Hi Michelle,
I agree that in the normal course of business a medical device manufacturer does not fall within the categories of covered entities for HIPAA (note correct acronym). However, any medical product entity that conducts clinical trials has to be aware of HIPAA rules and obtain authorization during Informed Consent. And as noted in this Q&A, there may be some circumstances under which a medical device company is subject to the rules.
https://www.hhs.gov/hipaa/for-professionals/faq/490/when-may-a-covered-health-care-provider-disclose-protected-health-information-without-authorization/index.html------------------------------
Glen Park PharmD
Vice President, Regulatory Affairs and Quality Assurance
New York NY
United States
------------------------------
Original Message:
Sent: 05-Jan-2022 09:35
From: D Michelle Williams
Subject: Thoughts on HIPAA
Good Day Frank,
I'm very interested in your question depending on what type of organization you are asking. I posted a question about HIPPA over a year ago based on an internal audit finding by a third party auditor. The consensus from everyone that responded was that HIPPA is not applicable to medical device manufacturers by the definitions in the law.
Everyone posted that it is very specific to which entities are covered and a medical device manufacturer does not fall withing any of those categories.
Best regards,
------------------------------
D Michelle Williams
VP - Operations
United States
Original Message:
Sent: 04-Jan-2022 08:19
From: Glen Park
Subject: Thoughts on HIPAA
Hi Frank,
You could start here.
https://www.hhs.gov/hipaa/for-professionals/training/index.html
------------------------------
Glen Park PharmD
Vice President, Regulatory Affairs and Quality Assurance
New York NY
United States
Original Message:
Sent: 03-Jan-2022 19:30
From: Frank Pokrop
Subject: Thoughts on HIPAA
Hello – Happy New Year and thanks to the many RAPS members who are active on the Regulatory Exchange.
From time to time I get asked questions about HIPAA including: how to become compliant, what's needed to stay compliant, training, and how can I find an expert on HIPAA?
I'd like to hear your thoughts on:
- Best way for an individual to get trained
- How can an individual become certified if that's possible
- What companies or individuals can be used for auditing against HIPAA requirements
Thank You.
Frank Pokrop
Director, Regulatory Affairs
9975 Summers Ridge Road
San Diego, CA 92121, US
O: 858-302-0477
C: 442-273-4827
Quidel Confidentiality Notice: This electronic mail message, including any attachments, may contain information that is privileged, confidential, proprietary in nature, or otherwise private information that is protected by law from disclosure or subject to copyright and is intended only for the designated recipient. If you are not the designated recipient, you are hereby notified that any use, disclosure, distribution, reproduction, review, or copying is unauthorized and may be unlawful. If you have received this electronic message in error, please notify the sender immediately and delete the message completely from your computer system. Thank you.