Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Case Study: Pharmaceuticals
Document related concepts
no text concepts found
Transcript
Case Study: Pharmaceuticals Patrick F. Sullivan, Ph.D. 939 North Graham Avenue, Indianapolis, IN 46219 317-352-1362 [email protected] Background Clinical research division of major pharmaceutical Scope of program covers clinical trials and drug safety and surveillance worldwide Program is located in divisional compliance function, under direction of Data Privacy & Security Compliance Area Manager 2 Pharma Research- What’s Different No consumer privacy issues- no research data go outside the division’s databases, no marketing functions in research division, no marketing data comes in Research context changes application of Fair Information Practices Notice- Consent for participation in protocol; HIPAA authorization to transfer data for research purposes; country-specific consents; general notice Choice/consent- Everything is consent driven or required by regulation; “opt-out” isn’t a relevant concept Limitation- Protocol, regulatory requirements determine minimum data; data types may differ- personal data, family history, tissue sample, genetic 3 Pharma Research- What’s Different Access- Difficult to unblind a study; access could expose other’s data; pharma typically gets minimal identifiers- most identifiable data stays with investigator Onward transfer- Disclosures are to regulatory agencies or other investigators, required by regulation (GCPs, Pharmacovigilance) Data import compliance is a more salient issue Data Integrity- Data accuracy is essential to research; significant SOPs, divisional procedures focused on data accuracy, relevance, currency 4 Pharma Research- What’s different Regulatory environment is more complex Good Clinical Practices, other protections of human subjects HIPAA is limited in research context- pharmas are not covered entities; authorizations for transfer from investigator, subsequent research use of data are issues Part 11- electronic records, digital signature; validation, security, audit trail concerns International- EU Clinical Trials Directive requires compliance with Data Protection Directive- raises stakes for privacy compliance, transborder data flow compliance 5 Program Organization Administrative • Accountability • Policy/Planning Operational • Data Subject Rights Fair Information Practices • Data Processing Controls Manage/Maintain Corporate Compliance Program Requirements • Monitoring & due diligence • Training • Complaints/inquiry • Response to noncompliance 6 Our Approach Define core privacy practices, create compliance guidelines- drive through enforceable policy (corporate information, compliance, business practice & security policies) Map data flow Create control objectives for privacy compliance Identify data flow control points, review & index SOPs Revise SOPs as needed Create accountability, maintenance infrastructure and procedure Create 04-05 updates and continuation/monitoring plans 7
