HIPAA and its Implications on Epidemiological Research Using Large Databases K. Arnold Chan, MD, ScD Harvard School of Public Health Channing Laboratory,

Slides:

Advertisements

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

Advertisements

Ann Johnson IRB Administrator, IRB Member. Objectives 1. Identify the components necessary for management and oversight of tissue repositories used for.

QI project or research? Thomas F. Byrd M.D. HRRC Chair Subcommitees 2 and 4 December 3, 2013.

Bill Stockdale, MBA, Celeste Beck, MPH, Lisa Hulbert, PharmD, Wu Xu, PhD Utah Department of Health Comparison with other methods of analysis: 1) Assessing.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.

Criteria For Approval 45 CFR CFR Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

Informed Consent.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

THE UW HEALTH SCIENCES IRB S OVERVIEW PRACTICAL REGULATORY ISSUES IN HUMAN SUBJECTS RESEARCH.

The Protection of Human Subjects in Research Piece Presenter: Roxana Killian.

UTHSC IRB Donna Hollaway, RN, CCRC 11/30/2011 Authority to Audit 45 CFR (e) An IRB shall conduct continuing review of research covered by this.

Training In HIPAA Privacy Regulations for Researchers and Research Staff Adapted from a presentation prepared by Human Subjects Division, University of.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Implementation of Privacy Board Reviews at PCMC Mary Thomason, Intermountain Healthcare Privacy Board Chair.

Boosting policy-relevant research using linked administrative data Louisa Jorm University of Western Sydney The Sax Institute.

University of Miami1 HIPAA Survival Skills An Introduction to HIPAA and Research University of Miami Human Subjects Research Office October 31, 2006 Evelyne.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

Documentation for Acute Care

The NIH Biomedical Translational Research Information System (BTRIS) Town Hall Meeting - Information Session February 26, 2008 Lipsett Auditorium.

Selection of Data Sources for Observational Comparative Effectiveness Research Prepared for: Agency for Healthcare Research and Quality (AHRQ)

Human Investigation Committee  Is it research?  If yes, does it involve human subjects?  If yes, can it be exempt?  If no, will a Request for.

Health Insurance Portability and Accountability Act (HIPAA)

EHRS as a Tool to Improve BP Control 1.Brief history of OQIUN, CCI. Began 1999 using data cards. Started working with multiple practice sites using different.

Community Feedback and Involvement in [Health Department’s] Proposed Data to Care Program [Name of Provider Session Date of Provider Session]

Cornell Evaluation Network The Use of Human Participants in Research Office of Research Integrity and Assurance ~ May 14, 2007.

Human Research Protection Programs 1a: How to Navigate Human Subject Protection Regulations Sponsored by the American Society for Investigative Pathology.

Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.

Treuman Katz Center for Pediatric Bioethics Conference Banking Biological Samples for Pediatric Research Jeffrey R. Botkin, M.D., M.P.H. Professor.

International Research & Research Involving Children K. Lynn Cates, MD Assistant Chief Research & Development Officer Office of Research & Development.

The effect of surgeon volume on procedure selection in non-small cell lung cancer surgeries Dr. Christian Finley MD MPH FRCSC McMaster University.

Primary Care and Community Outreach Research VCOM Institutional Review Board Jim Mahaney, PhD Associate Dean for Biomedical Affairs, Virginia Campus Past.

Li Xiong CS573 Data Privacy and Security Healthcare privacy and security: Genomic data privacy.

Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.

Future Use of Stored Samples & Data and the NIH Policy on GWAS and dbGaP NIAID/DAIDS Dione Washington, M.S. -- ProPEP Sudha Srinivasan, Ph.D.-- TRP Tanisha.

Implications for the Use of Tissue in Research P. Pearl O’Rourke, MD Partners HealthCare Boston, MA.

ICD-10 Transition: Implications for the Clinical Research Community Jesica Pagano-Therrien, MSN, RN, CPNP HRPP Educator UMCCTS Office of Clinical Research.

HIPAA – How Will the Regulations Impact Research?.

Ethical and Regulatory Considerations in Research using Residual Specimens Jeffrey R. Botkin, M.D., M.P.H. Professor of Pediatrics and Medical Ethics Associate.

Legal & Ethical Issues. Objectives At the completion of this session the participant will be able to: ◦ Describe the ethical principles associated with.

HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.

Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,

Health Insurance Portability and Accountability Act (HIPAA) CCAC.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

Retention of Medical Records Law April 2002 Source: records-retention0402.shtml

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

HIT FINAL EXAM REVIEW HI120.

Inside Clinical Trials ® ALL RIGHTS RESERVED. What is a clinical trial? ALL RIGHTS RESERVED.

HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.

Investigational Devices and Humanitarian Use Devices June 2007.

Record and Geographic Linkages to Inform Health Disparities Jennifer Parker and Lauren Rossen Office of Analysis and Epidemiology.

Biomedical Informatics Research Network DATA SHARING HIPAA Compliance & IRB Approvals Martha Payne, Jeffrey Grethe October 10, nd Annual All Hands.

CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.

Human Subjects Update E. Wethington, Chair, UCHS.

Uses of the NIH Collaboratory Distributed Research Network Jeffrey Brown, PhD for the DRN Team Harvard Pilgrim Health Care Institute and Harvard Medical.

Minding HIPAA & IRBs Cave Fatuis!. Elements HIPAA definitions of identifiable data Reducing risk of identifying people Research and IRB approval Business.

HIPAA and RESEARCH 5 th Thursday May 31, Page 2.

Table 1. Methodological Evaluation of Observational Research (MORE) – observational studies of incidence or prevalence of chronic diseases Tatyana Shamliyan.

Assessing the Prevalence of Children With Special Health Care Needs in an Integrated Community Health Care System: Creating a Registry and Care Support.

Clinicaltrials.gov Update

Patient Medical Records

Disability Services Agencies Briefing On HIPAA

Information for Patients Please return to reception

Secondary Research with Identifiable Information and Biospecimens

Making Your IRBs and Clinical Investigators HIPAA-Ready

HIPAA Overview.

Megan Eguchi, MPh Sana karam, md, phd

Presentation transcript:

HIPAA and its Implications on Epidemiological Research Using Large Databases K. Arnold Chan, MD, ScD Harvard School of Public Health Channing Laboratory, Birgham & Women’s Hospital and Harvard Medical School 1

Brief outline of this presentation ● Using large linked automated data for public health research ● Data development processes to ensure HIPAA-compliance ● Examples ● Some thoughts

Two types of data for public health research ● Primary data – Prospectively collected – Well-designed data collection tool – Informed consent ● Secondary data – Data originally collected for other purposes – May be proprietary – Privacy and confidentiality (particularly important if no prior authorization) – Different data systems

Large linked healthcare databases ● Health insurance claims data – Medicaid – Medicare – Managed Care Organizations (MCO) ● Automated medical records ● Hospital / Clinic IT systems ● Availability of written records ● Need to contact patients / individuals ?

Public health research within MCOs ● Harvard Community Health Plan (subsequently became Harvard Pilgrim HealthCare) ● Kaiser Permanente (several states) ● Group Health Cooperative (Seattle area) ● Others ● HMO Research Network – 10+ MCOs across the U.S.

Public health research within MCOs ● Different types of MCOs – Group model – Staff model – Different relationship with hospitals – Implications on data access ● MCOs with research programs – Separate research departments – Full-time investigators and support staff

Data elements in the MCO data ● Demographic information ● Membership – Start date, termination date, benefit plan,... ● Office visits – Type of visit, diagnosis(es), special procedures ● Special examinations – Radiology, Laboratory examinations ● Hospitalizations ● Drug dispensings ● Linkable by a unique ID

HIPAA and Research with Databases ● Authorization from individual research subjects not feasible ● Individual authorization may be waived by Institutional Review Board or Privacy Board – Minimal Risk – Data reported in aggregate fashion ● No single-case report – “Minimum necessary” principle – De-identification

HIPAA and Research with Databases ● Single MCO studies – Investigators and research staff are MCO employees ● Multiple-MCO studies – May involve transferral of data across MCOs or to a Data Center ● Other types of studies not covered in this presentation – e.g. Generate a de-identified dataset for public or commercial use

HIPAA and data development ● Do not move individual level data unless absolutely necessary – Generate summary tables at each study site – Combine the tables for final report – Smalley et al. Contraindicated use of cisapride: the impact of an FDA regulatory action. JAMA 2000; 284:

HIPAA and data development ● Randomly generated Study ID to replace True ID – Crosswalk between the two stored at secured location – Destroy the crosswalk after successful linkage of data and quality check – Implications for storage and back-up

HIPAA and data development ● Roll-up / transform variables – Age --> Age groups – National Drug Code --> Drug or Group of drugs – ICD-9 diagnosis code --> Disease e.g. A man born on Dec 10, 1934 with diagnosis code xxx.yy received durg – y/o m with Heart Failure received Digoxin

HIPAA and data development ● Preserve temporal sequence of events but disguise the real dates ● e.g. Drug use during pregnancy study – 29 year-old received on Nov 25, 1999 and delivered a baby on Dec 10, > – year-old mother delivered in 1999, baby exposed to amoxicillin at -16 days

HIPAA and data development ● Only extract information relevant to the study – e.g. A study of osteoporosis does not require information on subjects' mental health status ● Co-morbid conditions may be relevant – Use proxy measures to describe level of comorbidity ● Charlson's Index (based on concomitant diagnoses) ● Chronic Disease Score (based on co-medications)

HIPAA and data development ● Geocoding – Describe social-economic status of study subjects based on census tract data – Send out (Study ID, address) to a geocoding firm – (Study ID, X1, X2, X3) returned ● X1 : education level ● X2 : income level ● X3 : race/ethnicity information

An example Finkelstein et al. Decreasing Antibiotic Use Among US Children: The Impact of Changing Diagnosis Patterns. Pediatrics 2003; 112: ● Data elements involved – Date of birth, gender – Membership – Drug dispensings – Diagnoses in close proximity to antibiotics dispensings ● Data from nine MCOs

Finkelstein et al. Pediatric antibiotics use study ● Data development at each MCO – Extract antibiotics use information – Extract diagnosis of interest (infections) – Use date of birth, gender, and membership data to calculate person-time of interest ● Refined, aggregate data forwarded to the Data Center – Rate of antibiotics use = # of antibiotics use / 1,000 person-years for each age-gender group

HIPAA and data development ● Individual identification is needed for certain types of research – Obtain medical records – Contact patient to conduct interview and/or request specimen – Linkage with external data ● Cancer registry ● National Death Index

HIPAA and data development ● The process – Data extraction, transformation, reduction, and de- identification carried out at each MCO – Governed by State laws and local HIPAA-compliant Standard Operating Procedures – Principle of Limited Dataset / Minimum necessary ● The goal – Highly processed and de-identified data available for concatenation across study sites and complex analyses

k-anonymity and large datasets ● The goal – A de-identified dataset at a certain level of individual anonymity A 43 year-old man with hypertension, diabetes, and anxiety, taking atenolol, rosiglitazone, and lorazepam vs. A man taking a beta-blocker and a thiazolidenedione

HIPAA, Data Storage and Access ● Implications on Data Backup Plans – Data need to be destroyed after the report is published ● Data only used to support pre-defined analyses ● Ancillary analysis are possible after IRB review and approval

Epidemiology studies using large databases ● In the old days... – Give me all the data, do what I say... – What if the investigator / reviewer want to do THIS analysis ? – Use existing datasets to test new hypothesis ● Good research practice – Define necessary data elements according to research protocol – Pre-defined analytic plan

Epidemiology studies using large databases ● Keys to protection of human subjects – Competent, responsible investigators and staff – IRB review and oversight – Data development guidelines ● e.g. Good Epidemiology Practice – Information technology ● Some reasonable rules/guidelines are better than no guideline