Prospective study of clinician-entered research data in the Emergency Department using an Internet-based system after the HIPAA Privacy Rule

doi:10.1186/1472-6947-4-17

BMC Medical Informatics and Decision Making
Volume 4

Viewing options:

Abstract
Full text
PDF (1.7MB)

Associated material:

Related literature:

Articles citing this article
on BioMed Central
on Google Scholar
on PubMed Central
Other articles by authors
on Google Scholar

Kline JA
Johnson CL
Webb WB
Runyon MS

on PubMed

Kline JA
Johnson CL
Webb WB
Runyon MS
Related articles/pages
on Google

on Google Scholar

on PubMed

Tools:

Post to:

Research article

Prospective study of clinician-entered research data in the Emergency Department using an Internet-based system after the HIPAA Privacy Rule

Jeffrey A Kline¹ , Charles L Johnson² , William B Webb² and Michael S Runyon¹

¹Department of Emergency Medicine, Carolinas Medical Center, Charlotte, NC, USA

²BreathQuant Medical Systems Inc, Charlotte NC, USA

author email corresponding author email

BMC Medical Informatics and Decision Making 2004, 4:17doi:10.1186/1472-6947-4-17


Published:	12 October 2004

Abstract

Background

Design and test the reliability of a web-based system for multicenter, real-time collection of data in the emergency department (ED), under waiver of authorization, in compliance with HIPAA.

Methods

This was a phase I, two-hospital study of patients undergoing evaluation for possible pulmonary embolism. Data were collected by on-duty clinicians on an HTML data collection form (prospective e-form), populated using either a personal digital assistant (PDA) or personal computer (PC). Data forms were uploaded to a central, offsite server using secure socket protocol transfer. Each form was assigned a unique identifier, and all PHI data were encrypted, but were password-accessible by authorized research personnel to complete a follow-up e-form.

Results

From April 15, 2003-April 15 2004, 1022 prospective e-forms and 605 follow-up e-forms were uploaded. Complexities of PDA use compelled clinicians to use PCs in the ED for data entry for most forms. No data were lost and server log query revealed no unauthorized entry. Prospectively obtained PHI data, encrypted upon server upload, were successfully decrypted using password-protected access to allow follow-up without difficulty in 605 cases. Non-PHI data from prospective and follow-up forms were available to the study investigators via standard file transfer protocol.

Conclusions

Data can be accurately collected from on-duty clinicians in the ED using real-time, PC-Internet data entry in compliance with the Privacy Rule. Deidentification-reidentification of PHI was successfully accomplished by a password-protected encryption-deencryption mechanism to permit follow-up by approved research personnel.