industry- Part 11, Electronic Records; Electronic Signatures Scope and Application 9
10 Where are our policies?
11 Safeguarding Electronic Media Containing PHI Type of electronic media containing PHI Administrative Physical Technical Excel Spreadsheet or Word Applications/Software, Access Database, Large Data Files (i.e. images, video) Password protected and encrypt file Access limited to those authorized Track access (Data Insight -end of 2012) Automatic backup to health system server Employee training and security awareness Request and file copy of HIPAA security certificate Process for managing passwords including creation, changes, safeguarding and promoting common sense precautions System that tracks access and provides reports if needed System tracks security incidents and provides reports if needed Process to determine clearance and termination of access Periodic review of access performed Automatic back-up is enabled Individual login/password for this system Data encryption Unauthorized physical access, tampering, and theft controlled with: Locked doors Use of ID badges Plans for the final disposition of data/hardware Create retrievable exact back-up and storage before movement of equipment/data Procedures for the removal of ephi from electronic media before re-use or discarding (i.e. demagnetize or damage beyond repair) Cameras Alarms Warning signs Visitor passes Escorts Security guard Sign-in/sign-out Save on health system server which has: o antivirus software installed and kept turned on o automatic updates to download and install antivirus updates o Detection of intrusion o Prevention of intrusion o Installed a firewall and uses it Authentication (individual login/password for account) Encryption of data when transmitted via Security violations can and will be recorded Each person has unique ID which is appropriate to their role/function and to track user activity. Specify what is used for authentication: (i.e. Pin, password, token, smartcard, biometrics?) Automatic log-off after inactivity Implement policies/procedures to protect data from improper alteration or destruction System has a disaster recovery plan System has an emergency mode operation plan Data will be encrypted when being transmitted Lost data = lost research
12 Set a password and encrypt an Excel spreadsheet 1. Click the Microsoft Office Button, point to Prepare, and then click Encrypt Document. 2. In the Password box, type a password, and then click OK. Reenter password, then click OK. Save the file. Remove password protection from an Excel spreadsheet Use the password to open the spreadsheet. Click the Microsoft Office Button, point to Prepare, and then click Encrypt Document. In the Encrypt Document dialog box, in the Password box, delete the encrypted password, and then click OK. Save the spreadsheet. Source: MS Excel Help 12
13 Developing or integrating software?
14 Current Resources & Solutions
15 Data Management Services and Support from the Biostatistics Unit Martin L Lesser, PhD Director, Biostatistics Unit Feinstein Institute for Medical Research Professor, Departments of Molecular Medicine & Population Health Hofstra North Shore-LIJ School of Medicine
16 Data Management Support Services Case Report Form Development Database Design and Programming Data Entry Procedures (web-based vs non-web-based) Data Quality Assurance: Validation, queries and audits Confidentiality Data Security Data Backup Procedures Report generation Standard Operating Procedures (SOPs) Manual of Operations (MOP) Hardware and Software Configuration
17 Database Architecture Web-based (Coldfusion/JavaScript/MS SQL Server ) Secured web server (username and password) URL -
18 Database Characteristics User-specific logon Site-specific (user can only access their site data) Generate real-time reports (enrollment log, etc.) Each CRF/form has data/form validation and auto calculations (minimize data anomalies) Intelligence added auto selection of inclusion/exclusion form and determination of eligibility Secured web and file server entire database including transaction logs backed up nightly Audit trail
19 CRFs Common to all Databases Subject registration Demographics Baseline clinical data Physical exam Medical History/Cancer History Concomitant medications Laboratory (chemistry, hematology) Radiology BMT common forms Procedures and drug administration Adverse events (AE, SAE) Specimen tracking forms Off-study report (can also use CIBMTR forms)
20 Active Database Applications Udall Parkinson s Disease Database (Eidelberg, NINDS) Litwin-Zucker Memory Disorders Database (Davies, NINDS) RCT of Celecoxib in Recurrent Respiratory Papillomatosis (Steinberg, NIDCD) Clinical Research Center Protocol Tracking (Morgan) Geriatric Ambulatory Psychiatric Clinic Database (Koppel) WOR34 Rheumatoid Arthritis Database Planning Grant (Aranow in development) Other miscellaneous databases
21 Planning a Database Contact the Biostatistics Unit Plan well in advance A properly designed data base (from CRFs to database to SOPs to MOPs) can take up to several months
22 Electronic consent 22
23 North Shore Informatics Group Data management services for Clinical research Electronic CRFs Electronic Data Capture Clinical Alerts Online Consent LIMS Genomics 23
24 Patient Research Information SysteM 24
25 PRISM 25
26 Electronic CRF 26
27 Electronic consent Requirements Electronic Consent must be added to the protocol. Must receive IRB approval. 27
28 Coordinator Workflow 28
29 Participant Workflow Participant Receives 29
30 Participant Workflow 30
31 Final Step Participant and Coordinator Receive 31
32 Electronically Signed Consent 32
33 Data Collected 33
34 Regulatory Binder 34
35 Electronic Regulatory Binder Keep paper source (or certify copy) Monitoring log Delegation of responsibility Signed Consent Forms Source documents Electronic Required education Public Registration of Research Studies Protocol IRB correspondence/ approvals FWA Assurance Screening/Enrollment Advertising/ educational materials Sample tracking and shipping Local lab certificates/reference Ranges Investigational Product information Sponsor correspondence FDA forms CVs, Licenses, COI 35
36
37
38
39
40
41
42
43
44
45
46 Availability of Records 1. All records must be readily available for review and copying. 2. All necessary equipment must be provided to facilitate viewing and copying of the records. 3. A reproduction must be a true and accurate copy of the original record. If the copy does not reveal changes or additions to the original record, the original must be retained. Reference: Inspections, Compliance, Enforcement, and Criminal Investigations, CPG Sec Use of Microfiche and/or Microfilm for Method of Records Retention, link:
47 Certification of originals ALCOA: Electronic source data and source documentation must meet the same fundamental elements of data quality -attributable, legible, contemporaneous, original, and accurate.* Original data: Values that represent the first recording of study data. FDA is allowing original documents and the original data recorded on those documents to be replaced by copies provided the copies are identical and have been verified as such.* Certified Copy: A certified copy is a copy of original information that has been verified, as indicated by a dated signature, as an exact copy having all of the same attributes and information as the original. NOTE: The copy may be verified by dated signature or by a validated electronic process. A certified copy of a source document may serve as a source for a clinical investigation.** Reference: *FDA Guidance Document: Computerized Systems Used in Clinical Investigations (May 2007) **CDISC Clinical Research Glossary, Link: 47
48 Expected Changes Update in IRB Form Purchase of a CTMS Electronic signature Policies/guidance will be created or modified Data Insight end of 2012 Flagging electronic health records Data loss prevention program 48
49 Contacts Cerdi Beltre Clinical Research Service David Ballard, PhD Research Bioinformatics Martin Lesser, PhD Biostatistics
50 Q U E S T I O N S?
HIPAA Information Security Overview
HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationHIPAA ephi Security Guidance for Researchers
What is ephi? ephi stands for Electronic Protected Health Information (PHI). It is any PHI that is stored, accessed, transmitted or received electronically. 1 PHI under HIPAA means any information that
More informationPolicies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification
Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices
More informationHealthcare Compliance Solutions
Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationHealth Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)
Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...
More informationDatto Compliance 101 1
Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationHealthcare Compliance Solutions
Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and
More informationSECURITY RISK ASSESSMENT SUMMARY
Providers Business Name: Providers Business Address: City, State, Zip Acronyms NIST FIPS PHI EPHI BA CE EHR HHS IS National Institute of Standards and Technology Federal Information Process Standards Protected
More informationVMware vcloud Air HIPAA Matrix
goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory
More informationHIPAA Security. assistance with implementation of the. security standards. This series aims to
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationHIPAA Compliance Guide
HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationHow To Write A Health Care Security Rule For A University
INTRODUCTION HIPAA Security Rule Safeguards Recommended Standards Developed by: USF HIPAA Security Team May 12, 2005 The Health Insurance Portability and Accountability Act (HIPAA) Security Rule, as a
More informationHIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS
HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationHIPAA: In Plain English
HIPAA: In Plain English Material derived from a presentation by Kris K. Hughes, Esq. Posted with permission from the author. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub.
More informationThe second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures
The second section of the HIPAA Security Rule is related to physical safeguards. Physical safeguards are physical measures, policies and procedures to protect and secure a covered entity s electronic information
More informationWHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE
WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE INTRODUCTION The healthcare industry is driven by many specialized documents. Each day, volumes of critical information are sent to and from
More informationHIPAA Security. 1 Security 101 for Covered Entities. Security Topics
HIPAA SERIES Topics 1. 101 for Covered Entities 2. Standards - Administrative Safeguards 3. Standards - Physical Safeguards 4. Standards - Technical Safeguards 5. Standards - Organizational, Policies &
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationHIPAA Security Checklist
HIPAA Security Checklist The following checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR 164.300
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationMontclair State University. HIPAA Security Policy
Montclair State University HIPAA Security Policy Effective: June 25, 2015 HIPAA Security Policy and Procedures Montclair State University is a hybrid entity and has designated Healthcare Components that
More informationCLINICAL DATA MONITORING PLAN (CDMoP) PROTOCOL # [0000] [TITLE]
CLINICAL DATA MONITORING PLAN (CDMoP) PROTOCOL # [0000] [TITLE] CONTRACT RESEARCH ORGANIZATION SPONSOR [NAME] [ADDRESS] 1 TABLE OF CONTENTS 1. Purpose 3 2. References 3 3. Study Roles and Responsibilities
More informationGuidance for Industry Computerized Systems Used in Clinical Investigations
Guidance for Industry Computerized Systems Used in Clinical Investigations U.S. Department of Health and Human Services Food and Drug Administration (FDA) Office of the Commissioner (OC) May 2007 Guidance
More informationHIPAA Audit Processes HIPAA Audit Processes. Erik Hafkey Rainer Waedlich
HIPAA Audit Processes Erik Hafkey Rainer Waedlich 1 Policies for all HIPAA relevant Requirements and Regulations Checklist for an internal Audit Process Documentation of the compliance as Preparation for
More informationAppendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice
Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationGood Documentation Practices
Good Documentation Practices Clinical Research Operations & Regulatory Support Ann Glasse, RN, BSN, MBA Director, Regulatory Support Author: Johanna Stamates, RN, MA, CCRC, CHRC Objectives Recognize the
More informationReflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials
09 June 2010 EMA/INS/GCP/454280/2010 GCP Inspectors Working Group (GCP IWG) Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical
More informationPennsylvania Department of Public Welfare. Bureau of Information Systems OBSOLETE. Secure E-Mail User Guide. Version 1.0.
Pennsylvania Department of Public Welfare Bureau of Information Systems Secure E-Mail User Guide Version 1.0 August 30, 2006 Table of Contents Introduction... 3 Purpose... 3 Terms of Use Applicable to
More informationHIPAA Security and HITECH Compliance Checklist
HIPAA Security and HITECH Compliance Checklist A Compliance Self-Assessment Tool HIPAA SECURITY AND HITECH CHECKLIST The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires physicians
More informationSAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION
SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION Please Note: 1. THIS IS NOT A ONE-SIZE-FITS-ALL OR A FILL-IN-THE BLANK COMPLIANCE PROGRAM.
More informationHIPAA SECURITY RULES FOR IT: WHAT ARE THEY?
HIPAA SECURITY RULES FOR IT: WHAT ARE THEY? HIPAA is a huge piece of legislation. Only a small portion of it applies to IT providers in healthcare; mostly the Security Rule. The HIPAA Security Rule outlines
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More informationPREP Course #27: Medical Device Clinical Trial Management
PREP Course #27: Medical Device Clinical Trial Management Presented by: Evelyn Huang Jeffrey Revello Office of Research Compliance North Shore-LIJ Health System CME Disclosure Statement The North Shore
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationHow Managed File Transfer Addresses HIPAA Requirements for ephi
How Managed File Transfer Addresses HIPAA Requirements for ephi 1 A White Paper by Linoma Software INTRODUCTION As the healthcare industry transitions from primarily using paper documents and patient charts
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationSecuring the FOSS VistA Stack HIPAA Baseline Discussion. Jack L. Shaffer, Jr. Chief Operations Officer
Securing the FOSS VistA Stack HIPAA Baseline Discussion Jack L. Shaffer, Jr. Chief Operations Officer HIPAA as Baseline of security: To secure any stack which contains ephi (electonic Protected Health
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationHIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER
HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information
More informationFull Compliance Contents
Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex
More informationHIPAA Security Series
7 Security Standards: Implementation for the Small Provider What is the Security Series? The security series of papers provides guidance from the Centers for Medicare & Medicaid Services (CMS) on the rule
More informationResearch and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,
Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman, Department of Biomedical Informatics Vanderbilt University School
More informationSolution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized
More informationPREP Course #23: Privacy and IT Security for Researchers
PREP Course #23: Privacy and IT Security for Researchers Presented by: Emmelyn Kim, Office of Research Compliance & Debbie Wright, Office of Corporate Compliance CME Disclosure Statement The North Shore
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationSponsor Site Questionnaire FAQs Regarding Maestro Care
Sponsor Site Questionnaire FAQs Regarding Maestro Care Data Security and Validation 1. Are the electronic source documents or computer systems specific to the site and/or developed by the site? a. Developed
More informationHIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013
HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com
More informationSynapse Privacy Policy
Synapse Privacy Policy Last updated: April 10, 2014 Introduction Sage Bionetworks is driving a systems change in data-intensive healthcare research by enabling a collective approach to information sharing
More informationHIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE
HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation
More informationRemote Monitoring of Clinical Trials and EMRs
Remote Monitoring of Clinical Trials and EMRs Sandra SAM Sather, MS, BSN, CCRA, CCRC Vice-President Clinical Pathways LLC samsather@clinicalpathwaysresearch.com Lindsey Spangler, J.D. Associate Director,
More informationHIPAA Audit Risk Assessment - Risk Factors
I II Compliance Compliance I Compliance II SECTION ONE COVERED ENTITY RESPONSIBILITIES AREA ONE Notice of Privacy Practices 1 Is your full notice of privacy practices given to every new patient in your
More informationUNIVERSITY OF CALIFORNIA, SANTA CRUZ 2015 HIPAA Security Rule Compliance Workbook
Introduction Per UCSC's HIPAA Security Rule Compliance Policy 1, all UCSC entities subject to the HIPAA Security Rule ( HIPAA entities ) must implement the UCSC Practices for HIPAA Security Rule Compliance
More informationWHITEPAPER Complying with HIPAA LogRhythm and HIPAA Compliance
WHITEPAPER Complying with HIPAA LogRhythm and HIPAA Compliance Complying With HIPAA The Department of Health and Human Services (HHS) enacted the Health Insurance Portability and Accountability Act of
More informationComprehensive Study Documents List (Biomedical Studies)
Comprehensive Study Documents List (Biomedical Studies) Investigators conducting human subjects research must maintain study documents in adherence to federal and state regulations, USC policies, and good
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More informationHIPAA PRIVACY AND SECURITY FOR EMPLOYERS
HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative
More informationEnsuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services
Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and
More informationState HIPAA Security Policy State of Connecticut
Health Insurance Portability and Accountability Act State HIPAA Security Policy State of Connecticut Release 2.0 November 30 th, 2004 Table of Contents Executive Summary... 1 Policy Definitions... 3 1.
More informationThe Study Site Master File and Essential Documents
The Study Site Master File and Essential Documents Standard Operating Procedure Office of Health and Medical Research Queensland Health SOP reference: 002 Version number: 1 Effective date: 01 June 2010
More informationUse of Electronic Health Record Data in Clinical Investigations
Use of Electronic Health Record Data in Clinical Investigations Guidance for Industry DRAFT GUIDANCE This guidance document is being distributed for comment purposes only. Comments and suggestions regarding
More informationROLE OF THE RESEARCH COORDINATOR
Clinical and Translational Science Institute / CTSI at the University of California, San Francisco Welcome to Online Training for Clinical Research Coordinators ROLE OF THE RESEARCH COORDINATOR Data Collection
More informationAn Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance
An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security
More informationHIPAA HANDBOOK. Keeping your backup HIPAA-compliant
The federal Health Insurance Portability and Accountability Act (HIPAA) spells out strict regulations for protecting health information. HIPAA is expansive and can be a challenge to navigate. Use this
More informationHIPAA and Mental Health Privacy:
HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationHIPAA Security Overview of the Regulations
HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.
More informationC.T. Hellmuth & Associates, Inc.
Technical Monograph C.T. Hellmuth & Associates, Inc. Technical Monographs usually are limited to only one subject which is treated in considerably more depth than is possible in our Executive Newsletter.
More informationNova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1
Nova Southeastern University Standard Operating Procedure for GCP Title: Electronic Source Documents for Clinical Research Study Version # 1 SOP Number: OCR-RDM-006 Effective Date: August 2013 Page 1 of
More informationGCP INSPECTORS WORKING GROUP <DRAFT> REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS
European Medicines Agency London, 17 October 2007 Doc. Ref. EMEA/505620/2007 GCP INSPECTORS WORKING GROUP REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS
More informationHIPAA. considerations with LogMeIn
HIPAA considerations with LogMeIn Introduction The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in 1996, requires all organizations that maintain or transmit electronic
More informationEnsuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services
Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority
More informationManaging & Validating Research Data
Research Management Standard Operating Procedure ISOP-H02 VERSION / REVISION: 2.0 EFFECTIVE DATE: 01 03 12 REVIEW DATE: 01 03 14 AUTHOR(S): CONTROLLER(S): APPROVED BY: Information Officer; NBT Clinical
More informationThe Monitoring Visit. Denise Owensby, CCRP Sr. Clinical Research Coordinator Clinical & Translational Science Center University of California, Davis
The Monitoring Visit Denise Owensby, CCRP Sr. Clinical Research Coordinator Clinical & Translational Science Center University of California, Davis Disclosure The information herein is not intended to
More informationInternet Banking Internal Control Questionnaire
Internet Banking Internal Control Questionnaire Completed by: Date Completed: 1. Has the institution developed and implemented a sound system of internal controls over Internet banking technology and systems?
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationHIPAA Privacy & Security Health Insurance Portability and Accountability Act
HIPAA Privacy & Security Health Insurance Portability and Accountability Act ASSOCIATE EDUCATION St. Elizabeth Medical Center Origin and Purpose of HIPAA In 2003, Congress enacted new rules that would
More informationDeltaV Capabilities for Electronic Records Management
January 2013 Page 1 DeltaV Capabilities for Electronic Records Management This paper describes DeltaV s integrated solution for meeting FDA 21CFR Part 11 requirements in process automation applications
More informationHIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards
More informationRAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER
RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationCREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy
CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE
More informationWelcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security
Welcome to part 2 of the HIPAA Security Administrative Safeguards presentation. This presentation covers information access management, security awareness training, and security incident procedures. The
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationHealthcare Management Service Organization Accreditation Program (MSOAP)
ELECTRONIC HEALTHCARE NETWORK ACCREDITATION COMMISSION (EHNAC) Healthcare Management Service Organization Accreditation Program (MSOAP) For The HEALTHCARE INDUSTRY Version 1.0 Released: January 2011 Lee
More informationComputerized Systems Used in Medical Device Clinical Investigations
Computerized Systems Used in Medical Device Clinical Investigations Presented by Jonathan Helfgott Consumer Safety Officer Division of Bioresearch Monitoring Office of Compliance Center for Devices and
More informationTools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala
Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System White Paper By Frank Tontala Agilent Technologies Software & Informatics Life Sciences & Chemical Analysis Group
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationHIPAA Security Matrix
HIPAA Matrix Hardware : 164.308(a)(1) Management Process =Required, =Addressable Risk Analysis The Covered Entity (CE) can store its Risk Analysis document encrypted and offsite using EVault managed software
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,
More informationHIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as
HIPAA Compliance (DSHS and HCA) Preamble: This section of the Contract is the Business Associate Agreement as required by HIPAA. 1. Definitions. a. Business Associate, as used in this Contract, means the
More informationAUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS
AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS OBJECTIVE Increase your IT vocab so that you can assess the risks related to your audits of EHRs and/or EHR related data AGENDA What
More information