Exco InTouch first to comply with HIPAA, Safe Harbor and EU data protection rules

15 October 2014

 Exco InTouch has announced that it has become the first clinical research solutions provider to comply with the Safe Harbor, EU Data Protection and HIPAA (Health Insurance Portability and Accountability Act) regulations governing security and data privacy for patients.

The company says it is the only electronic clinical outcomes assessment (eCOA) and electronic patient reported outcomes (ePRO) provider with the capability to physically separate personally identifiable information (PII) needed to comply with data privacy and security regulations. Exco InTouch’s mDNA proprietary technology segregates PII, enabling data to be handled in compliance with all the above regulations.

Complying with data privacy and security regulations is essential for delivery of a BYOD (Bring Your Own Device) approach, whether it is being applied to eCOA data capture, or by programs designed to engage patients in a clinical trial or health regimen.

Due to multiple, complex and varying regulations across geographic territories, full compliance with HIPAA, Safe Harbor and EU Data Protection requirements is central to safeguarding data privacy in clinical and commercial health services. This provides confidence for patients that their data will be safe, which, reduces a major barrier to enrollment in multi country programs.

Tim Davis, CEO and founder of Exco InTouch commented: “The strategy to use patients’ own devices has been one of our core principles ever since the company was founded. Indeed, this has enabled us to design safeguards for data privacy and security into the heart of our technology to ensure that the highest standards of data security and safety are provided.”

The advent of global clinical studies has meant that sponsors need to consider the legislation that vendors are expected to adhere to in order to provide the level of confidence to all stakeholders. Therefore sponsors should ensure that the vendors they contract with abide by the respective legislation that governs their main place of business, ie Safe Harbor if contracting with a US legal entity and expecting to collect EU patient data, and EU Data Protection if the vendor is based within the EU member states and collecting EU member states’ patient data.

Dale Jessop, CTO at Exco InTouch commented: “Protecting patients and their data has always been of primary importance to Exco InTouch. Consequently, we keep up to date with technological advances across many industries to aid product innovation and data protection and security is a key component of that – it doesn’t impede innovation. Quite the reverse, we see it as a highly important component to our service offering.”


To top