• No results found

PREP Course # 25: Going Electronic?

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "PREP Course # 25: Going Electronic?"

Copied!
50
0
0

Loading.... (view fulltext now)

Download now ( 50 Page )

Full text

(1)

PREP Course # 25:

Going Electronic?

Presented by:

Cerdi Beltre, Administrative Director, Clinical Research Service

Martin L. Lesser, PhD, EMT-CC, Director and Investigator, Biostatistics Unit David Ballard, PhD, Director of Research Informatics, Assistant Investigator

(2)

CME Disclosure Statement

• The North Shore LIJ Health System adheres to the ACCME’s new Standards for Commercial Support. Any individuals in a position to control the

content of a CME activity, including faculty, planners, and managers, are required to disclose all financial relationships with commercial interests. All identified potential conflicts of interest are thoroughly vetted by the North Shore-LIJ for fair balance and scientific objectivity and to ensure

appropriateness of patient care recommendations.

• Course Director, Kevin Tracey , has disclosed a commercial interest in Setpoint, Inc. as the cofounder, for stock and consulting support. He has resolved his conflicts by identifying a faculty member to conduct content review of this program who has no conflicts.

(3)

Objectives

• Provide overview of regulations and

policies relating to electronic records.

• Discuss current solutions within our health

system for:

• Safeguarding electronic PHI • Resources available:

– Research Data – Informed Consent

(4)

Research - Going Electronic

• In 2003, an estimated 95% of clinical trials relied on paper record.

• In the past several years, a dramatic increase in the adoption of electronic records

• A recent study suggests that 24% of physicians currently using some form of electronic health record, with the

adoption rate much higher in larger practices than in small practices.

• Lots of EMR’s are being rolled-out throughout the health system

Reference:

1. Tufts Center for the Study of Drug Development, “CROs Provide Gateway to Worldwide Clinical Trial Recruitment Efforts,” Impact Report, July/August 2003.

(5)

New Era

• In 2011, Pfizer announced that it is conducting the first all-electronic clinical trial. The FDA has approved Pfizer’s trial, which is being

conducted under an investigational new drug (IND) application. • The 16-week trial will evaluate the safety and efficacy of the drug

Detrol lA, which treats overactive bladder.

• It will compare the results of this electronic trial with the results of a traditional Phase IV trial completed in 2007.

• The aim is to replicate the results; if this happens, it will signal the electronic approach as a very viable and improved option for future clinical trial conduct.

Reference: Pfizer Conducts First Electronic Clinical Trial – Beginning of a New Era in Clinical Research? Link: http://www.pharmacomplianceblog.com/blog/?p=3844

(6)

How do we go paperless?

Have electronic means of capturing study data –CRFs, Source, Regulatory Documents Ensure CRF Part 11 compliance (FDA when regulated) Comply with HIPAA Security Standards, HITECH, policies, etc. 6

(7)

The HIPAA Security Rule

• Establishes national standards to protect e-PHI that is created,

received, used, or maintained by a covered entity (we are an organized healthcare arrangement).

• Requires administrative, physical and technical safeguards to ensure

the confidentiality, integrity, and security of e-PHI.

•Office of Civil Rights (OCR) is responsible for issuing periodic guidance

–Check-out CMS’ “HIPAA Security Series” (Google it or follow link:

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/securityruleguidance.h tml)

Reference:

U.S. Department of health & Human Services. Improving the health, safety, and well-being of America. Health Information Privacy –The Security Rule. Link:

www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html

(8)

HITECH Breach Notification rule

• HHS issued regulations requiring health care providers, health

plans, and other entities covered by HIPAA to notify individuals when their health information is breached.

• The breach notification requirements only apply to breaches of "unsecured" PHI.

• The HITECH Act mentions only two methods for securing

PHI: encryption and destruction.

Individuals HHS Secretary Media >500 HHS Secretary on a annual basis Individuals <500 8

(9)

21 CFR Part 11

• 21 CRF Part 11 - defines the criteria under which electronic records and electronic signatures are considered to be

trustworthy, reliable and equivalent to paper records.

• Applies to e-records created, modified, maintained, archived, retrieved, or transmitted under any records requirements set by the FDA or any e-records sent to the FDA even if not

specified in regulations.

• Being re-evaluated but FDA intends to exercise enforcement discretion with certain parts (i.e. validation, audit trail, record retention, record copying).

• HIPAA security still applies.

(10)

Where are our

policies?

(11)

Safeguarding Electronic Media Containing PHI Type of electronic

media containing PHI

Administrative Physical Technical

Excel Spreadsheet or Word

Password protected and encrypt file Access limited to those authorized Track access (Data Insight -end of 2012) Automatic backup to health system server Employee training and security awareness

Unauthorized physical access, tampering, and theft controlled with:

Locked doors Use of ID badges

Save on health system server which has: o antivirus software installed and kept

turned on

o automatic updates to download and install antivirus updates

o Detection of intrusion

o Prevention of intrusion

o Installed a firewall and uses it

Authentication (individual login/password for account)

Encryption of data when transmitted via email

Applications/Software, Access Database, Large Data Files (i.e. images, video)

Request and file copy of HIPAA security certificate

Process for managing passwords including creation, changes, safeguarding and promoting common sense precautions System that tracks access and provides reports if needed

System tracks security incidents and provides reports if needed

Process to determine clearance and termination of access

Periodic review of access performed Automatic back-up is enabled

Individual login/password for this system Data encryption

Plans for the final disposition of data/hardware

Create retrievable exact back-up and storage before movement of equipment/data

Procedures for the removal of ePHI from electronic media before re-use or discarding (i.e.

demagnetize or damage beyond repair) Cameras Alarms Warning signs Visitor passes Escorts Security guard Sign-in/sign-out

 Security violations can and will be recorded  Each person has unique ID which is

appropriate to their role/function and to track user activity. Specify what is used for

authentication: (i.e. Pin, password, token, smartcard, biometrics?)

Automatic log-off after inactivity

Implement policies/procedures to protect data from improper alteration or destruction

System has a disaster recovery plan System has an emergency mode operation plan

Data will be encrypted when being transmitted

(12)

Set a password and encrypt

an Excel spreadsheet

1. Click the Microsoft Office

Button, point to Prepare, and

then click Encrypt Document.

2. In the Password box, type a

password, and then click OK.

Reenter password, then click OK. Save the file.

Remove password protection from an Excel spreadsheet

• Use the password to open the spreadsheet.

Click the Microsoft Office Button , point to Prepare, and then click Encrypt Document.

In the Encrypt Document dialog box, in the Password box, delete the encrypted password, and then click OK.

• Save the spreadsheet.

(13)

Developing or

(14)
(15)

Data Management Services and

Support

from the Biostatistics Unit

Martin L Lesser, PhD

Director, Biostatistics Unit

Feinstein Institute for Medical Research

Professor, Departments of Molecular Medicine & Population Health

(16)

Data Management Support Services

• Case Report Form Development

• Database Design and Programming

• Data Entry Procedures (web-based vs non-web-based) • Data Quality Assurance: Validation, queries and audits • Confidentiality

• Data Security

• Data Backup Procedures • Report generation

• Standard Operating Procedures (SOPs) • Manual of Operations (MOP)

(17)

Database Architecture

• Web-based (Coldfusion/JavaScript/MS SQL Server ) • Secured web server (username and password)

(18)

Database Characteristics

• User-specific logon

• Site-specific (user can only access their site data) • Generate real-time reports (enrollment log, etc.) • Each CRF/form has data/form validation and auto

calculations (minimize data anomalies)

• Intelligence added – auto selection of inclusion/exclusion form and determination of eligibility

• Secured web and file server – entire database including transaction logs backed up nightly

(19)

CRFs Common to all Databases

• Subject registration • Demographics

• Baseline clinical data • Physical exam

• Medical History/Cancer History • Concomitant medications

• Laboratory (chemistry, hematology) • Radiology

• BMT common forms

• Procedures and drug administration • Adverse events (AE, SAE)

• Specimen tracking forms • Off-study report

(20)

Active Database Applications

• Udall Parkinson’s Disease Database (Eidelberg, NINDS) • Litwin-Zucker Memory Disorders Database (Davies,

NINDS)

• RCT of Celecoxib in Recurrent Respiratory Papillomatosis (Steinberg, NIDCD)

• Clinical Research Center Protocol Tracking (Morgan)

• Geriatric Ambulatory Psychiatric Clinic Database (Koppel) • WOR34 Rheumatoid Arthritis Database Planning Grant

(Aranow – in development)

(21)

Planning a Database

• Contact the Biostatistics Unit

516-562-0300

• Plan well in advance

• A properly designed data base (from

CRFs to database to SOPs to MOPs)

can take up to several months

(22)

Electronic consent

(23)

North Shore Informatics Group

• Data management services for

– Clinical research

• Electronic CRFs

• Electronic Data Capture • Clinical Alerts

• Online Consent

– LIMS

– Genomics

(24)

Patient Research Information

SysteM

(25)

PRISM

(26)

Electronic CRF

(27)

Electronic consent

• Requirements

– Electronic Consent must be added to the

protocol.

– Must receive IRB approval.

(28)

Coordinator Workflow

(29)

Participant Workflow

• Participant Receives Email

(30)

Participant Workflow

(31)

Final Step

• Participant and Coordinator Receive Email

(32)

Electronically Signed Consent

(33)

Data Collected

(34)

Regulatory Binder

(35)

Electronic Regulatory Binder

35

Keep paper source (or certify copy) Electronic

Monitoring log Required education

Delegation of responsibility Public Registration of Research Studies Signed Consent Forms Protocol

Source documents IRB correspondence/ approvals FWA Assurance

Screening/Enrollment

Advertising/ educational materials Sample tracking and shipping

Local lab certificates/Reference Ranges Investigational Product information Sponsor correspondence

FDA forms

(36)
(37)
(38)
(39)
(40)
(41)
(42)
(43)
(44)
(45)
(46)

Availability of Records

1. All records must be readily available for review and copying.

2. All necessary equipment must be provided to facilitate viewing and copying of the records.

3. A reproduction must be a true and accurate copy of the original record. If the copy does not reveal changes or additions to the

original record, the original must be retained.

Reference: Inspections, Compliance, Enforcement, and Criminal Investigations, CPG Sec. 130.400 Use of Microfiche and/or Microfilm for Method of Records Retention, link: http://www.fda.gov/ICECI/ComplianceManuals/CompliancePolicyGuidanceManual/ucm073842.htm

(47)

Certification of originals

ALCOA: Electronic source data and source documentation must meet the same

fundamental elements of data quality -attributable, legible, contemporaneous, original, and accurate.*

Original data: Values that represent the first recording of study data. FDA is allowing

original documents and the original data recorded on those documents to be replaced by copies provided the copies are identical and have been verified as such.*

Certified Copy: A certified copy is a copy of original information that has been

verified, as indicated by a dated signature, as an exact copy having all of the same attributes and information as the original. NOTE: The copy may be verified by dated signature or by a validated electronic process. A certified copy of a source document may serve as a source for a clinical investigation.**

Reference:

*FDA Guidance Document: Computerized Systems Used in Clinical Investigations (May 2007) **CDISC Clinical Research Glossary, Link:

http://www.appliedclinicaltrialsonline.com/appliedclinicaltrials/article/articleDetail.jsp?id=571305&sk=&date=&pageID=5

(48)

Expected Changes

• Update in IRB Form • Purchase of a CTMS • Electronic signature

• Policies/guidance will be created or modified • Data Insight – end of 2012

• Flagging electronic health records • Data loss prevention program

(49)

Contacts

Cerdi Beltre Clinical Research Service 516-562-0340 [email protected] David Ballard, PhD Research Bioinformatics 516-562-1205 [email protected] Martin Lesser, PhD Biostatistics 516-562-0300 [email protected] 49

(50)

Q U E S T I O N S ?

References

Download now ( PDF - 50 Page - 3.19 MB )

Related documents

Health Plan Certification of Compliance with HIPAA Electronic Transaction Standards

The Department of Health and Human Services (“HHS”) issued proposed regulations that will require a controlling health plan (“CHP”) to submit information certifying compliance

Regulated Documents. A concept solution for SharePoint that enables FDA 21CFR part 11 compliance when working with digital documents

Concept of service offering Regulated Documents Concept by OpenDocs Solution delivery Implementation support2. Regulated Documents

FDA Regulation of Electronic Source Data in Clinical Investigations

 When a PRO instrument is used by a subject to transmit data elements directly into the eCRF, the subject is considered the data originator and the eCRF is the source.  If

Scotiabank Acquisition of Dundee Wealth: A Strategic Analysis of Branding, Advisor Models, and Customer Segmentation

• Maintain two separate full- service broker business lines and leave Independent Agent model as is • Maintain middle- management for both advisor business lines •

Marriage and Family Therapy Graduate Student Stress: A Survey of AAMFT Student Members. Patricia David Klick

This study examines the relationship between MFT students’ level of perceived stress and several variables, such as: relationship status; parental status; working for financial

Wireless Security and Healthcare Going Beyond IEEE i to Truly Ensure HIPAA Compliance

Wireless intrusion prevention systems can monitor the entire corporate air space, ensuring that only authorized devices and authorized Wi-Fi connections are made, guaranteeing

Complete Document & Process Management for Life Sciences on SharePoint 2010

Collaboration is a core element of electronic document management and QUMAS extends this key SharePoint capability to ensure full compliance with 21 CFR Part 11 regulatory

Discovery. Metadata and E-Discovery A THOMSON WEST REPORT. Reprinted From E-Discovery: A Thomson West Report

Based on these emerging standards, the court holds that when a party is ordered to produce electronic documents as they are maintained in the ordinary course of business,