Duke Ethics & Compliance Office Update 2014



Similar documents
The Monitoring Visit. Denise Owensby, CCRP Sr. Clinical Research Coordinator Clinical & Translational Science Center University of California, Davis

Remote Monitoring of Clinical Trials and EMRs

CNE Disclosures. To change this title, go to Notes Master

HIPAA Compliance Annual Mandatory Education

No Page 1 of 5. Issue Date 4/21/2014

HIPAA BUSINESS ASSOCIATE AGREEMENT

RECOMMENDATION ON THE CONTENT OF THE TRIAL MASTER FILE AND ARCHIVING

The Study Site Master File and Essential Documents

Managing & Validating Research Data

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Quality Monitoring Checklist

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019

Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL Fax HIPAA Notice of Privacy Practices ( Notice )

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

Appendix A: Rules of Behavior for VA Employees

HIPAA PRIVACY AND SECURITY AWARENESS

Study Start-Up SS STANDARD OPERATING PROCEDURE FOR Site Initiation Visit (SIV)

Data Management & Case Report Form Development in Clinical Trials. Introduction to the Principles and Practice of Clinical Research.

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, :15pm 3:30pm

Medical Privacy Version Standard. Business Associate Agreement. 1. Definitions

ROLE OF THE RESEARCH COORDINATOR

HIPAA Orientation. Health Insurance Portability and Accountability Act

2016 OCR AUDIT E-BOOK

Introducing the NASW Updated Sample HIPAA Privacy Forms and Policies

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA ephi Security Guidance for Researchers

Subject: No. Page PROTOCOL AND CASE REPORT FORM DEVELOPMENT AND REVIEW Standard Operating Procedure

Yale University Open Data Access (YODA) Project Procedures to Guide External Investigator Access to Clinical Trial Data Last Updated August 2015

Notice of Privacy Practices for Protected Health Information (PHI)

HIPAA Compliance Guide

NOTICE OF PRIVACY PRACTICES

Somansa Data Security and Regulatory Compliance for Healthcare

ROLES, RESPONSIBILITIES AND DELEGATION OF DUTIES IN CLINICAL TRIALS OF MEDICINAL PRODUCTS

River Valley Therapy & Sports Medicine, Inc. Notice of Privacy Practices

Signature Requirements for the etmf

Archiving of Research Documentation

Essential Documents for the Conduct of a Clinical Trial. Debra Dykhuis Associate Director RSO

Clinical Investigator Training Course

Clinical Trial Oversight: Ensuring GCP Compliance, Patient Safety and Data Integrity

Health Insurance Portability and Accountability Policy 1.8.4

Human Research Protection Program Good Clinical Practice Guidance for Investigators Investigator & Research Staff Responsibilities

HIPAA TRAINING. A training course for Shiawassee County Community Mental Health Authority Employees

HIPAA Training for Hospice Staff and Volunteers

RUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information

HIPAA Privacy & Security Training for Clinicians

HIPAA Audit Risk Assessment - Risk Factors

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

Winthrop-University Hospital

SECURITY RISK ASSESSMENT SUMMARY

The Regulatory Binder/Trial Master File: Essential Records for the Conduct of a Clinical Trial

GOOD CLINICAL PRACTICE: CONSOLIDATED GUIDELINE

2015 Core Clinical Research Training (CCRT)

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Authorized. User Agreement

Notice of Privacy Practices

Pre-Questions. Mastering Clinical Research July 29, 2015

8.03 Health Insurance Portability and Accountability Act (HIPAA)

Privacy and Security Meaningful Use Requirement HIPAA Readiness Review

HIPAA (Health Insurance Portability and Accountability Act) Awareness Training for Volunteers and Interns

Electronic Medical Records and Source Data for Research: What s the Difference?

Marie-Claire Rickard, GCP & Governance Manager Rachel Fay, GCP & Governance Manager Elizabeth Clough, R&D Operations Manager

NOTICE OF PRIVACY PRACTICES Allergy Treatment Center of New Jersey, P.C. Effective Date: April 14, 2003

HIPAA-G04 Limited Data Set and Data Use Agreement Guidance

Sharon H. Johnson, BS, MS 123 Main Street Capital City, VA Phone:

How Managed File Transfer Addresses HIPAA Requirements for ephi

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

What is Covered under the Privacy Rule? Protected Health Information (PHI)

Use & Disclosure of Protected Health Information by Business Associates

WHEN I WANT TO: I NEED TO SUBMIT: {for CIRB studies, see the specific FAQ}

Standard Operating Procedures (SOP) for: Reporting of Serious Breaches of GCP or the Trial Protocol sponsored CTIMP s. Lisa Austin, Research Manager

Health Insurance Portability and Accountability Act (HIPAA) Compliance Training

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

GENOA, a QoL HEALTHCARE COMPANY, LLC WEBSITE PRIVACY POLICY

Model Business Associate Agreement

The role, duties and responsibilities of clinical trials personnel Monitoring: rules and recommendations

Disclaimer. Objectives 5/30/2016

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable

Data Management in Clinical Trials

Datto Compliance 101 1

HIPAA Training for Staff and Volunteers

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA COMPLIANCE INFORMATION. HIPAA Policy

When HHS Calls, Will Your Plan Be HIPAA Compliant?

This unit will provide the structure needed to achieve successful supervision and oversight of the study. We will explain the importance of an

Dr. Adam Apfelblat 5140 Highland Road Waterford Phone: (248) Fax: (248)

OCR UPDATE Breach Notification Rule & Business Associates (BA)

C.T. Hellmuth & Associates, Inc.

LIBRARY GUIDE: Clinical Medical Device

Transcription:

Duke Ethics & Compliance Office Update 2014 Research Wednesday January 22, 2014 Margaret Groves, JD, CRA CCRP Director, CTQA Objectives Discuss the recent merger of the School of Medicine Compliance Office with the Institutional Ethics and Compliance Program Detail how this office serves the Duke Medicine clinical research community Discuss new processes and endeavors of the Duke University Ethics and Compliance Office that affects the Duke clinical research community Identify trends that CTQA has noticed in clinical research audits and recent FDA inspections What is Changing DECO Duke Ethics & Compliance Office Combined responsibility for Institutional and Medical compliance Hiring an additional director for the office 1

DECO Goals Understand resources available at DECO Compliance Review Service (CRS) Clinical Trails Quality Assurance (CTQA) University Compliance Monitoring Increase communication both ways Ensure value added process Compliance Structure at Duke DECO Future Changes Evaluate monitoring and reporting process Ensure efforts are consistent with risks Increase communication Liaison meetings, newsletters Explore new tools for monitoring and reporting Website update Compliance training 2

New Inititiatives Assisting CRUs with developing a standardized process for monitoring of studies in the CRUs and reporting to the QA committee. If we can improve monitoring CTQA may be able to reduce the number of routine reviews per year. Working with DOCR to create a monitoring group that could be available to study teams that need monitoring resources. Adverse events class development Recent Trends Medical records access Uptick in FDA visits (3 since October) Informed Consent Process Issues HIPAA Violations Signature and Delegation Log Issues Missing Data on CRFs Protocol Not Being Followed Accessing Medical Records We have seen an uptick in individuals reporting unauthorized medical records access. Do not access medical records of employees or co workers Need authorization for family members My Chart: https://www.dukemychart.org/home/duke%20mychart%20adult%20 Proxy%20Authorization%20Form.pdf Maestro Care: http://him.duhs.duke.edu/wysiwyg/downloads/employee_authorizati on.pdf Unauthorized access can result in termination 3

FDA Visits Informed consent appropriately obtained 1572s in order Financial disclosures in order Subject meet eligibility criteria Test article accountability/ disposition adequately documented Protocol specific blinding/randomization procedures were followed FDA Visits (cont d) Source documents and CRFs are consistent with the following data listings provided in the background materials: Primary efficacy endpoint Secondary efficacy endpoints related to disease progression Adverse events, serious adverse events and deaths Protocol deviations Subject randomizations Subject discontinuation Concomitant medications Note that for Verification of the primary efficacy endpoint and adverse event reporting, review of all subject records is requested. Informed Consent Process issues Use correct version of consent Reconsent subject as soon as possible after amendment requiring reconsent Initial don t just put check mark for opt in/out selections if consent requires initials Consenters must be authorized (new IRB policy) http://irb.duhs.duke.edu/wysiwyg/downloads/who_can_conduct_conse nt_process_12 20 2013.pdf All parties must sign, date and indicate time Phase in of time of consent for all signatures. 4

Informed Consent Process Issues (cont d) No phone consent without IRB approval Consenter should NEVER sign for subject. If subject is unable to sign, there should be a line for LAR signature Short form or translated consent must be IRB approved for non English speaking subjects No alteration of consent without IRB approval Subjects must be given a copy of the ICF as Duke s HIPAA Authorization is contained in the ICF. HIPAA Violations Storing research data, including Electronic Protected Health Information (ephi), on non Duke approved and/or non HIPAA compliant servers. The use of non encrypted personal computers, portable hard drives and USB thumb drives for storing research data, including ephi. Creation and maintenance/adherence to Information Security Operations Plan (ISOPS) and Research Data Security Plans (RDSPs). Collection and use of PHI without proper Subject authorization and/or HIPAA Waiver of Authorization. HIPAA Violations (cont d) Retention of Social Security Numbers in patient files without authorization from the Information Security Office (ISO). Notice of Privacy Practices (NPP) not provided to healthy Subjects per Duke policy and HIPAA regulations. (NPP Updated 9/2013) Failure to collect signed acknowledgement of receipt of the NPP or a procedure to identify subjects who have been given an NPP at first service delivery. Improper disposal and/or destruction of PHI. Contact Duke Medicine ISO before storing any VA data at Duke. VA data must be maintained in a FISMA compliant environment. 5

HIPAA Violations (cont d) Disclosure of PHI without an executed Data Use Agreement (DUA) in place and/or without Subject authorization. Transmission of Sensitive Electronic Information (SEI) and/or PHI without proper electronic security encryption. Use of personal email (Gmail, Yahoo, etc.) for Duke business. Please report suspected HIPAA issues in a timely manner, Duke has only 60 days to complete a breach investigation and corrective action. The 60 days starts as soon as the first person at Duke knows of the breach, not when the Compliance Office is notified. Signature and Delegation Log issues The investigator should maintain a list of appropriately qualified persons whom the investigator has delegated significant trial related duties. (GCP 4.1.5) Need to list all key personnel for the life of the study and list the duties they are authorized to perform on the study All personnel should sign Important to obtain original signatures Collect all required CV s and Licenses Missing Data on CRFs All blanks need to be filled in or marked N/A Data should be consistent with source documentation have a plan in place to look for transcription errors (data validation) Both paper and electronic CRFs data should agree 6

Protocol not being followed Do not make changes to a protocol without IRB approval unless imminent risk of safety to subjects then need to notify IRB immediately. Do not implement amendment changes until IRB approval is obtained. Make sure study visits in window (timeline in MC) Document monitoring if protocol requires monitoring Be sure pregnancy tests are performed as needed for research Make sure all study questionnaire being used are IRB approved Make sure adverse events documented and reported as required Summary DECO is a resource for you Share ideas and efforts Contact Information Tina R. Tyson, JD, Chief Ethics and Compliance Officer, tina.tyson@duke.edu CTQA and Billing Compliance, ctqa@mc.duke.edu Margaret Groves, Director, margaret.groves@duke.edu Tasha Carmon, Senior Compliance Auditor, tasha.carmon@duke.edu Aliki Martin, Senior Compliance Auditor, aliki.martin@dm.duke.edu Nancy Szczech, Senior Compliance Auditor, nancy.szczech@duke.edu Vivian Jordan, Compliance Auditor, vivian.jordan@duke.edu Compliance Review Services Tom Davis, Director, thomas.davis@dm.duke.edu Tara Clayton, Senior Compliance Auditor, tara.clayton@duke.edu Mike Petrichko, Senior Compliance Auditor, petri006@mc.duke.edu Michele Ragland, Senior Compliance Auditor, ragla009@duke.edu Diane Padgett, Compliance Auditor, diane.padget@duke.edu Ethics & Compliance Monitoring Ericka Kranitz, Director, ericka.kranitz@duke.edu 7

Contact Information http://medschool.duke.edu/research/compliance office http://duke.edu/services/ethicscompliance MCAdmin Clinical Trials Quality Assurance clinica4@dm.duke.edu Hotlines: Duke University: 1.800.849.9793 Duke Medicine: 1.800.826.8109 Questions? 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information