The trusted source for
healthcare information and
EHRs need dataset limits built into electronic system
Don't encourage fishing expeditions
There are inherent risks in creating large databases of individual medical information, and both regulations and industry leaders in electronic health records (EHRs) have tried to address these in recent years.
EHRs potentially contain a great deal of information that anyone who has the security password could access, says Philip A. Cola, MA, vice president of research and technology at the University Hospitals Case Medical Center in Cleveland, OH.
Ideally, an EHR would be set up with security stops in place that prevent someone who is accessing the information for one specific purpose from taking a look at unauthorized data, as well, Cola says.
"Suppose we give a research assistant `X' list of all type 1 diabetic patients who have come into our health system in the last year," Cola says. "Once they have that access, they might want to look at glucose levels, so we make them promise in the protocol that all they're going to do is get the glucose level information and not look up other issues — unrelated to diabetes — involving the patients."
One potential security stop for this potential privacy and access issue is to have someone monitor the database records to see precisely what type of information researchers and others accessed, says Valerie Wiesbrock, MA, manager of the IRB administration office at the University Hospitals Case Medical Center.
"If they do look up things they shouldn't in the records, we can see after the fact where they looked," she explains.
This type of monitoring is required under 21CFR, part 11, Cola notes.
"You need to be able to trace who looked at what, when, and where," he says.
Another security measure is to have a big clinical data repository that is replicated into a research data repository that will have all kinds of protections around research data, Cola says.
"You wouldn't be able to get into this repository without appropriate IRB approval, and as an individual you wouldn't be able to go in there and look at whatever you want," Cola says.
"We don't encourage fishing expeditions," Wiesbrock says. "We don't encourage principal investigators to say, 'I have a cool idea; let me look at everybody's medical record in the entire system.'"
A physician investigator could request to look at his or her own surgery patients and their recovery times as preparatory to research, but the IRB would not approve letting a PI look over medical records for a variety of unclear, undefined goals, she adds.
"We put those stops in to prevent them from doing this," Wiesbrock says. "You have to think it through and submit your request to the IRB, and they'll approve it if everything is in line."
This type of checks and balances protects confidentiality of health records, and also protects investigators from decisions that lead to poor research method and design, Cola notes.
"If you just look at a bunch of data randomly and try to find patterns in it, this is a very poor way to do science and research," Cola says. "We are saying you have to protect subjects' confidentiality and privacy and it forces you to create a better research design in doing so."
Studies with better designs have more data integrity which translates into greater potency in the research publishing world.
Another stop gap for data mining involves having PIs go through a third party to obtain the desired information.
"You'd have to make a request to an information technology person and say, 'Here, I've got my IRB approval; here are the variables I have, and here's what I need,'" he explains. "The IT person would pull that data for you and give it to you in the form of a report."
This process prevents institutions from having to rely on an honor system.
"We're six to eight months away from doing it at that level at our main campus," Cola says.
"We're trying to prepare our investigators for that future state," he adds. "Investigators are very excited that this information will be electronic, and so we have to build in these stops and make it more efficient so they can get information that's appropriate."