CIDER - Today’s research, Tomorrow’s treatments BMI Class Lab-1 September 8, 2010 Bijoy George, Program Manager, CBMI
Agenda Introduction to CIDER Research need Types of clinical data in CIDER Privacy and data security Public Notification / Opt Out Auditing User responsibilities Definition of Project Data privileges Process workflows CIDER Application Login page Hands on Lab Quiz Take Home Assignment
Clinical and Translational Research Needs Goals: 1.Rapidly convert advances in basic science to improvements in patient care 2.Relay findings from clinical studies back to bench for further refinement of the disease management process To achieve these goals, researchers need to integrate diverse and complex biomedical data sets to co-analyze and visualize the data to reduce the barrier b/w basic science and clinical research
Clinical and Translational Research Needs How were these goals achieved in the past? It was possible to acquire the clinical data manually by reviewing an individual patient’s data from a hospital’s EMR Time consuming and redundant process Not feasible for studies with large patient populations Poses significant privacy and confidentiality risks to patients
Research Needs 1.Review Preparatory to Research Are there enough patients to conduct research? Applies to prospective or retrospective studies Defined criteria / haven’t defined it yet, but have an idea Count of patients is sufficient 2.Prospective/Retrospective studies Recruit patients / Need to get clinical data 3.Medical record data mining studies Need historical clinical data for patients matching criteria Survey identified patients for additional information
Quality Improvement It is possible to do analysis and compare the performance within one hospital as well as across hospitals if data is available in one central location Can identify the process improvement steps and can implement those to improve the patient care Enormous opportunities to improve patient care using QC/QI initiatives
Problem Statement Quality Improvement Review Preparatory to Research Participant Recruitment Clinical Studies Data Acquisition Retrospective Prospective Historical
Solution CIDER In Patient Visits Out Patient Visits
CIDER Clinical Investigation Data Exploration Repository Joint venture of BJC HealthCare & WUSM Data repository to contain patient care (inpatient and outpatient) data Advanced query functionality through web interface Restricted data access / Role management Data interfaces to external CSMS systems
CIDER
Scenarios - 1 Review preparatory to research “I can get a grant to conduct a research study using historical clinical data to find out the relationship between changes in serum PSA values and survival following treatment for Hormone Refractory Prostate Cancer (HRPC). How do I find out whether there are enough patients?“ Using CIDER, one can find out the total number of patients satisfying the above criteria quickly without getting any formal approvals for the study.
Scenarios - 2 Prospective studies “I am planning to conduct a research study/protocol on the possible connection between Diabetes and Acute Coronary Syndrome (ACS) and I need at least 100 patients aged between 40 and 65, who have had ACS and had been diagnosed with Diabetes prior to ACS.” Using CIDER, PI can find out the total number of patients satisfying the above criteria quickly without getting any formal approvals for the study. Once the study is approved by IRB, CIDER can provide the patient details required to contact the patients.
Scenarios - 3 Retrospective studies “I am planning to conduct a research study on the possible connection between Diabetes and Acute Coronary Syndrome (ACS) and I need at least 100 patients aged between 40 and 65, who have had ACS and had been diagnosed with Diabetes prior to ACS.” Using CIDER, PI can find out the total number of patients satisfying the above criteria quickly without getting any IRB approvals for the study. Also, can obtain de-identified data with no IRB approvals.
Clinical Data Demographics name, address, race, gender, phone number Visits age, patient type, facility, diagnosis code, procedure code Labs age, collection time, facility, lab test name, specimen type (e.g. serum vs CSF glucose), result Medications age, duration, frequency, medication, route & form Aspirin 75 mg tablet, once a day by mouth (PO), indefinitely Allergies allergen type, allergy reaction, sensitivity, severity, type, onset date Vitals age, body site, facility, measurement, observation, value and units Document age, document content, document name, facility and physician
What and how much data is in CIDER? Data since 1993 ~4.7 million patients ~25 million visits ~68 million lab results ~17 million medication orders ~12 million scanned documents ~140, 000 allergies (2009) ~50 million text documents ~130 million vitals
Privacy and Data Security IRB Review Opt Out
Opt Out Option for patients to opt out of having their clinical data used for research projects Two options Public Website Telephone IVR
Opt Out
Opt Out public page
Opt out page
Privacy and Data Security IRB Review Opt Out Public Notification
Public Notification Media release Local newspapers
Privacy and Data Security IRB Review Opt Out Public Notification Data Security Auditing
Auditing Every user action is audited Logins Running queries to identify patient cohorts Running queries to obtain patient data Viewing patient data Patient data export Monthly / On-demand audit reports Using reports, auditors can pinpoint who looked at a particular patient’s data CIDER Security Oversight Committee
Privacy and Data Security IRB Review Opt Out Public Notification Data Security Auditing User responsibilities
User Responsibilities Follow established rules and procedures Obtain HIPAA/IRB approval if necessary Do NOT share user IDs and passwords Sign the CIDER data confidentiality agreement after completing the training and follow the agreement User access will be revoked in case of failure to follow the rules
User Responsibilities Safeguard patient privacy and protect clinical data sets Escalate issues/questions to CIDER Administrator Download identified data only to approved and secure location(s) Do NOT download, move, or copy identified/limited data sets to USB drives, CDs, DVDs, other removable devices, or servers/workstations/desktops/laptops on unsecure networks In case of questions, please the CIDER Honest Broker at OR call the CIDER Help
User Responsibilities What to do if data is lost or compromised? If you are a CIDER user, and you have encountered an event through which you think e-PHI (Electronic Protected Health Information) has been compromised, then please follow the procedures listed below. If you are a Washington University user Please fill-out an incident report using an incident report form from the following link. Washington University Incident Report Form and it to University Incident Report Form If you are a BJC user If you are a BJC user, and you have encountered a breach of ePHI (electronic Protected Information) e.g. laptop, USB, device lost or stolen, virus attack on research server or theft of data, please contact BJC Information System Security Services at and complete an incident report at the following link. BJC Incident Incident Report
Privacy and Data Security IRB Review Opt Out Public Notification Data Security Auditing User responsibilities Session Timeout
Session Timeout The CIDER session is left alone with no user actions for 10 minutes, the system will log you off A warning message is displayed after 8 minutes After 2 minutes of the warning, system will log out the user This is a security measure Never leave sessions open without logging out from CIDER
Privacy and Data Security IRB Review Opt Out Public Notification Data Security Auditing User responsibilities Session Timeout Project definition and rules applied during queries
What is a project in CIDER? A project is a clinical or translational research study or a quality assurance/improvement activity that requires CIDER Project components Principal Investigator Collaborators Start date / End Date Relevant protocol documents and IRB approvals Elements that filter data access under a project Facilities from which data will be available Level of identified data access – Data Privileges
Data Privileges Data Privilege Anonymized De-identified Limited Identified (Requires IRB Approval)
Data Privileges Anonymized: Data that has no physical link to data that can be used to identify an individual’s identity. De-identified: Data that is not individually identifiable, but might be used to re-identify the patient to provide additional clinical information. Limited: Data that has a limited set of identifiable patient information as defined under HIPAA. Identified: Data with one or more associated protected health identifiers that might be used to identify an individual’s identity.
Data privileges Patient Code not associated to patient identity in database
What is a project in CIDER? A project is a clinical or translational research study or a quality assurance/improvement activity that requires CIDER Project components Principal Investigator Collaborators Start date / End Date Relevant protocol documents and IRB approvals Elements that filter data access under a project Facilities from which data will be available Level of identified data access – Data Privileges ‘Other’ project rules
Other Project Rules Security measures for vulnerable populations Age of the patients over the age of 89 Minors (patients with age < 18) Special rules Access to SSN Needs approval from IRB QA/QI Projects Includes opt-out patients’ data Can include data from all facilities without individual IRB approvals
Process workflows User activation workflow Project creation workflow
User Activation CIDER System CIDER System Collaborator Principal Investigator CIDER Administrator Request account activation Need approval from supervisor Approve request Verify HIPAA details Activate account I am working with Dr. Fraser. I need access to CIDER for research purpose. Please activate my account. I am working with Dr. Fraser. I need access to CIDER for research purpose. Please activate my account. Yes, she is working with me and she needs access to CIDER. Ok. She has successfully completed her HIPAA training AND CIDER user training. Activating her account Notification to user and PI
Project Creation CIDER System CIDER System Collaborator Principal Investigator CIDER Administrator Request for Project activation Need approval from PI Approve request Verify Project details Activate Project I am requesting a project on behalf of Dr. Fraser. The provided project details are correct. Please activate the requested project. Ok. Based on the IRB Details, identified privileges can be granted for this project. Activating the project Notification to PI & creator
Hands on Lab Learning objectives Familiarize with the CIDER login page Please remember it is accessible only within WUCON Have your user account activated If you have a WUSTLKEY, you can migrate to it and start using WUSTLKEY once your account is activated Learn how to request a new project and submit for approval (Lab Assignment)
CIDER URL
Take Home Lab Assignment Request a project to be established in CIDER and have it approved before the beginning of the next class on 09/15/10. Please make sure you have a meaningful title for the project and a brief description of what you are planning to do using this project. Please select my name as the PI; ‘George Bijoy’ Please specify the project attributes as follows Start Date: 09/08/2010 End Date: 12/31/2010 Data Privilege = De identified
Quiz Please write your First name and Last Name on the quiz answer sheet to get proper credit Please circle the best answer choice for each question Please turn in the completed assignments to me before the end of the class We will go over the answers and you will get your answer papers graded in the next class
Q & A Please feel to contact me any time