1

Population Health Data Extraction Methodologies and Security

Agenda

4

1. Extrac)onMethodologies2. SecurityandContrac)ngApproach3. ChallengeswiththeCurrentModel4. NewArchitecture5. FutureHospitalRepor)ng

5

Clinical Data Repository •  Main data repository for all of HSX’s Data

o  ADT, LAB & CCDA Data o  6 Million Patients / 150 million clinical messages

•  Direct secure connection to the backend database

SQL Extraction Scripts Used •  Code Review / Change Management prior to every major extraction •  Extraction output was to CSV based format

o  Allow the data to be used with various statistical programs after handoff

De-identified Data •  Followed Health & Human Services (HHS) HIPAA guidelines

o  HSX did not use first names, last names, phone number, MRNs, or DOB. o  Displayed the first 3 digits of the Zip Codes o  Converted DOB into Age o  Checked for populations under 100 in zip codes under scope

Extraction Methodologies

6

Data Access •  Secure VPN tunnel between extraction server and Mirth Results database •  HIPPA Compliant and HITRUST Certified environment •  Data holding tank used encrypted drives & two-factor authentication

HCIF Project •  Data Use Agreement Established with BAA •  Used an HSX AWS Hosted Server •  Utilized HSX monitoring and security tools •  HIPAA training provided to all users accessing the data from HCIF

Karla Geisse / Capstone Project •  Capstone Preceptor Guidelines and Agreement •  Data Use Agreement Executed •  Used a dedicated HSX laptop with special provisions •  New HITRUST data handoff/sanitation procedures followed

Security and Contracting Approach

7

Data Access •  Using PRODUCTION data from the clinical data repository

•  Extractions used throttled resources •  Higher risk to service outages to members •  Data quality/data consistency issues

•  Data is pulling from a relational database system made for transactional based processes, not data extraction based processes o  Data extractions can take 2-24 hours to run in the current data model

Data Standardization / Normalization •  HSX policies prohibit the modification of data that is ingested to Mirth

Results(CDR) from member data sources o  Data must be standardized on extractions o  Leads to inefficient queries and slower processing time o  Higher customized query development needed based on extraction scope

Data Extraction Challenges

8

Data Warehouse •  Combination of a different data sources aggregated together for the purpose of

analytics and data extractions, instead of a transactional based data schema •  Using a series of concept libraries to standardize the data going into the data

warehouse. •  ICD-10 Library •  SNOMEDS Library •  Gender Library •  Race Library

•  No longer the need to standardize the data on the extraction query.

Migration to Amazon Web Services (AWS) •  Utilizing HIPAA compliant AWS services only •  Hosted in a HITRUST certified environment •  Using the data processing power of AWS while minimizing the cost around

traditional onsite environments •  Qualified for Big Data grants and applied credits to assist with the build

New Data Architecture

Thank You! Nathan Hecker Technical Operation Lead Nathan.hecker@healthshareexchange.org HealthShare Exchange of Southeastern Pennsylvania, Inc. 1801 Market Street, Suite 750 Philadelphia, PA 19103 www.hsxsepa.org