PIA in clinical research

Drafting of Data Protection Impact Assessments (PIA) for processing in clinical research (MR-001, MR-003 and MR-004)

Offer details :

Goal : to ensure compliant processing regarding to regulatory requirements and more specifically with the reference methodologies (MR).

When is a PIA required?

  • In the field of scientific research, Article 73 of the Law No. 78-17 of January 6, 1978, on Information Technologies, Data Files and Individual Liberties requires prior assurance of compliance with a Reference.
  • These standards are the reference methodologies, in particular MR-001,
    MR-003 and MR-004
  • The data controller must ensure that the processing complies with the corresponding MR.

The controller conducts a PIA. This PIA must be completed before the processing operation is implemented and therefore before the research begins.

Content of a PIA

The PIA allows to assess and document the compliance of a planned processing operation regarding to applicable regulations requirements (GDPR, Law No. 78-17 of January 6, 1978, on Information Technologies, Data Files and Individual Liberties and Referene Methodoligies) and includes :

  • A detailed description of the implemented processing including both technical and operational aspects
  • An assessment, legal in character, of the necessity and proportionality regarding fundamental principles and rights (purpose, minimization, limited retention, transparency, fairness and lawfulness)
  • Study of technical character related to data security risks (confidentiality, integrity and availability) and their potential impact on privacy.

Scope of intervention

  • Legal analysis of the research documentation: study protocol, information note and consent form, contracts, etc. and, where appropriate, issuing recommendations before initiating the PIA.
  • Collaborative work: Documentary study and discussions with your IT department (or other competent staff) and the staff of your subcontractors to identify the technical and organisational measures implemented to ensure the confidentiality, integrity and availability of the data processed.
  • Drafting the PIA and risks analysis related to the processing: Drafting the impact analysis regarding to the applicable legal and regulatory provisions and risks analysis in the context of technical and organisational measures implemented by those involved in the processing.

Prices

On receipt of the elements presenting the research project (protocol/synopsis, list of institutions, etc.) :

Drafting a fixed-price proposal for intervention: a single fare for review of research documents and drafting the PIA.

Proposed schedule to perform PIA.

Illustration :

Mise en place d’une étude de suivi clinique après commercialisation d’un dispositif médical
10 centres : 4 hôpitaux publics + 6 cliniques

Coût par signature signée ou exécuté: 350 €

Total : 3500 €

Discover our other offers

Outsourcing the contracting service with healthcare institutions or professionals

Outsourced DPO, healthcare sector

Externalisation de la fonction de DPO (Data Protection Officer) pour les start-up spécialisées dans la e-santé - à supprimer

PIA en recherche clinique Rédaction d’Analyse d’Impact sur la Protection des Données (AIPD / PIA) pour les traitements mis en œuvre dans le cadre des recherches cliniques (MR-001, MR-003 et MR-004)

Externalisation de la fonction de DPO (Data Protection Officer) pour les start-up spécialisées dans la santé

Externalisation de la fonction de DPO (Data Protection Officer) pour les start-up spécialisées dans la e-santé