Data Privacy & Protection for Life Sciences Companies

Satisfy regulatory obligations through customized privacy support which protects the personal information of employees and clients.

Business person is welcomed to a meeting with a handshake

FeaturedProtect and enhance your value today for sustained growth tomorrow.

Whitepaper
Global market access checklist
Whitepaper
Risk management guide for life sciences companies
Case Study
Recently merged pharmaceutical companies create unified regulatory compliance program
Webinar
Utilizing data analytics to adhere to DOJ guidance on corporate compliance programs
Webinar
Drug safety surveillance with third parties

Baker Tilly’s life sciences practice works with clients to manage their data privacy risks by designing, building and implementing data privacy programs. Our team of Value Architects™ develops privacy solutions that satisfy local and international privacy obligations with an eye towards future regulatory complexity.

Every increase in digitalization elevates the importance of safeguarding systems and data against unauthorized use and breach. Many countries have adopted data privacy and transparency legislation or rules, while in the U.S., the lack of a federal data privacy law has led to a patchwork of state and local obligations.

Baker Tilly’s life sciences practice is experienced in helping clients navigate the current privacy landscape. Our team understands the unique challenges that privacy obligations present to life sciences companies. Product research, development, marketing and commercialization often span multiple jurisdictions, each implicating different sets of privacy considerations. Life sciences companies also maintain and process vast amounts of personal information related to healthcare professionals (HCPs), adding another layer of risk unique to the industry.

Data privacy laws

With a rise in privacy regulation and data protection policies evolving across the globe, organizations will be held accountable by increasingly stringent regulations. It is imperative for organizations to ensure a sound privacy management program is in place that addresses current and emerging issues and compliance. Because it’s not just about compliance – it’s about building a strong practice now, for tomorrow. Some of the key privacy requirements affecting life sciences companies today include:

The General Data Protection Regulation (GDPR)

GDPR is a comprehensive regulation adopted by the European Union (EU) covering the collection, processing, storage, and use of data in the EU. GDPR also applies to non-EU organizations that engage in specific activities, including offering goods and services to EU citizens and monitoring the online behavior of people in the EU.

The California Consumer Protection Act (CCPA)

CCPA is the most expansive privacy law passed to date in the United States. The law applies to certain California companies and to specific companies doing business in the state.

CCPA’s scope and the size of the California market mean that the law has significant extraterritorial reach and many organizations are adopting its provisions as a default privacy standard.

The California Online Privacy Protection Act (CalOPPA)

CalOPPA is an earlier California privacy law requiring websites that collect personally identifiable information from California residents to post their privacy policy online. Additionally, this policy must detail the information collected and with whom the information is shared.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA, among other things, required the United States Department of Health and Human Services (HHS) to establish standards to protect the privacy of patient information and control the use and access to a person’s medical information. The rules apply to “covered entities” and “business associates” and impose national standards around handling “protected health information.”

Our solutions

Baker Tilly supports life sciences companies meet new and existing privacy obligations through the following:

Needs assessments to evaluate existing privacy controls
Readiness assessments in advance of new laws or regulations becoming effective
Policy, procedure, privacy manual and training development
Website and digital infrastructure risk assessments
Data repository construction
Process and people mapping to allow companies to efficiently respond to an individual exercising a right under GDPR and/or CCPA
Advisory services for companies navigating clinical trial site and study data privacy concerns
DPO resourcing and selection
Data privacy procurement protocols and checklists

Periodic review of an organization’s privacy program is an effective way to ensure that recent legal or administrative developments are reflected. Baker Tilly understands that there is not a “one size fits all” solution to meeting many privacy obligations. Our experienced team designs and implements plans to fit the size, operations and resourcing of our clients.

Our professionals

Mark ScallonPrincipal

Darren R. JonesPrincipal

Mark E. LaccettiPartner

John FinanDirector

David A. GregoryPrincipal

Michael K. GreenPartner