Dave Frenkel asks if "the HIPAA regulations for security and privacy
are going to cover these [FDA] patient registries [to enable product
recalls]. The FDA mandates these registries but to my knowledge does
not have any of the requirements for security and privacy like HIPAA.
HIPAA is not supposed to supersede any other government jurisdiction
like the FDA but I wonder what happens in a situation like this where
there would be another layer on top of existing regulations that don't
appear to conflict."
Dear Dave:
See Section 164.512 in 45 CFR Parts 160 and 164: Standards for Privacy
of Individually Identifiable Health Information; Final Rule, where HIPAA
allows "covered entities [e.g., hospitals] to disclose protected health
information to a person subject to the FDA's jurisdiction [e.g.,
pacemaker manufacturer], ...to report ... product defects or problems
... if the disclosure is made to the person required or directed to
report such information to the FDA; to track products if the disclosure
is made to a person required or directed by the FDA to track the
product; to enable product recalls, repairs, or replacement, including
locating and notifying individuals who have received products regarding
product recalls, withdrawals, or other problems; or to conduct
post-marketing surveillance to comply with requirements or at the
direction of the FDA."
So surely you're allowed to send an X12 140 Product Registration
transaction set to the manufacturer. Whether or not the manufacturer -
who may not be a "covered entity" - is subject to privacy rules once the
data is received is another matter.
William J. Kammerer
FORESIGHT Corp.
4950 Blazer Pkwy.
Dublin, OH USA 43017-3305
+1 614 791-1600
Visit FORESIGHT Corp. at http://www.foresightcorp.com/
"accelerating time-to-trade"
=======================================================================
To contact the list owner: mailto:[EMAIL PROTECTED]
Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
