Data Privacy & Protection for Life Sciences Companies
Every increase in digitalization elevates the importance of safeguarding systems and data against unauthorized use and breach. Many countries have adopted data privacy and transparency legislation or rules, while in the U.S., the lack of a federal data privacy law has led to a patchwork of state and local obligations.
Baker Tilly’s life sciences practice is experienced in helping clients navigate the current privacy landscape. Our team understands the unique challenges that privacy obligations present to life sciences companies. Product research, development, marketing and commercialization often span multiple jurisdictions, each implicating different sets of privacy considerations. Life sciences companies also maintain and process vast amounts of personal information related to healthcare professionals (HCPs), adding another layer of risk unique to the industry.
With a rise in privacy regulation and data protection policies evolving across the globe, organizations will be held accountable by increasingly stringent regulations. It is imperative for organizations to ensure a sound privacy management program is in place that addresses current and emerging issues and compliance. Because it’s not just about compliance – it’s about building a strong practice now, for tomorrow. Some of the key privacy requirements affecting life sciences companies today include:
GDPR is a comprehensive regulation adopted by the European Union (EU) covering the collection, processing, storage, and use of data in the EU. GDPR also applies to non-EU organizations that engage in specific activities, including offering goods and services to EU citizens and monitoring the online behavior of people in the EU.
CCPA is the most expansive privacy law passed to date in the United States. The law applies to certain California companies and to specific companies doing business in the state.
CCPA’s scope and the size of the California market mean that the law has significant extraterritorial reach and many organizations are adopting its provisions as a default privacy standard.
CalOPPA is an earlier California privacy law requiring websites that collect personally identifiable information from California residents to post their privacy policy online. Additionally, this policy must detail the information collected and with whom the information is shared.
HIPAA, among other things, required the United States Department of Health and Human Services (HHS) to establish standards to protect the privacy of patient information and control the use and access to a person’s medical information. The rules apply to “covered entities” and “business associates” and impose national standards around handling “protected health information.”
Baker Tilly supports life sciences companies meet new and existing privacy obligations through the following:
Periodic review of an organization’s privacy program is an effective way to ensure that recent legal or administrative developments are reflected. Baker Tilly understands that there is not a “one size fits all” solution to meeting many privacy obligations. Our experienced team designs and implements plans to fit the size, operations and resourcing of our clients.