Development of a privacy and security policy framework for a multistate comparative effectiveness research network

Katherine K Kim, Deven McGraw, Laura Mamo, Lucila Ohno-Machado

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

Original languageEnglish (US)
JournalMedical Care
Volume51
Issue number8 SUPPL.3
DOIs
StatePublished - Aug 2013

Fingerprint

Comparative Effectiveness Research
Privacy
Research
Medication Therapy Management
Guidelines
United States Department of Veterans Affairs
Policy Making
Practice Guidelines
Respiratory Tract Infections
Hypertension
Safety
Health

Keywords

  • comparative effectiveness research
  • data sharing
  • distributed research network
  • governance
  • policy

ASJC Scopus subject areas

  • Public Health, Environmental and Occupational Health

Cite this

Development of a privacy and security policy framework for a multistate comparative effectiveness research network. / Kim, Katherine K; McGraw, Deven; Mamo, Laura; Ohno-Machado, Lucila.

In: Medical Care, Vol. 51, No. 8 SUPPL.3, 08.2013.

Research output: Contribution to journalArticle

Kim, Katherine K ; McGraw, Deven ; Mamo, Laura ; Ohno-Machado, Lucila. / Development of a privacy and security policy framework for a multistate comparative effectiveness research network. In: Medical Care. 2013 ; Vol. 51, No. 8 SUPPL.3.
@article{35f66bbb048a4369b50d8ca5f46b40ea,
title = "Development of a privacy and security policy framework for a multistate comparative effectiveness research network",
abstract = "Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.",
keywords = "comparative effectiveness research, data sharing, distributed research network, governance, policy",
author = "Kim, {Katherine K} and Deven McGraw and Laura Mamo and Lucila Ohno-Machado",
year = "2013",
month = "8",
doi = "10.1097/MLR.0b013e31829b1d9f",
language = "English (US)",
volume = "51",
journal = "Medical Care",
issn = "0025-7079",
publisher = "Lippincott Williams and Wilkins",
number = "8 SUPPL.3",

}

TY - JOUR

T1 - Development of a privacy and security policy framework for a multistate comparative effectiveness research network

AU - Kim, Katherine K

AU - McGraw, Deven

AU - Mamo, Laura

AU - Ohno-Machado, Lucila

PY - 2013/8

Y1 - 2013/8

N2 - Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

AB - Comparative effectiveness research (CER) conducted in distributed research networks (DRNs) is subject to different state laws and regulations as well as institution-specific policies intended to protect privacy and security of health information. The goal of the Scalable National Network for Effectiveness Research (SCANNER) project is to develop and demonstrate a scalable, flexible technical infrastructure for DRNs that enables near real-time CER consistent with privacy and security laws and best practices. This investigation began with an analysis of privacy and security laws and state health information exchange (HIE) guidelines applicable to SCANNER participants from California, Illinois, Massachusetts, and the Federal Veteran's Administration. A 7-member expert panel of policy and technical experts reviewed the analysis and gave input into the framework during 5 meetings held in 2011-2012. The state/federal guidelines were applied to 3 CER use cases: safety of new oral hematologic medications; medication therapy management for patients with diabetes and hypertension; and informational interventions for providers in the treatment of acute respiratory infections. The policy framework provides flexibility, beginning with a use-case approach rather than a one-size-fits-all approach. The policies may vary depending on the type of patient data shared (aggregate counts, deidentified, limited, and fully identified datasets) and the flow of data. The types of agreements necessary for a DRN may include a network-level and data use agreements. The need for flexibility in the development and implementation of policies must be balanced with responsibilities of data stewardship.

KW - comparative effectiveness research

KW - data sharing

KW - distributed research network

KW - governance

KW - policy

UR - http://www.scopus.com/inward/record.url?scp=84879879751&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84879879751&partnerID=8YFLogxK

U2 - 10.1097/MLR.0b013e31829b1d9f

DO - 10.1097/MLR.0b013e31829b1d9f

M3 - Article

C2 - 23774516

AN - SCOPUS:84879879751

VL - 51

JO - Medical Care

JF - Medical Care

SN - 0025-7079

IS - 8 SUPPL.3

ER -