Technical Approaches for Protecting Privacy in the PCORnet Distributed Research Network V1.0

Size: px
Start display at page:

Download "Technical Approaches for Protecting Privacy in the PCORnet Distributed Research Network V1.0"

Transcription

1 Technical Approaches for Protecting Privacy in the PCORnet Distributed Research Network V1.0 Guidance Document Prepared by: PCORnet Data Privacy Task Force Submitted to the PMO Approved by the PMO Submitted to PCORI Accepted by PCORI March 31, 201 April 2, 201 April 3, 201 June 4, 201 i

2 Data Privacy Task Force Technical Approaches for Protecting Privacy in the PCORnet Distributed Research Network V1.0 TABLE OF CONTENTS EXECUTIVE SUMMARY... - ii MINIMUM THRESHOLD PERTURBATION OF QUERY RESULTS OBFUSCATION OF IDENTIFIERS FOR RECORD LINKAGE DE- IDENTIFICATION OF RECORD- LEVEL DATA... 3 A. CAPRICORN APPROACHES... 3 B. NEPHCURE PPRN S APPROACHES TO DE- IDENTIFICATION... 4 C. PEDSNET APPROACHES TO DE- IDENTIFICATION... 4 TABLES AND FIGURES... REFERENCES... 6 The Data Privacy Task Force - ii - Technical Approaches for Protecting

3 EXECUTIVE SUMMARY PCORnet is a federated network, with PCORnet network partners retaining discretion and responsibility with respect to the collection, access, use, and disclosure of patient information; network partners also make determinations about when they will participate in any particular PCORnet query. The Data Privacy Task Force is working collectively with the CDRNs and PPRNs to develop a set of privacy policies to govern data sharing by PCORnet. This guidance is intended to augment the PCORnet policies to provide examples of methods to reduce the risk of re- identification with respect to the generation, collection, maintenance, or return of Network Data. Terms used in this guidance are defined in the PCORnet policies. This guidance is intended to be modified over time as the PCORnet Distributed Research Network gains experience. The guidance covers the following privacy protective techniques: (Threshold) Minimum count thresholds for Aggregate Data; (Perturb) Perturbation of PCORnet Data; (Obfuscate) Obfuscation of identifiers for record linkage; and (De- identify) De- identification of record- level research participant information. The Data Privacy Task Force - ii - Technical Approaches for Protecting

4 MINIMUM THRESHOLD One of the manners by which personal information can be exploited for re- identification is by the triangulation on small groups of individuals. In order to mitigate such attacks, PCORnet Policy currently states that Network Data Affiliates cannot release Network Data with cell counts of five or less, unless authorized by the research protocol and IRB(s) approving the query. (See PCORnet Policy ) PCORnet policies permit network partners to apply their local rules for masking cell counts, or for rejecting queries where the return of results would not match their thresholds for releasing Aggregate Data. Such local policies must be consistent with commitments made to patients/data subjects with respect to use of their information. Other examples of thresholds are shown in Table 1. PERTURBATION OF QUERY RESULTS Another manner by which personal information can be exploited for re- identification is by overlapping queries to remove the intersection and disclose the remaining individuals. Consider an example of how this might be achieved. First, an Authorized User issues a query for how many juvenile diabetics were on drug A and drug B with an adverse outcome and the answer is X, which, for this case, let us assume corresponds to 31. The User then issues a subsequent query in which they ask how many juvenile diabetics were on drug A with an adverse outcome, such that the answer is now 30. At this point, the User learns that there is only 1 juvenile diabetic on both drug A and drug B with the adverse outcome. There are a number of ways in which this type of attack could be prevented. In practice, systems tend to apply either 1) rounding (or coarsening) or 2) injection of a certain degree of noise to the query result. As noted in PCORnet policies, the PCORnet query should specify the approach to be used to de- identify data or reduce re- identification risks (see PCORnet Policy.2.1.1). If a rounding (or coarsening approach is used), the result X could be rounded to the nearest value of 10. For instance, in the above scenarios, the answers to the queries would both be 30. However, it should be noted that the degree to which the utility of the query answers would be tied directly to the rounding values. An initial rounding value of 10 is recommended. An alternative to rounding is the injection of a certain amount of noise into the results. This is the strategy that query- response tools such as i2b2 [Murphy 2009] (specifically in SHRINE [Lowe 2009]) apply in their system. In this scheme, the result would be reported as 30 + ε, where ε is a random value selected from a known distribution. This distribution could be uniform, Gaussian, Laplacian, or something else. It should be noted that i2b2 applies a Gaussian distribution. If random noise is to be added, the approach needs to specify the standard deviation of the distribution from which the value is selected.

5 OBFUSCATION OF IDENTIFIERS FOR RECORD LINKAGE To mitigate bias in investigations, it is important to resolve when a patient s data resides in multiple resources. This process, called record linkage, is non- trivial because a patient s record often contains typographical and semantic errors. Sophisticated record linkage strategies have been proposed to resolve these problems, but they rely on patient identifiers, such as personal name and Social Security Number. To overcome this barrier, a growing list of techniques has been proposed to support private record linkage (PRL). From a high level, the PRL process has a lifecycle that entails (but is not necessarily limited to) the following steps [Toth 2014]: 1. Generation and storage of keys for cryptosystems, or salt values for hash functions, invoked in a PRL protocol; 2. Communication of keys and salt to the entities encoding the records upon request; 3. Transformation of identifiers into their protected form as specified by the protocol; 4. Separation of salt hosting and de- duplication trusted entities for enhanced security. Execution of the record linkage framework (e.g., feature weighting, blocking, and comparison of record pairs to predict which correspond to the same individual); and 6. Transfer of records and parameters related to the linkage protocol (i.e., all communication between parties). Under no circumstances can the keys or salt values be disclosed to any entity beyond PCORnet network partners. A number of network partners are exploring different approaches to private record linkage. Some network partners report using NIH s Global Unique Identifier (GUID) Tool ( overview.jsp). The CAPriCORN Clinical Data Research Network has developed private record de- duplication software [insert link to JAMIA paper when it is available]. The Secure Open Master Patient Indexing System (SOEMPI), developed researchers at Vanderbilt University and the University of Texas at Dallas, is another approach. Private companies also offer de- duplication software options. Although it is too early to require that all PCORnet participants adopt a specific approach, evolving to the same approach would be beneficial, as it would allow for centralized de- duplication to occur, versus having network participants individually engage in these efforts. To apply such an approach, PCORnet would need to agree on: 1. Who is the third party (trusted party A) who generates the keys/salt values of the functions? 2. Who is the third party (trusted party B) who gets to perform the linkage? 3. Who gets to see the linkage results? In other words, do the member sites get to know when their constituents went to other sites? 4. What is the similarity threshold by which we could claim that two records correspond to the same individual? There are no standards and no standard software available at this time. SOEMPI is one option, but it will require either PCORnet or some organization to adopt the source code and support is operations. An alternative solution would be to piggyback on the software developed by the Chicago CDRN the paper describing this system is under review at JAMIA and is provided separately. There are benefits and drawbacks to both systems in their design and linkage algorithms.

6 DE- IDENTIFICATION OF RECORD- LEVEL DATA A predominant model for research using the PCORnet Distributed Research Network is one where the individual, record- level or patient- level data remains under the control of the network partner (or Network Data Affiliate); the research query is run on the Network Data, and only Aggregate Data is returned in response. This privacy- preserving architecture reduces the need to adopt de- identification strategies for data shared in response to a query. [Mini Sentinel 2012] However, PCORnet policies recognize that at times, responses to queries may require the sharing of record- or patient- level de- identified data. In addition, network partners (particularly those consisting of disparate organizations) may choose as a matter of local policy to create de- identified datasets for research purposes. There a number of ways by which de- identification can be achieved. Follow this link for the latest guidance from the HHS office for Civil Rights on HIPAA de- identification: identification/guidance.html In circumstances where the query requires the return of de- identified data, PCORnet policies require the query to specify the definition and approach or procedures required to de- identify data. In addition, some network partners may be required to abide by NIH s recently released Genomic Data Sharing Policy, which includes specifications on the de- identification approach to be used. For initial queries requiring the return of de- identified data, the PCORnet Coordinating Center (CC), with input from network partners participating in the queries, may need to set the approach to be used; however, over time, PCORnet should develop a robust set of policies and best practices that over time may reduce or eliminate the need for CC control. These approaches focus on reducing risk of re- identification using demographic identifiers; future iterations of the guidance may need to deal with risk of re- identification from exposure of clinical data. PCORnet network partners are invited to share their approaches to de- identification of record level data, in order to share resources and begin to develop a library of best practices. The following record- level de- identification approaches have been shared and are also available on the PCORnet Central Desktop: A. CAPRICORN APPROACHES CAPriCORN proposes initially to validate and use limited data sets with randomly seeded, time- shifted temporal references and geographical references restricted to the first three digits of zip codes. Expert statistical determination will be sought for the method of time- stamping events to confirm that it also meets the Safe Harbor de- identification criteria of the HIPAA Privacy Rule. Until such determination has been achieved, the data sets will be considered limited, rather than de- identified, datasets. In the event that this proves infeasible, CAPriCORN will adhere to Safe Harbor until the situation has evolved and use of date shifting is accepted. A separate important piece of information useful for epidemiologic investigations is geographic location. We may need to incorporate these data through IRB approval of limited data sets rather than addresses

7 that can be geocoded. ZIP code level data will need to be considered when applying our minimum threshold and perturbation of query rules. B. NEPHCURE PPRN S APPROACHES TO DE- IDENTIFICATION 1. Encrypted hash (SHA1) on a sequential ID number assigned as the surveys come in. 2. Randomizing birth dates within six months, with a new random birth date generated for each query. 3. The Common Data Model has been constructed as views in a separate schema, so no queries can get to the underlying data. C. PEDSNET APPROACHES TO DE- IDENTIFICATION 1. Institution replaces PHI with a site encrypted identifier, and maintains link between the two. 2. DCC replaces site encrypted identifier with a PEDSnet encrypted identifier (PEI) to insure uniqueness across sites. 3. All datasets stored or sent out of the DCC use the PEI. What this means in the study context is that the investigator gets a set of PEIs in response to a case- finding query. If they want to re- identify patients, they tell the DCC, who translates that back to a site and site encrypted identifier, and sends that back to the site of origin. That site is then able to link to PHI and re- contact the patient or provide additional data (e.g., chart review). We re planning to cycle a test of this process in December, if the DUAs get sorted by then.

8 TABLES AND FIGURES Refer to tables and figures throughout the document and place them here. Use capital T s and F s when referring to tables and figures (e.g., As mentioned in Table 1, etc.). Table 1. Examples of thresholds applied in the minimum threshold rule AGENCY Washington State Department of Health [WA 2012] Centers for Disease Control Healthy People 2010 [Klein 2002] Arkansas HIV/AIDS Data Release Policy [AR 2012] Colorado State Department of Public Health and Environment [CO 2012] National Center for Health Statistics [NCHS 2004] UK Department of Enterprise, Trade, and Investment [DETI 2012] Utah State Department of Health [UT 200] Iowa Department of Public Health [IA 200] NASA [SEDAC 200] MINIMUM THRESHOLD

9 REFERENCES [AR 2010] Arkansas HIV/AIDS Surveillance Section. Arkansas HIV/AIDS Data Release Policy. Available Online: atadeissemination.pdf. First published: May Last Accessed: April 29, [CO 2010] Colorado State Department of Public Health and Environment. Guidelines for working with small numbers. Available online: Last Accessed: April 29, [DETI 2010] U.K. Department of Enterprise, Trade, and Investment. DETI Data Confidentiality Statement. Available online: stats- index/stats- national- statistics/data- security.htm. Last Accessed: April 29, [Klein 2002] R. KLEIN, S. Proctor, M. Boudreault, K. Turczyn. Healthy people 2010 criteria for data suppression. Centers for Disease Control Statistical Notes Number [Mini Sentinel 2012] J RASSEN, et al., Mini Sentinel Methods: Evaluating Strategies for Data Sharing and Analyses in Distributed Data Settings, November 2012, sentinel.org/work_products/statistical_methods/mini- Sentinel_Methods_Evaluating- Strategies- for- Data- Sharing- and- Analyses.pdf. [Murphy 2009] S. MURPHY, et. al. Strategies for maintaining patient privacy in i2b2. Journal of the American Medical Informatics Association. 2011; 18: [SEDAC] Socioeconomic Data and Applications Center. Confidentiality issues and policies related to the utilization and dissemination of geospatial data for public health application; a report to the public health applications of earth science program, national aeronautics and space administration, science mission directorate, applied sciences program Available online: Last Accessed: April 29, [TOTH 2014] C. TOTH, et al. SOEMPI: A Secure Open Master Patient Index Software Toolkit for private record linkage. Proceedings of the 2014 American Medical Informatics Association Annual Symposium. 2014: in press. [UT 200] Utah State Department of Health. Data release policy for Utah s IBIS- PH web- based query system, Utah Department of Health. Available online: First published: 200. Last Accessed: April 29, [WA 2012] Washington State Department of Health. Guidelines for working with small numbers. Available online: First published 2001, last updated October Last Accessed: April 29, 2014.

Guidance on De-identification of Protected Health Information November 26, 2012.

Guidance on De-identification of Protected Health Information November 26, 2012. Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule November 26, 2012 OCR gratefully

More information

THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY

THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY THE HIPAA PRIVACY RULE AND THE NATIONAL HOSPITAL CARE SURVEY Table of Contents I. Overview... 3 II. Legal Authority for NHCS... 3 III. Requirements of the HIPAA Privacy Rule... 3 IV. Extra Safeguards and

More information

EXECUTIVE SUMMARY...1 II.

EXECUTIVE SUMMARY...1 II. EXTENDING COMPARATIVE EFFECTIVENESS RESEARCH AND MEDICAL PRODUCT SAFETY SURVEILLANCE CAPABILITY THROUGH LINKAGE OF ADMINISTRATIVE CLAIMS DATA WITH ELECTRONIC HEALTH RECORDS: A SENTINEL-PCORnet COLLABORATION

More information

HIPAA and Big Data Twenty Third National HIPAA Summit. March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer

HIPAA and Big Data Twenty Third National HIPAA Summit. March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer HIPAA and Big Data Twenty Third National HIPAA Summit March 17, 2015 Mitchell W. Granberg, Optum Chief Privacy Officer Overview HIPAA and Big Data Big Data Definitions Big Data and Health Care Benefits

More information

Efficient Similarity Search over Encrypted Data

Efficient Similarity Search over Encrypted Data UT DALLAS Erik Jonsson School of Engineering & Computer Science Efficient Similarity Search over Encrypted Data Mehmet Kuzu, Saiful Islam, Murat Kantarcioglu Introduction Client Untrusted Server Similarity

More information

De-identification Koans. ICTR Data Managers Darren Lacey January 15, 2013

De-identification Koans. ICTR Data Managers Darren Lacey January 15, 2013 De-identification Koans ICTR Data Managers Darren Lacey January 15, 2013 Disclaimer There are several efforts addressing this issue in whole or part Over the next year or so, I believe that the conversation

More information

Employing SNOMED CT and LOINC to make EHR data sensible and interoperable for clinical research

Employing SNOMED CT and LOINC to make EHR data sensible and interoperable for clinical research Employing SNOMED CT and LOINC to make EHR data sensible and interoperable for clinical research James R. Campbell MD W. Scott Campbell PhD Hubert Hickman MS James McClay MD Implementation Showcase October

More information

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance  De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies

More information

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption

More information

From Research to Practice: New Models for Data-sharing and Collaboration to Improve Health and Healthcare

From Research to Practice: New Models for Data-sharing and Collaboration to Improve Health and Healthcare From Research to Practice: New Models for Data-sharing and Collaboration to Improve Health and Healthcare Joe Selby, MD, MPH, Executive Director, PCORI Francis Collins, MD, PhD, Director, National Institutes

More information

Li Xiong, Emory University

Li Xiong, Emory University Healthcare Industry Skills Innovation Award Proposal Hippocratic Database Technology Li Xiong, Emory University I propose to design and develop a course focused on the values and principles of the Hippocratic

More information

Research Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on

Research Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on Research Data Networks: Privacy- Preserving Sharing of Protected Health Informa>on Lucila Ohno-Machado, MD, PhD Division of Biomedical Informatics University of California San Diego PCORI Workshop 7/2/12

More information

Societal benefits vs. privacy: what distributed secure multi-party computation enable? Research ehelse 2015 21-22 April Oslo

Societal benefits vs. privacy: what distributed secure multi-party computation enable? Research ehelse 2015 21-22 April Oslo Privacy Societal benefits vs. privacy: what distributed secure multi-party computation enable? Research ehelse 2015 21-22 April Oslo Kassaye Yitbarek Yigzaw UiT The Arctic University of Norway Outline

More information

REACCH PNA Data Management Plan

REACCH PNA Data Management Plan REACCH PNA Data Management Plan Regional Approaches to Climate Change (REACCH) For Pacific Northwest Agriculture 875 Perimeter Drive MS 2339 Moscow, ID 83844-2339 http://www.reacchpna.org reacch@uidaho.edu

More information

DATA MINING - 1DL360

DATA MINING - 1DL360 DATA MINING - 1DL360 Fall 2013" An introductory class in data mining http://www.it.uu.se/edu/course/homepage/infoutv/per1ht13 Kjell Orsborn Uppsala Database Laboratory Department of Information Technology,

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Data Driven Approaches to Prescription Medication Outcomes Analysis Using EMR

Data Driven Approaches to Prescription Medication Outcomes Analysis Using EMR Data Driven Approaches to Prescription Medication Outcomes Analysis Using EMR Nathan Manwaring University of Utah Masters Project Presentation April 2012 Equation Consulting Who we are Equation Consulting

More information

NSF Workshop on Big Data Security and Privacy

NSF Workshop on Big Data Security and Privacy NSF Workshop on Big Data Security and Privacy Report Summary Bhavani Thuraisingham The University of Texas at Dallas (UTD) February 19, 2015 Acknowledgement NSF SaTC Program for support Chris Clifton and

More information

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training SCHOOL OF PUBLIC HEALTH HIPAA Privacy Training Public Health and HIPAA This presentation will address the HIPAA Privacy regulations as they effect the activities of the School of Public Health. It is imperative

More information

Secondary Uses of Data for Comparative Effectiveness Research

Secondary Uses of Data for Comparative Effectiveness Research Secondary Uses of Data for Comparative Effectiveness Research Paul Wallace MD Director, Center for Comparative Effectiveness Research The Lewin Group Paul.Wallace@lewin.com Disclosure/Perspectives Training:

More information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - De-identification of PHI 10030 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy

More information

Privacy Policy. The Read Privacy Policy was created on June 11, 2015

Privacy Policy. The Read Privacy Policy was created on June 11, 2015 Legal Privacy Policy The Read Privacy Policy was created on June 11, 2015 Your privacy is important to Read and always will be. So we ve developed a Privacy Policy that covers how we collect, use, disclose,

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

tell you about products and services and provide information to our third party marketing partners, subject to this policy;

tell you about products and services and provide information to our third party marketing partners, subject to this policy; WEBSITE PRIVACY POLICY FOR RUBE GOLDBERG As of 09-25-2012 Rube Goldberg has created this Privacy Policy in order to demonstrate our firm commitment to protecting personal information. The following discloses

More information

Degrees of De-identification of Clinical Research Data

Degrees of De-identification of Clinical Research Data Vol. 7, No. 11, November 2011 Can You Handle the Truth? Degrees of De-identification of Clinical Research Data By Jeanne M. Mattern Two sets of U.S. government regulations govern the protection of personal

More information

Whitepapers on Imaging Infrastructure for Research Paper 1. General Workflow Considerations

Whitepapers on Imaging Infrastructure for Research Paper 1. General Workflow Considerations Whitepapers on Imaging Infrastructure for Research Paper 1. General Workflow Considerations Bradley J Erickson, Tony Pan, Daniel J Marcus, CTSA Imaging Informatics Working Group Introduction The use of

More information

Special Topics in Security and Privacy of Medical Information. Privacy HIPAA. Sujata Garera. HIPAA Anonymity Hippocratic databases.

Special Topics in Security and Privacy of Medical Information. Privacy HIPAA. Sujata Garera. HIPAA Anonymity Hippocratic databases. Special Topics in Security and Privacy of Medical Information Sujata Garera Privacy HIPAA Anonymity Hippocratic databases HIPAA Health Insurance Portability and Accountability Act of 1996 1 HIPAA What

More information

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule

Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule AA Privacy RuleP DEPARTMENT OF HE ALTH & HUMAN SERVICES USA Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule NIH Publication Number 03-5388 The HI Protecting Personal

More information

DAIDS Bethesda, MD USA POLICY

DAIDS Bethesda, MD USA POLICY Overview NIH policy requiring independent data and safety monitoring boards (DSMB) for all multicenter Phase III trials has existed since 1979; the most recent restatement was issued in 1998 (NIH Policy

More information

Medicare Program: Expanding Uses of Medicare Data by Qualified Entities. AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS.

Medicare Program: Expanding Uses of Medicare Data by Qualified Entities. AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS. This document is scheduled to be published in the Federal Register on 07/07/2016 and available online at http://federalregister.gov/a/2016-15708, and on FDsys.gov DEPARTMENT OF HEALTH AND HUMAN SERVICES

More information

Secure Authentication and Session. State Management for Web Services

Secure Authentication and Session. State Management for Web Services Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively

More information

Informatics Domain Task Force (idtf) CTSA PI Meeting 02/04/2015

Informatics Domain Task Force (idtf) CTSA PI Meeting 02/04/2015 Informatics Domain Task Force (idtf) CTSA PI Meeting 02/04/2015 Informatics Domain Task Force (idtf) Lead Team Paul Harris, Vanderbilt University Medical Center, (co-chair) Steven Reis, University of Pittsburgh

More information

HIPAA-Compliant Research Access to PHI

HIPAA-Compliant Research Access to PHI HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for

More information

Health Data De-Identification by Dr. Khaled El Emam

Health Data De-Identification by Dr. Khaled El Emam RISK-BASED METHODOLOGY DEFENSIBLE COST-EFFECTIVE DE-IDENTIFICATION OPTIMAL STATISTICAL METHOD REPORTING RE-IDENTIFICATION BUSINESS ASSOCIATES COMPLIANCE HIPAA PHI REPORTING DATA SHARING REGULATORY UTILITY

More information

A THEORETICAL COMPARISON OF DATA MASKING TECHNIQUES FOR NUMERICAL MICRODATA

A THEORETICAL COMPARISON OF DATA MASKING TECHNIQUES FOR NUMERICAL MICRODATA A THEORETICAL COMPARISON OF DATA MASKING TECHNIQUES FOR NUMERICAL MICRODATA Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University Agency Internal User Unmasked Result Subjects

More information

Overview of FDA s active surveillance programs and epidemiologic studies for vaccines

Overview of FDA s active surveillance programs and epidemiologic studies for vaccines Overview of FDA s active surveillance programs and epidemiologic studies for vaccines David Martin, M.D., M.P.H. Director, Division of Epidemiology Center for Biologics Evaluation and Research Application

More information

Following are detailed competencies which are addressed to various extents in coursework, field training and the integrative project.

Following are detailed competencies which are addressed to various extents in coursework, field training and the integrative project. MPH Epidemiology Following are detailed competencies which are addressed to various extents in coursework, field training and the integrative project. Biostatistics Describe the roles biostatistics serves

More information

HIPAA Security Rule Toolkit

HIPAA Security Rule Toolkit California Office of Health Information Integrity (CalOHII) HIPAA Security Rule Toolkit User Guide Version 1.0 2/1/2012 Table of Contents 1.0 - HIPAA Security Rule Background... 0 2.0 Purpose... 1 3.0

More information

From Fishing to Attracting Chicks

From Fishing to Attracting Chicks The Greater Plains Collaborative: a PCORNet Clinical Data Research Network s Strategies for Creating an Interoperable Architecture From Fishing to Attracting Chicks Russ Waitman, PhD Associate Professor,

More information

ADVANCING POPULATION HEALTH: NEW MODELS AND THE ROLE OF RESEARCH

ADVANCING POPULATION HEALTH: NEW MODELS AND THE ROLE OF RESEARCH 22 nd Annual Health Care Systems Research Network (HCSRN) Conference (formerly HMO Research Network Conference) ADVANCING POPULATION HEALTH: NEW MODELS AND THE ROLE OF RESEARCH Hosted by: Marshfield Clinic

More information

Speaker First Plenary Session THE USE OF "BIG DATA" - WHERE ARE WE AND WHAT DOES THE FUTURE HOLD? William H. Crown, PhD

Speaker First Plenary Session THE USE OF BIG DATA - WHERE ARE WE AND WHAT DOES THE FUTURE HOLD? William H. Crown, PhD Speaker First Plenary Session THE USE OF "BIG DATA" - WHERE ARE WE AND WHAT DOES THE FUTURE HOLD? William H. Crown, PhD Optum Labs Cambridge, MA, USA Statistical Methods and Machine Learning ISPOR International

More information

Obtaining IRB approval for multi-center research: challenges and recommendations

Obtaining IRB approval for multi-center research: challenges and recommendations Obtaining IRB approval for multi-center research: challenges and recommendations Keith Marsolo, PhD Assistant Professor Division of Biomedical Informatics Cincinnati Children s Hospital Medical Center

More information

Notice of Privacy Practices for Protected Health Information (PHI)

Notice of Privacy Practices for Protected Health Information (PHI) Notice of Privacy Practices for Protected Health Information (PHI) Arapahoe Sports Medicine and Rehabilitation THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW

More information

Richmond Gastroenterology Associates, Inc.

Richmond Gastroenterology Associates, Inc. Richmond Gastroenterology Associates, Inc. Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFOMRATION.

More information

University of Cincinnati Limited HIPAA Glossary

University of Cincinnati Limited HIPAA Glossary University of Cincinnati Limited HIPAA Glossary ephi System A system that creates accesses, transmits or receives: 1) primary source ephi, 2) ephi critical for treatment, payment or health care operations

More information

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets

HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets HIPAA-P06 Use and Disclosure of De-identified Data and Limited Data Sets FULL POLICY CONTENTS Scope Policy Statement Reason for Policy Definitions ADDITIONAL DETAILS Web Address Forms Related Information

More information

Workshop on Establishing a Central Resource of Data from Genome Sequencing Projects

Workshop on Establishing a Central Resource of Data from Genome Sequencing Projects Report on the Workshop on Establishing a Central Resource of Data from Genome Sequencing Projects Background and Goals of the Workshop June 5 6, 2012 The use of genome sequencing in human research is growing

More information

(Big) Data Anonymization Claude Castelluccia Inria, Privatics

(Big) Data Anonymization Claude Castelluccia Inria, Privatics (Big) Data Anonymization Claude Castelluccia Inria, Privatics BIG DATA: The Risks Singling-out/ Re-Identification: ADV is able to identify the target s record in the published dataset from some know information

More information

Protecting Patient Privacy. Khaled El Emam, CHEO RI & uottawa

Protecting Patient Privacy. Khaled El Emam, CHEO RI & uottawa Protecting Patient Privacy Khaled El Emam, CHEO RI & uottawa Context In Ontario data custodians are permitted to disclose PHI without consent for public health purposes What is the problem then? This disclosure

More information

SECURITY RISK MANAGEMENT

SECURITY RISK MANAGEMENT SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W

More information

HIPAA Medical Billing Requirements For Research

HIPAA Medical Billing Requirements For Research The Health Insurance Portability and Accountability Act (HIPAA) Excerpted from the UTC IRB Policy June 2008 Table of Contents PART V: The Health Insurance Portability and Accountability Act (HIPAA)...

More information

Computer Security (EDA263 / DIT 641)

Computer Security (EDA263 / DIT 641) Computer Security (EDA263 / DIT 641) Lecture 12: Database Security Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology Sweden Outline Introduction to databases

More information

De-Identification of Clinical Data

De-Identification of Clinical Data De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV Tyrone Grandison, PhD Manager, Privacy Research, IBM TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008

More information

Assessing the impact of health literacy, numeracy and race on willingness to participate in biomedical research

Assessing the impact of health literacy, numeracy and race on willingness to participate in biomedical research Assessing the impact of health literacy, numeracy and race on willingness to participate in biomedical research Ryan Ber 7 th Annual Health Literacy Research Conference Monday November 2 nd 2015 What is

More information

De-Identification Framework

De-Identification Framework A Consistent, Managed Methodology for the De-Identification of Personal Data and the Sharing of Compliance and Risk Information March 205 Contents Preface...3 Introduction...4 Defining Categories of Health

More information

DISCLOSURES WEB PRIVACY POLICY

DISCLOSURES WEB PRIVACY POLICY DISCLOSURES WEB PRIVACY POLICY This Privacy Policy governs your use of this website and any content, products or services made available from or through this website including any sub domains thereof ("Website").

More information

Data Privacy and Biomedicine Syllabus - Page 1 of 6

Data Privacy and Biomedicine Syllabus - Page 1 of 6 Data Privacy and Biomedicine Syllabus - Page 1 of 6 Course: Data Privacy in Biomedicine (BMIF-380 / CS-396) Instructor: Bradley Malin, Ph.D. (b.malin@vanderbilt.edu) Semester: Spring 2015 Time: Mondays

More information

PO Box 2201, Durango, CO 81302 970-382-8181 TEL 970-382-9494 FAX openskywilderness.com. Registration Form

PO Box 2201, Durango, CO 81302 970-382-8181 TEL 970-382-9494 FAX openskywilderness.com. Registration Form Registration Form I am aware that I will be given the choice to participate in outdoor activities that are physically and emotionally demanding and that contain certain risks and dangers. I recognize that

More information

Wayne Physical Medicine & Rehabilitation Associates 401 Hamburg Turnpike, Suite 105 Wayne, NJ 07470

Wayne Physical Medicine & Rehabilitation Associates 401 Hamburg Turnpike, Suite 105 Wayne, NJ 07470 PLEASE FILL OUT THIS SHEET COMPLETELY AND CORRECTLY. PLEASE PROVIDE ALL INSURANCE CARDS TO THE RECEPTIONIST TO COPY. Name Social Security # Address City, State & Zip Code Home Phone No. ( ) Cell Phone

More information

Public Health 101 Series

Public Health 101 Series Public Health 101 Series Introduction to Public Health Informatics Instructor name Title Organization Note: This slide set is in the public domain and may be customized as needed by the user for informational

More information

Data and Information Management in Public Health

Data and Information Management in Public Health Data and Information Management in Public Health Adrienne S. Ettinger, Sc.D., M.P.H. Environmental Public Health Tracking Methods Course July 2004 Outline Information Management in Public Health Information

More information

Privacy Aspects in Big Data Integration: Challenges and Opportunities

Privacy Aspects in Big Data Integration: Challenges and Opportunities Privacy Aspects in Big Data Integration: Challenges and Opportunities Peter Christen Research School of Computer Science, The Australian National University, Canberra, Australia Contact: peter.christen@anu.edu.au

More information

North Florida Medical Centers, Inc. Notice of Information Practices

North Florida Medical Centers, Inc. Notice of Information Practices North Florida Medical Centers, Inc. Notice of Information Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015 Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...

More information

i2b2 Clinical Research Chart

i2b2 Clinical Research Chart i2b2 Clinical Research Chart Shawn Murphy MD, Ph.D. Griffin Weber MD, Ph.D. Michael Mendis Andrew McMurry Vivian Gainer MS Lori Phillips MS Rajesh Kuttan Wensong Pan MS Henry Chueh MD Susanne Churchill

More information

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10

HIPAA 100 Training Manual Table of Contents. V. A Word About Business Associate Agreements 10 HIPAA 100 Training Manual Table of Contents I. Introduction 1 II. Definitions 2 III. Privacy Rule 5 IV. Security Rule 8 V. A Word About Business Associate Agreements 10 CHICAGO DEPARTMENT OF PUBIC HEALTH

More information

De-Identification of Clinical Data

De-Identification of Clinical Data De-Identification of Clinical Data Sepideh Khosravifar, CISSP Info Security Analyst IV TEPR Conference 2008 Ft. Lauderdale, Florida May 17-21, 2008 1 1 Slide 1 cmw1 Craig M. Winter, 4/25/2008 Background

More information

HIPAA Basics for Clinical Research

HIPAA Basics for Clinical Research HIPAA Basics for Clinical Research Audio options: Built-in audio on your computer OR Separate audio dial-in: 415-930-5229 Toll-free: 1-877-309-2074 Access Code: 960-353-248 Audio PIN: Shown after joining

More information

Guidance Specifying Technologies and Methodologies DEPARTMENT OF HEALTH AND HUMAN SERVICES

Guidance Specifying Technologies and Methodologies DEPARTMENT OF HEALTH AND HUMAN SERVICES DEPARTMENT OF HEALTH AND HUMAN SERVICES 45 CFR PARTS 160 and 164 Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable

More information

HIPAA Compliance for Students

HIPAA Compliance for Students HIPAA Compliance for Students The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by the United States Congress. It s intent was to help people obtain health insurance benefits

More information

Challenges of Data Privacy in the Era of Big Data. Rebecca C. Steorts, Vishesh Karwa Carnegie Mellon University November 18, 2014

Challenges of Data Privacy in the Era of Big Data. Rebecca C. Steorts, Vishesh Karwa Carnegie Mellon University November 18, 2014 Challenges of Data Privacy in the Era of Big Data Rebecca C. Steorts, Vishesh Karwa Carnegie Mellon University November 18, 2014 1 Outline Why should we care? What is privacy? How do achieve privacy? Big

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

Electronic Health Records: Why are they important?

Electronic Health Records: Why are they important? Electronic Health Records: Why are they important? Linette T Scott, MD, MPH Deputy Director Health Information and Strategic Planning California Department of Public Health November 9, 2009 Presenter Disclosures

More information

into HIPAA Ian Campbell and The information a service to Short Act, HIPAA "Administrative use to host contract with an Documentation regulations.

into HIPAA Ian Campbell and The information a service to Short Act, HIPAA Administrative use to host contract with an Documentation regulations. 7 Things all Law Firms (and their IT staff) ) need to know about HIPAA Ian Campbell and Gavin W. Manes, Ph.D. The information contained herein is for informational purposes only as the public, and is not

More information

Human Subjects Research (HSR) Series

Human Subjects Research (HSR) Series Human Subjects Research (HSR) Series CITI Program s HSR series consists of modules from two basic tracks, Biomedical (Biomed) and Social- Behavioral- Educational (SBE), and a set of Additional Modules

More information

i2b2 Clinical Research Chart

i2b2 Clinical Research Chart i2b2 Clinical Research Chart Shawn Murphy MD, Ph.D. Griffin Weber MD, Ph.D. Michael Mendis Vivian Gainer MS Lori Phillips MS Rajesh Kuttan Wensong Pan MS Henry Chueh MD Susanne Churchill Ph.D. John Glaser

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

Issues with Tissues. Bertha delanda Celia Molvin/Kevin Murphy Research Compliance Office Stanford University

Issues with Tissues. Bertha delanda Celia Molvin/Kevin Murphy Research Compliance Office Stanford University Issues with Tissues Bertha delanda Celia Molvin/Kevin Murphy Office Stanford University What are Tissues? Organic material removed from a living individual. Including biological samples For example, Blood

More information

Privacy Policy - LuxTNT.com

Privacy Policy - LuxTNT.com Privacy Policy - LuxTNT.com Overview TNT Luxury Group Limited (the owner of LuxTNT.com). knows that you care how information about you is used and shared, and we appreciate your trust that we will do so

More information

HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery

HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery HIPAA: Open Research Issues Michael L. Blau, Esq. McDermott, Will & Emery Research A. General Rules. There are four pathways for covered entities ( CEs ) to obtain permission under the Health Insurance

More information

Electronic and Digital Signatures

Electronic and Digital Signatures Summary The advent of e-government and e-services has changed the way state agencies and local government offices do business. As a result, electronic systems and processes have become as important as

More information

By the end of this course you will demonstrate:

By the end of this course you will demonstrate: 1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health

More information

Clinical Study Reports Approach to Protection of Personal Data

Clinical Study Reports Approach to Protection of Personal Data Clinical Study Reports Approach to Protection of Personal Data Background TransCelerate BioPharma Inc. is a non-profit organization of biopharmaceutical companies focused on advancing innovation in research

More information

HIPAA COMPLIANCE. What is HIPAA?

HIPAA COMPLIANCE. What is HIPAA? HIPAA COMPLIANCE What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) also known as the Privacy Rule specifies the conditions under which protected health information may be used

More information

The OCR Audit Protocol a first look

The OCR Audit Protocol a first look The OCR Audit Protocol a first look On June 26, 2012, the Office for Civil Rights published its Audit Protocols for HIPAA Security, HIPAA Breach and Privacy at http://ocrnotifications.hhs.gov/hipaa.html.

More information

Online Detainee Locator System

Online Detainee Locator System for the Online Detainee Locator System April 9, 2010 Contact Point James Chaparro Director, Office of Detention and Removal Operations U.S. Immigration and Customs Enforcement (202) 732-3100 Reviewing

More information

Patient-Centered Outcomes Research Institute

Patient-Centered Outcomes Research Institute Patient-Centered Outcomes Research Institute Cooperative Agreement Funding Announcement: Improving Infrastructure for Conducting Patient-Centered Outcomes Research The National Patient-Centered Clinical

More information

How To Protect Your Health Information Under Hiopaa

How To Protect Your Health Information Under Hiopaa Towards Unified Data Security Requirements for Human Research Susan Bouregy, Ph.D., CIP Chief HIPAA Privacy Officer Vice Chair, Human Subjects Committee Yale University susan.bouregy@yale.edu March 21,

More information

Why Add Data Masking to Your IBM DB2 Application Environment

Why Add Data Masking to Your IBM DB2 Application Environment Why Add Data Masking to Your IBM DB2 Application Environment dataguise inc. 2010. All rights reserved. Dataguise, Inc. 2201 Walnut Ave., #260 Fremont, CA 94538 (510) 824-1036 www.dataguise.com dataguise

More information

One Research Court, Suite 200 Rockville, MD 20850 www.ctisinc.com Tel: 301.948.3033 Fax: 301.948.2242

One Research Court, Suite 200 Rockville, MD 20850 www.ctisinc.com Tel: 301.948.3033 Fax: 301.948.2242 TRANSFORMATION OF HEALTH INDUSTRY THROUGH PERFORMANCE PYRAMID: Providing Excellent End-to-End Healthcare to the Population with a 30% Reduction in Cost and Time. Introduction The American health industry

More information

Comparative effectiveness research and big data: balancing potential with legal and ethical considerations

Comparative effectiveness research and big data: balancing potential with legal and ethical considerations For reprint orders, please contact: reprints@futuremedicine.com Comparative effectiveness research and big data: balancing potential with legal and ethical considerations Big data holds big potential for

More information

Summary of Responses to the Request for Information (RFI): Input on Development of a NIH Data Catalog (NOT-HG-13-011)

Summary of Responses to the Request for Information (RFI): Input on Development of a NIH Data Catalog (NOT-HG-13-011) Summary of Responses to the Request for Information (RFI): Input on Development of a NIH Data Catalog (NOT-HG-13-011) Key Dates Release Date: June 6, 2013 Response Date: June 25, 2013 Purpose This Request

More information

Rehabilitation, Sports & Spine Center, P.S. Notice of Privacy Practices. l. Use and Disclosures of Protected Health Information

Rehabilitation, Sports & Spine Center, P.S. Notice of Privacy Practices. l. Use and Disclosures of Protected Health Information Rehabilitation, Sports & Spine Center, P.S. Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

Sheena Dungey 1,2, Simon Glew 3, Barbara Heyes 4, John MacLeod 5, A. Rosemary Tate 2

Sheena Dungey 1,2, Simon Glew 3, Barbara Heyes 4, John MacLeod 5, A. Rosemary Tate 2 Exploring practical approaches to maximising data quality in electronic healthcare records in the primary care setting and associated benefits Report of panel-led discussion held at SAPC in July 2014 Sheena

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. NOTICE OF PRIVACY PRACTICES Understanding Your

More information

1R01HG0007078: Privacy-Preserving Sharing and Analysis of Human Genomic Data. XiaoFeng Wang and Haixu Tang, IUB

1R01HG0007078: Privacy-Preserving Sharing and Analysis of Human Genomic Data. XiaoFeng Wang and Haixu Tang, IUB 1R01HG0007078: Privacy-Preserving Sharing and Analysis of Human Genomic Data XiaoFeng Wang and Haixu Tang, IUB Project Objectives Study of Scalable, Privacy-Preserving Data Analysis, particular those for

More information

The Challenge of Implementing Interoperable Electronic Medical Records

The Challenge of Implementing Interoperable Electronic Medical Records Annals of Health Law Volume 19 Issue 1 Special Edition 2010 Article 37 2010 The Challenge of Implementing Interoperable Electronic Medical Records James C. Dechene Follow this and additional works at:

More information

JEWISH FAMILY SERVICE NOTICE OF PRIVACY PRACTICES

JEWISH FAMILY SERVICE NOTICE OF PRIVACY PRACTICES Jewish Family Service takes pride in treating our clients and each other with respect and dignity. Protecting your health information is very important to us. We want you to have a clear understanding

More information

1.2: DATA SHARING POLICY. PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance. 1.2.

1.2: DATA SHARING POLICY. PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance. 1.2. 1.2: DATA SHARING POLICY PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance 1.2.1 Introduction Consistent with its international counterparts, OBI recognizes

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES BERG-FEINFIELD VISION CORRECTION Alan M. Berg, M.D. Inc. - Robert E. Feinfield, M.D., Inc. Barbara S. Yates, M.D Mireille P.Hamparian, MD. Talia Kolin, M.D. Nelson R. Bates, O.D. Carol S. Felestian, O.D.

More information