Life Science Data Privacy Governance and GDPR Alignment Conference

July 26-27, 2018 | Philadelphia, PA

Sheraton Philadelphia Downtown Hotel

Download AgendaRegister Now
DAY TWO | THURSDAY, JULY 27

8:00 REGISTRATION AND WELCOME COFFEE

8:50 CHAIRPERSON’S OPENING REMARKS

9:00 ENSURING COMPLIANCE ACROSS STATES’ DATA BREACH NOTIFICATION RULES AND DATA PRIVACY REGULATIONS
Reviewing regulations on a state level, including state breach notification and data privacy laws, is of the utmost importance to ensure life science firms create compliant privacy programs, however, staying informed on developing regulations, such as rules in California, South Dakota, and Alabama, and navigating an inconsistent landscape can prove difficult for many manufacturers. As breach notification rules evolve to include new amendments regarding data protection, privacy officers seek clarification on state specific procedures to interpret how each law affects organizational operations, as well as staying informed on the legalities of state data privacy regulations. Privacy executives must gain a broad level of comprehension surrounding state regulations to decipher how each law can affect internal operations and privacy programs.

  • Updates on State Breach Notification Laws
  • Clarification on State Data Privacy Regulations
  • Compliance in an inconsistent landscape

Kim Gold, Partner, REED SMITH LLP

 

9:45 PANEL: SUSTAINING HIPAA COMPLIANCE IN AN EVOLVING ANALYTICAL ENVIRONMENT

  • Changes stemming from HIPAA Omnibus Update
  • Recent updates to audits & enforcement action
  • Perspectives from covered vs. non-covered entities
  • Updates related to use of electronic health records
  • Relationship between HIPAA & breach notification

PANELISTS:
Michael Deer, ALCON, A NOVARTIS DIVISION

Igor Chechelnitsky, MEDTRONIC

Gregory M. Fliszar, COZEN O’CONNOR

 

10:30 COFFEE & NETWORKING BREAK

 

11:00 EVOLVING REGULATORY FRAMEWORKS IN ASIA: MAINTAINING DATA PRIVACY & DATA PROTECTION
For life science organizations operating throughout the world, a key concern for data privacy executives is access and flow of sensitive information as well as ensured protection of data. With new Asian governance relating to data privacy, such as China’s regulation on cross-border transfers, and undetermined rulings, such as Japan’s GDPR adequacy decision, privacy officers require in depth knowledge of operational practices to ensure information can easily flow between US bases and Asian divisions. Shedding light on these regulations and best compliance practices will allow privacy executives to determine opportunities to develop programs that operate within these standards and ensure data is protected throughout the various regions.

  • Chinese regulation on cross-border data transfers
  • Japan’s level of adequacy determined by the EU
  • Regulatory updates in APEC Privacy Framework

Albert Stopniewicz, Global Data Privacy Officer and Corporate Ethics Manager, VAREX IMAGING CORPORATION

 

11:45 RISK BASED APPROACHES TO DATA PROTECTION IN THIRD PARTY VENDOR RELATIONSHIPS
Ensuring data protection outside of the confines of an organization can prove difficult when working with third party vendors such as data analytics software providers and clinical research organizations. Both the life science firm and the contracted party must share the risk and responsibility with robust systems in place for both parties to ensure data is kept private and procedures are compliant with regulations. Analysis of legal language which reduces liability, systems to protect data within vendor organizations, and planning for regulatory compliance, delegates will gain risk based approaches to data privacy within a third party working relationship.

  • Integration of legal language to mitigate risk
  • Compliant third party data privacy programs
  • Review process to identify vendor data protection

Amy Papili, US Compliance Business Partner, US Privacy and US Policy, ASTRAZENECA

 

12:30 LUNCHEON FOR PARTICIPANTS

 

1:30 BREAKOUT DISCUSSIONS: EXPLORING DATA PROTECTION ACCOUNTABILITY IN THIRD PARTY VENDOR CONTRACTS
Working with third parties that have access to corporate data is crucial to ensuring information is kept private and protected, with agreements in place to provide shared risk and responsibility. Based on the type of third party in question, data privacy executives must explore how accountability is delegated and contracts are developed for a robust collaboration in which regulations are complied with and privacy procedures are followed. Through small group discussions, participants will have the opportunity to discuss specific concerns regarding third party vendor relationships and contracts and how to best mitigate privacy risks in these important agreements.

BREAKOUT DISCUSSION GROUPS:
GROUP ONE: Clinical Research Organizations
Priya Mannan, NOVARTIS INSTITUTES FOR BIOMEDICAL RESEARCH

GROUP TWO: Patient Support & Access Programs
Cindy Ping, SHIRE

GROUP THREE: Enterprise Software Solutions
Amy Papili, ASTRAZENECA

GROUP FOUR: Embedded Device Software
Patricia Hilbrands, ARTHREX

 

2:30 CASE STUDY: RISK BASED APPROACHES TO HANDLE AND PROTECT CLINICAL TRIAL DATA
One of the most significant areas of concern for life science companies when considering privacy compliance is clinical research study data sets, which include vast quantities of personal health data; while generally pseudonymized (key-coded), such data is still regulated personal data subject to data protection laws. The GDPR has created further challenges in this area, with heightened risks and obligations, including consent, vendor diligence/contracting, privacy impact assessments, records of processing, and other requirements. In this data driven and evolving industry, it is essential to develop comprehensive compliance approaches to ensure privacy compliance and mitigate risk, while at the same time maintaining robust clinical data to support regulatory clearance and payer support.

  • Obligations of GDPR and privacy laws relating to clinical data
  • Various key challenges relating to GDPR requirements
  • Strategies and practices to ensure compliance and mitigate risks

Corey M. Dennis, Director of Privacy & Counsel, PHARMACEUTICAL PRODUCT DEVELOPMENT, LLC (PPD)

Nick Wallace, Associate, ROPES & GRAY

 

3:15 CLOSING REMARKS AND CONFERENCE CONCLUSION