| Please provide any feedback regarding this scenario in the comment form below or by clicking here. |
|---|
Max Researcher would like to create a unique identifier for two purposes (1) to re-identify current and potential research participants so that they can be contacted and (2) so that data can be linked across data sources to create a longitudinal record. Unique identifiers can be useful tools in enabling research and protecting privacy. Implementation of an identifier either within or across institutions is a precondition for multiple research scenarios.
A number of technical and procedural solutions exist and are in widespread use operationally. A “match” approach that uses patient information like SSN, account numbers, names, addresses, and phone numbers is typically used as part of systems administered by healthcare operations. These methods can employ either deterministic methods, relying on exact matches across systems (limited by data quality and other issues), or probabilistic methods (inexact). Typically, patients are not involved in verifying linkages of accounts within or across systems.
There are clear HIPAA guidelines regarding standards for creating these identifiers within an organization for purposes of research. However, because linkage requires creating identifiers, which requires sharing information across organizations, privacy and liability become concerns that Max, the IRB, and participating entities must address.
Questions:
- What are risks, liabilities, and benefits of participant-managed systems vs. researcher managed systems vs. operationally managed systems?
- What are the workflows and pros and cons of creating identifiers on a project-by-project basis vs. maintaining identifiers over networks, registries, or initiatives intended to operate over multiple projects? Relatedly, what is needed (technically and legally) to keep this data up to date?
- Should there be a contract or data use agreement that spells out responsibilities for anyone who uses or participates in the use of a research ID? Should a model contract be made available and spell out all the terms and responsibilities, including but not limited to data breach obligations and costs?
- In you experiences, are IRBS, legal, and privacy offices well prepared to make determinations on this question?
- What is the feasibility of participants self-managing linkage information across sources? What types of individuals would be excluded from population-based research using EHR and claims data if contact is required for data linkage?
- To what extent are an individual’s concerns addressed with technical approaches that leverage cryptographic methods?
- To what extent are covered entities’ and other liable parties’ concerns addressed with technical approaches that leverage cryptographic methods?
- Some research organizations have opted to reuse identifiers created for Regional Health Information Exchanges. What are the implications of this practice?
| |
Description | To protect privacy and conform to regulatory concerns, unique identifiers for research must be applied with researcher-administered systems to link data over time and across data sources. |
Primary actor/participant | Research Teams, Covered Entities, Participants |
Support actor/participant | Information systems |
Preconditions | Identifying information that can be used to reliably link records across independently regulated data sources is available. |
Post conditions | Unique, potentially reusable identifiers are created in according to well-accepted known regulatory standards. |
Alternatives | - Identifiers are created using methods certified by expert determination method under HIPAA to be de-identified (and not subject to HIPAA) vs. creating identifiers using an IRB vs. creating identifiers under a BAA.
- Deterministic identifiers provided as part of multi-institutional operations
- Participant-managed linkage systems
- In cases where data systems already exchange information (e.g. payers and providers or networked providers), researchers may be able to link on non-PII data.
|
Considerations | - Risks, liabilities, and benefits of participant-managed systems vs. researcher-managed systems vs. operationally-managed systems
- Feasibility of participants self-managing linkage information across sources
- Reusing identifiers created for regional health information exchanges
- Single use (i.e. one analysis, one product) vs. Reuse (potentially multiple projects)
|
Data Elements Considered | Personally Identifiable Information (PII) and encrypted versions of PII |
Purpose of the Data Collection | Treatment, Payment, Operations |
Purpose of Data Use | Creation of potentially reusable unique identifiers |
Terms of Transfer of Original Data to the Data Holders | Treatment, Payment, Operations |
Terms of Transfer to Researchers | Identifiers created with IRB approval, potentially waiver of authorization (Alternatives – Consent, Expert Determination, BAA) |
