1 / 26

RULES OF THE ROAD: SUCCESSFULLY NAVIGATING THE GUIDEPOSTS ON THE SOCIAL MEDIA HIGHWAY

RULES OF THE ROAD: SUCCESSFULLY NAVIGATING THE GUIDEPOSTS ON THE SOCIAL MEDIA HIGHWAY. KENNETH N. RASHBAUM, ESQ. RASHBAUM ASSOCIATES, LLC. AGENDA: NAVIGATING ROAD OBSTACLES WITH SOCIAL MEDIA GPS. REGULATORY NETWORK: FDA, FTC, CMS (HIPAA) PRIVACY AND SECURITY LAWS (DOMESTIC AND GLOBAL)

kathryn
Download Presentation

RULES OF THE ROAD: SUCCESSFULLY NAVIGATING THE GUIDEPOSTS ON THE SOCIAL MEDIA HIGHWAY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RULES OF THE ROAD: SUCCESSFULLY NAVIGATING THE GUIDEPOSTS ON THE SOCIAL MEDIA HIGHWAY • KENNETH N. RASHBAUM, ESQ. • RASHBAUM ASSOCIATES, LLC

  2. AGENDA: NAVIGATING ROAD OBSTACLES WITH SOCIAL MEDIA GPS • REGULATORY NETWORK: FDA, FTC, CMS (HIPAA) • PRIVACY AND SECURITY LAWS (DOMESTIC AND GLOBAL) • OVERCOMING FEAR AND MISUNDERSTANDING • SOCIAL MEDIA GPS: DIALOGUE WITH COMPLIANCE AND LEGAL; INTERDISCIPLINARY DRAFTING OF PRACTICABLE POLICIES AND PROCEDURES; TRAINING AND COMPLIANCE MONITORING

  3. SIGNS AND DIVIDING LINES • FDA PART 15 HEARINGS AND ANTICIPATE D GUIDANCE(WILL IT EVER COME?) • FTC GUIDELINES • U.S. PRIVACY LAWS: HIPAA, FEDERAL SUBSTANCE ABUSE PROTECTIONS, STATE PRIVACY LAWS • PRIVACY LAWS OUTSIDE THE U.S.: PERSONAL INFORMATION EXPORT RESTRICTIONS (EX: GOOGLE CONVICTION IN ITALY) AND PROHIBITIONS ON EMPLOYEE TECHNOLOGY USE MONITORING

  4. HAZARD SIGNS: COMPLIANCE, RISK AND LEGAL • FEAR AND MISUNDERSTANDING: • SOCIAL MEDIA IS EVERYWHERE. THEREFORE, RISK IS EVERYWHERE!!! • WE CANNOT CONTROL IT, SO IT MUST BE STOPPED! • BUSINESS UNITS MAY HAVE SOMETHING TO SAY AOBUT THAT, THOUGH • HOW BRIDGE THE GAP TO CREATE ALLIES?

  5. OLD PARADIGM: FEAR • “BEWARE OF HEALTH BOOKS. YOU MAY DIE OF A MISPRINT.” MARK TWAIN • “THE FUTURE IS JUST ONE DAMN THING AFTER ANOTHER.” WALTER O’MALLEY • “WE ARE DIFFERENT, SO HIGHLY REGULATED WE JUST CAN’T ENGAGE IN SOCIAL MEDIA.” ANONYMOUS PHARMACEUTICAL EXECUTIVE

  6. NEW PARADIGM: RESPONSIBLY EMBRACING THE MEDIUM • “PRECISELY BECAUSE OF THE ‘SPECIAL DIFFERENCE’ (AND) THE (INDUSTRY’S) RESPONSIBILITY OF ADVANCING THE PUBLIC HEALTH AGENDA, THESE COMPANIES MUST ENGAGE ACTIVELY AND CREATIVELY IN SOCIAL MEDIA.” PETER J. PITTS, DIRECTOR, GLOBAL HEALTH, PORTER NOVELLI

  7. UNDERSTANDING THROUGH DIALOGUE • WORKING KNOWLEDGE OF THE REGULATORY AND LEGAL FRAMEWORK FACILITATES THE CONVERSATION • ROAD SIGNS NEED NOT BE ROAD BLOCKS • DISCUSS HOW TO INCORPORATE GUIDEPOSTS INTO MORE EFFECTIVE POLICIES AND PROCEDURES FOR SOCIAL MEDIA UTILIZATION

  8. FDA PART 15 HEARINGS • FIVE QUESTIONS CONSIDERED: • 1. ACCOUNTABILITY FOR ONLINE COMMUNICATIONS? • 2. HOW CAN THESE COMPANIES FULFILL REGULATORY REQUIREMENTS (FAIR BALANCE, POST-MARKETING SUBMISSIONS, SAFETY, ETC.) IN SPACE-LIMITING MEDIA? • 3. WHAT PARAMETERS SHOULD APPLY TO POSTING OF CORRECTIVE INFORMATION?

  9. FDA PART 15 HEARINGS • 4. WHEN IS THE USE OF LINKS APPROPRIATE (I.E., HOW MANY PEOPLE CLICK ON THE LINKS, WHICH MAY CONTAIN HIGHLY PERTINENT INFORMATION? • EX: SAFETY INFORMATION, SIDE EFFECTS. ATTORNEYS AND ACCOUNTANTS FACE SIMILAR ISSUES IN THEIR DISCLAIMER REQUIREMENTS

  10. FDA PART 15 HEARINGS • 5. QUESTIONS ON INTERNET AS A VEHICLE FOR ADVERSE EVENT REPORTING • MONITORING SITES CAN UNEARTH ADVERSE EVENTS, TRIGGERING REPORTING OBLIGATIONS. CAN/SHOULD COMPANIES REFRAIN FROM MONITORING FOR FEAR OF FINDING ADVERSE EVENTS? • HOW SIGNIFICANT IS THIS ISSUE: TO WHAT EXTENT WOULD PATIENTS “REPORT” ON SOCIAL MEDIA SITES? • IDENTIFIABLE PATIENT AND REPORTER REQUIRED. WHAT OF ANONYMOUS OR PSEUDONYM POSTINGS?

  11. FDA PART 15 HEARINGS: MANY PRESENTATIONS, LITTLE INSIGHT • AE, SPACE-LIMITING MEDIA, MECHANISMS FOR CORRECTION OF INFORMATION DISCUSSED BUT NO REAL INDICATION OF WHAT, HOW OR WHEN FDA WILL ISSUE GUIDANCE • FDA LIMITATIONS: STATUTORY AUTHORITY LIMITED PURSUANT TO FOOD, DRUG AND COSMETIC ACT (FTC MAY HAVE GREATER JURISDICTION); FIRST AMENDMENT ISSUES

  12. FTC GUIDELINES • FEDERAL JURISDICTION OVER “ADVERTISING” • LIABILITY FOR FALSE STATEMENTS ABOUT PRODUCT • GUIDELINES REQUIRE DISCLOSURE OF AFFILIATION, I.E., EMPLOYMENT OR OTHER RELATIONSHIP WITH COMPANY

  13. FTC GUIDELINES • TWITTER AND OTHER SPACE-LIMITING MEDIA AND DISCLOSURES: • “IF YOU CAN’T MAKE THE DISCLOSURES YOU CAN’T MAKE THE AD.” RICHARD CLELAND, ASSOCIATE DIRECTOR, ADVERTISING DIVISION • ARE LINKS SUFFICIENT? WITH WHAT INCIDENCE dO PEOPLE CLICK LINKS? (ATTORNEYS AND ACCOUNTANTS FACE SIMILAR ISSUES WITH THEIR REQUIRED DISCLAIMERS)

  14. HIPAA AND HITECH • FEDERAL PRIVACY “FLOOR:” STATES CAN ENACT STRICTER PRIVACY PROTECTIONS (I.E., MASSACHUSETTS; CALIFORNIA; NEW YORK ON HIV/AIDS AND REPRODUCTIVE HEALTH) • INFORMATION IDENTIFIABLE TO A PATIENT BY ONE OR MORE OF 18 IDENTIFIERS CANNOT BE DISCLOSED WITHOUT PATIENT CONSENT • HIPAA PENALTIES AND ENFORCEMENT SIGNIFICANTLY INCREASED UNDER HITECH (PART OF ARRA “STIMULUS”) • NOT ALL PHARMACEUTICALS ARE COVERED BY HIPAA

  15. HIPAA AND HITECH • CONSTRAINTS ON “MARKETING ACTIVITIES” IN HIPAA ENHANCED UNDER HITECH: NO REMUNERATION FOR PHI WITHOUT EXECUTED AUTHORIZATION • CONSIDER PRIVACY AWARENESS OF WORK FORCE MEMBERS WHO USE SOCIAL MEDIA • ADDITIONAL REQUIREMENTS: PORTABLE MEDIA SAFEGUARDS; ACCESS CONTROLS TO MEDIA WITH PHI; ENCRYPTION OF PHI AT REST AND IN TRANSMISSION

  16. PENDING LEGISLATION: BOUCHER(D)-STEARNS (R) BILL • EXTENSIVE PRIVACY COVERAGE: • PRIVACY NOTICE AND OPPORTUNITY TO OPT-OUT OF COLLECTION OR USE OF COVERED INFORMATION • MUST OBTAIN OPT-IN BEFORE SHARING COVERED INFORMATION WITH UNAFFILIATED PARTIES • PREPARE AND IMPLEMENT PHYSICAL, ADMINISTRATIVE AND TECHNICAL SAFEGUARDS ON COVERED INFORMATION • ENFORCEMENT AUTHORITY GIVEN TO FTC

  17. PRIVACY MINEFIELD FOR MULTINATIONALS • EUROPEAN UNION PRIVACY DIRECTIVES AND ENABLING LEGISLATION: “PERSONAL INFORMATION” CANNOT BE TRANSMITTED BEYOND EEA WITHOUT DATA SUBJECT’S CONSENT • “PERSONAL INFORMATION” IS BROADLY DEFINED • EASY TO GET CAUGHT IN PRIVACY ENFORCEMENT NET: • RECENT CONVICTION OF GOOGLE FOR YOU TUBE VIDEO UPLOADED FROM ITALY

  18. MULTINATIONAL PRIVACY MINEFIELD • IN MANY COUNTRIES, SUCH AS GERMANY, EMPLOYEE CONSENT IS CONSIDERED INVOLUNTARY • MOST MONITORING OF EMPLOYEE TECHNOLOGY USE IS A CRIMINAL OFFENSE IN CERTAIN EUROPEAN UNION MEMBER STATES • MONITORING SOCIAL MEDIA POLICY COMPLIANCE BECOMES VERY DIFFICULT • SOLUTION: EFFECTIVE, PRACTICABLE SOCIAL MEDIA POLICIES AND PROCEDURES AND TRAINING

  19. ACQUIRING SOCIAL MEDIA GPS • GAP ANALYSIS OF EXISTING POLICIES AND PROCEDURES • INTERDISCIPLINARY WORK GROUP TO REVISE PROTOCOLS OR PREPARE NEW ONES • FACILITATED INTERNALLY OR BY OUTSIDE COUNSEL OR CONSULTANTS • MAKE THE BUSINESS CASE FOR SOCIAL MEDIA • BRING IN: BUSINESS OWNERS, RISK, COMPLIANCE/PRIVACY, LEGAL, IT

  20. SOCIAL MEDIA GPS: POLICIES AND PROCEDURES • INCLUDE PROCEDURES REQUIRED BY REGULATIONS • FTC: IDENTIFY YOUR AFFILIATION • HIPAA: NO DISCLOSURES OF INFORMATION LEADING TO IDENTIFICATION OF PATIENTS; PHI SAFEGUARDS • APPENDICES FOR STATE RULES AND/OR FOREIGN PROVISIONS • ANTICIPATE TRENDS AND REGULATORY CHANGES (SUCH AS POTENTIAL FDA GUIDANCE AND HIPAA GUIDANCE DOCUMENTS FROM CMS)

  21. POLICIES AND PROCEDURES • SHORT, PLAIN ENGLISH AND INCORPORATE GRC PRINCIPLES (GOVERNANCE, RISK AND COMPLIANCE) • MOST POLICIES INCORPORATE PROCEDURES, AND RARELY EXCEED FIVE PAGES • REFER TO CONTINUING OBLIGATION TO COMPLY WITH EXISTING INFORMATION POLICIES AND PROCEDURES (SUCH AS PROTECTING CONFIDENTIALITY) • CONSIDER INCLUSION OF STATEMENT OF ETHICS ( I.E., CORRECTION POLICY, ACCURATE AND FACTUAL POSTINGS, MAINTAINING COMPANY CREDIBILITY)

  22. POLICIES AND PROCEDURES • TECHNOLOGY CHANGING QUICKLY; LAW AND REGULATORY AGENCIES ARE RUNNING TO CATCH UP • REVISIT POLICIES OFTEN AND UPDATE AS NEEDED • PROVIDE FOR FLEXIBILITY IN THE POLICIES: CONTENT, ACCESS (WHO CAN CONTRIBUTE), MEDIA CHOICES, NON-COMPANY MEDIA USAGE, ETC.

  23. TRAINING • THREE MODES: CLASSROOM, ON-LINE, COMBINATION • SCALABLE BY JOB TITLE AND FUNCTION • ALL DISCIPLINES INVOLVED MUST ATTEND • DOCUMENT the TRAINING: NECESSARY IF PROBLEMS ARISE LATER, TO SHOW REASONABLE STEPS IN COMPLIANCE • DEPLOY REMINDER POP-UPS PERIODICALLY, AND HOLD REMINDER SESSIONS

  24. COMPLIANCE MONITORING • REVIEW CORPORATE POLICY ON MONITORING OF INTERNET USAGE • PERIODIC COMPLIANCE AUDITS • OBTAIN COUNSEL ON FEDERAL AND STATE LAWS • OUTSIDE U.S., OBTAIN LOCAL COUNSEL; CONSIDER AUDITS BY INTERVIEW

  25. CONCLUSION: ARRIVE SAFELY • INCLUSIVENESS AND FLEXIBILITY • DIALOGUE • INTERDISCIPLINARY PROTOCOL DRAFTING • DRAFT TO THE USE NOT THE TECHNOLOGY • TRAIN • MONITOR COMPLIANCE

  26. QUESTIONS? • KENNETH N. RASHBAUM, ESQ. • RASHBAUM ASSOCIATES, LLC, 212-421-2823 • KRASHBAUM@RASHBAUMASSOCIATES.COM • WWW.RASHBAUMASSOCIATES.COM

More Related