How Covered Entities and Business Associates Can Comply Calmly, Confidently and Completely with the HIPAA Rules

HIpaa Blog wpress

Any business organization that is involved in creating, receiving, transmitting and maintaining Protected Health Information (PHI) has to comply with the requirements set out in Health Insurance Portability and Accountability Act (HIPAA). Such businesses, called Business Associates, since they carry out these functions on behalf of what are called Covered Entities; are legally obliged to show compliance with the provisions of HIPAA, whose main aim is to protect the privacy and confidentiality of patient information.

So, any Business Associate has to know how to comply with the provisions of HIPAA. Considering that the provisions of HIPAA have undergone major changes from the time of its enactment in 1996 up until 2013; Business Associates often find that showing compliance with the provisions of this legislation is complex. But failing to do so attracts hefty fines and penalties.

Understanding HIPAA provisions is the key to implementation

Although HIPAA implementation appears somewhat intimidating at first glance, in reality, it is not so. It can be implemented with ease and felicity in a manner that meets all the regulatory requirements. How? By breaking down the requirements into separate parts. The ways of taking this very sensible and commonsensical approach to HIPAA implementation by Business Associates and their Covered Entities, will be the subject of a very useful two-day seminar that is being organized by GlobalCompliancePanel, a highly reputed provider of professional trainings in the areas of regulatory compliance.

Overcoming HIPAA Compliance Challenges 

HIPAA Compliance

Taking the right steps to HIPAA implementation

He will, for instance, highlight the role of the social media and how to use the electronic media for staying updated and thus reducing the crucial element of time. He will also highlight the importance of managing risks in HIPAA compliance. This is all the more critical, considering that the Office of Civil Rights (OCR) has found that a shockingly high 94% of Covered Entities failed the Risk Management audit and about 87% failed the Risk Analysis audit. This was despite the fact that every Covered Entity knew well in advance of the upcoming audit, and had filled up a pre-audit questionnaire, which gave them a clear idea of what was to come in terms of the questions that HIPAA inspectors would be asking them, and what documentation were needed from them.

The central aim of this learning session is to help participants understand how Business Associates and Covered Entities can take simple and easy steps to stay compliant, so that they don’t have problems in meeting HIPAA requirements for compliance.

Learning at this highly valuable Areas:

  • Thorough Understanding of HIPAA Rules
  • What they are
  • How they work together
  • Why and How they were made
  • How they are changing and what to expect next
  • HIPAA Risk Analysis – Risk Management for Your Organization
  • A Practical Guided Exercise done in class on your computer to take home
  • Privacy and Security Rules – Permitted and Required Uses and Disclosures
  • What information must be protected
  • Administrative, Technical and Physical Safeguards
  • Social Media, Texting and Emailing Patients
  • The inter-connected, inter-dependent relationship of Covered Entities and Business Associates
  • What is, and what is not a Reportable Breach of Unsecured PHI

http://www.fertilitybridge.com/blog/hipaaandsocialmediawithpaulhales

 

GlobalCompliancePanel Seminar “Applied Statistics for FDA Process Validation” successfully done in Philadelphia, PA at May 17th & 18th, 2018.

GlobalCompliancePanel have been successfully organized the 2 days seminar in Philadelphia, PA from May 17th & 18th, 2018 by NetZealous LLC.

IMG_5439

The Food and Drug Administration (FDA) provided a guidance for industry in 2011 that has established a framework for process validation in the pharmaceutical industry. This guidance, titled “Process Validation: General Principles and Practices” consists of a three-stage process. The three stages are 1) Process Design, 2) Process Qualification, and 3) Continued Process Verification.

This Seminar focuses on how to establish a systematic approach to implementing statistical methodologies into a process development and validation program consistent with the FDA guidance. This course teaches the application of statistics for setting specifications, assessing measurement systems (assays), using design of experiments (DOE), developing a control plan as part of a risk management strategy, and ensuring process control/capability. All concepts are taught within the three-stage product cycle framework defined by requirements in the process validation regulatory guidance documents.

The seminars organized In Guidance for Industry Process Validation: General Principle and Practices and On the First day of the seminars which was 17th of May 2018, GlobalCompliancePanel had covered Introduction to Statistics for Process Validation, Primer on Statistical Analysis (cont.) with Mr. Heath Rushing is cofounder of Adsurgo and author of the book Design and Analysis of Experiments by Douglas Montgomery.

IMG_5436

On the second day of the GlobalCompliancePanel Seminar which was 18th of May 2018, was covered Foundational Requirements for Process Validation, Stage 1 – Process Design, Stage 2 – Process Qualification and Stage 3 – Continued Process Verification with Mr. Heath Rushing is cofounder of Adsurgo and author of the book Design and Analysis of Experiments by Douglas Montgomery.

See more Pics

Get Updated in Compliance

 

 

 

Clinical Data Management: an Understanding

The data generated by clinical trials serves as a critical raw material for clinical studies and the subsequent development of drugs or other medical products. This input, called clinical data, is very valuable in helping pharmaceutical, life sciences and medical device companies innovate and produce new products.

Clinical Data Management1

This data is invaluable for companies that are involved in the development of new products. This data is the crucial ingredient that helps in formulating new therapies and treatments and help take these into the market. So, organizing and managing these data to help companies put these data to their intended use is a major responsibility for companies that are in the process of developing new products.

Clinical Data Management (CDM) is the science of documentation, preservation and management of data that clinical trials throw up. CDM covers the entire range of activities from collection of data to its analysis. CDM has come a long way from being a drab and clerical function in the 1970’s and 80’s to something that companies actively look forward to and invest considerably into.

Clinical Data Management4

The main impetus for this evolution can be attributed to automation. Today, CDM is a full-fledged discipline that generates many jobs and careers, and is being actively regulated by the regulatory agencies.

Comprehensive learning about CDM

  • Data Management Plan, or DMP
  • Study startup activities
  • Study conduct activities
  • Study closeout
  • Study monitoring.

Learning outcomes

This seminar on Clinical Data Management will help participants gain complete knowledge of the crucial aspects of CDM. Following the learning gained over these two days, they will be able to define best practices as they apply to CDM processes, describe CDM processes from study start-up to database lock, apply best practice rationale when assessing data collection requirements/instruments, evaluate the benefits of standardization in establishing CDM processes, and discuss current technology/methods of data collection and associated documentation.

Do You Know How to Identify Root Cause and How to Close Out Your Investigation?

Root Cause Analysis3

Getting the Root Cause Analysis (RCA) right is at the soul of the implementation of an effective Corrective and Preventive Action (CAPA) program. Root Cause Analysis and CAPA are tied to each other intricately. This being the case, it is commonsensical to perform the two functions in tandem with each other applying the principles of risk management. This method makes business sense, as it saves time and cost. This requires companies that want to do an RCA in conjunction with CAPA to have complete knowledge of the principles of CAPA.

Root Cause Analysis2

The lack of effectiveness of a company’s RCA is reflected in the inability of the CAPA to fulfill its purpose. An effective Quality Management System is unthinkable without CAPA. In the FDA’s thinking, a Quality System can go awry if effective CAPA is not in place.

So, a CAPA action plan rests on a sound Root Cause Analysis. Any organization that fails to implement this can expect recurring problems and issues. Some of them could turn out to be serious enough to derail their business.

Complete understanding of RCA and CAPA

Root Cause Analysis1

All the learning Areas:

  • Regulatory Expectations for Investigations
  • What is RCA and Typical Problems
  • Investigation Process Overview
  • Skills and Tools of an Effective Investigator
  • (Re) Introduction to Root Cause Analysis (RCA)
  • Principles of root cause analysis
  • Why root cause analysis is difficult
  • Methodology of root cause analysis

STEP 1 – Problem Definition

  • How to ensure that the right problem is being worked on
  • Tools and filters for priority setting
  • Developing a clear and sufficient problem statement (includes practice)

STEP 2 – Understanding the Process

  • How every problem is a process failure
  • How diagrams can set boundaries and define interrelationships
  • Using flowcharts to drill down into the right part of the process (includes practice)

STEP 3 – Identifying Possible Causes

  • Multiple ways to identify possible causes
  • Options for selecting or eliminating causes
  • Logic trees as a cause and effect diagram and other tools for investigations
  • Defining the Deviation
  • Identifying Root Cause
  • Corrective and Preventive Actions (CAPA)
  • What is the CAPA System
  • Definition and regulatory interpretation
  • Identifying and writing of corrective actions
  • Abuses of the CAPA system
  • Discuss robustness and effectiveness review
  • Management of the Investigation
  • Members of the Investigation Team
  • Consulting Case Study Practice – Incident/Events
  • Case Study Practice
  • Interactive Exercises and Discussions.

 

Proper Understanding of the US and EU Regulations on Combination Products

Businesses that want to register and maintain combination products in the US and the EU face two markets that are as different from each other as chalk is from cheese. These markets are not only not comparable to each other in about any parameter; their regulations are different from and independent of each other. Complete knowledge of the regulations in all their interpretation and nuances is necessary for businesses that want to market combination products into the US or the EU.

Combination Products

Only proper acquaintance with the existing regulations and their latest updates can help regulatory professionals and companies take the steps in ensuring that their products comply with regulatory requirements and meet quality standards. This is the rationale and the purpose behind the formulation of the regulations in the US and the EU by the respective regulatory agencies, the FDA and the EMA. These agencies seek to ensure that the end user consumes products that comply with the set scientific standards.

An understanding of the way in which they have evolved could perhaps throw some light on the diverse nature of regulations in these two markets: The FDA was primarily created as a consumer protection agency, while the EMA created its regulations with the intention of harmonizing the commercial and technological interests of the Member States.

The fundamental difference between the regulatory agencies is that the FDA is centralized, and regulates food and medicinal products within only one market, the US market, no matter how large it is. On the other hand, the EMA oversees as many as 28 members countries of the European Union, for all of which it makes and implements a synchronized set of regulations.

The EU’s September 2016 update

Any understanding of the regulatory aspect concerning combination products in the EU is incomplete without a reference to the compromise it reached in September 2016 through its two major legislative organs, the European Commission and the European Council. Relating to medical devices and invitro diagnostic (IVD) devices; this compromise, reached as many as four years after a deal was made, is a regulatory landmark.

Drug and Device Combinations2

It empowers the EMA to now assess and authorize high risk combination devices, such as implants. Formulated to replace the existing EU legislation on medical devices and in-vitro diagnostics, this update brings in greater uniformity and consistency in the assessment and approval process of high risk combination devices across the EU.

Proper understanding of the US and EU regulations on combination products

Documentation requirements and interfacing

These areas for learning:

  • Documentation requirements for combination products EU
  • Documentation requirements for combination products US
  • Interfacing, development, quality, regulatory
  • Managing third parties and document control.

 

 

 

 

 

Which GMPs Apply Since Most Phase I Drugs are Exempt from Full GMP Requirements, and What IND Data Requirements Are Necessary as a Result?

An understanding of the GMPs that apply to Phase I drugs is necessary for professional in the clinical trials area for many reasons. With the FDA setting out rules under which most Phase I Drugs are exempt from full GMP requirements in 21 CFR Part 211 under 21 CFR 210.2(c), and with the subsequent IND data requirements; both applying GMPS when they are not required or not applying them when they are required result in considerable waste of resources and increase the chances of FDA actions.

Clinical Trials1

The operating guidance document set out by the FDA in this regard is the guidance document, “Good Manufacturing Practice for Phase I Investigational Drug Products”. This document relates to the correct GMP requirements that drug products made for the purpose of using an investigational drug product on human subjects for the first time should follow during conduct of Phase I clinical trials.

When does the FDA put the IND on clinical hold?

clinical trials34

If the FDA does not put an IND on clinical hold up to 30 days of receipt; it is assumed that the Phase I clinical trial can begin. The FDA puts an IND on clinical hold if it reviews an IND and finds that the information necessary and appropriate to give the FDA the confidence about the quality of the product is inadequate or unavailable. When the FDA puts an IND on clinical hold, the sponsor cannot go ahead with its clinical program. The criteria under which the FDA places an IND on clinical hold have been set out in its Guidance for Industry, the “INDs- Approaches to Complying with CGMP During Phase I”.

All the requirements for meeting the cGMPs with which clinical trial sponsors must comply have been set out by the FDA in its Final Rules of January 2006, which specified that most pharmaceutical products (including biologics) produced for use in Phase I clinical trial studies were exempted from complying with GMP requirements. Further, Section 501(a)(2)(B) of the FD&C Act mandates drugs, including IND products, to comply with cGMPs, and to be manufactured in compliance with cGMPs, failing which, they are deemed adulterated.

Get to understand the exemptions set out in 21 CFR Part 211

So, it is crucial for clinical trials sponsors to get a clear grasp of the requirements for an IND Phase I clinical trials, if they have to meet the FDA’s requirements. An in-depth understanding of this very important learning will be given at a two-day, in person seminar that is being organized by the highly reputable provider of professional trainings for all the areas of regulatory compliance, GlobalCompliancePanel.

21 CFR Part

The Director of this very valuable seminar is Stephanie Cooke, President and CEO of Cooke Consulting Inc. For about two decades, Stephanie has been providing global consulting services in various areas of Regulatory Affairs, Quality Assurance and validation for pharmaceutical, biological/biotech products, medical device, combination drug/device and nutraceutical firms.

She has extensive experience in the core areas of clinical trials, such as preparation of regulatory dossiers for human and animal pharmaceutical (chemical entities and biologically-based drugs), biotech products, drug/device combination products and medical devices in all stages of development (INDs, NDAs, BLAs, post-marketing supplements such as CBEs, Prior approval supplements, orphan drug designation and related submissions, 510ks, PMAs and HDEs).

Guidance which helps avoid unnecessary and repetitive batch productions

Stephanie will explain the specific GMPs for Phase I Investigational drugs, which will help them apply only those GMPs which are applicable to the drug product at this stage of development. This knowledge will help them avoid large, repetitive, commercial batch production and requirements, not to speak of the frustration and loss of resources this would entail.

Stephanie will also offer a complete understanding of all current Good Manufacturing Practices that are applicable to the manufacture of Phase I investigational drug product, in accordance with the FDA’s additional Guidance for Industry, “CGMP for Phase I Investigational Drugs”, which it issued in July 2008 with the purpose of providing guidance to sponsors regarding meeting GMPs appropriate for Phase I investigational drug products.

Drugs and Biologics Pharma Regulations

How to Develop, Review, and Amend HIPAA Policy and Procedure

Two hallmarks of being in compliance with HIPAA are:

  • Ensuring that the healthcare practice provides the appropriate patient rights and controls on the patient’s uses and disclosures of Protected Health Information
  • Having the proper policies and procedures in place.

healthcare practices4

So, it follows that showing to the government that it not only has the ability to demonstrate how it is addressing all of the required security safeguards; but that it also has the documentation necessary for safeguarding patient PHI is required from any organization that is being audited or is the subject of a compliance review.

Grasp of the fundamentals is important and necessary

A healthcare practice, business or organization needs to have a sound understanding of HIPAA compliance requirements needed for protecting PHI. Full and comprehensive grasp of the fundamentals of HIPAA compliance requirements is necessary for an entity to ensure that whatever safeguards it has put in place can withstand government scrutiny.

safeguarding patient PHI

This knowledge is needed to implement the provisions of HIPAA. This apart, another important reason for which healthcare practices, businesses or organizations have to develop the right knowledge of the HIPAA requirements is to avoid data breaches. The appreciable rise in the number of recent HIPAA data breaches necessitates a proper understanding of HIPAA compliance requirements, which will help entities understand which of the requirements of HIPAA they need to meet if they have to safeguard PHI.

An understanding of how to show compliance with HIPAA requirements

Imparting a full understanding of the HIPAA requirements, which will help entities safeguard PHI in a manner that meets the regulatory requirements, is the intent of a seminar from GlobalCompliancePanel, a globally trusted provider of professional trainings for all the areas of regulatory compliance. President and Founder of Colington Security Consulting, LLC, Jay Hodes, will be the Director of this two-day, in person seminar.

Healthcare Providers1

Jay is being organized with the intention of giving professionals at various levels in the regulated industries, who have to implement HIPAA regulations a perceptive and thorough understanding of all aspects of HIPAA compliance. These professionals include Compliance Officers, HIPAA Privacy Officers, HIPAA Security Officers, Medical/Dental Office Managers, Practice Managers, Information Systems Managers, Chief Information Officers, General Counsel/lawyers, Practice Management Consultants, and any Business Associates that access Protected Health Information, IT Companies that support Medical/Dental practices or other healthcare organizations.

Jay will add spice to this rather mundane topic by breaking down the complexities of HIPAA compliance requirements in a lucid manner. The aim is to impart knowledge of all the requirements needed for a comprehensive HIPAA compliance program and the steps they need to take in order to mitigate risk, in a fun manner.

Healthcare Regulatory Compliance