ISO 13485 Cl. 4.2.5 - Requirements for Control of Records

S

snoopy2017

4.2.5

The organization shall define and implement methods for protecting confidential
health information contained in records in accordance with the
applicable regulatory requirements.

What are some methods that companies use to protect confidential health information in accordance with applicable regulatory requirements? For example, under HIPPA (US). What about in Canada?

Thank you, everyone.
 
Ajit Basrur

Ajit Basrur

Leader
Admin
snoopy2017 said:
4.2.5

The organization shall define and implement methods for protecting confidential
health information contained in records in accordance with the
applicable regulatory requirements.

What are some methods that companies use to protect confidential health information in accordance with applicable regulatory requirements? For example, under HIPPA (US). What about in Canada?

Thank you, everyone.
Click to expand...

Overview of privacy legislation in Canada - Office of the Privacy Commissioner of Canada
 
M

Mark Meer

Trusted Information Resource
snoopy2017 said:
...What are some methods that companies use to protect confidential health information in accordance with applicable regulatory requirements? For example, under HIPPA (US). What about in Canada?.... .
Click to expand...

I presume that you deal with confidential health information?

...just making sure because, if you don't (as it is with most device manufacturers), this clause would just be non-applicable (document this somewhere, and you're done!).
 
mihzago

mihzago

Trusted Information Resource
As described on the site provided by Ajit, PIPEDA is the main regulation in Canada, with some additional provincial requirements. For example, PIPA Alberta has certain restrictions for processing data outside of Canada.

PIPEDA is similar to the EU GDPR and Australian Privacy Act of 1988, in that all three have very similar data privacy principles that cover all personal information, with special considerations to health related data (HIPAA addresses only PHI).

Canada and Australia on their sites provide a lot of really good guidance documents on interpretation and implementation of the privacy regulations.
 
You must log in or register to reply here.

Similar threads

J
ISO 13485 - Control of Records (4.2.5) question
2
Replies
10
Views
570
Tidge
T
B
Electronic QMS Documentation
Replies
2
Views
126
bimeri
B
L
EN 13485 - point 4.1.6 vs 7.5.6
Replies
3
Views
124
shimonv
shimonv
P
60601-1 cl:8.11.6 Internal wiring of the MAINS PART
Replies
7
Views
420
CharlieUK
CharlieUK
M
External audit non conformity related to applicable regulations
Replies
9
Views
905
mihzago
mihzago
Top Bottom