Regulations in the U.S.

HIPAA

• http://www.hhs.gov/ocr/privacy/

Confused about HIPAA? - Don't worry, many people are!

HIPAA stands for Health Insurance Portability and Accountability Act. It was enacted in 1996 and is broken into multiple sections called Titles. Title II, known as the Administration Simplification provisions, establishes federal rules regarding the security of protected health information (PHI). Companies and software that handle PHI must follow these rules.

The rules are defined in the Code of Federal Regulations (CFR). Rules pertaining specifically to the HIPAA Title II Privacy Rule and Security Rule are in 45 CFR Part 160 and Part 164.

• 45 CFR Part 160
• 45 CFR Part 164

21 CFR Part 11

• 21 CFR Part 11

The Code of Federal Regulations Title 21 Part 11 (21 CFR Part 11) covers electronic records and electronic signatures. 21 CFR Part 11 established the federal rules under which electronic medical records and PHI could be considered "valid" by the FDA.

Serious Adverse Event (SAE) Reporting

• 45 CFR 46.103
• Guidance on Reviewing and Reporting Unanticipated Problems

45 CFR 46, "Protection of Human Subjects", describes the rules and regulations that institutions must follow when participating in human clinical trials. 46.103 explains the conditions under which SAEs must be reported to the Office of Human Research Protection (OHRP).

The OHRP also has provided a guidance document outlining commonly asked questions regarding SAE reporting and explains 45 CFR 46.103 in simpler easy-to-comprehend terms.

FDA Guidances, Information Sheets, and Notices

• Running Clinical Trials
• Guidance for Industry: Computerized Systems used in Clinical Investigations
• General Principles of Software Validation