Case Study: Pharmaceuticals - PowerPoint PPT Presentation
Title:
Case Study: Pharmaceuticals
Description:
Title: Case Study: Pharmaceuticals Author: Patrick Sullivan Last modified by: Patrick Sullivan Created Date: 9/14/2003 9:39:43 PM Document presentation format – PowerPoint PPT presentation
Number of Views:162
Avg rating:3.0/5.0
Title: Case Study: Pharmaceuticals
1
Case Study Pharmaceuticals
- Patrick F. Sullivan, Ph.D.
- 939 North Graham Avenue, Indianapolis, IN 46219
- 317-352-1362 patrick.sullivan_at_prodigy.net
2
Background
- Clinical research division of major
pharmaceutical - Scope of program covers clinical trials and drug
safety and surveillance worldwide - Program is located in divisional compliance
function, under direction of Data Privacy
Security Compliance Area Manager
3
Pharma Research- Whats Different
- No consumer privacy issues- no research data go
outside the divisions databases, no marketing
functions in research division, no marketing data
comes in - Research context changes application of Fair
Information Practices - Notice- Consent for participation in protocol
HIPAA authorization to transfer data for research
purposes country-specific consents general
notice - Choice/consent- Everything is consent driven or
required by regulation opt-out isnt a
relevant concept - Limitation- Protocol, regulatory requirements
determine minimum data data types may differ-
personal data, family history, tissue sample,
genetic
4
Pharma Research- Whats Different
- Access- Difficult to unblind a study access
could expose others data pharma typically gets
minimal identifiers- most identifiable data stays
with investigator - Onward transfer- Disclosures are to regulatory
agencies or other investigators, required by
regulation (GCPs, Pharmacovigilance) - Data import compliance is a more salient issue
- Data Integrity- Data accuracy is essential to
research significant SOPs, divisional procedures
focused on data accuracy, relevance, currency
5
Pharma Research- Whats different
- Regulatory environment is more complex
- Good Clinical Practices, other protections of
human subjects - HIPAA is limited in research context- pharmas are
not covered entities authorizations for transfer
from investigator, subsequent research use of
data are issues - Part 11- electronic records, digital signature
validation, security, audit trail concerns - International- EU Clinical Trials Directive
requires compliance with Data Protection
Directive- raises stakes for privacy compliance,
transborder data flow compliance
6
Program Organization
- Administrative
- Accountability
- Policy/Planning
- Operational
- Data Subject Rights
- Data Processing Controls
Fair Information Practices
- Manage/Maintain
- Monitoring due diligence
- Training
- Complaints/inquiry
- Response to non- compliance
Corporate Compliance Program Requirements
7
Our Approach
- Define core privacy practices, create compliance
guidelines- drive through enforceable policy
(corporate information, compliance, business
practice security policies) - Map data flow
- Create control objectives for privacy compliance
- Identify data flow control points, review index
SOPs - Revise SOPs as needed
- Create accountability, maintenance infrastructure
and procedure - Create 04-05 updates and continuation/monitoring
plans
Recommended
CrystalGraphics Presentations
