Hello,
Yep, for the United States it would be the HIPAA requirements (HIPAA Act) and in the European Union would be GDPR regulation. The previous post is correct to check local/state requirements because there are sometimes additional considerations which must be made. There are some additional PHI requirements in different states in the U.S. and some countries in EU. Just a note, if the patient information can be printed, while not completely your responsibility for maintaining full compliance, the controls in your application should make the user aware. As an example, there are some notifications which can be made as "pop-ups" indicating to the user patient information would not be controlled by the application once a print has been made and further PHI requirements should be followed ... etc. etc.
------------------------------
Richard Vincins RAC
Vice President Global Regulatory Affairs
------------------------------
Original Message:
Sent: 26-Aug-2021 13:21
From: Anonymous Member
Subject: Reports for Patients - Protected Health Information (PHI)
This message was posted by a user wishing to remain anonymous
For the US and EU, you have to follow the HIPAA and GDPR. I would also check local regulations like provincial\state requirements.
also, pay attention, if patients data is shared between sites, there may be some contracts\agreements that should be in place first.
follow these regulations and conduct an assessment of what is applicable to you.
I hope it helps.
Original Message:
Sent: 25-Aug-2021 19:44
From: Anonymous Member
Subject: Reports for Patients - Protected Health Information (PHI)
This message was posted by a user wishing to remain anonymous
We have a Class III medical device in US and EU which is under clinical trials. We plan to have Patient information printed which we believe is Protected Health Information (PHI). Can someone assist to see what are the US and EU regulations around this that we need to comply with?