Title: RULES OF THE ROAD: SUCCESSFULLY NAVIGATING THE GUIDEPOSTS ON THE SOCIAL MEDIA HIGHWAY
1RULES OF THE ROAD SUCCESSFULLY NAVIGATING THE
GUIDEPOSTS ON THE SOCIAL MEDIA HIGHWAY
- KENNETH N. RASHBAUM, ESQ.
- RASHBAUM ASSOCIATES, LLC
2AGENDA NAVIGATING ROAD OBSTACLES WITH SOCIAL
MEDIA GPS
- REGULATORY NETWORK FDA, FTC, CMS (HIPAA)
- PRIVACY AND SECURITY LAWS (DOMESTIC AND GLOBAL)
- OVERCOMING FEAR AND MISUNDERSTANDING
- SOCIAL MEDIA GPS DIALOGUE WITH COMPLIANCE AND
LEGAL INTERDISCIPLINARY DRAFTING OF PRACTICABLE
POLICIES AND PROCEDURES TRAINING AND COMPLIANCE
MONITORING
3SIGNS AND DIVIDING LINES
- FDA PART 15 HEARINGS AND ANTICIPATE D
GUIDANCE(WILL IT EVER COME?) - FTC GUIDELINES
- U.S. PRIVACY LAWS HIPAA, FEDERAL SUBSTANCE ABUSE
PROTECTIONS, STATE PRIVACY LAWS - PRIVACY LAWS OUTSIDE THE U.S. PERSONAL
INFORMATION EXPORT RESTRICTIONS (EX GOOGLE
CONVICTION IN ITALY) AND PROHIBITIONS ON EMPLOYEE
TECHNOLOGY USE MONITORING
4HAZARD SIGNS COMPLIANCE, RISK AND LEGAL
- FEAR AND MISUNDERSTANDING
- SOCIAL MEDIA IS EVERYWHERE. THEREFORE, RISK IS
EVERYWHERE!!! - WE CANNOT CONTROL IT, SO IT MUST BE STOPPED!
- BUSINESS UNITS MAY HAVE SOMETHING TO SAY AOBUT
THAT, THOUGH - HOW BRIDGE THE GAP TO CREATE ALLIES?
5OLD PARADIGM FEAR
- BEWARE OF HEALTH BOOKS. YOU MAY DIE OF A
MISPRINT. MARK TWAIN - THE FUTURE IS JUST ONE DAMN THING AFTER
ANOTHER. WALTER OMALLEY - WE ARE DIFFERENT, SO HIGHLY REGULATED WE JUST
CANT ENGAGE IN SOCIAL MEDIA. ANONYMOUS
PHARMACEUTICAL EXECUTIVE
6NEW PARADIGM RESPONSIBLY EMBRACING THE MEDIUM
- PRECISELY BECAUSE OF THE SPECIAL DIFFERENCE
(AND) THE (INDUSTRYS) RESPONSIBILITY OF
ADVANCING THE PUBLIC HEALTH AGENDA, THESE
COMPANIES MUST ENGAGE ACTIVELY AND CREATIVELY IN
SOCIAL MEDIA. PETER J. PITTS, DIRECTOR, GLOBAL
HEALTH, PORTER NOVELLI
7UNDERSTANDING THROUGH DIALOGUE
- WORKING KNOWLEDGE OF THE REGULATORY AND LEGAL
FRAMEWORK FACILITATES THE CONVERSATION - ROAD SIGNS NEED NOT BE ROAD BLOCKS
- DISCUSS HOW TO INCORPORATE GUIDEPOSTS INTO MORE
EFFECTIVE POLICIES AND PROCEDURES FOR SOCIAL
MEDIA UTILIZATION
8FDA PART 15 HEARINGS
- FIVE QUESTIONS CONSIDERED
- 1. ACCOUNTABILITY FOR ONLINE COMMUNICATIONS?
- 2. HOW CAN THESE COMPANIES FULFILL REGULATORY
REQUIREMENTS (FAIR BALANCE, POST-MARKETING
SUBMISSIONS, SAFETY, ETC.) IN SPACE-LIMITING
MEDIA? - 3. WHAT PARAMETERS SHOULD APPLY TO POSTING OF
CORRECTIVE INFORMATION?
9FDA PART 15 HEARINGS
- 4. WHEN IS THE USE OF LINKS APPROPRIATE (I.E.,
HOW MANY PEOPLE CLICK ON THE LINKS, WHICH MAY
CONTAIN HIGHLY PERTINENT INFORMATION? - EX SAFETY INFORMATION, SIDE EFFECTS. ATTORNEYS
AND ACCOUNTANTS FACE SIMILAR ISSUES IN THEIR
DISCLAIMER REQUIREMENTS
10FDA PART 15 HEARINGS
- 5. QUESTIONS ON INTERNET AS A VEHICLE FOR ADVERSE
EVENT REPORTING - MONITORING SITES CAN UNEARTH ADVERSE EVENTS,
TRIGGERING REPORTING OBLIGATIONS. CAN/SHOULD
COMPANIES REFRAIN FROM MONITORING FOR FEAR OF
FINDING ADVERSE EVENTS? - HOW SIGNIFICANT IS THIS ISSUE TO WHAT EXTENT
WOULD PATIENTS REPORT ON SOCIAL MEDIA SITES? - IDENTIFIABLE PATIENT AND REPORTER REQUIRED. WHAT
OF ANONYMOUS OR PSEUDONYM POSTINGS?
11FDA PART 15 HEARINGS MANY PRESENTATIONS, LITTLE
INSIGHT
- AE, SPACE-LIMITING MEDIA, MECHANISMS FOR
CORRECTION OF INFORMATION DISCUSSED BUT NO REAL
INDICATION OF WHAT, HOW OR WHEN FDA WILL ISSUE
GUIDANCE - FDA LIMITATIONS STATUTORY AUTHORITY LIMITED
PURSUANT TO FOOD, DRUG AND COSMETIC ACT (FTC MAY
HAVE GREATER JURISDICTION) FIRST AMENDMENT ISSUES
12FTC GUIDELINES
- FEDERAL JURISDICTION OVER ADVERTISING
- LIABILITY FOR FALSE STATEMENTS ABOUT PRODUCT
- GUIDELINES REQUIRE DISCLOSURE OF AFFILIATION,
I.E., EMPLOYMENT OR OTHER RELATIONSHIP WITH
COMPANY
13FTC GUIDELINES
- TWITTER AND OTHER SPACE-LIMITING MEDIA AND
DISCLOSURES - IF YOU CANT MAKE THE DISCLOSURES YOU CANT MAKE
THE AD. RICHARD CLELAND, ASSOCIATE DIRECTOR,
ADVERTISING DIVISION - ARE LINKS SUFFICIENT? WITH WHAT INCIDENCE dO
PEOPLE CLICK LINKS? (ATTORNEYS AND ACCOUNTANTS
FACE SIMILAR ISSUES WITH THEIR REQUIRED
DISCLAIMERS)
14HIPAA AND HITECH
- FEDERAL PRIVACY FLOOR STATES CAN ENACT
STRICTER PRIVACY PROTECTIONS (I.E.,
MASSACHUSETTS CALIFORNIA NEW YORK ON HIV/AIDS
AND REPRODUCTIVE HEALTH) - INFORMATION IDENTIFIABLE TO A PATIENT BY ONE OR
MORE OF 18 IDENTIFIERS CANNOT BE DISCLOSED
WITHOUT PATIENT CONSENT - HIPAA PENALTIES AND ENFORCEMENT SIGNIFICANTLY
INCREASED UNDER HITECH (PART OF ARRA STIMULUS) - NOT ALL PHARMACEUTICALS ARE COVERED BY HIPAA
15HIPAA AND HITECH
- CONSTRAINTS ON MARKETING ACTIVITIES IN HIPAA
ENHANCED UNDER HITECH NO REMUNERATION FOR PHI
WITHOUT EXECUTED AUTHORIZATION - CONSIDER PRIVACY AWARENESS OF WORK FORCE MEMBERS
WHO USE SOCIAL MEDIA - ADDITIONAL REQUIREMENTS PORTABLE MEDIA
SAFEGUARDS ACCESS CONTROLS TO MEDIA WITH PHI
ENCRYPTION OF PHI AT REST AND IN TRANSMISSION
16PENDING LEGISLATION BOUCHER(D)-STEARNS (R) BILL
- EXTENSIVE PRIVACY COVERAGE
- PRIVACY NOTICE AND OPPORTUNITY TO OPT-OUT OF
COLLECTION OR USE OF COVERED INFORMATION - MUST OBTAIN OPT-IN BEFORE SHARING COVERED
INFORMATION WITH UNAFFILIATED PARTIES - PREPARE AND IMPLEMENT PHYSICAL, ADMINISTRATIVE
AND TECHNICAL SAFEGUARDS ON COVERED INFORMATION - ENFORCEMENT AUTHORITY GIVEN TO FTC
17PRIVACY MINEFIELD FOR MULTINATIONALS
- EUROPEAN UNION PRIVACY DIRECTIVES AND ENABLING
LEGISLATION PERSONAL INFORMATION CANNOT BE
TRANSMITTED BEYOND EEA WITHOUT DATA SUBJECTS
CONSENT - PERSONAL INFORMATION IS BROADLY DEFINED
- EASY TO GET CAUGHT IN PRIVACY ENFORCEMENT NET
- RECENT CONVICTION OF GOOGLE FOR YOU TUBE VIDEO
UPLOADED FROM ITALY
18MULTINATIONAL PRIVACY MINEFIELD
- IN MANY COUNTRIES, SUCH AS GERMANY, EMPLOYEE
CONSENT IS CONSIDERED INVOLUNTARY - MOST MONITORING OF EMPLOYEE TECHNOLOGY USE IS A
CRIMINAL OFFENSE IN CERTAIN EUROPEAN UNION MEMBER
STATES - MONITORING SOCIAL MEDIA POLICY COMPLIANCE BECOMES
VERY DIFFICULT - SOLUTION EFFECTIVE, PRACTICABLE SOCIAL MEDIA
POLICIES AND PROCEDURES AND TRAINING
19ACQUIRING SOCIAL MEDIA GPS
- GAP ANALYSIS OF EXISTING POLICIES AND PROCEDURES
- INTERDISCIPLINARY WORK GROUP TO REVISE PROTOCOLS
OR PREPARE NEW ONES - FACILITATED INTERNALLY OR BY OUTSIDE COUNSEL OR
CONSULTANTS - MAKE THE BUSINESS CASE FOR SOCIAL MEDIA
- BRING IN BUSINESS OWNERS, RISK,
COMPLIANCE/PRIVACY, LEGAL, IT
20SOCIAL MEDIA GPS POLICIES AND PROCEDURES
- INCLUDE PROCEDURES REQUIRED BY REGULATIONS
- FTC IDENTIFY YOUR AFFILIATION
- HIPAA NO DISCLOSURES OF INFORMATION LEADING TO
IDENTIFICATION OF PATIENTS PHI SAFEGUARDS - APPENDICES FOR STATE RULES AND/OR FOREIGN
PROVISIONS - ANTICIPATE TRENDS AND REGULATORY CHANGES (SUCH AS
POTENTIAL FDA GUIDANCE AND HIPAA GUIDANCE
DOCUMENTS FROM CMS)
21POLICIES AND PROCEDURES
- SHORT, PLAIN ENGLISH AND INCORPORATE GRC
PRINCIPLES (GOVERNANCE, RISK AND COMPLIANCE) - MOST POLICIES INCORPORATE PROCEDURES, AND RARELY
EXCEED FIVE PAGES - REFER TO CONTINUING OBLIGATION TO COMPLY WITH
EXISTING INFORMATION POLICIES AND PROCEDURES
(SUCH AS PROTECTING CONFIDENTIALITY) - CONSIDER INCLUSION OF STATEMENT OF ETHICS ( I.E.,
CORRECTION POLICY, ACCURATE AND FACTUAL POSTINGS,
MAINTAINING COMPANY CREDIBILITY)
22POLICIES AND PROCEDURES
- TECHNOLOGY CHANGING QUICKLY LAW AND REGULATORY
AGENCIES ARE RUNNING TO CATCH UP - REVISIT POLICIES OFTEN AND UPDATE AS NEEDED
- PROVIDE FOR FLEXIBILITY IN THE POLICIES CONTENT,
ACCESS (WHO CAN CONTRIBUTE), MEDIA CHOICES,
NON-COMPANY MEDIA USAGE, ETC.
23TRAINING
- THREE MODES CLASSROOM, ON-LINE, COMBINATION
- SCALABLE BY JOB TITLE AND FUNCTION
- ALL DISCIPLINES INVOLVED MUST ATTEND
- DOCUMENT the TRAINING NECESSARY IF PROBLEMS
ARISE LATER, TO SHOW REASONABLE STEPS IN
COMPLIANCE - DEPLOY REMINDER POP-UPS PERIODICALLY, AND HOLD
REMINDER SESSIONS
24COMPLIANCE MONITORING
- REVIEW CORPORATE POLICY ON MONITORING OF INTERNET
USAGE - PERIODIC COMPLIANCE AUDITS
- OBTAIN COUNSEL ON FEDERAL AND STATE LAWS
- OUTSIDE U.S., OBTAIN LOCAL COUNSEL CONSIDER
AUDITS BY INTERVIEW
25CONCLUSION ARRIVE SAFELY
- INCLUSIVENESS AND FLEXIBILITY
- DIALOGUE
- INTERDISCIPLINARY PROTOCOL DRAFTING
- DRAFT TO THE USE NOT THE TECHNOLOGY
- TRAIN
- MONITOR COMPLIANCE
26QUESTIONS?
- KENNETH N. RASHBAUM, ESQ.
- RASHBAUM ASSOCIATES, LLC, 212-421-2823
- KRASHBAUM_at_RASHBAUMASSOCIATES.COM
- WWW.RASHBAUMASSOCIATES.COM