260 likes | 433 Views
RULES OF THE ROAD: SUCCESSFULLY NAVIGATING THE GUIDEPOSTS ON THE SOCIAL MEDIA HIGHWAY. KENNETH N. RASHBAUM, ESQ. RASHBAUM ASSOCIATES, LLC. AGENDA: NAVIGATING ROAD OBSTACLES WITH SOCIAL MEDIA GPS. REGULATORY NETWORK: FDA, FTC, CMS (HIPAA) PRIVACY AND SECURITY LAWS (DOMESTIC AND GLOBAL)
E N D
RULES OF THE ROAD: SUCCESSFULLY NAVIGATING THE GUIDEPOSTS ON THE SOCIAL MEDIA HIGHWAY • KENNETH N. RASHBAUM, ESQ. • RASHBAUM ASSOCIATES, LLC
AGENDA: NAVIGATING ROAD OBSTACLES WITH SOCIAL MEDIA GPS • REGULATORY NETWORK: FDA, FTC, CMS (HIPAA) • PRIVACY AND SECURITY LAWS (DOMESTIC AND GLOBAL) • OVERCOMING FEAR AND MISUNDERSTANDING • SOCIAL MEDIA GPS: DIALOGUE WITH COMPLIANCE AND LEGAL; INTERDISCIPLINARY DRAFTING OF PRACTICABLE POLICIES AND PROCEDURES; TRAINING AND COMPLIANCE MONITORING
SIGNS AND DIVIDING LINES • FDA PART 15 HEARINGS AND ANTICIPATE D GUIDANCE(WILL IT EVER COME?) • FTC GUIDELINES • U.S. PRIVACY LAWS: HIPAA, FEDERAL SUBSTANCE ABUSE PROTECTIONS, STATE PRIVACY LAWS • PRIVACY LAWS OUTSIDE THE U.S.: PERSONAL INFORMATION EXPORT RESTRICTIONS (EX: GOOGLE CONVICTION IN ITALY) AND PROHIBITIONS ON EMPLOYEE TECHNOLOGY USE MONITORING
HAZARD SIGNS: COMPLIANCE, RISK AND LEGAL • FEAR AND MISUNDERSTANDING: • SOCIAL MEDIA IS EVERYWHERE. THEREFORE, RISK IS EVERYWHERE!!! • WE CANNOT CONTROL IT, SO IT MUST BE STOPPED! • BUSINESS UNITS MAY HAVE SOMETHING TO SAY AOBUT THAT, THOUGH • HOW BRIDGE THE GAP TO CREATE ALLIES?
OLD PARADIGM: FEAR • “BEWARE OF HEALTH BOOKS. YOU MAY DIE OF A MISPRINT.” MARK TWAIN • “THE FUTURE IS JUST ONE DAMN THING AFTER ANOTHER.” WALTER O’MALLEY • “WE ARE DIFFERENT, SO HIGHLY REGULATED WE JUST CAN’T ENGAGE IN SOCIAL MEDIA.” ANONYMOUS PHARMACEUTICAL EXECUTIVE
NEW PARADIGM: RESPONSIBLY EMBRACING THE MEDIUM • “PRECISELY BECAUSE OF THE ‘SPECIAL DIFFERENCE’ (AND) THE (INDUSTRY’S) RESPONSIBILITY OF ADVANCING THE PUBLIC HEALTH AGENDA, THESE COMPANIES MUST ENGAGE ACTIVELY AND CREATIVELY IN SOCIAL MEDIA.” PETER J. PITTS, DIRECTOR, GLOBAL HEALTH, PORTER NOVELLI
UNDERSTANDING THROUGH DIALOGUE • WORKING KNOWLEDGE OF THE REGULATORY AND LEGAL FRAMEWORK FACILITATES THE CONVERSATION • ROAD SIGNS NEED NOT BE ROAD BLOCKS • DISCUSS HOW TO INCORPORATE GUIDEPOSTS INTO MORE EFFECTIVE POLICIES AND PROCEDURES FOR SOCIAL MEDIA UTILIZATION
FDA PART 15 HEARINGS • FIVE QUESTIONS CONSIDERED: • 1. ACCOUNTABILITY FOR ONLINE COMMUNICATIONS? • 2. HOW CAN THESE COMPANIES FULFILL REGULATORY REQUIREMENTS (FAIR BALANCE, POST-MARKETING SUBMISSIONS, SAFETY, ETC.) IN SPACE-LIMITING MEDIA? • 3. WHAT PARAMETERS SHOULD APPLY TO POSTING OF CORRECTIVE INFORMATION?
FDA PART 15 HEARINGS • 4. WHEN IS THE USE OF LINKS APPROPRIATE (I.E., HOW MANY PEOPLE CLICK ON THE LINKS, WHICH MAY CONTAIN HIGHLY PERTINENT INFORMATION? • EX: SAFETY INFORMATION, SIDE EFFECTS. ATTORNEYS AND ACCOUNTANTS FACE SIMILAR ISSUES IN THEIR DISCLAIMER REQUIREMENTS
FDA PART 15 HEARINGS • 5. QUESTIONS ON INTERNET AS A VEHICLE FOR ADVERSE EVENT REPORTING • MONITORING SITES CAN UNEARTH ADVERSE EVENTS, TRIGGERING REPORTING OBLIGATIONS. CAN/SHOULD COMPANIES REFRAIN FROM MONITORING FOR FEAR OF FINDING ADVERSE EVENTS? • HOW SIGNIFICANT IS THIS ISSUE: TO WHAT EXTENT WOULD PATIENTS “REPORT” ON SOCIAL MEDIA SITES? • IDENTIFIABLE PATIENT AND REPORTER REQUIRED. WHAT OF ANONYMOUS OR PSEUDONYM POSTINGS?
FDA PART 15 HEARINGS: MANY PRESENTATIONS, LITTLE INSIGHT • AE, SPACE-LIMITING MEDIA, MECHANISMS FOR CORRECTION OF INFORMATION DISCUSSED BUT NO REAL INDICATION OF WHAT, HOW OR WHEN FDA WILL ISSUE GUIDANCE • FDA LIMITATIONS: STATUTORY AUTHORITY LIMITED PURSUANT TO FOOD, DRUG AND COSMETIC ACT (FTC MAY HAVE GREATER JURISDICTION); FIRST AMENDMENT ISSUES
FTC GUIDELINES • FEDERAL JURISDICTION OVER “ADVERTISING” • LIABILITY FOR FALSE STATEMENTS ABOUT PRODUCT • GUIDELINES REQUIRE DISCLOSURE OF AFFILIATION, I.E., EMPLOYMENT OR OTHER RELATIONSHIP WITH COMPANY
FTC GUIDELINES • TWITTER AND OTHER SPACE-LIMITING MEDIA AND DISCLOSURES: • “IF YOU CAN’T MAKE THE DISCLOSURES YOU CAN’T MAKE THE AD.” RICHARD CLELAND, ASSOCIATE DIRECTOR, ADVERTISING DIVISION • ARE LINKS SUFFICIENT? WITH WHAT INCIDENCE dO PEOPLE CLICK LINKS? (ATTORNEYS AND ACCOUNTANTS FACE SIMILAR ISSUES WITH THEIR REQUIRED DISCLAIMERS)
HIPAA AND HITECH • FEDERAL PRIVACY “FLOOR:” STATES CAN ENACT STRICTER PRIVACY PROTECTIONS (I.E., MASSACHUSETTS; CALIFORNIA; NEW YORK ON HIV/AIDS AND REPRODUCTIVE HEALTH) • INFORMATION IDENTIFIABLE TO A PATIENT BY ONE OR MORE OF 18 IDENTIFIERS CANNOT BE DISCLOSED WITHOUT PATIENT CONSENT • HIPAA PENALTIES AND ENFORCEMENT SIGNIFICANTLY INCREASED UNDER HITECH (PART OF ARRA “STIMULUS”) • NOT ALL PHARMACEUTICALS ARE COVERED BY HIPAA
HIPAA AND HITECH • CONSTRAINTS ON “MARKETING ACTIVITIES” IN HIPAA ENHANCED UNDER HITECH: NO REMUNERATION FOR PHI WITHOUT EXECUTED AUTHORIZATION • CONSIDER PRIVACY AWARENESS OF WORK FORCE MEMBERS WHO USE SOCIAL MEDIA • ADDITIONAL REQUIREMENTS: PORTABLE MEDIA SAFEGUARDS; ACCESS CONTROLS TO MEDIA WITH PHI; ENCRYPTION OF PHI AT REST AND IN TRANSMISSION
PENDING LEGISLATION: BOUCHER(D)-STEARNS (R) BILL • EXTENSIVE PRIVACY COVERAGE: • PRIVACY NOTICE AND OPPORTUNITY TO OPT-OUT OF COLLECTION OR USE OF COVERED INFORMATION • MUST OBTAIN OPT-IN BEFORE SHARING COVERED INFORMATION WITH UNAFFILIATED PARTIES • PREPARE AND IMPLEMENT PHYSICAL, ADMINISTRATIVE AND TECHNICAL SAFEGUARDS ON COVERED INFORMATION • ENFORCEMENT AUTHORITY GIVEN TO FTC
PRIVACY MINEFIELD FOR MULTINATIONALS • EUROPEAN UNION PRIVACY DIRECTIVES AND ENABLING LEGISLATION: “PERSONAL INFORMATION” CANNOT BE TRANSMITTED BEYOND EEA WITHOUT DATA SUBJECT’S CONSENT • “PERSONAL INFORMATION” IS BROADLY DEFINED • EASY TO GET CAUGHT IN PRIVACY ENFORCEMENT NET: • RECENT CONVICTION OF GOOGLE FOR YOU TUBE VIDEO UPLOADED FROM ITALY
MULTINATIONAL PRIVACY MINEFIELD • IN MANY COUNTRIES, SUCH AS GERMANY, EMPLOYEE CONSENT IS CONSIDERED INVOLUNTARY • MOST MONITORING OF EMPLOYEE TECHNOLOGY USE IS A CRIMINAL OFFENSE IN CERTAIN EUROPEAN UNION MEMBER STATES • MONITORING SOCIAL MEDIA POLICY COMPLIANCE BECOMES VERY DIFFICULT • SOLUTION: EFFECTIVE, PRACTICABLE SOCIAL MEDIA POLICIES AND PROCEDURES AND TRAINING
ACQUIRING SOCIAL MEDIA GPS • GAP ANALYSIS OF EXISTING POLICIES AND PROCEDURES • INTERDISCIPLINARY WORK GROUP TO REVISE PROTOCOLS OR PREPARE NEW ONES • FACILITATED INTERNALLY OR BY OUTSIDE COUNSEL OR CONSULTANTS • MAKE THE BUSINESS CASE FOR SOCIAL MEDIA • BRING IN: BUSINESS OWNERS, RISK, COMPLIANCE/PRIVACY, LEGAL, IT
SOCIAL MEDIA GPS: POLICIES AND PROCEDURES • INCLUDE PROCEDURES REQUIRED BY REGULATIONS • FTC: IDENTIFY YOUR AFFILIATION • HIPAA: NO DISCLOSURES OF INFORMATION LEADING TO IDENTIFICATION OF PATIENTS; PHI SAFEGUARDS • APPENDICES FOR STATE RULES AND/OR FOREIGN PROVISIONS • ANTICIPATE TRENDS AND REGULATORY CHANGES (SUCH AS POTENTIAL FDA GUIDANCE AND HIPAA GUIDANCE DOCUMENTS FROM CMS)
POLICIES AND PROCEDURES • SHORT, PLAIN ENGLISH AND INCORPORATE GRC PRINCIPLES (GOVERNANCE, RISK AND COMPLIANCE) • MOST POLICIES INCORPORATE PROCEDURES, AND RARELY EXCEED FIVE PAGES • REFER TO CONTINUING OBLIGATION TO COMPLY WITH EXISTING INFORMATION POLICIES AND PROCEDURES (SUCH AS PROTECTING CONFIDENTIALITY) • CONSIDER INCLUSION OF STATEMENT OF ETHICS ( I.E., CORRECTION POLICY, ACCURATE AND FACTUAL POSTINGS, MAINTAINING COMPANY CREDIBILITY)
POLICIES AND PROCEDURES • TECHNOLOGY CHANGING QUICKLY; LAW AND REGULATORY AGENCIES ARE RUNNING TO CATCH UP • REVISIT POLICIES OFTEN AND UPDATE AS NEEDED • PROVIDE FOR FLEXIBILITY IN THE POLICIES: CONTENT, ACCESS (WHO CAN CONTRIBUTE), MEDIA CHOICES, NON-COMPANY MEDIA USAGE, ETC.
TRAINING • THREE MODES: CLASSROOM, ON-LINE, COMBINATION • SCALABLE BY JOB TITLE AND FUNCTION • ALL DISCIPLINES INVOLVED MUST ATTEND • DOCUMENT the TRAINING: NECESSARY IF PROBLEMS ARISE LATER, TO SHOW REASONABLE STEPS IN COMPLIANCE • DEPLOY REMINDER POP-UPS PERIODICALLY, AND HOLD REMINDER SESSIONS
COMPLIANCE MONITORING • REVIEW CORPORATE POLICY ON MONITORING OF INTERNET USAGE • PERIODIC COMPLIANCE AUDITS • OBTAIN COUNSEL ON FEDERAL AND STATE LAWS • OUTSIDE U.S., OBTAIN LOCAL COUNSEL; CONSIDER AUDITS BY INTERVIEW
CONCLUSION: ARRIVE SAFELY • INCLUSIVENESS AND FLEXIBILITY • DIALOGUE • INTERDISCIPLINARY PROTOCOL DRAFTING • DRAFT TO THE USE NOT THE TECHNOLOGY • TRAIN • MONITOR COMPLIANCE
QUESTIONS? • KENNETH N. RASHBAUM, ESQ. • RASHBAUM ASSOCIATES, LLC, 212-421-2823 • KRASHBAUM@RASHBAUMASSOCIATES.COM • WWW.RASHBAUMASSOCIATES.COM