SPEAKER S BIO. Abhishek Agarwal, CIPP/US, Chief Privacy Officer at Baxter International

Transcription

1

2 SPEAKER S BIO Abhishek Agarwal, CIPP/US, Chief Privacy Officer at Baxter International Previously, Abhishek has gained experience working at fortune 100 companies such as Kraft Foods, JPMorgan Chase, HSBC, and E&Y Consulting where he has worked on large Privacy, Information Security & Risk initiatives like HIPAA, Safe Harbor, EU DPD Compliance Programs, Global Data Transfers, Identity & Access Management, Information Risk Assessments, Information Ownership & Classification, and Vendor Governance and Management.

3 AGENDA Overview of Medical Device Privacy Compliance Key Privacy Compliance Considerations An Operational Model Pre & Post Launch Case Study Q&A

4 PRIVACY LAWS IMPACTING MED DEVICES

5 AT CROSSROADS OF TECH & STANDARDS Cloud Computing Mobile Computing Wireless Technology Virtualization Apps online Digital/ Connected Devices

6 PRODUCT LIFECYCLE & PRIVACY Requirements Assessments Pre-launch Prep At/Post-launch Prep Technology Process Scope Data Subject Processing Functions Technical Controls Market Surveys Data Processing Agreements Consents/Notif ications Data Governance Filings/Registration Compliance Governance Consent Management Breach Management BAA/DPA Management Training Legal/Marketing

7 CASE STUDY A medical device that provides therapies that includes capabilities including remote patient monitoring. The device uses advance technologies such as wireless connectivity, cloud computing and remote device management. The device is planned to be launched in 100+ countries. A privacy operational model that complies countries regulations in a uniform and cost effective manner.

8 Level of Preparation KEY OPERATIONAL ACTIVITIES Quick Win Medium Term Long Term List of Activities H M Defined Roles/Responsibilities Compliance & IT Support Model Data Privacy and Security Management Process IT Training/IT Information Packet Contracts Management Data Privacy/Security Governance Training 8 8 Country Legal Support Structure 9 Data Privacy Organization and Talent Strategy Low Priority 10 Data Privacy/Security Change Management L Centralized Document Repository Data Breach Management / Audit Process 13 Data Security Assessment L M H Certifications / Frameworks Data Privacy Newsletter Subscription Difficulty of Implementation

9 KEY CHALLENGES Covered Entity/Controller v/s Business Associate/Processor Global templates Data Processing Agreement (Cross Border, Third Party, Data Analytics) Consent/Notice Approvals from local Data Protection Authorities (DPA) Centralized consent management solution Global data breach management process Data Governance, Cyber Security

10 KEY TAKE AWAY Establish a baseline of privacy and security controls. Conduct a market survey to understand local country privacy requirements. Establish minimum necessary standards of privacy governance for the global operations market, legal, IT. Be flexible without compromising the compliance.

11 Q&A & REFERENCES EU Patients Rights: EU Institute of Innovation and Technology: US Health IT: Operational Impact of GDPR: US Privacy Shield:

12 HOW DID THINGS GO? (WE REALLY WANT TO KNOW!) Did you enjoy this session? Is there anyway we could make it better? Let us know by filling out a speaker evaluation. Start by opening the IAPP Events App. Select this session and tap Click the following link for speaker evaluations. Once you ve answered all three questions, tap Done and you re all set. Thank you!