Post on 14-Jan-2016
Integrating a Federated Healthcare Data Query Platform With Electronic IRB Information
Systems
Shan HeIPHIE 2010
2
Background
• Clinical research – Investigating new approaches to
treatment, cure and prevention of diseases
– Important in improving the quality of heath care
• Breakthroughs in basic research• Translate basic research
breakthroughs to clinical practice – Require clinical research involving
human subjects
3
Human Subject Protection
• Department of Health and Human Services’ Protection of Human Subjects (Title 45 CFR part 46, Common Rule)
• Food and Drug Administration’s (FDA) Protection of Human Subjects Regulations (Title 21 CFR part 50)
4
HIPAA Privacy Rule
• Protected Health Information (PHI)– Individually identifiable health information that
is transmitted or maintained in any form or medium (electronic, oral, or paper) by a covered entity or its business associates
• Limited access to PHI– Authorization from research subject– Waiver or alterations of Authorizations by an
IRB/Privacy Board
5
HIPAA Privacy Rule and Research
• Clinical researchers require access to many sources of health information (e.g. archived medical records, epidemiological databases, tissue repositories)
• The Privacy Rule requires covered entities to obtain additional documentation from researchers before disclosing health information to them, and to scrutinize researchers' requests for access to health information more closely.
6
Institutional Review Board
• IRB--committees that have been formally designated to review, approve and monitor any research involving humans
• The Common Rule requires IRB to conduct continuing review of research to ensure compliance of regulations
7
Problem Statement
• Major challenges for IRBs during oversight of human subjects protection– Bureaucratic and time-consuming
review procedure– Difficulty of adequate continuing review
to ensure investigators comply with their approved protocols
– More complicate process of obtaining ethics review for multi-site studies
8
Current Challenges
• Investigator– IRB application: inclusion and exclusion
criteria not explicit enough for IRB to make a decision
– Data request: separately submitted to a clinical data source administrator
• Data Provider– Required to make sure the investigator has
obtained IRB approval (and what has been approved)
• IRB– No control over the actual data access
process
9
System Proposal
• Integrated system which interconnects a federated healthcare data query platform with electronic IRB systems– streamline the clinical research process– speed research initiation– increase efficiency and patient privacy
10
Federated Healthcare Data Query Platform
• Researchers require data drawn from multiple sites and multiple data sources
• Federated Healthcare Data Query Platform– Virtually integrate disparate data sources– Provide a unified query interface– A example: Federated Utah Research and
Translational Health e-Repository (FURTHeR)
11
FURTHeR Overview
• Data sources to be integrated:– University of Utah Healthcare– Intermountain Healthcare– Salt Lake City Veterans Administration Medical
Center– Utah Department of Health– Utah Population Database (UPDB, an extensive
genealogic and demographic resource)
• Query interface (MyRA)– Aggregated count query– Detailed, federated results joining the query
results from each data source
13
FURTHeR Security
• Protects patient health information and limits accessibility to authorized entities to ensure privacy
• A federated security model is complex– Confidentiality (e.g. message
encryption)– Integrity (digital signature)– Federated authentication– Federated authorization
14
Federated Authorization
• Most complex component– Users from different institutions have
different roles; Each role has different defined privileges
– Simple role-based access control is not adequate for the federated query service to make the right authorization decision
– Regulatory compliance (protocol-specific authorization)
15
System Architecture
16
Implementation
• Service-Oriented Architecture (web service interface of ERICA)
• Message communication between FURTHeR and ERICA – Use the standard clinical study
information content currently being developed by HL7 Regulated Clinical Research Information Management (RCRIM)
17
Discussion
• Integration with multiple electronic IRB systems– Implementation challenges
• Not the only safeguard mechanism to ensure information security and patient privacy– Other security steps should be
implemented together with IRB system integration
18
Discussion
An obstacle for study investigators is the inability to recruit enough participants (public concern about privacy issues)
• The integrated system could provide the general public with an access interface to regulatory information of studies– Enhance public trust– Improve study enrollment
19
Acknowledgments
• Committee– Dr. Scott Narus (PhD Committee Chair)
– Dr. John Hurdle– Dr. Jeffrey Botkin– Dr. Lee Min Lau– Dr. Julio Facelli
• Public Health Services research grant UL1-RR025764 from the National Center for Research Resources
• Contact– Shan He
Department of Biomedical Informatics, University of Utah shan.he@utah.edu
19