Post on 24-Feb-2016
description
transcript
CIDER - Today’s research, Tomorrow’s treatments
BMI Class Lab-1September 8, 2010
Bijoy George, Program Manager, CBMI
http://cbmi.wustl.edu/
Agenda
Introduction to CIDER Research need Types of clinical data in CIDER Privacy and data security Public Notification / Opt Out Auditing User responsibilities Definition of Project Data privileges Process workflows CIDER Application Login page Hands on Lab Quiz Take Home Assignment
Clinical and Translational Research Needs
Goals: 1. Rapidly convert advances in basic science to
improvements in patient care2. Relay findings from clinical studies back to bench for
further refinement of the disease management process
To achieve these goals, researchers need to integrate diverse and complex biomedical data sets to co-analyze and visualize the data to reduce the barrier b/w basic science and clinical
research
Clinical and Translational Research Needs
How were these goals achieved in the past? It was possible to acquire the clinical data manually
by reviewing an individual patient’s data from a hospital’s EMR
Time consuming and redundant process Not feasible for studies with large patient populations Poses significant privacy and confidentiality risks to
patients
Research Needs
1. Review Preparatory to Research Are there enough patients to conduct research? Applies to prospective or retrospective studies Defined criteria / haven’t defined it yet, but have an idea Count of patients is sufficient
2. Prospective/Retrospective studies Recruit patients / Need to get clinical data
3. Medical record data mining studies Need historical clinical data for patients matching criteria Survey identified patients for additional information
Quality Improvement
It is possible to do analysis and compare the performance within one hospital as well as across hospitals if data is available in one central location
Can identify the process improvement steps and can implement those to improve the patient care
Enormous opportunities to improve patient care using QC/QI initiatives
Problem Statement
Quality Improvement
Review Preparatory to Research
Participant Recruitment
Clinical Studies Data Acquisition Retrospective Prospective Historical
Solution
CIDER
In Patient Visits
Out Patient Visits
CIDER
Clinical Investigation Data Exploration Repository
Joint venture of BJC HealthCare & WUSM Data repository to contain patient care (inpatient
and outpatient) data Advanced query functionality through web
interface Restricted data access / Role management Data interfaces to external CSMS systems
CIDER
Scenarios - 1
Review preparatory to research “I can get a grant to conduct a research study using
historical clinical data to find out the relationship between changes in serum PSA values and survival following treatment for Hormone Refractory Prostate Cancer (HRPC). How do I find out whether there are enough patients?“
Using CIDER, one can find out the total number of patients satisfying the above criteria quickly without getting any formal approvals for the study.
Scenarios - 2
Prospective studies “I am planning to conduct a research study/protocol on
the possible connection between Diabetes and Acute Coronary Syndrome (ACS) and I need at least 100 patients aged between 40 and 65, who have had ACS and had been diagnosed with Diabetes prior to ACS.”
Using CIDER, PI can find out the total number of patients satisfying the above criteria quickly without getting any formal approvals for the study.
Once the study is approved by IRB, CIDER can provide the patient details required to contact the patients.
Scenarios - 3
Retrospective studies “I am planning to conduct a research study on the
possible connection between Diabetes and Acute Coronary Syndrome (ACS) and I need at least 100 patients aged between 40 and 65, who have had ACS and had been diagnosed with Diabetes prior to ACS.”
Using CIDER, PI can find out the total number of patients satisfying the above criteria quickly without getting any IRB approvals for the study.
Also, can obtain de-identified data with no IRB approvals.
Clinical Data
Demographics• name, address, race, gender, phone number
Visits • age, patient type, facility, diagnosis code, procedure code
Labs • age, collection time, facility, lab test name, specimen type (e.g. serum vs
CSF glucose), result Medications
• age, duration, frequency, medication, route & form • Aspirin 75 mg tablet, once a day by mouth (PO), indefinitely
Allergies • allergen type, allergy reaction, sensitivity, severity, type, onset date
Vitals • age, body site, facility, measurement, observation, value and units
Document• age, document content, document name, facility and physician
What and how much data is in CIDER?
• Data since 1993
• ~4.7 million patients
• ~25 million visits
• ~68 million lab results
• ~17 million medication orders
• ~12 million scanned documents
• ~140, 000 allergies (2009)
• ~50 million text documents
• ~130 million vitals
Privacy and Data Security
IRB Review Opt Out
Opt Out
Option for patients to opt out of having their clinical data used for research projects
Two options Public Website Telephone IVR
Opt Out
Opt out page
Privacy and Data Security
IRB Review Opt Out Public Notification
Public Notification
Media release Local newspapers
Privacy and Data Security
IRB Review Opt Out Public Notification
Data Security Auditing
Auditing
Every user action is audited Logins Running queries to identify patient cohorts Running queries to obtain patient data Viewing patient data Patient data export
Monthly / On-demand audit reports Using reports, auditors can pinpoint who looked
at a particular patient’s data CIDER Security Oversight Committee
Privacy and Data Security
IRB Review Opt Out Public Notification
Data Security Auditing User responsibilities
User Responsibilities
Follow established rules and procedures Obtain HIPAA/IRB approval if necessary Do NOT share user IDs and passwords Sign the CIDER data confidentiality agreement
after completing the training and follow the agreement
User access will be revoked in case of failure to follow the rules
User Responsibilities
Safeguard patient privacy and protect clinical data sets Escalate issues/questions to CIDER Administrator Download identified data only to approved and secure
location(s) Do NOT download, move, or copy identified/limited
data sets to USB drives, CDs, DVDs, other removable devices, or servers/workstations/desktops/laptops on unsecure networks
In case of questions, please email the CIDER Honest Broker at honestbroker@bmi.wustl.edu OR call the CIDER Help Desk @ 362-8853
User Responsibilities
What to do if data is lost or compromised? If you are a CIDER user, and you have encountered an event through which you
think e-PHI (Electronic Protected Health Information) has been compromised, then please follow the procedures listed below.
If you are a Washington University user Please fill-out an incident report using an incident report form from the following link. Washington University Incident Report Form and email it to incidents@wusm.wustl.edu
If you are a BJC userIf you are a BJC user, and you have encountered a breach of ePHI (electronic Protected Information) e.g. laptop, USB, device lost or stolen, virus attack on research server or theft of data, please contact BJC Information System Security Services at iss@bjc.org and complete an incident report at the following link. BJC Incident Report
Privacy and Data Security
IRB Review Opt Out Public Notification
Data Security Auditing User responsibilities Session Timeout
Session Timeout
The CIDER session is left alone with no user actions for 10 minutes, the system will log you off
A warning message is displayed after 8 minutes After 2 minutes of the warning, system will log
out the user This is a security measure Never leave sessions open without logging out
from CIDER
Privacy and Data Security
IRB Review Opt Out Public Notification
Data Security Auditing User responsibilities Session Timeout Project definition and rules applied during queries
What is a project in CIDER?
A project is a clinical or translational research study or a quality assurance/improvement activity that requires CIDER
Project components Principal Investigator Collaborators Start date / End Date Relevant protocol documents and IRB approvals Elements that filter data access under a project
• Facilities from which data will be available • Level of identified data access – Data Privileges
Data Privileges
Data Privilege Anonymized De-identified Limited Identified (Requires IRB Approval)
Data Privileges
Anonymized: Data that has no physical link to data that can be used to identify an individual’s identity.
De-identified: Data that is not individually identifiable, but might be used to re-identify the patient to provide additional clinical information.
Limited: Data that has a limited set of identifiable patient information as defined under HIPAA.
Identified: Data with one or more associated protected health identifiers that might be used to identify an individual’s identity.
Data privileges
Data Privilege / Data First Name
Last Name
Patient UPI
Patient coded identifier DOB Age Race
PSA Test date / Age @ Test
PSA Value
Anonymized xxxx xxxx #### 57785 70 70 Caucasian 67 6
De-Identified xxxx xxxx #### 493751 70 70 Caucasian 67 6
Limited xxxx xxxx #### 606485 1/15/1939 70 Caucasian 2/1/2006 6
Identified Tim Allen 1320701 N/A 1/15/1939 70 Caucasian 2/1/2006 6
Patient Code not associated to patient identity in database
What is a project in CIDER?
A project is a clinical or translational research study or a quality assurance/improvement activity that requires CIDER
Project components Principal Investigator Collaborators Start date / End Date Relevant protocol documents and IRB approvals Elements that filter data access under a project
• Facilities from which data will be available • Level of identified data access – Data Privileges• ‘Other’ project rules
Other Project Rules
Security measures for vulnerable populations Age of the patients over the age of 89 Minors (patients with age < 18)
Special rules Access to SSN
• Needs approval from IRB QA/QI Projects
• Includes opt-out patients’ data• Can include data from all facilities without individual IRB
approvals
Process workflows
User activation workflow Project creation workflow
User Activation
CIDERSystem
Collaborator
Principal Investigator
CIDER Administrator
Request account activation
Need approval from supervisor
Approve request
Verify HIPAA details
Activate account
I am working with Dr. Fraser. I need access to CIDER for research purpose.Please activate my account.
Yes, she is working with me and she needs access to CIDER.
Ok. She has successfully completed her HIPAA training AND CIDER user training. Activating her account.
1
2
3
Notification to user and PI
Project Creation
CIDERSystem
Collaborator
Principal Investigator
CIDER Administrator
Request for Project activation
Need approval from PI
Approve request
Verify Project details
Activate Project
I am requesting a project on behalf of Dr. Fraser.
The provided project details are correct. Please activate the requested project.
Ok. Based on the IRB Details, identified privileges can be granted for this project. Activating the project.
1
2
3
Notification to PI & creator
Hands on Lab
Learning objectives Familiarize with the CIDER login page Please remember it is accessible only within WUCON Have your user account activated If you have a WUSTLKEY, you can migrate to it and start
using WUSTLKEY once your account is activated Learn how to request a new project and submit for
approval (Lab Assignment)
Take Home Lab Assignment
Request a project to be established in CIDER and have it approved before the beginning of the next class on 09/15/10.
Please make sure you have a meaningful title for the project and a brief description of what you are planning to do using this project.
Please select my name as the PI; ‘George Bijoy’ Please specify the project attributes as follows
Start Date: 09/08/2010 End Date: 12/31/2010 Data Privilege = De identified
Quiz
Please write your First name and Last Name on the quiz answer sheet to get proper credit
Please circle the best answer choice for each question
Please turn in the completed assignments to me before the end of the class
We will go over the answers and you will get your answer papers graded in the next class