Pharma Privacy Watch Sample

Published by VirSci Corporation

SAMPLE

Welcome to the sample Pharma Privacy Watch quarterly report. This page contains sample executive summaries and snippets of "intelligence" that illustrate the depth of analysis of important privacy issues of importance to pharmaceutical companies. To get the real thing, you may subscribe to the full service or order reprints.

Last updated 31 Jan 2003

Contents

Texas SB 11 Medical Privacy Act vs. HIPAA (10/17/2002)

Summary of HIPAA Final Privacy Rule (14 August 2002)

Online Personal Privacy Act versus Consumer Privacy Protect Act of 2002

Subscribe and/or Order Reprints

Executive Summaries

Texas SB 11 Medical Privacy Act vs. HIPAA

The new Texas Medical Privacy Act, also known as SB 11 and, in some quarters, as "super HIPAA," is aimed squarely at hampering the ability - and, some say, the freedom - of pharmaceutical companies to market their products to consumers in Texas.

SB 11 adopts HIPAA privacy rules as they originally appeared in December 2000, before the proposed changes to the rule released in March 2002 and the rule as finalized in August 2002. This is apparent especially with regard to marketing. SB 11, however, provides additional protections for Texans than is provided for under HIPAA. Of particular concern to pharmaceutical companies, health web sites, and other entities that collect or use "Protected Health Information" (PHI) in Texas is the fact that SB 11 applies to them as well as "covered entities" as defined by HIPAA.

The following table is a comparison between the final HIPAA privacy regulations and provisions of the Texas Medical Privacy Act. The table was updated since it was first published in August 2002 to reflect information gathered at the "Meeting on Texas Privacy Law" sponsored by the International Pharmaceutical Privacy Consortium held on 26 September 2002.

Intelligence Source Data and References

Texas SB 11 Medical Privacy Act vs. HIPAA (PDF; modified 10/17/2002)

See a sample ...or... Order a Reprint

Privacy rights vs. access to health information: Should we have to make a choice?" (PDF file)

A commentary by John Mack, published in the Nov 4, 2002 issue of iHealthbeat.

Intelligence	Source Data and References
Texas SB 11 Medical Privacy Act vs. HIPAA (PDF; modified 10/17/2002) See a sample ...or... Order a Reprint	Privacy rights vs. access to health information: Should we have to make a choice?" (PDF file) A commentary by John Mack, published in the Nov 4, 2002 issue of iHealthbeat.

Return to Contents...

Summary of HIPAA Final Privacy Rule (14 August 2002)

HHS Secretary Tommy G. Thompson on Friday, August 9, 2002, issued the first-ever comprehensive federal regulation that gives patients sweeping protections over the privacy of their medical records. The final regulation, which takes effect April 14, 2003, will ensure strong privacy protections without interfering with Americans' access to quality health care.

HHS received more than 11,000 public comments on the proposed modifications issued in March 2002. The final rule, which was published in the August 14, 2002 Federal Register, includes some key revisions to address public concerns.

By and large, the final rule adopts the changes proposed in the March 2002 NPRM with few major differences. This summary focuses on modifications, additions and clarifications of the NPRM as they appear in the final rule. Of particular interest to pharmaceutical companies are the provisions and comments related to marketing, uses and disclosures regarding FDA regulated products and activities, and the "limited data set." Consequently, the summary includes further comments related to these issues.

Intelligence Source Data and References

Summary of Final Privacy Rule (pdf; updated 8/16/2002)
Topics include:

Marketing - definition, intent vs. effect, remuneration, selling of patient lists, drug company access to PHI for marketing purposes
Disclosure to FDA-regulated entities
Incidental use and disclosure - accounting for incidental exposures, conflict with security rule over safeguards
Research - expiration date, continued use and disclosure after withdrawal, blanket authorizations, recruitment for clinical trials
Limited Data Set - data use agreement

See a sample ...or... Order a Reprint

FPW Data Package 1.2 (ZIP file), contains:

Final Rule (as published in the Federal Register on 8/14/2002; PDF)
HHS Fact Sheet (8/9/2002; MS WORD)
HHS Press Release (8/9/2002; MS WORD)
House Committee on Gov't Reform Letter to Sect'y Thompson (7/23/2002; PDF)
Six members wrote Health and Human Services Secretary Tommy Thompson with questions on the Administration's proposed changes to the medical privacy rule, including the creation of a broad loophole through which drug companies could access patient health records without patient permission.
Davis Wright Tremaine LLP Analysis and Comments (8/11/2002 Press Release; MS WORD)
Health Privacy Project Comments (8/9/2002 Press Release; PDF)
Health Leadership Council Comments (8/8/2002 Press Release; MS WORD)
Insitute for Health Freedom Comments (8/9/2002 Press Release; MS WORD)

Intelligence	Source Data and References
Summary of Final Privacy Rule (pdf; updated 8/16/2002) Topics include: Marketing - definition, intent vs. effect, remuneration, selling of patient lists, drug company access to PHI for marketing purposes Disclosure to FDA-regulated entities Incidental use and disclosure - accounting for incidental exposures, conflict with security rule over safeguards Research - expiration date, continued use and disclosure after withdrawal, blanket authorizations, recruitment for clinical trials Limited Data Set - data use agreement See a sample ...or... Order a Reprint	FPW Data Package 1.2 (ZIP file), contains: Final Rule (as published in the Federal Register on 8/14/2002; PDF) HHS Fact Sheet (8/9/2002; MS WORD) HHS Press Release (8/9/2002; MS WORD) House Committee on Gov't Reform Letter to Sect'y Thompson (7/23/2002; PDF) Six members wrote Health and Human Services Secretary Tommy Thompson with questions on the Administration's proposed changes to the medical privacy rule, including the creation of a broad loophole through which drug companies could access patient health records without patient permission. Davis Wright Tremaine LLP Analysis and Comments (8/11/2002 Press Release; MS WORD) Health Privacy Project Comments (8/9/2002 Press Release; PDF) Health Leadership Council Comments (8/8/2002 Press Release; MS WORD) Insitute for Health Freedom Comments (8/9/2002 Press Release; MS WORD)

Return to Contents...

Online Personal Privacy Act versus Consumer Privacy Protect Act of 2002

The big news this month is the introduction of two contrasting privacy bills in Congress, one in the Senate (S.2201, Hollings) and one in the House (H.R.4678, Stearns). These bills are likely to go head-to-head in debate in the public arena as well as in Congress. On 17 May 2002 S.2201, with several amendments, was approved by the Senate Commerce Committee and sent to the full Senate for its consideration. The amendments include:

FTC to provide regulations for application to offline operations within 6 months of enactment;
damages for private suits lowered to $500 (from $5,000) per incident;
exemption of companies that are in compliance with FTC-approved self-regulatory agencies (e.g., TRUSTe).

A detailed comparison of the provisions of these bills is made in Table 1. Below are some of the main points of comparison:

S.2201 H.R.4678

Sponsor Hollings (D.-S.C.) Stearns (R.-Fla.)

Applies online only? Yes, but FTC to issue rules for offline in 6 months No, applies offline as well as online

Requires Opt-In? Yes, for sensitive personally identifiable information like health data No, only opt-out

Pre-empts state law? Yes Yes

Provides for private right of action? Yes No

	S.2201	H.R.4678
Sponsor	Hollings (D.-S.C.)	Stearns (R.-Fla.)
Applies online only?	Yes, but FTC to issue rules for offline in 6 months	No, applies offline as well as online
Requires Opt-In?	Yes, for sensitive personally identifiable information like health data	No, only opt-out
Pre-empts state law?	Yes	Yes
Provides for private right of action?	Yes	No

Intelligence Source Data and References

Online Personal Privacy Act (S 2201) vs. Consumer Privacy Protect Act of 2002 (HR 4678) (Comparison Table; pdf: SAMPLE)

Senate Bill S.2201 (as introduced 18 April 2002; pdf)
Senate Bill S.2201 (cmte draft 14 May 2002; pdf)
House Bill H.R.4678 (as introduced 8 May 2002; pdf)
Hollings Press Release; 17 May 2002 (rtf)
Source information available with subscription to service.

Intelligence	Source Data and References
Online Personal Privacy Act (S 2201) vs. Consumer Privacy Protect Act of 2002 (HR 4678) (Comparison Table; pdf: SAMPLE)	Senate Bill S.2201 (as introduced 18 April 2002; pdf) Senate Bill S.2201 (cmte draft 14 May 2002; pdf) House Bill H.R.4678 (as introduced 8 May 2002; pdf) Hollings Press Release; 17 May 2002 (rtf) Source information available with subscription to service.

Return to Contents...

For subscription information contact:

John Mack, Editor
VirSci Corporation
PO Box 760
Newtown, PA 18940
215-504-4164, 215-504-5739 FAX
johnmack@virsci.com

PPW Home