Managing personal health information in distributed research network environments
- Equal contributors
1 Mid-Atlantic Permanente Research Institute, Kaiser Permanente Mid-Atlantic States, Rockville, MD, USA
2 HealthPartners Institute for Education and Research, Bloomington, MN, USA
3 Group Health Research Institute, Seattle, WA, USA
4 Essentia Institute of Rural Health, Duluth, MN, USA
5 C-V Sight, Shrewsbury, MA, USA
6 Center for Health Research, Kaiser-Permanente Northwest, Portland, OR, USA
BMC Medical Informatics and Decision Making 2013, 13:116 doi:10.1186/1472-6947-13-116Published: 8 October 2013
Studying rare outcomes, new interventions and diverse populations often requires collaborations across multiple health research partners. However, transferring healthcare research data from one institution to another can increase the risk of data privacy and security breaches.
A working group of multi-site research programmers evaluated the need for tools to support data security and data privacy. The group determined that data privacy support tools should: 1) allow for a range of allowable Protected Health Information (PHI); 2) clearly identify what type of data should be protected under the Health Insurance Portability and Accountability Act (HIPAA); and 3) help analysts identify which protected health information data elements are allowable in a given project and how they should be protected during data transfer. Based on these requirements we developed two performance support tools to support data programmers and site analysts in exchanging research data.
The first tool, a workplan template, guides the lead programmer through effectively communicating the details of multi-site programming, including how to run the program, what output the program will create, and whether the output is expected to contain protected health information. The second performance support tool is a checklist that site analysts can use to ensure that multi-site program output conforms to expectations and does not contain protected health information beyond what is allowed under the multi-site research agreements.
Together the two tools create a formal multi-site programming workflow designed to reduce the chance of accidental PHI disclosure.