Technical Approaches for Protecting Privacy in the PCORnet Distributed Research Network V1.0
|
|
- Arron Ellis
- 8 years ago
- Views:
Transcription
1 Technical Approaches for Protecting Privacy in the PCORnet Distributed Research Network V1.0 Guidance Document Prepared by: PCORnet Data Privacy Task Force Submitted to the PMO Approved by the PMO Submitted to PCORI Accepted by PCORI March 31, 201 April 2, 201 April 3, 201 June 4, 201 i
2 Data Privacy Task Force Technical Approaches for Protecting Privacy in the PCORnet Distributed Research Network V1.0 TABLE OF CONTENTS EXECUTIVE SUMMARY... - ii MINIMUM THRESHOLD PERTURBATION OF QUERY RESULTS OBFUSCATION OF IDENTIFIERS FOR RECORD LINKAGE DE- IDENTIFICATION OF RECORD- LEVEL DATA... 3 A. CAPRICORN APPROACHES... 3 B. NEPHCURE PPRN S APPROACHES TO DE- IDENTIFICATION... 4 C. PEDSNET APPROACHES TO DE- IDENTIFICATION... 4 TABLES AND FIGURES... REFERENCES... 6 The Data Privacy Task Force - ii - Technical Approaches for Protecting
3 EXECUTIVE SUMMARY PCORnet is a federated network, with PCORnet network partners retaining discretion and responsibility with respect to the collection, access, use, and disclosure of patient information; network partners also make determinations about when they will participate in any particular PCORnet query. The Data Privacy Task Force is working collectively with the CDRNs and PPRNs to develop a set of privacy policies to govern data sharing by PCORnet. This guidance is intended to augment the PCORnet policies to provide examples of methods to reduce the risk of re- identification with respect to the generation, collection, maintenance, or return of Network Data. Terms used in this guidance are defined in the PCORnet policies. This guidance is intended to be modified over time as the PCORnet Distributed Research Network gains experience. The guidance covers the following privacy protective techniques: (Threshold) Minimum count thresholds for Aggregate Data; (Perturb) Perturbation of PCORnet Data; (Obfuscate) Obfuscation of identifiers for record linkage; and (De- identify) De- identification of record- level research participant information. The Data Privacy Task Force - ii - Technical Approaches for Protecting
4 MINIMUM THRESHOLD One of the manners by which personal information can be exploited for re- identification is by the triangulation on small groups of individuals. In order to mitigate such attacks, PCORnet Policy currently states that Network Data Affiliates cannot release Network Data with cell counts of five or less, unless authorized by the research protocol and IRB(s) approving the query. (See PCORnet Policy ) PCORnet policies permit network partners to apply their local rules for masking cell counts, or for rejecting queries where the return of results would not match their thresholds for releasing Aggregate Data. Such local policies must be consistent with commitments made to patients/data subjects with respect to use of their information. Other examples of thresholds are shown in Table 1. PERTURBATION OF QUERY RESULTS Another manner by which personal information can be exploited for re- identification is by overlapping queries to remove the intersection and disclose the remaining individuals. Consider an example of how this might be achieved. First, an Authorized User issues a query for how many juvenile diabetics were on drug A and drug B with an adverse outcome and the answer is X, which, for this case, let us assume corresponds to 31. The User then issues a subsequent query in which they ask how many juvenile diabetics were on drug A with an adverse outcome, such that the answer is now 30. At this point, the User learns that there is only 1 juvenile diabetic on both drug A and drug B with the adverse outcome. There are a number of ways in which this type of attack could be prevented. In practice, systems tend to apply either 1) rounding (or coarsening) or 2) injection of a certain degree of noise to the query result. As noted in PCORnet policies, the PCORnet query should specify the approach to be used to de- identify data or reduce re- identification risks (see PCORnet Policy.2.1.1). If a rounding (or coarsening approach is used), the result X could be rounded to the nearest value of 10. For instance, in the above scenarios, the answers to the queries would both be 30. However, it should be noted that the degree to which the utility of the query answers would be tied directly to the rounding values. An initial rounding value of 10 is recommended. An alternative to rounding is the injection of a certain amount of noise into the results. This is the strategy that query- response tools such as i2b2 [Murphy 2009] (specifically in SHRINE [Lowe 2009]) apply in their system. In this scheme, the result would be reported as 30 + ε, where ε is a random value selected from a known distribution. This distribution could be uniform, Gaussian, Laplacian, or something else. It should be noted that i2b2 applies a Gaussian distribution. If random noise is to be added, the approach needs to specify the standard deviation of the distribution from which the value is selected.
5 OBFUSCATION OF IDENTIFIERS FOR RECORD LINKAGE To mitigate bias in investigations, it is important to resolve when a patient s data resides in multiple resources. This process, called record linkage, is non- trivial because a patient s record often contains typographical and semantic errors. Sophisticated record linkage strategies have been proposed to resolve these problems, but they rely on patient identifiers, such as personal name and Social Security Number. To overcome this barrier, a growing list of techniques has been proposed to support private record linkage (PRL). From a high level, the PRL process has a lifecycle that entails (but is not necessarily limited to) the following steps [Toth 2014]: 1. Generation and storage of keys for cryptosystems, or salt values for hash functions, invoked in a PRL protocol; 2. Communication of keys and salt to the entities encoding the records upon request; 3. Transformation of identifiers into their protected form as specified by the protocol; 4. Separation of salt hosting and de- duplication trusted entities for enhanced security. Execution of the record linkage framework (e.g., feature weighting, blocking, and comparison of record pairs to predict which correspond to the same individual); and 6. Transfer of records and parameters related to the linkage protocol (i.e., all communication between parties). Under no circumstances can the keys or salt values be disclosed to any entity beyond PCORnet network partners. A number of network partners are exploring different approaches to private record linkage. Some network partners report using NIH s Global Unique Identifier (GUID) Tool ( overview.jsp). The CAPriCORN Clinical Data Research Network has developed private record de- duplication software [insert link to JAMIA paper when it is available]. The Secure Open Master Patient Indexing System (SOEMPI), developed researchers at Vanderbilt University and the University of Texas at Dallas, is another approach. Private companies also offer de- duplication software options. Although it is too early to require that all PCORnet participants adopt a specific approach, evolving to the same approach would be beneficial, as it would allow for centralized de- duplication to occur, versus having network participants individually engage in these efforts. To apply such an approach, PCORnet would need to agree on: 1. Who is the third party (trusted party A) who generates the keys/salt values of the functions? 2. Who is the third party (trusted party B) who gets to perform the linkage? 3. Who gets to see the linkage results? In other words, do the member sites get to know when their constituents went to other sites? 4. What is the similarity threshold by which we could claim that two records correspond to the same individual? There are no standards and no standard software available at this time. SOEMPI is one option, but it will require either PCORnet or some organization to adopt the source code and support is operations. An alternative solution would be to piggyback on the software developed by the Chicago CDRN the paper describing this system is under review at JAMIA and is provided separately. There are benefits and drawbacks to both systems in their design and linkage algorithms.
6 DE- IDENTIFICATION OF RECORD- LEVEL DATA A predominant model for research using the PCORnet Distributed Research Network is one where the individual, record- level or patient- level data remains under the control of the network partner (or Network Data Affiliate); the research query is run on the Network Data, and only Aggregate Data is returned in response. This privacy- preserving architecture reduces the need to adopt de- identification strategies for data shared in response to a query. [Mini Sentinel 2012] However, PCORnet policies recognize that at times, responses to queries may require the sharing of record- or patient- level de- identified data. In addition, network partners (particularly those consisting of disparate organizations) may choose as a matter of local policy to create de- identified datasets for research purposes. There a number of ways by which de- identification can be achieved. Follow this link for the latest guidance from the HHS office for Civil Rights on HIPAA de- identification: identification/guidance.html In circumstances where the query requires the return of de- identified data, PCORnet policies require the query to specify the definition and approach or procedures required to de- identify data. In addition, some network partners may be required to abide by NIH s recently released Genomic Data Sharing Policy, which includes specifications on the de- identification approach to be used. For initial queries requiring the return of de- identified data, the PCORnet Coordinating Center (CC), with input from network partners participating in the queries, may need to set the approach to be used; however, over time, PCORnet should develop a robust set of policies and best practices that over time may reduce or eliminate the need for CC control. These approaches focus on reducing risk of re- identification using demographic identifiers; future iterations of the guidance may need to deal with risk of re- identification from exposure of clinical data. PCORnet network partners are invited to share their approaches to de- identification of record level data, in order to share resources and begin to develop a library of best practices. The following record- level de- identification approaches have been shared and are also available on the PCORnet Central Desktop: A. CAPRICORN APPROACHES CAPriCORN proposes initially to validate and use limited data sets with randomly seeded, time- shifted temporal references and geographical references restricted to the first three digits of zip codes. Expert statistical determination will be sought for the method of time- stamping events to confirm that it also meets the Safe Harbor de- identification criteria of the HIPAA Privacy Rule. Until such determination has been achieved, the data sets will be considered limited, rather than de- identified, datasets. In the event that this proves infeasible, CAPriCORN will adhere to Safe Harbor until the situation has evolved and use of date shifting is accepted. A separate important piece of information useful for epidemiologic investigations is geographic location. We may need to incorporate these data through IRB approval of limited data sets rather than addresses
7 that can be geocoded. ZIP code level data will need to be considered when applying our minimum threshold and perturbation of query rules. B. NEPHCURE PPRN S APPROACHES TO DE- IDENTIFICATION 1. Encrypted hash (SHA1) on a sequential ID number assigned as the surveys come in. 2. Randomizing birth dates within six months, with a new random birth date generated for each query. 3. The Common Data Model has been constructed as views in a separate schema, so no queries can get to the underlying data. C. PEDSNET APPROACHES TO DE- IDENTIFICATION 1. Institution replaces PHI with a site encrypted identifier, and maintains link between the two. 2. DCC replaces site encrypted identifier with a PEDSnet encrypted identifier (PEI) to insure uniqueness across sites. 3. All datasets stored or sent out of the DCC use the PEI. What this means in the study context is that the investigator gets a set of PEIs in response to a case- finding query. If they want to re- identify patients, they tell the DCC, who translates that back to a site and site encrypted identifier, and sends that back to the site of origin. That site is then able to link to PHI and re- contact the patient or provide additional data (e.g., chart review). We re planning to cycle a test of this process in December, if the DUAs get sorted by then.
8 TABLES AND FIGURES Refer to tables and figures throughout the document and place them here. Use capital T s and F s when referring to tables and figures (e.g., As mentioned in Table 1, etc.). Table 1. Examples of thresholds applied in the minimum threshold rule AGENCY Washington State Department of Health [WA 2012] Centers for Disease Control Healthy People 2010 [Klein 2002] Arkansas HIV/AIDS Data Release Policy [AR 2012] Colorado State Department of Public Health and Environment [CO 2012] National Center for Health Statistics [NCHS 2004] UK Department of Enterprise, Trade, and Investment [DETI 2012] Utah State Department of Health [UT 200] Iowa Department of Public Health [IA 200] NASA [SEDAC 200] MINIMUM THRESHOLD
9 REFERENCES [AR 2010] Arkansas HIV/AIDS Surveillance Section. Arkansas HIV/AIDS Data Release Policy. Available Online: atadeissemination.pdf. First published: May Last Accessed: April 29, [CO 2010] Colorado State Department of Public Health and Environment. Guidelines for working with small numbers. Available online: Last Accessed: April 29, [DETI 2010] U.K. Department of Enterprise, Trade, and Investment. DETI Data Confidentiality Statement. Available online: stats- index/stats- national- statistics/data- security.htm. Last Accessed: April 29, [Klein 2002] R. KLEIN, S. Proctor, M. Boudreault, K. Turczyn. Healthy people 2010 criteria for data suppression. Centers for Disease Control Statistical Notes Number [Mini Sentinel 2012] J RASSEN, et al., Mini Sentinel Methods: Evaluating Strategies for Data Sharing and Analyses in Distributed Data Settings, November 2012, sentinel.org/work_products/statistical_methods/mini- Sentinel_Methods_Evaluating- Strategies- for- Data- Sharing- and- Analyses.pdf. [Murphy 2009] S. MURPHY, et. al. Strategies for maintaining patient privacy in i2b2. Journal of the American Medical Informatics Association. 2011; 18: [SEDAC] Socioeconomic Data and Applications Center. Confidentiality issues and policies related to the utilization and dissemination of geospatial data for public health application; a report to the public health applications of earth science program, national aeronautics and space administration, science mission directorate, applied sciences program Available online: Last Accessed: April 29, [TOTH 2014] C. TOTH, et al. SOEMPI: A Secure Open Master Patient Index Software Toolkit for private record linkage. Proceedings of the 2014 American Medical Informatics Association Annual Symposium. 2014: in press. [UT 200] Utah State Department of Health. Data release policy for Utah s IBIS- PH web- based query system, Utah Department of Health. Available online: First published: 200. Last Accessed: April 29, [WA 2012] Washington State Department of Health. Guidelines for working with small numbers. Available online: First published 2001, last updated October Last Accessed: April 29, 2014.
Guidance on De-identification of Protected Health Information November 26, 2012.
Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule November 26, 2012 OCR gratefully
More informationTHE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY
THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY Table of Contents I. Overview... 3 II. Legal Authority for NHCS... 3 III. Requirements of the HIPAA Privacy Rule... 3 IV. Extra Safeguards and
More informationEXECUTIVE SUMMARY...1 II.
EXTENDING COMPARATIVE EFFECTIVENESS RESEARCH AND MEDICAL PRODUCT SAFETY SURVEILLANCE CAPABILITY THROUGH LINKAGE OF ADMINISTRATIVE CLAIMS DATA WITH ELECTRONIC HEALTH RECORDS: A SENTINEL-PCORnet COLLABORATION
More informationHIPAA and Big Data Twenty Third National HIPAA Summit. March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer
HIPAA and Big Data Twenty Third National HIPAA Summit March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer Overview HIPAA and Big Data Big Data Definitions Big Data and Health Care Benefits
More informationEfficient Similarity Search over Encrypted Data
UT DALLAS Erik Jonsson School of Engineering & Computer Science Efficient Similarity Search over Encrypted Data Mehmet Kuzu, Saiful Islam, Murat Kantarcioglu Introduction Client Untrusted Server Similarity
More informationDe-identification Koans. ICTR Data Managers Darren Lacey January 15, 2013
De-identification Koans ICTR Data Managers Darren Lacey January 15, 2013 Disclaimer There are several efforts addressing this issue in whole or part Over the next year or so, I believe that the conversation
More informationEmploying SNOMED CT and LOINC to make EHR data sensible and interoperable for clinical research
Employing SNOMED CT and LOINC to make EHR data sensible and interoperable for clinical research James R. Campbell MD W. Scott Campbell PhD Hubert Hickman MS James McClay MD Implementation Showcase October
More informationDe-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "
De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies
More informationHow to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008
How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption
More informationFrom Research to Practice: New Models for Data-sharing and Collaboration to Improve Health and Healthcare
From Research to Practice: New Models for Data-sharing and Collaboration to Improve Health and Healthcare Joe Selby, MD, MPH, Executive Director, PCORI Francis Collins, MD, PhD, Director, National Institutes
More informationLi Xiong, Emory University
Healthcare Industry Skills Innovation Award Proposal Hippocratic Database Technology Li Xiong, Emory University I propose to design and develop a course focused on the values and principles of the Hippocratic
More informationResearch Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on
Research Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on Lucila Ohno-Machado, MD, PhD Division of Biomedical Informatics University of California San Diego PCORI Workshop 7/2/12
More informationSocietal benefits vs. privacy: what distributed secure multi-party computation enable? Research ehelse 2015 21-22 April Oslo
Privacy Societal benefits vs. privacy: what distributed secure multi-party computation enable? Research ehelse 2015 21-22 April Oslo Kassaye Yitbarek Yigzaw UiT The Arctic University of Norway Outline
More informationREACCH PNA Data Management Plan
REACCH PNA Data Management Plan Regional Approaches to Climate Change (REACCH) For Pacific Northwest Agriculture 875 Perimeter Drive MS 2339 Moscow, ID 83844-2339 http://www.reacchpna.org reacch@uidaho.edu
More informationDATA MINING - 1DL360
DATA MINING - 1DL360 Fall 2013" An introductory class in data mining http://www.it.uu.se/edu/course/homepage/infoutv/per1ht13 Kjell Orsborn Uppsala Database Laboratory Department of Information Technology,
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationData Driven Approaches to Prescription Medication Outcomes Analysis Using EMR
Data Driven Approaches to Prescription Medication Outcomes Analysis Using EMR Nathan Manwaring University of Utah Masters Project Presentation April 2012 Equation Consulting Who we are Equation Consulting
More informationNSF Workshop on Big Data Security and Privacy
NSF Workshop on Big Data Security and Privacy Report Summary Bhavani Thuraisingham The University of Texas at Dallas (UTD) February 19, 2015 Acknowledgement NSF SaTC Program for support Chris Clifton and
More informationSCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training
SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative
More informationSecondary Uses of Data for Comparative Effectiveness Research
Secondary Uses of Data for Comparative Effectiveness Research Paul Wallace MD Director, Center for Comparative Effectiveness Research The Lewin Group Paul.Wallace@lewin.com Disclosure/Perspectives Training:
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy
More informationPrivacy Policy. The Read Privacy Policy was created on June 11, 2015
Legal Privacy Policy The Read Privacy Policy was created on June 11, 2015 Your privacy is important to Read and always will be. So we ve developed a Privacy Policy that covers how we collect, use, disclose,
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More informationtell you about products and services and provide information to our third party marketing partners, subject to this policy;
WEBSITE PRIVACY POLICY FOR RUBE GOLDBERG As of 09-25-2012 Rube Goldberg has created this Privacy Policy in order to demonstrate our firm commitment to protecting personal information. The following discloses
More informationDegrees of De-identification of Clinical Research Data
Vol. 7, No. 11, November 2011 Can You Handle the Truth? Degrees of De-identification of Clinical Research Data By Jeanne M. Mattern Two sets of U.S. government regulations govern the protection of personal
More informationWhitepapers on Imaging Infrastructure for Research Paper 1. General Workflow Considerations
Whitepapers on Imaging Infrastructure for Research Paper 1. General Workflow Considerations Bradley J Erickson, Tony Pan, Daniel J Marcus, CTSA Imaging Informatics Working Group Introduction The use of
More informationSpecial Topics in Security and Privacy of Medical Information. Privacy HIPAA. Sujata Garera. HIPAA Anonymity Hippocratic databases.
Special Topics in Security and Privacy of Medical Information Sujata Garera Privacy HIPAA Anonymity Hippocratic databases HIPAA Health Insurance Portability and Accountability Act of 1996 1 HIPAA What
More informationProtecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule
AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal
More informationDAIDS Bethesda, MD USA POLICY
Overview NIH policy requiring independent data and safety monitoring boards (DSMB) for all multicenter Phase III trials has existed since 1979; the most recent restatement was issued in 1998 (NIH Policy
More informationMedicare Program: Expanding Uses of Medicare Data by Qualified Entities. AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS.
This document is scheduled to be published in the Federal Register on 07/07/2016 and available online at http://federalregister.gov/a/2016-15708, and on FDsys.gov DEPARTMENT OF HEALTH AND HUMAN SERVICES
More informationSecure Authentication and Session. State Management for Web Services
Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively
More informationInformatics Domain Task Force (idtf) CTSA PI Meeting 02/04/2015
Informatics Domain Task Force (idtf) CTSA PI Meeting 02/04/2015 Informatics Domain Task Force (idtf) Lead Team Paul Harris, Vanderbilt University Medical Center, (co-chair) Steven Reis, University of Pittsburgh
More informationHIPAA-Compliant Research Access to PHI
HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for
More informationHealth Data De-Identification by Dr. Khaled El Emam
RISK-BASED METHODOLOGY DEFENSIBLE COST-EFFECTIVE DE-IDENTIFICATION OPTIMAL STATISTICAL METHOD REPORTING RE-IDENTIFICATION BUSINESS ASSOCIATES COMPLIANCE HIPAA PHI REPORTING DATA SHARING REGULATORY UTILITY
More informationA THEORETICAL COMPARISON OF DATA MASKING TECHNIQUES FOR NUMERICAL MICRODATA
A THEORETICAL COMPARISON OF DATA MASKING TECHNIQUES FOR NUMERICAL MICRODATA Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University Agency Internal User Unmasked Result Subjects
More informationOverview of FDA s active surveillance programs and epidemiologic studies for vaccines
Overview of FDA s active surveillance programs and epidemiologic studies for vaccines David Martin, M.D., M.P.H. Director, Division of Epidemiology Center for Biologics Evaluation and Research Application
More informationFollowing are detailed competencies which are addressed to various extents in coursework, field training and the integrative project.
MPH Epidemiology Following are detailed competencies which are addressed to various extents in coursework, field training and the integrative project. Biostatistics Describe the roles biostatistics serves
More informationHIPAA Security Rule Toolkit
California Office of Health Information Integrity (CalOHII) HIPAA Security Rule Toolkit User Guide Version 1.0 2/1/2012 Table of Contents 1.0 - HIPAA Security Rule Background... 0 2.0 Purpose... 1 3.0
More informationFrom Fishing to Attracting Chicks
The Greater Plains Collaborative: a PCORNet Clinical Data Research Network s Strategies for Creating an Interoperable Architecture From Fishing to Attracting Chicks Russ Waitman, PhD Associate Professor,
More informationADVANCING POPULATION HEALTH: NEW MODELS AND THE ROLE OF RESEARCH
22 nd Annual Health Care Systems Research Network (HCSRN) Conference (formerly HMO Research Network Conference) ADVANCING POPULATION HEALTH: NEW MODELS AND THE ROLE OF RESEARCH Hosted by: Marshfield Clinic
More informationSpeaker First Plenary Session THE USE OF "BIG DATA" - WHERE ARE WE AND WHAT DOES THE FUTURE HOLD? William H. Crown, PhD
Speaker First Plenary Session THE USE OF "BIG DATA" - WHERE ARE WE AND WHAT DOES THE FUTURE HOLD? William H. Crown, PhD Optum Labs Cambridge, MA, USA Statistical Methods and Machine Learning ISPOR International
More informationObtaining IRB approval for multi-center research: challenges and recommendations
Obtaining IRB approval for multi-center research: challenges and recommendations Keith Marsolo, PhD Assistant Professor Division of Biomedical Informatics Cincinnati Children s Hospital Medical Center
More informationNotice of Privacy Practices for Protected Health Information (PHI)
Notice of Privacy Practices for Protected Health Information (PHI) Arapahoe Sports Medicine and Rehabilitation THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW
More informationRichmond Gastroenterology Associates, Inc.
Richmond Gastroenterology Associates, Inc. Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFOMRATION.
More informationUniversity of Cincinnati Limited HIPAA Glossary
University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations
More informationHIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets
HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information
More informationWorkshop on Establishing a Central Resource of Data from Genome Sequencing Projects
Report on the Workshop on Establishing a Central Resource of Data from Genome Sequencing Projects Background and Goals of the Workshop June 5 6, 2012 The use of genome sequencing in human research is growing
More information(Big) Data Anonymization Claude Castelluccia Inria, Privatics
(Big) Data Anonymization Claude Castelluccia Inria, Privatics BIG DATA: The Risks Singling-out/ Re-Identification: ADV is able to identify the target s record in the published dataset from some know information
More informationProtecting Patient Privacy. Khaled El Emam, CHEO RI & uottawa
Protecting Patient Privacy Khaled El Emam, CHEO RI & uottawa Context In Ontario data custodians are permitted to disclose PHI without consent for public health purposes What is the problem then? This disclosure
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationHIPAA Medical Billing Requirements For Research
The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy June 2008 Table of Contents PART V: The Health Insurance Portability and Accountability Act (HIPAA)...
More informationComputer Security (EDA263 / DIT 641)
Computer Security (EDA263 / DIT 641) Lecture 12: Database Security Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology Sweden Outline Introduction to databases
More informationDe-Identification of Clinical Data
De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV Tyrone Grandison, PhD Manager, Privacy Research, IBM TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008
More informationAssessing the impact of health literacy, numeracy and race on willingness to participate in biomedical research
Assessing the impact of health literacy, numeracy and race on willingness to participate in biomedical research Ryan Ber 7 th Annual Health Literacy Research Conference Monday November 2 nd 2015 What is
More informationDe-Identification Framework
A Consistent, Managed Methodology for the De-Identification of Personal Data and the Sharing of Compliance and Risk Information March 205 Contents Preface...3 Introduction...4 Defining Categories of Health
More informationDISCLOSURES WEB PRIVACY POLICY
DISCLOSURES WEB PRIVACY POLICY This Privacy Policy governs your use of this website and any content, products or services made available from or through this website including any sub domains thereof ("Website").
More informationData Privacy and Biomedicine Syllabus - Page 1 of 6
Data Privacy and Biomedicine Syllabus - Page 1 of 6 Course: Data Privacy in Biomedicine (BMIF-380 / CS-396) Instructor: Bradley Malin, Ph.D. (b.malin@vanderbilt.edu) Semester: Spring 2015 Time: Mondays
More informationPO Box 2201, Durango, CO 81302 970-382-8181 TEL 970-382-9494 FAX openskywilderness.com. Registration Form
Registration Form I am aware that I will be given the choice to participate in outdoor activities that are physically and emotionally demanding and that contain certain risks and dangers. I recognize that
More informationWayne Physical Medicine & Rehabilitation Associates 401 Hamburg Turnpike, Suite 105 Wayne, NJ 07470
PLEASE FILL OUT THIS SHEET COMPLETELY AND CORRECTLY. PLEASE PROVIDE ALL INSURANCE CARDS TO THE RECEPTIONIST TO COPY. Name Social Security # Address City, State & Zip Code Home Phone No. ( ) Cell Phone
More informationPublic Health 101 Series
Public Health 101 Series Introduction to Public Health Informatics Instructor name Title Organization Note: This slide set is in the public domain and may be customized as needed by the user for informational
More informationData and Information Management in Public Health
Data and Information Management in Public Health Adrienne S. Ettinger, Sc.D., M.P.H. Environmental Public Health Tracking Methods Course July 2004 Outline Information Management in Public Health Information
More informationPrivacy Aspects in Big Data Integration: Challenges and Opportunities
Privacy Aspects in Big Data Integration: Challenges and Opportunities Peter Christen Research School of Computer Science, The Australian National University, Canberra, Australia Contact: peter.christen@anu.edu.au
More informationNorth Florida Medical Centers, Inc. Notice of Information Practices
North Florida Medical Centers, Inc. Notice of Information Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE
More informationComputer Security Incident Response Plan. Date of Approval: 23- FEB- 2015
Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...
More informationi2b2 Clinical Research Chart
i2b2 Clinical Research Chart Shawn Murphy MD, Ph.D. Griffin Weber MD, Ph.D. Michael Mendis Andrew McMurry Vivian Gainer MS Lori Phillips MS Rajesh Kuttan Wensong Pan MS Henry Chueh MD Susanne Churchill
More informationHIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10
HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH
More informationDe-Identification of Clinical Data
De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008 1 1 Slide 1 cmw1 Craig M. Winter, 4/25/2008 Background
More informationHIPAA Basics for Clinical Research
HIPAA Basics for Clinical Research Audio options: Built-in audio on your computer OR Separate audio dial-in: 415-930-5229 Toll-free: 1-877-309-2074 Access Code: 960-353-248 Audio PIN: Shown after joining
More informationGuidance Specifying Technologies and Methodologies DEPARTMENT OF HEALTH AND HUMAN SERVICES
DEPARTMENT OF HEALTH AND HUMAN SERVICES 45 CFR PARTS 160 and 164 Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable
More informationHIPAA Compliance for Students
HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits
More informationChallenges of Data Privacy in the Era of Big Data. Rebecca C. Steorts, Vishesh Karwa Carnegie Mellon University November 18, 2014
Challenges of Data Privacy in the Era of Big Data Rebecca C. Steorts, Vishesh Karwa Carnegie Mellon University November 18, 2014 1 Outline Why should we care? What is privacy? How do achieve privacy? Big
More informationThe Basics of HIPAA Privacy and Security and HITECH
The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is
More informationElectronic Health Records: Why are they important?
Electronic Health Records: Why are they important? Linette T Scott, MD, MPH Deputy Director Health Information and Strategic Planning California Department of Public Health November 9, 2009 Presenter Disclosures
More informationinto HIPAA Ian Campbell and The information a service to Short Act, HIPAA "Administrative use to host contract with an Documentation regulations.
7 Things all Law Firms (and their IT staff) ) need to know about HIPAA Ian Campbell and Gavin W. Manes, Ph.D. The information contained herein is for informational purposes only as the public, and is not
More informationHuman Subjects Research (HSR) Series
Human Subjects Research (HSR) Series CITI Program s HSR series consists of modules from two basic tracks, Biomedical (Biomed) and Social- Behavioral- Educational (SBE), and a set of Additional Modules
More informationi2b2 Clinical Research Chart
i2b2 Clinical Research Chart Shawn Murphy MD, Ph.D. Griffin Weber MD, Ph.D. Michael Mendis Vivian Gainer MS Lori Phillips MS Rajesh Kuttan Wensong Pan MS Henry Chueh MD Susanne Churchill Ph.D. John Glaser
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,
More informationIssues with Tissues. Bertha delanda Celia Molvin/Kevin Murphy Research Compliance Office Stanford University
Issues with Tissues Bertha delanda Celia Molvin/Kevin Murphy Office Stanford University What are Tissues? Organic material removed from a living individual. Including biological samples For example, Blood
More informationPrivacy Policy - LuxTNT.com
Privacy Policy - LuxTNT.com Overview TNT Luxury Group Limited (the owner of LuxTNT.com). knows that you care how information about you is used and shared, and we appreciate your trust that we will do so
More informationHIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery
HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery Research A. General Rules. There are four pathways for covered entities ( CEs ) to obtain permission under the Health Insurance
More informationElectronic and Digital Signatures
Summary The advent of e-government and e-services has changed the way state agencies and local government offices do business. As a result, electronic systems and processes have become as important as
More informationBy the end of this course you will demonstrate:
1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health
More informationClinical Study Reports Approach to Protection of Personal Data
Clinical Study Reports Approach to Protection of Personal Data Background TransCelerate BioPharma Inc. is a non-profit organization of biopharmaceutical companies focused on advancing innovation in research
More informationHIPAA COMPLIANCE. What is HIPAA?
HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used
More informationThe OCR Audit Protocol a first look
The OCR Audit Protocol a first look On June 26, 2012, the Office for Civil Rights published its Audit Protocols for HIPAA Security, HIPAA Breach and Privacy at http://ocrnotifications.hhs.gov/hipaa.html.
More informationOnline Detainee Locator System
for the Online Detainee Locator System April 9, 2010 Contact Point James Chaparro Director, Office of Detention and Removal Operations U.S. Immigration and Customs Enforcement (202) 732-3100 Reviewing
More informationPatient-Centered Outcomes Research Institute
Patient-Centered Outcomes Research Institute Cooperative Agreement Funding Announcement: Improving Infrastructure for Conducting Patient-Centered Outcomes Research The National Patient-Centered Clinical
More informationHow To Protect Your Health Information Under Hiopaa
Towards Unified Data Security Requirements for Human Research Susan Bouregy, Ph.D., CIP Chief HIPAA Privacy Officer Vice Chair, Human Subjects Committee Yale University susan.bouregy@yale.edu March 21,
More informationWhy Add Data Masking to Your IBM DB2 Application Environment
Why Add Data Masking to Your IBM DB2 Application Environment dataguise inc. 2010. All rights reserved. Dataguise, Inc. 2201 Walnut Ave., #260 Fremont, CA 94538 (510) 824-1036 www.dataguise.com dataguise
More informationOne Research Court, Suite 200 Rockville, MD 20850 www.ctisinc.com Tel: 301.948.3033 Fax: 301.948.2242
TRANSFORMATION OF HEALTH INDUSTRY THROUGH PERFORMANCE PYRAMID: Providing Excellent End-to-End Healthcare to the Population with a 30% Reduction in Cost and Time. Introduction The American health industry
More informationComparative effectiveness research and big data: balancing potential with legal and ethical considerations
For reprint orders, please contact: reprints@futuremedicine.com Comparative effectiveness research and big data: balancing potential with legal and ethical considerations Big data holds big potential for
More informationSummary of Responses to the Request for Information (RFI): Input on Development of a NIH Data Catalog (NOT-HG-13-011)
Summary of Responses to the Request for Information (RFI): Input on Development of a NIH Data Catalog (NOT-HG-13-011) Key Dates Release Date: June 6, 2013 Response Date: June 25, 2013 Purpose This Request
More informationRehabilitation, Sports & Spine Center, P.S. Notice of Privacy Practices. l. Use and Disclosures of Protected Health Information
Rehabilitation, Sports & Spine Center, P.S. Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
More informationSheena Dungey 1,2, Simon Glew 3, Barbara Heyes 4, John MacLeod 5, A. Rosemary Tate 2
Exploring practical approaches to maximising data quality in electronic healthcare records in the primary care setting and associated benefits Report of panel-led discussion held at SAPC in July 2014 Sheena
More informationNOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. NOTICE OF PRIVACY PRACTICES Understanding Your
More information1R01HG0007078: Privacy-Preserving Sharing and Analysis of Human Genomic Data. XiaoFeng Wang and Haixu Tang, IUB
1R01HG0007078: Privacy-Preserving Sharing and Analysis of Human Genomic Data XiaoFeng Wang and Haixu Tang, IUB Project Objectives Study of Scalable, Privacy-Preserving Data Analysis, particular those for
More informationThe Challenge of Implementing Interoperable Electronic Medical Records
Annals of Health Law Volume 19 Issue 1 Special Edition 2010 Article 37 2010 The Challenge of Implementing Interoperable Electronic Medical Records James C. Dechene Follow this and additional works at:
More informationJEWISH FAMILY SERVICE NOTICE OF PRIVACY PRACTICES
Jewish Family Service takes pride in treating our clients and each other with respect and dignity. Protecting your health information is very important to us. We want you to have a clear understanding
More information1.2: DATA SHARING POLICY. PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance. 1.2.
1.2: DATA SHARING POLICY PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance 1.2.1 Introduction Consistent with its international counterparts, OBI recognizes
More informationNOTICE OF PRIVACY PRACTICES
BERG-FEINFIELD VISION CORRECTION Alan M. Berg, M.D. Inc. - Robert E. Feinfield, M.D., Inc. Barbara S. Yates, M.D Mireille P.Hamparian, MD. Talia Kolin, M.D. Nelson R. Bates, O.D. Carol S. Felestian, O.D.
More information