Ca y est !! enfin… le décret sur le « Sunshine Act » à la Française ou La « Loi Bertrand » du nom de son initiateur a étépublié ce matin au Journal Officiel.(JORF n°0116 du 22 mai 2013 page 8407 texte n° 6)
De son intitulé exact : « Décret n° 2013-414 du 21 mai 2013 relatif à la transparence des avantages accordés par les entreprises produisant ou commercialisant des produits à finalité sanitaire et cosmétique destinés à l’homme » ; il définit les obligations en matière de transparence des liens d’intérêts entre entreprises et professionnels de santé .
LE CALME APRES LA TEMPÊTE ?
Publié en pleine affaire Cahuzac, alors que le procès Médiator reprend de plus belle et que l’EMA vient de prendre une position différente de la France sur Diane 35 (retirée depuis hier des officines françaises), ce décret était attendu depuis des mois.
Qui plus est, il s’inscrit dans une démarche globale puisque le Sunshine Act aux USA vient d’être mis en place début 2013 et que l’ESHLSG de nos voisins anglais vient de finir sa consultation des acteurs sur le sujet.
NE DITES PAS A MA MERE QUE JE TRAVAILLE DANS LA PHARMA, ELLE ME CROIT PIANISTE DANS UN BORDEL
In general, the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange. Provisions under the Affordable Care Act of 2010 will further these increases and include requirements to adopt:
operating rules for each of the HIPAA covered transactions
a unique, standard Health Plan Identifier (HPID)
a standard and operating rules for electronic funds transfer (EFT) and electronic remittance advice (RA) and claims attachments.
In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.Are you HIPAA compliant? Would you know if you were not HIPAA compliant? Below are a few tips to become HIPAA compliant.
How to be HIPAA Compliant
Check all your electronic safeguards, including network encryption, anti-virus software and email encryption. This is likely the most important part of HIPAA compliance because hackers seek out weak or unprotected networks. Have a security risk analysis performed yearly on your network.
Ask patients to sign forms specifying who is and is not allowed access to their records beyond the standard of doctors and insurance companies. This could include family members, employers or friends whom they trust to view their information.
Verify authorisation and identity before releasing information to any person or company. Ask security questions or personal information such as social security number and date of birth to ensure you are speaking to the correct person. If a form is emailed or faxed authorising the release of records, check the patient’s signature against the signature on the form to ensure they match.
Check to see what type of information the person or company is authorised to receive. Health insurance companies are usually authorised to all information, while a patient may only want a family member to have access to certain parts of his medical information.
“Every man has his price,” as the saying goes, but one has to wonder whether it only takes a $20 sandwich and bowl of soup for the drug industry to buy off many in the medical profession.
Doctors in recent years have come under intense scrutiny for the dubious practices of promoting pricey new brand name drugs after accepting trips, consulting fees and gifts from the pharmaceutical companies that manufacture them.
[Read “More Free Pharma Lunches Served to Docs = More Prescriptions of the Sponsored Drug”; http://sco.lt/5LAeWX]
There was a time when drug companies seeking to increase their share of the lucrative prescription drug industry were tossing around real money. Drug makers at one time lavished gifts and gratuities on doctors recruited to study and promote their new drugs, and those gifts could range from free golf trips and vacations to tickets to hot sports events
However, as The Wall Street Journal reported Tuesday, the drug companies over time began to curtail the gifts and gratuities handed out. Many restrictions were imposed on drug company payments under a code of conduct adopted in 2002 by the Pharmaceutical Research and Manufacturers of America, the drug industry’s leading advocate.
The code allows companies to provide “modest meals” to doctors, which can range from free book and beverages brought to a doctor’s office to free meals at restaurants where doctors can listen to other doctors and sales representatives discuss new drugs coming on the market, according to the Journal.
[However, there have been many breaches of such codes and some codes don’t include meals. Read, for example, “U.S. Seeks Records of 80,000 Novartis `Sham' Events for Doctors”; http://sco.lt/5PtPkX and "’Free Lunch Flaw’ Loophole in Aussie Pharma-Doc Code of Conduct”; http://sco.lt/7KYoVd ]
In the greater scheme of things, meals of this sort are small potatoes. And one has to wonder how such trivial perks can be so effective in motivating a doctor when it comes to prescribing the best medicine for a patient – or whether it is simply a coincidence.
[You might like to read: “The Slippery Slope of Pharma Physician Phreebies”; http://sco.lt/5TS4tV which argues that such thinking is a "slippery slope" on which "Physicians fail to recognize their vulnerability to commercial influences due to self-serving bias, rationalization, and cognitive dissonance."]
As ProPublica’s senior health care reporter Charles Ornstein noted in an analysis of the latest study, “The researchers did not determine if there was a cause-and-effect relationship between payments and prescribing, a far more difficult proposition, but their study adds to a growing pile of research documenting a link between the two.”
And PhRMA complained to the Journal that the study essentially “cherry picked” physician-prescribing data “to advance a false narrative.”
Stronger enforcement is needed to deter pharmaceutical manufacturers from continuing to break the law and defraud federal and state health programs.
That’s according to a new report released by Public Citizen.
The report (see here) catalogues all major financial settlements and court judgments between pharmaceutical companies and federal and state governments from 1991 through 2015, which totaled $35.7 billion.
Of the 373 settlements over those 25 years, 140 were federal settlements totaling $31.9 billion, and 233 were state settlements totaling $3.8 billion.
A key finding is that both the number and size of settlements decreased significantly in 2014 and 2015. Just $2.4 billion in federal financial penalties were recovered in 2014-2015, less than one-third of the $8.7 billion in 2012-2013 and the lowest two-year total since 2004-2005.
There were just 20 state settlements in 2014-2015, the lowest two-year total since 2006-2007. This reflected a dramatic decrease in federal financial penalties for unlawful drug promotion and a similarly sharp decline in the number of single-state settlements stemming from overcharging government health programs.
The report explores several possible reasons for this drop in settlement activity.
The possibilities include a decline in federal enforcement; a shift in the focus of federal prosecutions away from off-label marketing and toward other forms of illegal activity, as alluded to by U.S. Department of Justice officials in 2012; changes in state Medicaid pharmaceutical reimbursement strategies; and shifts in industry marketing strategies.
“We don’t yet know why there were fewer and smaller settlements in the 2014 to 2015 period,” said Dr. Sammy Almashat, researcher with Public Citizen’s Health Research Group and lead author of the report. “But we do know that, in addition to the rarity of executive accountability, previous penalties never have been large enough to deter the most common types of pharmaceutical fraud. So it would be surprising if the industry suddenly decided, of its own accord, to comply with laws it has routinely violated for decades.”
Could it be that pharma marketers have become more compliant with FDA regulations because their MLR people became more assertive after many major pharma companies, which do a lot of drug marketing, were fined billions of dollars for inappropriately, and in some cases illegally, promoting prescription drugs (http://sco.lt/7KaAQj)? Obviously, Public Citizen doesn't believe that is possible.
A big stream of money from drug industry to doctors remains hidden, despite efforts to increase disclosure of industry influence. The American Medical Association, the biggest Washington lobby for doctors, wants to keep it that way.
As technology advances and legislation changes, HIPAA email compliance can seem like a constantly moving target. With the challenges facing today’s healthcare landscape, including the proliferation of electronic health records (EHRs) and health information exchanges (HIEs), hackers and “hacktivists” targeting hospitals and the adoption of mobile technology in healthcare, HIPAA compliance is becoming more challenging — and more important — than ever.
Much has changed since 1996, when the Health Insurance Portability and Accountability Act (HIPAA) was signed into law. The World Wide Web was still relatively new, mobile phones were relatively rare (and great for your biceps!) and your health data was divided into thick manila folders stuffed with paperwork. Now, all that stands between patients and the entirety of their medical histories is a username and a password, and a startling number of those passwords is “password.”
The Challenge of Protecting Patient Data
When most of us think about HIPAA compliance, we think about its access control aspect — that is, who gets access to protected health information (PHI), and when. A leak of PHI can be as simple as a medical professional forgetting to log out of their portal, and leaving patient data open on the desktop to be viewed by anyone walking by (this is why automatic logout is one of the “technical safeguards” required to maintain HIPAA compliance).
When it comes to protecting PHI, the penalties add up fast — and since the passing of the 2009 Recovery Act, violating HIPAA has only grown more expensive. Each individual violation will run your business anywhere from$100 to $50,000, if it’s a first offence (and a lack of due diligence, as opposed to wilful neglect). Violations due to wilful neglect, however, cost a covered entity a minimum of $50,000 per violation. And when you consider how many patients have their data stored on a single server, those $50,000 violations stack up fast.
Doctors, hospital administrators, insurance professionals and anyone who deals with PHI need to be aware of the growing threats to patient privacy and be proactive with their information security. Here are six ways to lock down patient data and stay ahead of the threat.
1. Use strong data encryption.
Any PHI data you’re storing, whether it be on your desktop, on a server, should be encrypted. Encryption obscures your data, making it unintelligible to anyone who doesn’t have the key to decry-pt it. As proven by the 2014 CHS Heart-bleed attack, which resulted in the theft of 4.5 million social security numbers from one of the largest hospital groups in the United States, cyber-criminals have both the desire and the means to crack into hospital servers and steal sensitive data. With encryption, that data is still protected even after hackers get their hands on it, provided they weren’t able to also steal the encryption key.Data encryption isn’t just best practice for information security, though — it’s a written requirement to maintain HIPAA compliance. Established in 2009, the HIPAA Breach Notification Rule gives businesses 60 days to notify all parties who may be affected by a leak of “unsecured protected health information.” Here, “unsecured” is another way of saying “unencrypted.”The HHS actually goes into detail about its encryption standards for data at rest and data in motion. For data at rest (data that sits in storage), for example, the HHS’ standards are consistent with those of the National Institute of Standards and Technology (NIST), and include centrally managing all storage encryption, using multi-factor authentication for encryption solutions and using the Advanced Encryption Standard (AES) for encryption algorithms.
2. Encrypt your emails, as well.
A tremendous amount of PHI is exchanged over email, and HIPAA compliant email requires encryption, too. In a post-HI-TECH (Health Information Technology for Economic and Clinical Health) world, the data shared digitally between doctors and their patients can be extremely useful for enterprising hackers, and email is a particularly vulnerable vector of attack.The traditional route hospitals and providers take for HIPAA compliant email is a portal solution that uses Transport Layer Security (TLS) to encrypt messages. While these legacy portal solutions do provide for HIPAA email compliance, they are certainly not easy for either the providers or patients who use them. Web mail portals tend to be inconvenient to use, requiring separate usernames and passwords for each and every system and creating information silos for medical information.Newer email encryption solutions bypass the annoyance of email portals by integrating seamlessly with more popular email services, like Gmail. Virtue Pro, for example, works with the service you’re already using to provide client-side encryption for HIPAA compliant email. In this case, encrypted PHI can be delivered safely and securely directly to the inbox, with no need for separate accounts or credentials. This allows for both HIPAA compliant email and convenience. (To learn more, read our FAQ about how Virtue Pro enables HI-TECH and HIPAA compliance for Gmail, or download our free guide)
3. Use multi-factor authentication wherever possible.
If a hacker steals your password, can they access your data? If you’re using multi-factor authentication, you may still be safe. Without multi-factor authentication, your password is a single point of failure, the only gatekeeper separating you from the data thieves.To help satisfy the Person or Entity Authentication component of HIPAA compliance, the HHS recommends that businesses handling PHI require, in addition to a password or PIN, either something the individual possesses (like a token or smart card) or a bio-metric (for example, a fingerprint or iris scan) for identity verification. These are both examples of multi-factor authentication, which requires a combination of something a user knows with something a user has.Anyone who has used a debit card is familiar with multi-factor authentication. Even if someone gets a hold of your card, that person can’t withdraw money at an ATM without your PIN. Requiring two separate steps to verify your identity makes it doubly hard for someone to gain access to your money (or your data) by posing as you.
4. Make all of your employees HIPAA compliance experts.
One of the standards HIPAA lists among its Administrative Safeguards is Security and Awareness Training. Any business is only as secure as its least vigilant employee. All it takes is one tired worker uploading notes to their personal server, or leaving handwritten passwords in open spaces, to violate HIPAA compliance laws. It’s essential to make sure that every employee is thoroughly trained and refreshed in HIPAA and HI TECH regulations, as well as your company’s security policies.While many of the technical safeguards that protect HIPAA compliance are automated, like timed session logouts and password complexity requirements, nothing can replace thorough training and adequate knowledge sharing when it comes to strengthening your security posture.
5. Review the compliance and security practices of business associates.
When it comes to HIPAA compliance, you can’t just tidy up shop internally. As with its employees, a company is also only as compliant as its least secure partner/vendor/contractor, and every business your hospital, private practice or insurance company partners with is a potential vector for attack or HIPAA violation.There are a few precautions any HIPAA-covered entity should take when it enters into a business associate agreement, including securing the right to audit the associate for compliance. Lay down ground rules for HIPAA compliance best practices, including a mutual obligation to encrypt any shared PHI, and ensure that your business associate can’t pass PHI from your patients on to subcontractors without your approval. This includes using only HIPAA compliant email to exchange PHI.
6. Be aware of social engineering and inside threats.
While usually, the leak of PHI is simply an act of user error or negligence, many data leaks are caused by malice — both from the outside and within. While many info-sec efforts are directed at the stereotypical hacker, hiding in the shadows in a musty basement cracking into a distant server, 28 percent of security incidents come from within the organisation, and 66 percent of malicious hacks are acts of social engineering, a method of intrusion that relies on social manipulation.Social engineering can be as simple as someone walking into a hospital dressed like a convincing repair person, sneaking in a thumb drive and leaving with sensitive PHI. Make sure your internal security audits address these scenarios, as well as insider data threats.
Between legislation and technological advances, healthcare in the United States has recently undergone a dramatic transformation. It’s vital that healthcare providers and other covered entities keep pace with these changes. While it isn’t necessary to be an info-sec expert or a white hat hacker, doctors, nurses and administrators should know the law, know the threats and keep vigilant to protect the privacy of their patients and the HIPAA compliance of their practices.
A closely watched effort in California to pass a bill that would require drug makers to explain their price hikes has been scuttled. The decision came after amendments were made during an assembly committee hearing last Friday that sources told us “effectively gutted” the legislation.
The bill would have required drug makers to report any move to increase the list price of a medicine by more than 10 percent during any 12-month period. And drug makers would also have had to justify price hikes for medicines with a list price of more than $10,000 within 30 days of making such a move.
“Unfortunately, recent amendments have made it more difficult for us to accomplish our fundamental goal,” said California state Senator Ed Hernandez, who pulled the bill after introducing the legislation and succeeding in getting the state Senate to approve the measure two months ago.
The legislation was one of more than a dozen such efforts by state legislatures around the country in response to rising medicine costs. Beyond sensational examples of drug prices rising by sky-high amounts, average prices for prescription drugs increased 10 percent last year, according to Truveris, a health care data company. And prices for brand-name medicines, specifically, jumped nearly 15 percent.
J&J is Largest Contributor to #Pharma Lobbying Group Opposing Drug Pricing Relief Ballot Measure; http://sco.lt/8itVIH
Big #Pharma Out Spends AIDs Advocates 10-to-1 to Defeat California Drug Price Ballot; http://sco.lt/8gcLGz
Most physicians do not seem to know that "there is no such thing as a free lunch." Medscape's 2012 Ethics Report survey, for example, revealed that 72% of 23,710 physician respondents answered "Yes" to the question "Do you feel that you could be unbiased with prescribing habits if you accept lunches from pharmaceutical representatives?" (see here).
Time and time again, when I write about physicians getting free lunches delivered by sales reps, someone always comes forward and says something like "It's ridiculous to think that I can be influenced by a $10 lunch!"
When a doctor takes out his or her pad and writes a prescription, patients typically take it for granted that they are being guided towards the most effective medicine available for their problems, regardless of the price.
But a new study by ProPublica, the independent, non-profit news organization, discovered an intriguing finding: Doctors who receive payments from the pharmaceutical and medical device industries tend to prescribe brand-name medications far more than physicians who don’t accept payments, gifts or other honoraria.
Moreover, the larger the payment, the more doctors tend to steer their patients to brand-name drugs instead of less expensive generic drugs that have essentially the same effect, the study found.
“Doctors who got money from drug and device makers—even just a meal– prescribed a higher percentage of brand-name drugs overall than doctors who didn’t, our analysis showed,” according to the report released on Thursday and authored by Charles Ornstein, Ryann Grochowski Jones and Mike Tigas. “Indeed, doctors who received industry payments were two to three times as likely to prescribe brand-name drugs at exceptionally high rates as others in their specialty.”
Alors que le projet de loi Santé est examiné à l'Assemblée nationale, l'association Regards Citoyens jette un pavé dans la mare. Ce collectif vient de publier la liste des millions de cadeaux et de contrats offerts aux professionnels de santé par les laboratoires pharmaceutiques. Deux ans et demi de travail et des milliers de données qui mettent en lumière un système très troublant et encore très opaque... Un site Internet permet d'entrer d'entrer le nom de son médecin pour connaître le montant
Sharing your scoops to your social media accounts is a must to distribute your curated content. Not only will it drive traffic and leads through your content, but it will help show your expertise with your followers.
How to integrate my topics' content to my website?
Integrating your curated content to your website or blog will allow you to increase your website visitors’ engagement, boost SEO and acquire new visitors. By redirecting your social media traffic to your website, Scoop.it will also help you generate more qualified traffic and leads from your curation work.
Distributing your curated content through a newsletter is a great way to nurture and engage your email subscribers will developing your traffic and visibility.
Creating engaging newsletters with your curated content is really easy.