Overview: This webinar is a compilation of information in areas that generate the most questions for human subject's researchers when conducting research internationally. Discussed in this webinar will be: 45 CFR 46.111 (a)(2) which states, "In evaluating risks and benefits, the IRB should consider only those risks and benefits that may result from the research (as distinguished from risks and benefits of therapies subjects would receive even if not participating in the research)." So what is risk assessment and how does that affect you? The Criteria for Approval found in both the FDA and HHS regulations stipulates what will be looked at during the approval process yet many do not know how, under which conditions, their study is reviewed and therefore do not anticipate possible questions in their study design.
The Federalwide Assurance is required for NIH funded studies. It is a written assurance filed with the Office for Human Research Protections (OHRP) that outlines under which terms a study will be reviewed, approved, and conducted. Even if the study is not NIH funded the principles in the Federalwide Assurance apply. Because of this assurance, additional criteria get applied to studies. When does that happen? Why? Can it be avoided? These questions and more will be answered by learning the information presented in this webinar.
Why should you attend: All researchers want their studies be reviewed and approved quickly. Most investigators do not think about regulatory criteria when designing a study. Complicating matters is the current trend to conduct research in private physician offices and other community venues. Although this makes research more accessible to potential participants, it also invokes another set of regulations and requirements.
The consent document and process are always areas that generate questions. What can and cannot be used? Why? What is allowable? Risks, benefits and how those are viewed and accessed also confound and befuddle individuals working in this field. Knowing what to consider and what the possible stumbling blocks could be, make getting an approval to conduct human subject's research easier. Attendance at this webinar will do just that. It will not only give you a working knowledge of the areas that create the most confusion, it will also give you an understanding that will help you avoid or work through these areas faster and be of assistance to those around you.
Areas Covered in the Session:
Assurances: What are these? What do they stipulate? How they affect you as a researcher
Criteria for review. What to think about and consider when developing or conducting your study
Consent and assent. What is required? What choices do you have?
Community research. What is involved when you ask a private physician to conduct your study or to recruit from his/her clinic?
Risk/Benefit Assessment. What is it? Who makes the determination? What does that determination mean with regards to additional requirements? What is allowable?
Who Will Benefit:
Principal Investigators / Sub-investigators
Clinical Research Scientists (PKs, Biostatisticians,)
Clinical Research Associates (CRAs) and Coordinators (CRCs)
QA / QC auditors and Staff
Clinical Research Data Managers
Human Research Protection Professionals
Sarah Fowler-Dixon, PhD, CIP is Education Specialist and instructor with Washington University School of Medicine. She has developed a comprehensive education program for human subject research which has served as a model for other institutions. She crafted budgets, policies, procedures, reporting, and training for the new program. She has initiated the planning, development, authorship and implementation of many human subjects research policies, practices, guidelines, submission and reviewer forms often working with state and federal authorities.
Phone No: 800-385-1607
Event Link: http://bit.ly/1pM4cgK
Overview: This presentation will guide the user on the principles of Risk Analysis and Risk Management to prioritize risks. It will rely heavily on the NIST 800-30 as revised and finalized on 09/18/2012.
The process of risk analysis starts with the simple principle that you must know you have an asset in order to protect it. This presentation will provide information about how to determine where the risks to the organization exist and point organizations to where to look for this information. Once information asset locations have been identified, then the risk and safeguards to that information can be explored.
Risk assessments are a key part of effective risk management and facilitate decision making at all three tiers in the risk management hierarchy including the organization level, network level, and information system level.
Risk Management is a process that provides for the identification, prioritization and management of technical and non-technical risk to the confidentiality, integrity or availability of information. Risks cannot be eliminated; they must be managed appropriately. A key step in security management is risk analysis; that is, identifying threats and vulnerabilities against security controls and measures. A risk analysis allows an organization to estimate potential loss. It also can help determine the most appropriate and cost-effective security measures to implement. After the risk analysis is performed, organizations should implement the safeguards and controls needed to keep risks at an acceptable level as determined by executive management or owner.
Why should you attend: The HIPAA security rule requires every covered entity (CE) to conduct a risk analysis to determine security risks and implement measures "to sufficiently reduce those risks and vulnerabilities to a reasonable and appropriate level." In addition to attest for Meaningful Use and organization must complete a HIPAA Risk Analysis and implement a Risk Management Program. This would include conducting a risk analysis at the organizational, network and application levels.
HITECH EMR Meaningful Use Post-Pay Audits have included a request that organizations provide proof that a risk analysis was performed prior to the end of the reporting period. In addition, they will ask for a risk mitigation plan to address deficiencies and they may request completion dates. It is not the Vendors Responsibility to conduct an application risk analysis; it is the covered entities responsibility. The Meaningful Use guidance has also shown that your risk analysis cannot be limited to just the application.
This session will explore the processes and methods that can assist organizations prioritize IT security projects by addressing the highest risks to the organization. Covered entities must make security decisions on what is appropriate for their specific environment and risk analysis is the tool to ensure that risk mitigation activities are reasonable for a specific environment.
This presentation reviews the regulatory requirements for security risk analysis and management, provides an overview of the types of risk analysis that can be performed, and offers a practical approach on how to comply with these requirements.
Areas Covered in the Session:
Locate the data, and then conduct a risk analysis
Define Reasonable By Using NIST and CMS Guidance as a Guide
Risk Analysis Steps
Identify the scope of the specific analysis
Identify and document potential threats and vulnerabilities
Assess and document current security measures
Determine the likelihood of threat occurrence
Determine the potential impact of threat occurrence
Determine the level of risk
Identify potential security measures and finalize documentation
Risk Management Steps
Develop and implement a risk management plan
Implement security measures
Evaluate (monitor) and maintain security measures
Risk Mitigation or Acceptance Options
Define Reasonable by Using the HIPAA Regulation as a Guide
The size, complexity, and capabilities of the covered entity
The covered entity's technical infrastructure, hardware, and software security capabilities
The costs of security measures
The probability and criticality of potential risks to EPHI
Conducting a Risk Analysis Of my Certified EMR
What questions should I ask?
What Documentation should I retain?
Creating a mitigation plan
Who Will Benefit:
Information Security Officers
Chief Information Officers
Meaningful Use Coordinators
William Miaoulis CISA, CISM, is a senior healthcare information system (IS) professional with more than 20 years of healthcare Information Security experience. Bill is the founder and primary consultant for HSP Associates. Prior to starting HSP Associates in January of 2013, Bill was the Chief Information Security Officer (CISO) and led the HIPAA security and privacy consulting efforts for Phoenix Health Systems for over 11 years and also was the HIPAA Consulting Manager for SAIC for 18 months. For seven years, Miaoulis was the University of Alabama Birmingham (UAB) Medical Center’s Information Security Officer, where he instituted the first security and privacy programs at UAB starting in October 1992.
Phone No: 800-385-1607
Event Link: http://bit.ly/1kqS7MO