Nadine,
Why does your company need to comply with HIPAA? If it's a device manufacturer, it is probably not a "covered entity" or "business associate" under HIPAA and therefore the HIPAA regulations do not apply to it (see below). Clearly your company needs to institute protections of the data it receives and holds (e.g. from sites in a clinical trial), but I don't believe HIPAA is the regulation you need to follow (unless for some reason you are a covered entity/business associate).
§ 160.102 Applicability.
(a) Except as otherwise provided, the standards, requirements, and implementation specifications adopted under this subchapter apply to the following entities: (1) A health plan. (2) A health care clearinghouse. (3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter.
(b) Where provided, the standards, requirements, and implementation specifications adopted under this subchapter apply to a business associate.
------------------------------
David Jensen PhD, RAC
Regulatory Affairs Scientist
Durham NC
United States
------------------------------
Original Message:
Sent: 03-Mar-2021 12:48
From: Nadine Adia
Subject: HIPPA regulatory compliance process
Dear all,
Please I need your advice on the process to help my company ( medical device manufacturer) to be HIPPA compliant.
I 've uploaded the rule 45 CFR Part 160 from HHS website but I'm still confused on what I have to do as regulatory Affairs person to achieve this goal.
I' m not yet familiar to this requirement.
Thank you in advance for your help.
Rgds,
------------------------------
Nadine Adia
Quebec QC
Canada
------------------------------