Development of Research Data Use Scenarios to Inform a Legal and - PowerPoint PPT Presentation

Development of Research Data Use Scenarios to Inform a Legal and Ethics Framework for PCOR Prashila Dullabh September 13, 2016

Acknowledgements � Funded by the Office of the National Coordinator for Health IT � Project team members include � Daniella Meeker (University of Southern California) � Ioana Singaraneu (Eversolve) � Jane Thorpe (George Washington University) � Lara-Cartwright Smith (George Washington University) � Elizabeth Gray (George Washington University) � Devi Metha (ONC) 2

Agenda � Introduction � Project goals � Background � Methods � Principal findings � Lessons learned 3

Introduction to the project � Sharing data across the health IT ecosystem is a major federal priority, as articulated in ONC’s 2014 report on its 10-year vision and the Interoperability Roadmap v.1.0. � This data contributes to PCOR and the Learning Health System but raises privacy-related concerns A Learning Health System: “…will improve the health of individuals and populations. The learning health system will accomplish this by generating information and knowledge from data captured and updated over time – as an ongoing and natural by-product of contributions by individuals, care delivery systems, public health programs, and clinical research…” -The Learning Health Community’s Preamble 4

Related ONC-funded PCORTF Projects � Patient Choice Project � Conceptualizing a Data Infrastructure for the Capture and Use of Patient-Generated Health Data � Structured Data Capture � Data Access Framework � Patient Aggregation Matching and Linkage Project 5

Project Goals � Determining how health information from a variety of data sources can be used for PCOR/CER , consistent with principles of bioethics and the legal requirements governing privacy of health information, including patient consent � Phase 1: � Develop research data use scenarios and use cases with a multi- stakeholder group � Phase 2: � Assess the legal, regulatory, and policy environment governing the use of health information for PCOR/CER � Develop a legal and ethics framework for protecting patient privacy during conduct of PCOR/CER 6

Phase 1 � Identify practical research needs of PCOR community � Ensure research data use scenarios representative of industry-wide needs � Provide an understanding of how users and systems interact and identify data sharing and system interactions and requirements � Leverage federal and private sector work � Consider operational elements, tasks, activities and information sharing necessary to support the PCOR community 7

Phase 2 � Identify and define data types � Identify relevant ethical principles and legal requirements related to privacy and security � Map privacy and security legal requirements to the potential flow of data for PCOR, identify gaps where applicable � Develop a legal framework for PCOR that addresses privacy and security requirements and ethical principles 8

Phase 1: Approach for Research Data Use Scenario Development 9

Key Questions for Developing Scenarios � Who/what are the sources of the data? � Who is requesting the data? � For what purpose(s) is the data being requested? � Are there any fees associated with either obtaining the data and/or combining the data? � Is the data being combined with other sources of data? If so, by whom and how? � What is done with the data once the research is complete? Is it available for secondary use? � Why were data originally collected? � What parties participate in agreements in the scenario? � What specifications are relevant for data security? � Is the data individually identifiable? Is the data partially de-identified (e.g., limited data set)? If not, how was it de-identified? Can it/will it be re-identified? 10

Principal Findings

Research Data Use Scenarios, Thematic Areas, and Use Cases Use Case Thematic Area Scenario Combining Clinical and Claims Data Use Case 1: Combining Claims and Birth Records Combining Independently Managed Combine Data for Data for PCOR Secondary Analysis of Administrative Data on PCOR Substance Use Treatment CER Research and Age-Related Consent Considerations Related to Consent and Transitions from Minor to Adult Use Case 2: Research Data Use Scenarios on Obtaining Consent from Incarcerated HIV-Positive Consent Special Populations and Protection Research Participants Management Status Consenting Individuals with Impaired Decision-Making Capacity Accessing Sensitive Behavioral Combining Mental Health Data with Physical Health Health Data for PCOR Data Consent to Disclose Genomic Data that Affects Family Members Genomic Testing and Disclosure to Minors Use Case 3: Use of Precision Medicine Sensitive Data Use of Genetic Bio-Markers data for PCOR Individual and Population-Level Privacy Concerns for American Indian/Alaska Native Research Related to Sub- Individuals and/or Populations Populations Research Use Scenarios Related to Reidentification Risk from the Mosaic Effect Use Case 4: Cumulative Re-identification Risks Identification and Variations in Linkage Creating A Multi-Institutional Unique Identifier for Re-Identification of Mechanisms/Availability of Unique Research PCOR Data Identifiers Creating A Registry That Includes Patient Reported Use Case 5: Outcomes Patient-Generated Patient-Generated Health Data Use a Registry that includes Patient Reported Health Data Outcomes for PCOR Use Sensor Data fro PCOR 12

Process for Analyzing Scenarios � Several scenarios shared a common goal � Use Case � Involving same entities � Actors � Scenarios involved specific policies � Thematic Area 13

Use Case Overview Diagram 14

Workflow Diagrams 15

Cross-Cutting Themes � Complexities and variations in institutional and IRB policies and understanding of technical safeguards have exposed the need for standardized contractual agreements and implementation guides (protocols) for data management, transfer, and record linkage � Compliance professionals need better standardized protocols and agreements that are coupled with implementation specifications that can be used by IT professionals to implement appropriate safeguards, information flows, and access control systems 16

Cross Cutting Themes � Gaps relating to emerging data types including PGHD and genetic data highlights the need for policies to protect both patients and family members from risks related to privacy, confidentiality, and security � Mosaic Effect: New analytic techniques and availability of diverse data have implications for unauthorized reidentification of deidentified health data 17

Resources and Key Contacts � PCOR Privacy and Security Research Scenario Initiative and Legal Analysis and Ethics Framework Development Website http://confluence.siframework.org/display/PSRSI/PCOR+P rivacy+and+Security+Research+Scenario+Initiative+and+L egal+Analysis+and+Ethics+Framework+Development+Ho me � Key Contacts � Prashila Dullabh (NORC): dullabh-prashila@norc.org � Daniella Meeker (USC): dmeeker@usc.edu � Ioana Singureanu (Eversolve): ioana.Singureanu@gmail.com � Devi Mehta (ONC): Devi.Mehta@hhs.gov 18