PCOR: Privacy and Security Blueprint, Legal Analysis and Ethics Framework for Data Use, & Use of Technology for Privacy

STATUS: Completed Project

BACKGROUND

Patient‑level data are essential to understanding and improving health outcomes. These data must be made available to researchers in a way that ensures the protection of patient privacy while providing sufficient granularity to allow meaningful research questions to be assessed. However, current laws and policies around the use of patient level data are nuanced and sometimes conflicting, creating confusion for researchers, providers, and patients.

PROJECT PURPOSE & GOALS

This project was a collaborative effort between ONC and CDC to conduct research and create resources to improve the privacy of patients and their data.

Project Objectives:

• Conduct an “as is” analysis of public health laws and ethical considerations that relate to the release and use of CDC public health and health surveillance data (environmental scan, analysis of findings, and gap analysis).

• Prepare a final white paper of findings and recommendations for best practice practices for data release beyond CDC, and provide guidance to researchers interested in using CDC data for PCOR.

• Convene a work group of public health legal and ethics experts to inform the “as is” analysis to provide a “view” of agency wide data use and report of findings.

• Create a Privacy and Security Data Infrastructure Blueprint.

• Conduct a Legal Analysis to Inform Development of an Ethical Framework.

• Identify Mechanisms for Capturing Individual Consent and Preferences for Research.

PROJECT ACHIEVEMENTS & HIGHLIGHTS

• The CDC project team conducted a legal and ethical environmental scan resulting in an analysis of findings report and a gap analysis of laws and ethical considerations to determine what governs the release and use of CDC public health data. The team also created an ethical framework, which focuses on scenarios about legal and ethical uses of data.

• The ONC project team completed an environmental scan and gap analysis of consent management technologies for research. The environmental scan informed the first round of ‘Basic Consent’ (Treatment, Payment, and Operations) use case pilot testing in cooperation with the Veterans Administration. The project team developed a best practices implementation white paper, based on the lessons learned from the pilot efforts.

• The ONC team completing additional pilot testing. Basic Choice for Research consisted of supporting the mapping of informed consent to the Fast Healthcare Interoperability Resource (FHIR®) Standard. Granular Choice focused on implemented the FHIR standard for capture and exchange of consent and health information.

PUBLICATIONS, PRESENTATIONS, AND OTHER PUBLICALLY AVAILABLE RESOURCES

Resources

• ONC published a final project report in July 2020. The report is available here: https://aspe.hhs.gov/sites/default/files/private/pdf/259016/privacy-security-framework.pdf
• ONC developed two documents on the use cases for pilot testing:
  • “Enabling Basic Choice for Research Consent” is available here: https://www.healthit.gov/sites/default/files/page/2020-07/Basic%20Choice%20Use%20Case.pdf
  • “Enabling Granular Choice for Health Care Delivery and Research Consent” is available here: https://www.healthit.gov/sites/default/files/page/2020-07/Granular%20Choice%20Use%20Case.pdf
• CDC published the white paper “Legal and Ethical Framework to Use Centers for Disease Control and Prevention Data for Patient-Centered Outcomes Research.” The report is available here: https://aspe.hhs.gov/sites/default/files/private/pdf/259016/PCOR_Legal_508_2.pdf
• ONC published a collection of tools and resources to help researchers navigate the complex legal and regulatory environment, available here: https://www.healthit.gov/topic/scientific-initiatives/pcor/legal-and-ethical-architecture-patient-centered-outcomes-research-pcor-data-architecture
  • The entire architecture, “Legal and Ethical Architecture for PCOR Data,” is available here: https://www.healthit.gov/sites/default/files/page/2018-06/PCOR%20Architecture%20%28MERGE%29%20updated%20Appendix%20B.pdf

Presentations

• The CDC team presented a panel presentation “The Boundaries of Privacy and Public Health Concerns” at the PRIM&R Advancing Ethical Research Conference in San Antonio in November 2017.

• The CDC team presented on the ethical framework to an internal CDC audience in November 2017 as part of an ethics seminar.

• The ONC team presented at a Health Level Seven (HL7) Educational Session in June 2017. This presentation reviewed the Phase 1: Basic Choice for Treatment, Payment, and Operations pilot efforts and outcomes as related to HL7 FHIR.

• The ONC team hosted HL7 FHIR Connectathon Consumer Centered Data Exchange demonstration in collaboration with project partners. Presentations highlighted the Basic Choice for Research and Granular Choice pilots.

RELATED PROJECTS

Below is a list of ASPE-funded PCORTF projects that are related to this project

Standardization and Querying of Data Quality Metrics and Characteristics for Electronic Health Data - Under the FDA, this project created and implemented a metadata standards data capture and querying system for: data quality and characteristics, data source and institutional characteristics, and “fitness for use.” This project targets the need to build bridges across networks and databases, so that information captured in each source can be combined and used for research.

Harmonization of Various Common Data Models and Open Standards for Evidence Generation - This project was a collaborative effort among the Food and Drug Administration (FDA), National Cancer Institute (NCI), National Institutes of Health/National Center for Advancing Translational Sciences (NIH/NCATS), Office of the National Coordinator for Health (ONC), and the National Library of Medicine (NLM). The project built a data infrastructure for conducting patient centered outcomes research (PCOR) using observational data derived from the delivery of health care in routine clinical settings. The sources of these data include, but are not limited to insurance billing claims, electronic health records (EHRs), and patient registries. In addition, the project team harmonized several existing common data models, including PCORnet and other networks.