1 / 20

Privacy Officers’ Perspective In the Pharmaceutical Industry

Privacy Officers’ Perspective In the Pharmaceutical Industry. Jean-Paul Hepp, Ph.D. Director, Global Privacy. HIPAA Audio-conferences May, 29th 2002. Privacy Issues Healthcare PIHI. e-Mail: Prozac Persistency Program Persistent Cookies Hacking MR Washington Hospital CVS Case.

rae
Download Presentation

Privacy Officers’ Perspective In the Pharmaceutical Industry

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Officers’ Perspective In the Pharmaceutical Industry Jean-Paul Hepp, Ph.D. Director, Global Privacy HIPAA Audio-conferences May, 29th 2002

  2. Privacy Issues Healthcare PIHI • e-Mail: Prozac Persistency Program • Persistent Cookies • Hacking MR Washington Hospital • CVS Case

  3. Right of Privacy • The claim of individuals to determine for themselves when, how and to what extent information about them is communicated. • What kind of Information • How we use it • Who we are sharing it with

  4. PII, IIIPIHI, PHI, IIHI • Personal identifiable information (PII) means any confidential or sensitive information that can be related back to an individual. • Personal identifiable health information (PIHI) means information about an individual’s health.

  5. Identifiers Final Standards for Privacy of Individually Identifiable Health Information a. Names; b. All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code and equivalent geocodes, except for the initial three digits of a zip code, if, according to current census data, (i) the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people, and (ii) the initial three digits of a zip code for all geographic units containing 20,000 or fewer people is changed to 000; c. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death, and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older; d. Telephone numbers; e. Fax numbers; f. Electronic mail addresses; g. Social security numbers h. Medical record numbers; i. Health plan beneficiary numbers; j. Account numbers; k. Certificate/license numbers; l. Vehicle identifiers and serial numbers, including license plate numbers; m. Device identifiers and serial numbers; n. Web Universal Resource Locator (URL); o. Internet Protocol (IP) address number; p. Biometric identifiers, including finger or voice prints; q. Full face photographic images and any comparable images; and r. Any other unique identifying number, characteristic or code.

  6. Regulatory/Legal environmentPrivacy & Security • Federal Regulations and Investigations • State laws • Attorney General’s actions • Litigation • EU Safe Harbor • Canada…..

  7. Federal Laws • HIPAA • Federal Trade Commission Act • Children’s Online Protection Rule [“COPPA’] • Privacy Act of 1974 • Gramm-Leach Bliley Act • Electronic Communications Act of 1986 • Others • 12 Proposed Statutes 7

  8. HIPAA (Health Insurance Portability and Accountability Act) • Requires (DHHS) to develop standards and requirements for maintenance and transmission of health information that identifies individual patients. • Protect the security and confidentiality of electronic and other health information.

  9. For The Pharmaceutical Industry The Rule May Affect: • HR • Sales • Marketing and Market research • Patient refill, reminder, persistency programs • Product-feedback • Epidemiology

  10. For The Pharmaceutical Industry The Rule May Affect: • R&D • Clinical trials • Biostatistical analysis • Outcomes or economics studies • Disease management programs • Pharmacy benefits programs • Drug safety monitoring

  11. Privacy Data within External Activities Internal Activities Global Supply • Distribution • Order processing R&D • Clinical trials and enrollment • R&D Databases Sales • Detailing • Targeting information Marketing • Targeting • Opinion Leader program HR • Recruitment • Global Talent Pool

  12. Mapping Identification of Regulations and Legal Pitfalls and Tracking of Information Flow: • Regions • Customers • Channels • Technology

  13. MappingRegions/MCs • USA: Federal + States • EU: EC + separate countries • Asia/Pacific • S. America

  14. Mapping‘Customers’ • Patients (adult/children...) • Healthcare professionals (nurses/physicians...) • Wholesalers/Pharmacies • Managed care • 3rd party payers • Employees

  15. MappingChannels • R&D • Marketing • Managed Markets • HR • Sales

  16. Intranet/Internet Mapping Technology (e-) Mobile Client Handheld Client Connected Client ThinClient Wireless Client Ref: MyDrugRep.com

  17. Right of Privacy • The claim of individuals to determine for themselves when, how and to what extent information about them is communicated. • What Information • How we use it • Who we are sharing it with

  18. Data Privacy Agreement Customer Contact Center (Phone, Fax, Email) eMarketplace Partner Educational Forum .com database Fulfillment House Pharma Physicians .com Marketing Sales Rep Calls Ref: MyDrugRep.com

  19. Points of Access • Pharmaceutical Company Employees • Third Party Developers/Contractors • Third Party Hosting Company • Subcontractors of Third Party Hosting Company • Third Party Transmission Company • Third Party Service Provider • Other Points of Access or Links 19

  20. 5. Privacy Officer “The PO has the responsibility for the creation, implementation and maintenance of the company’s privacy compliance related activities”

More Related