SlideShare a Scribd company logo

Overview on data privacy

A
Amiit Keshav Naik

Clinical Data Manger's perspective on Data Privacy

Healthcare
1 of 31
Overview on Data Privacy (Clinical Data Manager’s Perspective) Vinayak Thorat Clinical Data Manager vinayak.thorat@ancillarie.com
“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks. - Universal Declaration of Human Rights – Art. 12
“Everyone has the right to respect for his private and family life, his home and his correspondence. -European Convention for the Protection of Human Rights and Fundamental freedoms
“The confidentiality of records that could identify subjects should be protected, respecting the privacy and confidentiality rules in accordance with applicable regulatory requirement(s). -ICH Guideline for Good Clinical Practice (GCP)
TOC ▸Introduction ▸Scope of Topic ▸Minimum Standards ▸Best Practices ▸Important Considerations 5
Introduction Why is Personal Data Protection important? 6
Introduction Why is Personal Data Protection important? • It is an Universal Human Right • Possible damages to the business and the image of a company • Important financial & individual risks for non- compliance  Inability to perform research  Important fines  Legal consequences • Important risks for the data subjects  Identity theft and Fraud  Discrimination 7
• Data privacy refers to the standards surrounding protection of personal data. • Personal data can be defined as any information that can lead to identification, either directly or indirectly, of a research subject; e.g. Subject names, initials, addresses, and genetic information. Important Definitions 8
What Constitutes Private or Personal Information? According to EU Directive 95/46/EC, Private of personal information means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.” 9
What Constitutes Private or Personal Information? Per HIPAA: 45 CFR Section 164.501: “Private or Personal Information that is a subset of health information, including demographic information collected from an individual and: • Is created or received by a health care provider, health plan, employer, or health care clearing house; • Relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and  That identifies the individual; or  With respect to which there is a reasonable basis to believe the information can be used to identify the individual.” 10
How privacy protection gave to research subjects ? • Protocol review and approval by an Institutional Review Board (IRB) • Right to informed consent • Right of the subject to withdraw consent and have no further data collected • Right to notice of disclosure • Confidential collection and submission of data 11
Who are responsible? Primarily Site management or clinical monitoring team are responsible for subject data privacy; However, Data Management Personnel should be acquainted with common issues related to data privacy and should follow regulatory and organizational guidelines to ensure the privacy of research subjects. 12
SCOPE Important Considerations Minimum Requirements Glance on Regulatory Guidelines We will talk about!!! 13 Best Practices
Minimum Requirements • All personnel involved in handling (directly or indirectly) of Personal identifiable information (PII) must be trained on data privacy concepts & issues; company policy; regulatory agency policy and applicable local, state, federal, and international laws. • Data collection tools should capture minimum PII; e.g. CRF, clinical, laboratory, genetics database, data transfer specifications, ePRO etc. • Documents which are accessible to data management team should not content PII except subject identifier. • Timely review and updates of company privacy policy/ related SOPs. 14
Best Practices • Educate associated personnel regarding subject data privacy • Develop organization SOP for data privacy • Define internal and external accountability in the company policies • SOP should be present and implemented for data transfer. • All privacy considerations must be addressed and documented. • Setup internally or tie up with quality assurance department to ensure compliance with data privacy regulations. • Maintain proper physical and electronic security measures. e.g.: Storage of Paper CRFs should be stored in regulated access environment; for electronic records password authentication and firewall security must be present. 15
Legislation and Regulatory Guidance • EU Data Protection Directive 95/46/EC • EU Data Protection Directive 2001/20/EC • General Data Protection Regulation: Regulation (EU) 2016/679 16
EU Data Protection Directive 95/46/EC- 7 Principles • Notice: Data subjects should be given notice when their data is being collected; • Purpose: Data should only be used for the purpose stated and not for any other purposes; • Consent: Data should not be disclosed without the data subject’s consent; • Security: Collected data should be kept secure from any potential abuses; • Disclosure: Data subjects should be informed as to who is collecting their data; • Access: Data subjects should be allowed to access their data and make corrections to any inaccurate data; and • Accountability: Data subjects should have a method available to them to hold data collectors accountable for not following the above principles 17
Clinical Trials Directive (Directive 2001/20/EC) • The Clinical Trials Directive is a European Union directive that aimed at facilitating the internal market in medicinal products within the European Union, while at the same time maintaining an appropriate level of protection for public health. • It seeks to simplify and harmonize the administrative provisions governing clinical trials in the European Community, by establishing a clear, transparent procedure. • The Member States of the European Union had adopted and publish by 1 May 2003 the laws, regulations and administrative provisions necessary to comply with this Directive. • The Member States had applied these provisions at the latest with effect from 1 May 2004. 18
The Articles of the Directive 2001/20/EC • Scope (Directive does not apply to non-interventional trials). • Definitions • Protection of clinical trial subjects • Clinical trials on minors • Clinical trials on incapacitated adults not able to give informed legal • Ethics Committee • Single opinion • Detailed guidance • Commencement of a clinical trial • Conduct of a clinical trial • Exchange of information • Suspension of the trial or infringements • Manufacture and import of investigational medicinal products • Labelling • Verification of compliance of investigational medicinal products with good clinical and manufacturing practice • Notification of adverse events • Notification of serious adverse reactions • Guidance concerning reports • General provisions • Adaptation to scientific and technical progress • Committee procedure • Application • Entry into force • Addressees 19
General Data Protection Regulation: Regulation (EU) 2016/679 • The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). • The primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business. • When the GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC) from 1995. • The regulation was adopted on 27 April 2016; It enters into application 25 May 2018 after a two-year transition period. 20
General Data Protection Regulation: Regulation (EU) 2016/679 • The regulation applies if the data controller or processor (organization) or the data subject (person) is based in the EU therefore, regulation also applies to organizations based outside the European Union if they process personal data of EU residents. • Valid consent must be explicit for data collected and purposes data used. Consent for children must be given by child’s parent or custodian, and verifiable. Data controllers must be able to prove "consent" (opt-in) and consent may be withdrawn. • Data Protection Officers are to ensure compliance within organizations. • Any incident related to data breach, is mandatory to notify the Supervisory Authority within 72 hours from the data breach. 21
Safe Harbor Principles • Notice: Subjects must be informed of how their data will be collected and used. • Choice: Subjects must be able to opt out of collection of their data and its transfer to third parties. • Data transfers: Any transfers of data to third parties must only be to other organizations that have rigorous data-protection policies. • Security: All reasonable efforts must be made to prevent the loss of any data collected. • Data integrity: Data must be reliable and relevant to the purpose for which it was collected. • Access: Subjects must be able to access information about them that is collected, and have an opportunity to have this data corrected or deleted if necessary. • Enforcement: A mechanism must be in place to effectively and consistently enforce these rules. 22
Clinical data managers should ensure that access to data is restricted to qualified and approved personnel Important Considerations 23
Central Committees • Reports to and meetings with various committees may necessitate presentation of some study data in the form of reports from database, original or copies of source data. • In any cases, personal subject identifiers should be removed prior to presentation of data to the committee, and in some cases, study identifiers may need to be added. • Independent committee should be present to ensure data anonymity. Important Considerations 24
Data Collection • Data collection instruments should be designed with subject identifiers which can be anticipated while designing CRF, Clinical database, laboratory database and data transfer specifications etc. • Subject genomic data should be handled with utmost care, which includes,  Storage of this data into completely independent data servers and physical locations  Independent qualified resources  Detailed and Specific SOPs dedicated to the processing and use of this data • Different data collection methodologies may required for different considerations: e.g. for Paper Based Studies: SOPs for redaction of personal identifier, handling, transfer and storage of documents required. Important Considerations 25
Data Transfers • Data transfer specification document should be produced prior to data transfer. • Data transfer process should be exhaustively tested to ensure transferred information could not jeopardize data privacy. • The planned data transfer should be reviewed to ensure all transferred data matches the database. Computer and Network Security • Any lapses in computer or network security may jeopardize the integrity of the database, and therefore, data privacy. • Organization’s information technology personnel develops SOPs for computer and network security • Data managers have a responsibility to use systems appropriately and responsibly. Important Considerations 26
Vendor Management & Lab Data Management • Different standards should be present depends upon level of access • Vendors having access to clinical database should be meet international standards. • Vendor facility audit should be conducted to ensure facility compliance & data transfer and reporting specifications should be compliant with respective regulatory guidelines. • Personal identifiers should be redacted & should not contain any subject-specific information prior to submission to data management e.g.: Mr. Mike became unconscious due to hypoglycemia. • If any deviation/violation in privacy policy observed by data management team, it should be addressed to appropriate internal or external clinical site management team for corrective and preventive actions or as per organizations SOPs/Policies. Important Considerations 27
Redaction (editing before presenting) of Personal Data • Redaction is the act of appropriately editing text from a document before releasing the document to other personnel or departments. E.g.: Mr. Mike became unconscious due to hypoglycemia change it to Subject felt unconscious due to hypoglycemia. • Organizations should have SOPs for redaction of personal data. • Primarily responsibility of redaction of personal data lies to site or monitor, however data managers should be mindful while performing data management activities to identify and rectify the data privacy issues. Important Considerations 28
Global studies should adhere to the most restrictive regu lation s of th e cou n tries in volved . 29
References • International Conference on Harmonisation. Harmonised Tripartite Guideline for Good Clinical Practice. 2nd ed. London: Brookwood Medical Publications; 1996. • European Parliament and Council of Europe. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Strasbourg, France: European Parliament and Council of Europe; 1995. Available at: http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm. Accessed November 10, 2008. • European Parliament and Council of Europe. Directive 2001/20/EC of the European Parliament and of the Council of 4 April 2001 on the approximation of the laws, regulations and administrative provisions of the Member States relating to the implementation of good clinical practice in the conduct of clinical trials on medicinal products for human use. Strasbourg, France: European Parliament and Council of Europe; 2001. Available at: http://ec.europa.eu/enterprise/pharmaceuticals/eudralex/vol1_en.htm. Accessed November 10, 2008. • Antokol J. Protecting Personal Data in Global Clinical Research. The Monitor.2008:22;57–60. • Code of Federal Regulations, Title 45, Part 164.501, Uses and disclosures for which consent, an authorization, or opportunity to agree or object is not required. Washington DC. US Government Printing Office; 2002. Available at: http://www.access.gpo.gov/nara/cfr/waisidx_02/45cfr164_02.html. Accessed November 10, 2008. 30
THANK YOU! Visit us on www.ancillarie.com 31 copyright © ancillarie 001- 31JAN2017

Recommended

Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 

Recommended

Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR DemystifiedSPIN Chennai
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simpleAurora Computer Studies
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Professional Ethics of IT
Professional Ethics of ITProfessional Ethics of IT
Professional Ethics of ITMaria Stella Solon
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Data management plan (important components and best practices) final v 1.0
Data management plan (important components and best practices) final v 1.0Data management plan (important components and best practices) final v 1.0
Data management plan (important components and best practices) final v 1.0Amiit Keshav Naik
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 

More Related Content

What's hot

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 

What's hot (20)

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Data protection
Data protectionData protection
Data protection
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Professional Ethics of IT
Professional Ethics of ITProfessional Ethics of IT
Professional Ethics of IT
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 

Viewers also liked

Data management plan (important components and best practices) final v 1.0
Data management plan (important components and best practices) final v 1.0Data management plan (important components and best practices) final v 1.0
Data management plan (important components and best practices) final v 1.0Amiit Keshav Naik
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Francois Marier
 
Overview of Information Security & Privacy (August 10, 2016)
Overview of Information Security & Privacy (August 10, 2016)Overview of Information Security & Privacy (August 10, 2016)
Overview of Information Security & Privacy (August 10, 2016)Nawanan Theera-Ampornpunt
 
HotPotatoes Presentation
HotPotatoes PresentationHotPotatoes Presentation
HotPotatoes PresentationChanHan Hy
 
Présentation : Edward Snowden
Présentation : Edward SnowdenPrésentation : Edward Snowden
Présentation : Edward SnowdenNicolas G
 
Online Privacy and Security
Online Privacy and SecurityOnline Privacy and Security
Online Privacy and SecurityAlex Hyer
 
Cyber Bullying
Cyber BullyingCyber Bullying
Cyber BullyingQuirky Kid
 
How to create edit checks in medidata rave painlessly
How to create edit checks in medidata rave painlesslyHow to create edit checks in medidata rave painlessly
How to create edit checks in medidata rave painlesslyWeihong Yang
 
Snowden slides
Snowden slidesSnowden slides
Snowden slidesDavid West
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution Google
 
DICOM Structure Basics
DICOM Structure BasicsDICOM Structure Basics
DICOM Structure BasicsGunjan Patel
 
Clinical research and clinical data management - Ikya Global
Clinical research and clinical data management - Ikya GlobalClinical research and clinical data management - Ikya Global
Clinical research and clinical data management - Ikya Globalikya global
 
Clinical Data Management: Strategies for unregulated data
Clinical Data Management: Strategies for unregulated dataClinical Data Management: Strategies for unregulated data
Clinical Data Management: Strategies for unregulated dataIUPUI
 
Flexible Study Design in Oracle Clinical and Remote Data Capture 4.6
Flexible Study Design in Oracle Clinical and Remote Data Capture 4.6Flexible Study Design in Oracle Clinical and Remote Data Capture 4.6
Flexible Study Design in Oracle Clinical and Remote Data Capture 4.6Perficient
 

Viewers also liked (20)

Data management plan (important components and best practices) final v 1.0
Data management plan (important components and best practices) final v 1.0Data management plan (important components and best practices) final v 1.0
Data management plan (important components and best practices) final v 1.0
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015
 
Overview of Information Security & Privacy (August 10, 2016)
Overview of Information Security & Privacy (August 10, 2016)Overview of Information Security & Privacy (August 10, 2016)
Overview of Information Security & Privacy (August 10, 2016)
 
HotPotatoes Presentation
HotPotatoes PresentationHotPotatoes Presentation
HotPotatoes Presentation
 
Data privacy and digital strategy
Data privacy and digital strategyData privacy and digital strategy
Data privacy and digital strategy
 
Présentation : Edward Snowden
Présentation : Edward SnowdenPrésentation : Edward Snowden
Présentation : Edward Snowden
 
Ich gcp
Ich gcpIch gcp
Ich gcp
 
Online Privacy and Security
Online Privacy and SecurityOnline Privacy and Security
Online Privacy and Security
 
Cyber Bullying
Cyber BullyingCyber Bullying
Cyber Bullying
 
How to create edit checks in medidata rave painlessly
How to create edit checks in medidata rave painlesslyHow to create edit checks in medidata rave painlessly
How to create edit checks in medidata rave painlessly
 
Database security
Database securityDatabase security
Database security
 
Snowden slides
Snowden slidesSnowden slides
Snowden slides
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
 
DICOM Structure Basics
DICOM Structure BasicsDICOM Structure Basics
DICOM Structure Basics
 
Clinical research and clinical data management - Ikya Global
Clinical research and clinical data management - Ikya GlobalClinical research and clinical data management - Ikya Global
Clinical research and clinical data management - Ikya Global
 
Clinical Data Management: Strategies for unregulated data
Clinical Data Management: Strategies for unregulated dataClinical Data Management: Strategies for unregulated data
Clinical Data Management: Strategies for unregulated data
 
Flexible Study Design in Oracle Clinical and Remote Data Capture 4.6
Flexible Study Design in Oracle Clinical and Remote Data Capture 4.6Flexible Study Design in Oracle Clinical and Remote Data Capture 4.6
Flexible Study Design in Oracle Clinical and Remote Data Capture 4.6
 

Similar to Overview on data privacy

Imac 2011
Imac 2011Imac 2011
Imac 2011sebmojo
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkeshealthcareisi
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentationAlan Teh
 
Information governance
Information governanceInformation governance
Information governanceGerardo Medina
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterBrowne Jacobson LLP
 
Constraintsand challenges
Constraintsand challengesConstraintsand challenges
Constraintsand challengesjyotikhadake
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedomG Prachi
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationClinosolIndia
 
Data Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical TrialsData Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical TrialsClinosolIndia
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .ClinosolIndia
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
HIPAA Rights Privacy and Enforcements RD.pptx
HIPAA Rights Privacy and Enforcements RD.pptxHIPAA Rights Privacy and Enforcements RD.pptx
HIPAA Rights Privacy and Enforcements RD.pptxRAJIV RANJAN DAS
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...3GDR
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security Erik Vollebregt
 
PHIE Privacy Guidelines
PHIE Privacy GuidelinesPHIE Privacy Guidelines
PHIE Privacy GuidelinesRomsty
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 

Similar to Overview on data privacy (20)

Imac 2011
Imac 2011Imac 2011
Imac 2011
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkes
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentation
 
Information governance
Information governanceInformation governance
Information governance
 
Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, Exeter
 
Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
 
Constraintsand challenges
Constraintsand challengesConstraintsand challenges
Constraintsand challenges
 
Technology, policy, privacy and freedom
Technology, policy, privacy and freedomTechnology, policy, privacy and freedom
Technology, policy, privacy and freedom
 
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient InformationData Privacy and Security in Clinical Trials: Safeguarding Patient Information
Data Privacy and Security in Clinical Trials: Safeguarding Patient Information
 
Data Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical TrialsData Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical Trials
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
HIPAA Rights Privacy and Enforcements RD.pptx
HIPAA Rights Privacy and Enforcements RD.pptxHIPAA Rights Privacy and Enforcements RD.pptx
HIPAA Rights Privacy and Enforcements RD.pptx
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
 
The Health Information Governance Framework
The Health Information Governance FrameworkThe Health Information Governance Framework
The Health Information Governance Framework
 
Medical device data protection and security
Medical device data protection and security Medical device data protection and security
Medical device data protection and security
 
PHIE Privacy Guidelines
PHIE Privacy GuidelinesPHIE Privacy Guidelines
PHIE Privacy Guidelines
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 

Recently uploaded

Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment BookingModels Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Bookingnarwatsonia7
 
2024 HCAT Healthcare Technology Insights
2024 HCAT Healthcare Technology Insights2024 HCAT Healthcare Technology Insights
2024 HCAT Healthcare Technology InsightsHealth Catalyst
 
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service HyderabadVIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Book Call Girls in Noida Pick Up Drop With Cash Payment 9711199171 Call Girls
Book Call Girls in Noida Pick Up Drop With Cash Payment 9711199171 Call GirlsBook Call Girls in Noida Pick Up Drop With Cash Payment 9711199171 Call Girls
Book Call Girls in Noida Pick Up Drop With Cash Payment 9711199171 Call GirlsCall Girls Noida
 
Single Assessment Framework - What We Know So Far
Single Assessment Framework - What We Know So FarSingle Assessment Framework - What We Know So Far
Single Assessment Framework - What We Know So FarCareLineLive
 
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...High Profile Call Girls Chandigarh Aarushi
 
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...vrvipin164
 
Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949ps5894268
 
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service GoaRussian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goanarwatsonia7
 
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts ServiceCall Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Servicenarwatsonia7
 
Call Girls Secunderabad 7001305949 all area service COD available Any Time
Call Girls Secunderabad 7001305949 all area service COD available Any TimeCall Girls Secunderabad 7001305949 all area service COD available Any Time
Call Girls Secunderabad 7001305949 all area service COD available Any Timedelhimodelshub1
 
Call Girls LB Nagar 7001305949 all area service COD available Any Time
Call Girls LB Nagar 7001305949 all area service COD available Any TimeCall Girls LB Nagar 7001305949 all area service COD available Any Time
Call Girls LB Nagar 7001305949 all area service COD available Any Timedelhimodelshub1
 
EMS and Extrication: Coordinating Critical Care
EMS and Extrication: Coordinating Critical CareEMS and Extrication: Coordinating Critical Care
EMS and Extrication: Coordinating Critical CareRommie Duckworth
 
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
2025 Inpatient Prospective Payment System (IPPS) Proposed RuleShelby Lewis
 
Book Call Girls in Hosur - 7001305949 | 24x7 Service Available Near Me
Book Call Girls in Hosur - 7001305949 | 24x7 Service Available Near MeBook Call Girls in Hosur - 7001305949 | 24x7 Service Available Near Me
Book Call Girls in Hosur - 7001305949 | 24x7 Service Available Near Menarwatsonia7
 
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...delhimodelshub1
 
Globalny raport: „Prawdziwe piękno 2024" od Dove
Globalny raport: „Prawdziwe piękno 2024" od DoveGlobalny raport: „Prawdziwe piękno 2024" od Dove
Globalny raport: „Prawdziwe piękno 2024" od Doveagatadrynko
 

Recently uploaded (20)

Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment BookingModels Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
Models Call Girls Electronic City | 7001305949 At Low Cost Cash Payment Booking
 
Call Girls in Lucknow Esha 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
Call Girls in Lucknow Esha 🔝 8923113531 🔝 🎶 Independent Escort Service LucknowCall Girls in Lucknow Esha 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
Call Girls in Lucknow Esha 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
 
2024 HCAT Healthcare Technology Insights
2024 HCAT Healthcare Technology Insights2024 HCAT Healthcare Technology Insights
2024 HCAT Healthcare Technology Insights
 
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service HyderabadVIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
VIP Call Girls Hyderabad Megha 9907093804 Independent Escort Service Hyderabad
 
Book Call Girls in Noida Pick Up Drop With Cash Payment 9711199171 Call Girls
Book Call Girls in Noida Pick Up Drop With Cash Payment 9711199171 Call GirlsBook Call Girls in Noida Pick Up Drop With Cash Payment 9711199171 Call Girls
Book Call Girls in Noida Pick Up Drop With Cash Payment 9711199171 Call Girls
 
Single Assessment Framework - What We Know So Far
Single Assessment Framework - What We Know So FarSingle Assessment Framework - What We Know So Far
Single Assessment Framework - What We Know So Far
 
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
Call Girl Chandigarh Mallika ❤️🍑 9907093804 👄🫦 Independent Escort Service Cha...
 
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
Gurgaon Sector 45 Call Girls ( 9873940964 ) Book Hot And Sexy Girls In A Few ...
 
Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949Low Rate Call Girls In Bommanahalli Just Call 7001305949
Low Rate Call Girls In Bommanahalli Just Call 7001305949
 
Call Girls Guwahati Aaradhya 👉 7001305949👈 🎶 Independent Escort Service Guwahati
Call Girls Guwahati Aaradhya 👉 7001305949👈 🎶 Independent Escort Service GuwahatiCall Girls Guwahati Aaradhya 👉 7001305949👈 🎶 Independent Escort Service Guwahati
Call Girls Guwahati Aaradhya 👉 7001305949👈 🎶 Independent Escort Service Guwahati
 
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service GoaRussian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
Russian Call Girls in Goa Samaira 7001305949 Independent Escort Service Goa
 
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts ServiceCall Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
Call Girl Service ITPL - [ Cash on Delivery ] Contact 7001305949 Escorts Service
 
Call Girls Secunderabad 7001305949 all area service COD available Any Time
Call Girls Secunderabad 7001305949 all area service COD available Any TimeCall Girls Secunderabad 7001305949 all area service COD available Any Time
Call Girls Secunderabad 7001305949 all area service COD available Any Time
 
Call Girls LB Nagar 7001305949 all area service COD available Any Time
Call Girls LB Nagar 7001305949 all area service COD available Any TimeCall Girls LB Nagar 7001305949 all area service COD available Any Time
Call Girls LB Nagar 7001305949 all area service COD available Any Time
 
EMS and Extrication: Coordinating Critical Care
EMS and Extrication: Coordinating Critical CareEMS and Extrication: Coordinating Critical Care
EMS and Extrication: Coordinating Critical Care
 
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
2025 Inpatient Prospective Payment System (IPPS) Proposed Rule
 
Book Call Girls in Hosur - 7001305949 | 24x7 Service Available Near Me
Book Call Girls in Hosur - 7001305949 | 24x7 Service Available Near MeBook Call Girls in Hosur - 7001305949 | 24x7 Service Available Near Me
Book Call Girls in Hosur - 7001305949 | 24x7 Service Available Near Me
 
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service LucknowVIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
 
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
College Call Girls Hyderabad Sakshi 9907093804 Independent Escort Service Hyd...
 
Globalny raport: „Prawdziwe piękno 2024" od Dove
Globalny raport: „Prawdziwe piękno 2024" od DoveGlobalny raport: „Prawdziwe piękno 2024" od Dove
Globalny raport: „Prawdziwe piękno 2024" od Dove
 

Overview on data privacy

  • 1. Overview on Data Privacy (Clinical Data Manager’s Perspective) Vinayak Thorat Clinical Data Manager vinayak.thorat@ancillarie.com
  • 2. “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks. - Universal Declaration of Human Rights – Art. 12
  • 3. “Everyone has the right to respect for his private and family life, his home and his correspondence. -European Convention for the Protection of Human Rights and Fundamental freedoms
  • 4. “The confidentiality of records that could identify subjects should be protected, respecting the privacy and confidentiality rules in accordance with applicable regulatory requirement(s). -ICH Guideline for Good Clinical Practice (GCP)
  • 5. TOC ▸Introduction ▸Scope of Topic ▸Minimum Standards ▸Best Practices ▸Important Considerations 5
  • 6. Introduction Why is Personal Data Protection important? 6
  • 7. Introduction Why is Personal Data Protection important? • It is an Universal Human Right • Possible damages to the business and the image of a company • Important financial & individual risks for non- compliance  Inability to perform research  Important fines  Legal consequences • Important risks for the data subjects  Identity theft and Fraud  Discrimination 7
  • 8. • Data privacy refers to the standards surrounding protection of personal data. • Personal data can be defined as any information that can lead to identification, either directly or indirectly, of a research subject; e.g. Subject names, initials, addresses, and genetic information. Important Definitions 8
  • 9. What Constitutes Private or Personal Information? According to EU Directive 95/46/EC, Private of personal information means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.” 9
  • 10. What Constitutes Private or Personal Information? Per HIPAA: 45 CFR Section 164.501: “Private or Personal Information that is a subset of health information, including demographic information collected from an individual and: • Is created or received by a health care provider, health plan, employer, or health care clearing house; • Relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and  That identifies the individual; or  With respect to which there is a reasonable basis to believe the information can be used to identify the individual.” 10
  • 11. How privacy protection gave to research subjects ? • Protocol review and approval by an Institutional Review Board (IRB) • Right to informed consent • Right of the subject to withdraw consent and have no further data collected • Right to notice of disclosure • Confidential collection and submission of data 11
  • 12. Who are responsible? Primarily Site management or clinical monitoring team are responsible for subject data privacy; However, Data Management Personnel should be acquainted with common issues related to data privacy and should follow regulatory and organizational guidelines to ensure the privacy of research subjects. 12
  • 13. SCOPE Important Considerations Minimum Requirements Glance on Regulatory Guidelines We will talk about!!! 13 Best Practices
  • 14. Minimum Requirements • All personnel involved in handling (directly or indirectly) of Personal identifiable information (PII) must be trained on data privacy concepts & issues; company policy; regulatory agency policy and applicable local, state, federal, and international laws. • Data collection tools should capture minimum PII; e.g. CRF, clinical, laboratory, genetics database, data transfer specifications, ePRO etc. • Documents which are accessible to data management team should not content PII except subject identifier. • Timely review and updates of company privacy policy/ related SOPs. 14
  • 15. Best Practices • Educate associated personnel regarding subject data privacy • Develop organization SOP for data privacy • Define internal and external accountability in the company policies • SOP should be present and implemented for data transfer. • All privacy considerations must be addressed and documented. • Setup internally or tie up with quality assurance department to ensure compliance with data privacy regulations. • Maintain proper physical and electronic security measures. e.g.: Storage of Paper CRFs should be stored in regulated access environment; for electronic records password authentication and firewall security must be present. 15
  • 16. Legislation and Regulatory Guidance • EU Data Protection Directive 95/46/EC • EU Data Protection Directive 2001/20/EC • General Data Protection Regulation: Regulation (EU) 2016/679 16
  • 17. EU Data Protection Directive 95/46/EC- 7 Principles • Notice: Data subjects should be given notice when their data is being collected; • Purpose: Data should only be used for the purpose stated and not for any other purposes; • Consent: Data should not be disclosed without the data subject’s consent; • Security: Collected data should be kept secure from any potential abuses; • Disclosure: Data subjects should be informed as to who is collecting their data; • Access: Data subjects should be allowed to access their data and make corrections to any inaccurate data; and • Accountability: Data subjects should have a method available to them to hold data collectors accountable for not following the above principles 17
  • 18. Clinical Trials Directive (Directive 2001/20/EC) • The Clinical Trials Directive is a European Union directive that aimed at facilitating the internal market in medicinal products within the European Union, while at the same time maintaining an appropriate level of protection for public health. • It seeks to simplify and harmonize the administrative provisions governing clinical trials in the European Community, by establishing a clear, transparent procedure. • The Member States of the European Union had adopted and publish by 1 May 2003 the laws, regulations and administrative provisions necessary to comply with this Directive. • The Member States had applied these provisions at the latest with effect from 1 May 2004. 18
  • 19. The Articles of the Directive 2001/20/EC • Scope (Directive does not apply to non-interventional trials). • Definitions • Protection of clinical trial subjects • Clinical trials on minors • Clinical trials on incapacitated adults not able to give informed legal • Ethics Committee • Single opinion • Detailed guidance • Commencement of a clinical trial • Conduct of a clinical trial • Exchange of information • Suspension of the trial or infringements • Manufacture and import of investigational medicinal products • Labelling • Verification of compliance of investigational medicinal products with good clinical and manufacturing practice • Notification of adverse events • Notification of serious adverse reactions • Guidance concerning reports • General provisions • Adaptation to scientific and technical progress • Committee procedure • Application • Entry into force • Addressees 19
  • 20. General Data Protection Regulation: Regulation (EU) 2016/679 • The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). • The primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business. • When the GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC) from 1995. • The regulation was adopted on 27 April 2016; It enters into application 25 May 2018 after a two-year transition period. 20
  • 21. General Data Protection Regulation: Regulation (EU) 2016/679 • The regulation applies if the data controller or processor (organization) or the data subject (person) is based in the EU therefore, regulation also applies to organizations based outside the European Union if they process personal data of EU residents. • Valid consent must be explicit for data collected and purposes data used. Consent for children must be given by child’s parent or custodian, and verifiable. Data controllers must be able to prove "consent" (opt-in) and consent may be withdrawn. • Data Protection Officers are to ensure compliance within organizations. • Any incident related to data breach, is mandatory to notify the Supervisory Authority within 72 hours from the data breach. 21
  • 22. Safe Harbor Principles • Notice: Subjects must be informed of how their data will be collected and used. • Choice: Subjects must be able to opt out of collection of their data and its transfer to third parties. • Data transfers: Any transfers of data to third parties must only be to other organizations that have rigorous data-protection policies. • Security: All reasonable efforts must be made to prevent the loss of any data collected. • Data integrity: Data must be reliable and relevant to the purpose for which it was collected. • Access: Subjects must be able to access information about them that is collected, and have an opportunity to have this data corrected or deleted if necessary. • Enforcement: A mechanism must be in place to effectively and consistently enforce these rules. 22
  • 23. Clinical data managers should ensure that access to data is restricted to qualified and approved personnel Important Considerations 23
  • 24. Central Committees • Reports to and meetings with various committees may necessitate presentation of some study data in the form of reports from database, original or copies of source data. • In any cases, personal subject identifiers should be removed prior to presentation of data to the committee, and in some cases, study identifiers may need to be added. • Independent committee should be present to ensure data anonymity. Important Considerations 24
  • 25. Data Collection • Data collection instruments should be designed with subject identifiers which can be anticipated while designing CRF, Clinical database, laboratory database and data transfer specifications etc. • Subject genomic data should be handled with utmost care, which includes,  Storage of this data into completely independent data servers and physical locations  Independent qualified resources  Detailed and Specific SOPs dedicated to the processing and use of this data • Different data collection methodologies may required for different considerations: e.g. for Paper Based Studies: SOPs for redaction of personal identifier, handling, transfer and storage of documents required. Important Considerations 25
  • 26. Data Transfers • Data transfer specification document should be produced prior to data transfer. • Data transfer process should be exhaustively tested to ensure transferred information could not jeopardize data privacy. • The planned data transfer should be reviewed to ensure all transferred data matches the database. Computer and Network Security • Any lapses in computer or network security may jeopardize the integrity of the database, and therefore, data privacy. • Organization’s information technology personnel develops SOPs for computer and network security • Data managers have a responsibility to use systems appropriately and responsibly. Important Considerations 26
  • 27. Vendor Management & Lab Data Management • Different standards should be present depends upon level of access • Vendors having access to clinical database should be meet international standards. • Vendor facility audit should be conducted to ensure facility compliance & data transfer and reporting specifications should be compliant with respective regulatory guidelines. • Personal identifiers should be redacted & should not contain any subject-specific information prior to submission to data management e.g.: Mr. Mike became unconscious due to hypoglycemia. • If any deviation/violation in privacy policy observed by data management team, it should be addressed to appropriate internal or external clinical site management team for corrective and preventive actions or as per organizations SOPs/Policies. Important Considerations 27
  • 28. Redaction (editing before presenting) of Personal Data • Redaction is the act of appropriately editing text from a document before releasing the document to other personnel or departments. E.g.: Mr. Mike became unconscious due to hypoglycemia change it to Subject felt unconscious due to hypoglycemia. • Organizations should have SOPs for redaction of personal data. • Primarily responsibility of redaction of personal data lies to site or monitor, however data managers should be mindful while performing data management activities to identify and rectify the data privacy issues. Important Considerations 28
  • 29. Global studies should adhere to the most restrictive regu lation s of th e cou n tries in volved . 29
  • 30. References • International Conference on Harmonisation. Harmonised Tripartite Guideline for Good Clinical Practice. 2nd ed. London: Brookwood Medical Publications; 1996. • European Parliament and Council of Europe. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Strasbourg, France: European Parliament and Council of Europe; 1995. Available at: http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm. Accessed November 10, 2008. • European Parliament and Council of Europe. Directive 2001/20/EC of the European Parliament and of the Council of 4 April 2001 on the approximation of the laws, regulations and administrative provisions of the Member States relating to the implementation of good clinical practice in the conduct of clinical trials on medicinal products for human use. Strasbourg, France: European Parliament and Council of Europe; 2001. Available at: http://ec.europa.eu/enterprise/pharmaceuticals/eudralex/vol1_en.htm. Accessed November 10, 2008. • Antokol J. Protecting Personal Data in Global Clinical Research. The Monitor.2008:22;57–60. • Code of Federal Regulations, Title 45, Part 164.501, Uses and disclosures for which consent, an authorization, or opportunity to agree or object is not required. Washington DC. US Government Printing Office; 2002. Available at: http://www.access.gpo.gov/nara/cfr/waisidx_02/45cfr164_02.html. Accessed November 10, 2008. 30
  • 31. THANK YOU! Visit us on www.ancillarie.com 31 copyright © ancillarie 001- 31JAN2017