Data Sharing: flexibility is the fuel, governance is the glue! Lisa Schilling, MD, MSPH Department of Medicine, University of Colorado, Denver AMIA November.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

FERPA - Sharing Student Information

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.

Voice over the Internet Protocol (VoIP) Technologies… How to Select a Videoconferencing System for Your Agency Based on the Work of Watzlaf, V.M., Fahima,

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Are you ready for HIPPO??? Welcome to HIPAA

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

Early Childhood Transition Forums Sponsored by the Massachusetts Department of Early Education and Care, Department of Elementary and Secondary Education,

Alternate Standards of Care in Mass Casualty Events Patrick O’Carroll, MD, MPH Regional Health Administrator Public Health Service Region X.

Capability Cliff Notes Series PHEP Capability 6—Information Sharing What Is It And How Will We Measure It?

Coordinating Center Overview November 18, 2010 SPECIAL DIABETES PROGRAM FOR INDIANS Healthy Heart Project Initiative: Year 1 Meeting 1.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Inter-institutional Data Sharing, Standards and Legal Arthur Davidson, MD, MSPH Agency for Healthcare Research and Quality, Washington, DC June 9, 2005.

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,

International Research & Research Involving Children K. Lynn Cates, MD Assistant Chief Research & Development Officer Office of Research & Development.

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

DSDS Quality Assurance Unit State of Alaska, Dept. of Health and Social Services Division of Senior and Disabilities Services (DSDS) Quality Assurance.

W ORKFORCE P OLICY C OLLABORATIVE State Office of Rural Health Programs & Services Provider recruitment Hospital and clinic services Emergency preparedness.

Colorado Children and Youth Information Sharing (CCYIS) Educational Stability Summit April 10, 2015.

Cloud Computing The coming storm. Bio  Robert Fox - Data Architect, Arkansas Blue Cross Blue Shield  18 years of data architecture and warehousing experience.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act) Regina.

State HIE Program Chris Muir Program Manager for Western/Mid-western States.

West Virginia Clinical Translational Science Institute Links Scientists and Teachers Sara Hanks, Ann Chester, Summer Kuhn.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Organizational and Legal Issues -- Developing organization and governance models for HIE Day 2 -Track 5 – SECOND SESSION – PRIVACY AND SECURITY CONNECTING.

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Preparing Electronic Health Records for Multi-Site CER Studies Michael G. Kahn 1,3,4, Lisa Schilling 2 1 Department of Pediatrics, University of Colorado,

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

Collaborative Networks for Conducting Comparative Effectiveness Research Tuesday September 9, :00 – 9:30 am.

The HMO Research Network (HMORN) is a well established alliance of 18 research departments in the United States and Israel. Since 1994, the HMORN has conducted.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Committees. Executive Committee Terms of Reference Committee Type – standing Purpose -. Manage the business and technical affairs of Open Health Tools.

Integrating a Federated Healthcare Data Query Platform With Electronic IRB Information Systems Shan He IPHIE 2010.

Health Delivery Services May 29, Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.

While most HMORN projects involve two to five Network sites, its largest consortiums are the most widely recognized. Nearly 40% of HMORN projects and consortium.

U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.

Rules of Participation in Framework Programme 7 Brussels Office Helmholtz Association of German Research Centres Rue du Trône 98 B-1050 Brüssel

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Connecting for Health Common Framework: the Model Contract for Health Information Exchange Gerry Hinkley com July 18, 2006 Davis Wright.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

Human Subjects Update E. Wethington, Chair, UCHS.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

European Life Sciences Infrastructure for Biological Information ELIXIR Collaboration Agreement Template ELIXIR/2014/10 Vera Herkommer.

Pennsylvania Health Information Exchange NJHIMSS - DVHIMSS Enabling Healthcare Transformation Through Information Technology September, 2010.

Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.

Update from the Faster Payments Task Force

The Vision: Invent a system to increase client success…..the medical clinic model.

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

Accountable care organizations

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

HIPAA Compliance Services CTG HealthCare Solutions, Inc.

IRB Harmonization 2016 Review

Research with Human Subjects

Presentation transcript:

Data Sharing: flexibility is the fuel, governance is the glue! Lisa Schilling, MD, MSPH Department of Medicine, University of Colorado, Denver AMIA November 2012 Funding provided by AHRQ 1R01HS (Scalable Architecture for Federated Translational Inquiries Network)

Big Thanks! University of Colorado – Office of Regulatory Compliance, Multi-Institutional Review Board, Office of University Counsel Partners – Denver Health & Hospital Authority, Colorado Community Managed Care Network, Salud Family Health Services, Metro Community Provider Network, Cherokee Health Systems SAFTINet team

Objectives Understand data governance issues in multi- stakeholder collaborations Identify strategies for developing effective policies to reduce data sharing obstacles If possible, provide insights helpful for NIH/CTSAs

Setting the context: AHRQ Distributed Research Networks AHRQ ARRA OS: Recovery Act 2009: Scalable Distributed Research Networks for Comparative Effectiveness Research (R01) Goal: enhance the capability and capacity of electronic health networks designed for distributed research to conduct prospective, comparative effectiveness research on outcomes of clinical interventions. Combine clinical and claims/administrative data

Grid Portal

SAFTINet Data Sharing Partners Clinical data sharing partners –Colorado Community Managed Care Network and the Colorado Associated Community Health Information Enterprise Colorado Federally Qualified Health Centers –Denver Health and Hospital Authority –Cherokee Health Systems, Tennessee –Bi-State Primary Care Assoc. &Northern Tier Center for Health Vermont (in development) Claims and administrative data sharing partners –Colorado Health Care Policy & Financing – CO All Payers Claims Database- Center for Improving Value in Healthcare –TennCare and Tennessee managed care organizations (partnership in development) –Department of Vermont Health Access (in development )

Partner-Data Sharing Concerns Data stewardship & loss of control –Non agreed upon use –Misuse, misrepresentation Data security –network & data transfers Competitive environment – cost/billing data, proprietary coding/mapping schemas Compliance with state and federal rules –HIPAA, individual state privacy laws Liability

Strategies to Facilitate Trust Transparent & open discussions, policies & documentation –Security Framework discussion –Service level objectives –Recommendations Alignment with federal standards –NIST security recommendations Flexibility

Web of Data Sharing Agreements & Documents Master Consortium Agreement Service Level Objectives Security Framework IRB protocols –Infrastructure (45 cfr ) –Study specific BAA DUA Purpose Contents Involved entities Contingent upon/for Place in hierarchy Relevant laws/regulations Legal or not Signatories

Master Consortium Agreement Governance must address: –Membership –entering, leaving, decision-making –Use & misuse Access, authorization, authentication Plans for partner ‘sign off’ before data release –Publications, Intellectual property –Requirements Partners, network administrator, security –Liability and insurance –Termination –Compliance with laws and regulations

MCA – Flexibility of participation Each of the Consortium Members is willing to provide access to its research data and/or receive from the other Consortium Members certain research data for research use. Data Owners are able to specify the data types they make available to the SAFTINet Network database … Reasonably contribute to Joint Study activities and share current health care delivery models, current practices, and measures to support Joint Studies, except where the Data Owner believes: (1) such contribution may violate federal or state law, the Partner Member’s contractual obligations, or its internal policies, (2) such contribution would harm its proprietary or competitive interests, (3) it does not have the functional ability to do so, (4) such contribution is not in the best interests of that Partner Member, or (5) it is not economically, technically or operationally feasible to do so. The Members have the authority to grant additional exceptions.

MCA: Security –Network & Portal These safeguards will be guided by the following standards: –OMB Security of Federal Automated Information Resources –FIPS 200 Minimal Secr Requirements –etc.

Due Diligence: SAFTINet Security Framework

SLO Agreement Assist PARTNER System Administrator with deployment of SAFTINet Grid Node and ROSITA VMs including configuration of network settings within guest OS, connectivity testing, and make suggestions for post-deployment security hardening like changing default passwords. Provide remote access software and licenses for remote assistance, administration, and troubleshooting (e.g. GoToMeeting, GoToAssist). Maintain secure default settings on all VM templates deployed to PARTNER. Design and deploy systems so that all PHI is transferred using FIPS140-2 validated encryption technologies. Ensure that all applications used in the SAFTINet infrastructure are developed and maintained using the highest possible standards and industry best-practices in an effort to safeguard PARTNER’s systems, security, and data integrity.

Getting to Yes: Many hours, lots of iterations Complementary agreements and policies Balance of technology and trust Baby steps

Acknowledgments Michael G. Kahn, MD, PhD Wilson Pace, MD David West, PhD Bethany Kwan, PhD, MSPH Annalissa Philbin, JD, Sr. Research Associate Attorney Art Davidson, MD, MSPH, Co-PI, DHHA Warren Capell, MD - Director, Colorado Multiple Institutional Review Board Alison Lakin – Assistant Vice Chancellor of Regulatory Compliance SAFTINet team