Tag: privacy
HIPAA/HITECH Omnibus Final Rule: Implications for Research
The Department of Health and Human Services’ HIPAA/HITECH Omnibus Final Rule (Final Rule) includes a number of provisions that will alleviate certain restrictions and administrative burdens in human subjects research and help streamline the documentation associated with research. Here are the significant changes:
Compound Authorizations
The current HIPAA Privacy Rule generally prohibits “compound authorizations,” which are authorizations for use and disclosure of protected health information (PHI) that are combined with any other legal permission. An exception to this general prohibition permits combining an authorization for use and disclosure of protected health information in a research study with any other written permission for the same study, including an informed consent to participate in the research. However, until March 26, 2013, the effective date of the Final Rule, even the same study exception is unavailable if one of the authorizations or permissions conditions treatment, … Read More »
HHS Releases HIPAA Omnibus Final Rule
On January 17, 2013, the Department of Health and Human Services (HHS) publicly released the long-awaited HIPAA Omnibus Final Rule (Final Rule). The Final Rule (1) implements many provisions of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), expanding the privacy and security standards directly governing covered entities and business associates; (2) modifies the interim final rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule); (3) modifies the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and (4) makes certain other modifications to the HIPAA Privacy, Security and Enforcement Rules to improve their workability. Notably, the Final Rule does not address the anticipated accounting of disclosures requirements, which was the subject of … Read More »
Medical Device Security: How Safe is Wireless Technology?
The health care industry has seen a jump in the number of medical devices that use wireless technology. With this rapid technologic development comes concern about the safety, security and privacy of patients. There is specific concern in this regard with respect to the following commonly used devices: Implantable Medical Devices (IMDs), External Medical Devices, and Portable Devices.[i]
Last year a security researcher successfully demonstrated how an outside breach of a wireless insulin pump allows for the hacker to shut off or alter the settings of the device. This poses a serious risk for those with portable and implantable medical devices that are controlled via wireless technology. In addition to a breach of control of these devices, the risk of malware on such FDA-approved medical devices is also a concern. In the event that an FDA-approved medical device is infected with … Read More »
U.S. clinical trial website pairing — a need for privacy safeguards
Fox Trial Finder is a welcomed initiative in ongoing efforts to facilitate clinical trial participation. In a recent interview with ABC’s Diane Sawyer, Michael J. Fox, who suffers from Parkinson’s disease, said that in addition to his support for stem cell research addressing Parkinson’s, he also supports research looking for a cure on other fronts, including drug therapies and diagnostic tests. (Article Link) Toward that end, Fox’s Foundation for Parkinson’s Research recently launched an online initiative called Fox Trial Finder. This website promotes research across the country by pairing patients with clinical trials in their areas, based on the individual’s symptom profile. The foundation’s webpage notes that 30% of all clinical trials fail to recruit even one subject, and that 85% of clinical trials are delayed because of insufficient subject enrollment – so Fox’s initiative (and others like it that … Read More »
The FTC Finally Issues its Report on Consumer Privacy
Interactive marketing is everywhere, and the Federal Trade Commission has struggled mightily over the past several years to deal with complex privacy issues that grow out of sophisticated, data-intensive marketing practices. On March 26, the FTC released its long-promised final report on consumer privacy. Critically, we now have a sense of the FTC staff position on future legislation, best practices and the secondary market in customer data.
The FTC was clear that it wants additional legislation to address general privacy concerns, data security and breach notifications. This is a change from the staff’s prior position that self-regulation would be sufficient, and lends weight to current efforts before congress to do exactly that (although the fact that we are currently in a highly partisan election year does diminish the likelihood of immediate action).
The rest of the report flowed logically from the principles … Read More »