FDA and HIPAA Compliance
Updated: 18 January, 2023
Preamble
The cloud platform made available to RECOMIA and its research partners is delivered and maintained by SliceVault, a company dedicated to providing secure and compliant cloud-based solutions for managing medical images in clinical research.
RECOMIA maintains a license to the SliceVault cloud-platform, and as data sub-processor SliceVault acts only upon work-instructions given by RECOMIA.
For more information about FDA and HIPAA compliance and to download SliceVault's security and compliance whitepaper click here.
Introduction to HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Anyone who deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
It is important to note that there is no certification recognized by the US HHS for HIPAA compliance and that complying with HIPAA is a shared responsibility between RECOMIA and our research partners. Specifically, HIPAA demands compliance with the Security Rule, the Privacy Rule, and the Breach Notification Rule.
RECOMIA will enter into Data Processing Agreement with all researchers that use our research forum as necessary under HIPAA. The cloud platform licensed to RECOMIA is built and maintained with careful security consideration and details on our approach to security and data protection including details on organizational and technical controls regarding how protects data, can be found here.
FDA 21 CFT Part 11
The cloud platform adheres to 21 CFR Part 11 (part 11 of title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures). In brief, this document provides guidance to persons and suppliers who, in fulfilment of a requirement in a statute or another part of FDA's regulations to maintain records or submit information to FDA. The document sets out controls for closed systems. In particular, it specifies how to protect records, limit system access (each user must have a username and password to gain access), use of secure and computer generated audit trails (sender, IDs, study type, time stamps, etc.), perform authority checks to prevent unauthorized access, how to establish and adhere to written policies such as research protocols.
For more information about FDA and HIPAA compliance and to download SliceVault's security and compliance whitepaper click here.