15-744: Computer Networking L-23 Privacy. 2 Overview Routing privacy Web Privacy Wireless Privacy.
Privacy Officers’ Perspective In the Pharmaceutical Industry
description
Transcript of Privacy Officers’ Perspective In the Pharmaceutical Industry
![Page 1: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/1.jpg)
Privacy Officers’ PerspectivePrivacy Officers’ Perspective
In the Pharmaceutical IndustryIn the Pharmaceutical Industry
Jean-Paul Hepp, Ph.D.Jean-Paul Hepp, Ph.D.
Director, Global PrivacyDirector, Global Privacy
HIPAA Audio-conferencesHIPAA Audio-conferences
May, 29th 2002May, 29th 2002
![Page 2: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/2.jpg)
Privacy Issues Healthcare Privacy Issues Healthcare PIHIPIHI
• e-Mail: Prozac Persistency Programe-Mail: Prozac Persistency Program
• Persistent CookiesPersistent Cookies
• Hacking MR Washington HospitalHacking MR Washington Hospital
• CVS CaseCVS Case
![Page 3: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/3.jpg)
Right of PrivacyRight of Privacy
• The claim of individuals to determine for The claim of individuals to determine for themselves when, how and to what extent themselves when, how and to what extent information about them is communicated.information about them is communicated.
1.1. What kind of InformationWhat kind of Information2.2. How we use itHow we use it3.3. Who we are sharing it withWho we are sharing it with
![Page 4: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/4.jpg)
PII, IIIPII, IIIPIHI, PHI, IIHIPIHI, PHI, IIHI
• Personal identifiable information (PII) means any confidential or sensitive information that can be related back to an individual.
• Personal identifiable health information (PIHI) means information about an individual’s health.
![Page 5: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/5.jpg)
IdentifiersIdentifiersFinal Standards for Privacy of Individually Identifiable Health Information
a. Names;b. All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code and
equivalent geocodes, except for the initial three digits of a zip code, if, according to current census data, (i) the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people, and (ii) the initial three digits of a zip code for all geographic units containing 20,000 or fewer people is changed to 000;
c. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death, and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
d. Telephone numbers;e. Fax numbers; f. Electronic mail addresses;g. Social security numbersh. Medical record numbers;i. Health plan beneficiary numbers;j. Account numbers;k. Certificate/license numbers;l. Vehicle identifiers and serial numbers, including license plate numbers;m. Device identifiers and serial numbers;n. Web Universal Resource Locator (URL);o. Internet Protocol (IP) address number;p. Biometric identifiers, including finger or voice prints;q. Full face photographic images and any comparable images; andr. Any other unique identifying number, characteristic or code.
![Page 6: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/6.jpg)
Regulatory/Legal environmentRegulatory/Legal environmentPrivacy & SecurityPrivacy & Security
• Federal Regulations and InvestigationsFederal Regulations and Investigations
• State lawsState laws
• Attorney General’s actionsAttorney General’s actions
• LitigationLitigation
• EU Safe HarborEU Safe Harbor
• Canada…..Canada…..
![Page 7: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/7.jpg)
Federal LawsFederal Laws
• HIPAAHIPAA
• Federal Trade Commission ActFederal Trade Commission Act
• Children’s Online Protection Rule [“COPPA’]Children’s Online Protection Rule [“COPPA’]
• Privacy Act of 1974Privacy Act of 1974
• Gramm-Leach Bliley ActGramm-Leach Bliley Act
• Electronic Communications Act of 1986Electronic Communications Act of 1986
• OthersOthers
• 12 Proposed Statutes12 Proposed Statutes7
![Page 8: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/8.jpg)
• RRequires (DHHS) to develop standards and equires (DHHS) to develop standards and requirements for maintenance and transmission of requirements for maintenance and transmission of health information that identifies individual patients.health information that identifies individual patients.
• Protect the security and confidentiality of electronic Protect the security and confidentiality of electronic and other health information.and other health information.
HIPAA HIPAA (Health Insurance Portability and Accountability Act)(Health Insurance Portability and Accountability Act)
![Page 9: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/9.jpg)
For The Pharmaceutical IndustryFor The Pharmaceutical Industry The Rule May Affect: The Rule May Affect:
– HR HR – SalesSales– Marketing and Market researchMarketing and Market research– Patient refill, reminder, persistency Patient refill, reminder, persistency
programsprograms– Product-feedbackProduct-feedback– EpidemiologyEpidemiology
![Page 10: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/10.jpg)
For The Pharmaceutical IndustryFor The Pharmaceutical Industry The Rule May Affect: The Rule May Affect:
– R&DR&D– Clinical trialsClinical trials– Biostatistical analysis Biostatistical analysis – Outcomes or economics studiesOutcomes or economics studies– Disease management programsDisease management programs– Pharmacy benefits programsPharmacy benefits programs– Drug safety monitoringDrug safety monitoring
![Page 11: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/11.jpg)
Order processingOrder processing
• Opinion Leader program
• R&D Databases
• Targeting information
• Distribution
• Targeting
Global Supply
Marketing
R&D
Sales
• Clinical trials and enrollment
• Detailing
External Activities Internal Activities
HR • Recruitment • Global Talent Pool
Privacy Data withinPrivacy Data within
![Page 12: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/12.jpg)
MappingMapping
Identification of Regulations and Legal Identification of Regulations and Legal Pitfalls and Tracking of Information Flow:Pitfalls and Tracking of Information Flow:
• RegionsRegions• CustomersCustomers• ChannelsChannels• TechnologyTechnology
![Page 13: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/13.jpg)
MappingMapping Regions/MCsRegions/MCs
• USA: Federal + StatesUSA: Federal + States
• EU: EC + separate countriesEU: EC + separate countries
• Asia/PacificAsia/Pacific
• S. AmericaS. America
![Page 14: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/14.jpg)
MappingMapping ‘Customers’‘Customers’
• Patients (adult/children...)Patients (adult/children...)
• Healthcare professionals Healthcare professionals (nurses/physicians...)(nurses/physicians...)
• Wholesalers/PharmaciesWholesalers/Pharmacies
• Managed careManaged care
• 3rd party payers3rd party payers
• EmployeesEmployees
![Page 15: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/15.jpg)
MappingMapping ChannelsChannels
• R&DR&D
• MarketingMarketing
• Managed MarketsManaged Markets
• HRHR
• SalesSales
![Page 16: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/16.jpg)
MappingMapping Technology (e-) Technology (e-) Mobile Client
Connected Client
ThinClient
Handheld Client
Intranet/InternetIntranet/Internet
Wireless Client
Ref: MyDrugRep.com
![Page 17: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/17.jpg)
Right of PrivacyRight of Privacy
• The claim of individuals to determine for The claim of individuals to determine for themselves when, how and to what extent themselves when, how and to what extent information about them is communicated.information about them is communicated.
1.1. What InformationWhat Information2.2. How we use itHow we use it3.3. Who we are sharing it withWho we are sharing it with
![Page 18: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/18.jpg)
eMarketplace Partner
Customer Contact Center(Phone, Fax, Email)
Sales Rep Calls
Fulfillment House
.com Marketing
Physicians
.com database
Pharma
Educational Forum
Data Privacy AgreementData Privacy Agreement
Ref: MyDrugRep.com
![Page 19: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/19.jpg)
Points of AccessPoints of Access
• Pharmaceutical Company EmployeesPharmaceutical Company Employees
• Third Party Developers/ContractorsThird Party Developers/Contractors
• Third Party Hosting CompanyThird Party Hosting Company
• Subcontractors of Third Party Hosting Subcontractors of Third Party Hosting CompanyCompany
• Third Party Transmission CompanyThird Party Transmission Company
• Third Party Service ProviderThird Party Service Provider
• Other Points of Access or LinksOther Points of Access or Links
19
![Page 20: Privacy Officers’ Perspective In the Pharmaceutical Industry](https://reader035.fdocuments.us/reader035/viewer/2022062409/56814607550346895db314b0/html5/thumbnails/20.jpg)
5. Privacy Officer5. Privacy Officer
““The PO has the responsibility for the The PO has the responsibility for the creation, implementation and maintenancecreation, implementation and maintenance of the company’s of the company’s privacyprivacy compliance related compliance related activities”activities”