ebook img

(PCOR) Data PDF

227 Pages·2017·6.5 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview (PCOR) Data

Legal and Ethical Architecture for PCOR Data Jane Hyatt Thorpe, JD Lara Cartwright-Smith, JD, MPH Elizabeth Gray, JD, MHA Marie Mongeon, MPH(c) The George Washington University Milken Institute School of Public Health Department of Health Policy and Management September 28, 2017 Table of Contents CHAPTER 1: OVERVIEW OF LEGAL AND ETHICAL ARCHITECTURE FOR PCOR DATA ...... 10 INTRODUCTION ......................................................................................................... 11 BACKGROUND ........................................................................................................... 12 Key Laws for PCOR Research ......................................................................................................... 15 Content-Specific Statutes and Regulations ......................................................................................... 15 Research-Specific Statutes and Regulations ....................................................................................... 15 Setting-Specific Statutes and Regulations .......................................................................................... 15 Ethical Considerations .................................................................................................................. 17 Prior and Related Federal Efforts ................................................................................................... 18 Development of the Architecture ............................................................................... 19 Audience ...................................................................................................................................... 19 Process ........................................................................................................................................ 19 Phase 1 – Stakeholder Engagement and Research Data Use Scenarios and Use Cases ..................... 19 Phase 2 – Legal and Ethical Framework for PCOR; Conceptual Enterprise Architecture ................... 20 How to navigate and use the Architecture ................................................................. 21 Architecture Structure .................................................................................................................. 22 CHAPTER 1: Overview ......................................................................................................................... 22 CHAPTER 2: Legal and Ethical Significance of Data for PCOR ............................................................. 22 CHAPTER 3: Linking Legal and Ethical Requirements to PCOR Data ................................................... 22 CHAPTER 4: Framework for Navigating Legal and Ethical Requirements for PCOR ........................... 23 CHAPTER 5: Mapping Research Data Flows to Legal Requirements................................................... 23 APPENDIX A: Summary of Statutes and Regulations Relevant to PCOR ............................................. 24 APPENDIX B: Assessing Potential Barriers and Ambiguity in the Legal Landscape ............................. 24 APPENDIX C: Selected Federal Initiatives............................................................................................ 24 APPENDIX D: Selected Federal Resources .......................................................................................... 24 APPENDIX E: Glossary ......................................................................................................................... 24 CHAPTER 2: LEGAL AND ETHICAL SIGNIFICANCE OF DATA FOR PCOR ...........................25 INTRODUCTION ......................................................................................................... 26 KEY CHARACTERISTICS OF DATA TYPES FOR PCOR ...................................................... 26 Identifiability ................................................................................................................................ 26 Considerations for Identifiability ........................................................................................................ 27 Content ........................................................................................................................................ 27 Considerations for Content ................................................................................................................. 27 Subject ......................................................................................................................................... 27 Considerations for Subject .................................................................................................................. 27 Source .......................................................................................................................................... 28 Considerations for Source ................................................................................................................... 28 Access .......................................................................................................................................... 28 Considerations for Access ................................................................................................................... 28 Use/Purpose ................................................................................................................................ 29 Considerations for Use/Purpose ......................................................................................................... 29 Consent/Authorization ................................................................................................................. 29 Considerations for Consent/Authorization ......................................................................................... 29 Security ........................................................................................................................................ 30 Considerations for Security ................................................................................................................. 30 Legal Status .................................................................................................................................. 30 Considerations for Legal Status .......................................................................................................... 30 TYPES OF DATA RELEVANT TO PCOR .......................................................................... 30 Clinical Data ................................................................................................................................. 32 Administrative Data ...................................................................................................................... 32 Patient-Generated Health Data (PGHD) ......................................................................................... 32 Patient Reported Outcomes (PROs)/Patient Reported Outcome Measures (PROMs) ....................... 33 Genetic Information ..................................................................................................................... 34 Biospecimens ............................................................................................................................... 34 Surveillance Data .......................................................................................................................... 34 Quality Improvement Data ........................................................................................................... 35 CHAPTER 3: LINKING LEGAL AND ETHICAL REQUIREMENTS TO PCOR DATA .................36 INTRODUCTION ......................................................................................................... 37 LINKING LEGAL REQUIREMENTS TO RELEVANT PCOR CONSIDERATIONS .................... 37 Identifiability and Content ............................................................................................................ 38 Key Statutes and Regulations Related to Identifiability and Content ................................................. 38 Subject ......................................................................................................................................... 45 Key Statutes and Regulations Related to Subject ............................................................................... 45 Source .......................................................................................................................................... 47 Key Statutes and Regulations Related to Source ................................................................................ 48 Access and Use/Purpose ............................................................................................................... 50 Key Statutes and Regulations Related to Access and Use/Purpose ................................................... 51 Consent/Authorization ................................................................................................................. 58 Key Statutes and Regulations Related to Consent/Authorization ...................................................... 60 Security ........................................................................................................................................ 62 Key Statutes and Regulations Related to Security .............................................................................. 62 Legal Status .................................................................................................................................. 63 Key Statutes and Regulations Related to Legal Status ........................................................................ 63 CHAPTER 4: FRAMEWORK FOR NAVIGATING LEGAL AND ETHICAL REQUIREMENTS FOR PCOR ......................................................................................................................... 65 INTRODUCTION ......................................................................................................... 66 PCOR FRAMEWORK ................................................................................................... 66 Data Characteristic 1: Identifiability ............................................................................................... 69 Data Characteristic 2: Content ....................................................................................................... 71 Data Characteristic 3: Subject ........................................................................................................ 73 Data Characteristic 4: Source ......................................................................................................... 76 Data Characteristic 5: Access ......................................................................................................... 78 Data Characteristic 6: Use/Purpose ............................................................................................... 81 Data Characteristic 7: Consent/Authorization ................................................................................. 84 Data Characteristic 8: Security ....................................................................................................... 88 Data Characteristic 9: Legal Status ................................................................................................. 91 CHAPTER 5: MAPPING RESEARCH DATA FLOWS TO LEGAL REQUIREMENTS .................93 INTRODUCTION ......................................................................................................... 94 REPRESENTATIVE DATA FLOWS .................................................................................. 94 Data Flow 0—General Research Scenario ....................................................................................... 96 Scenario Narrative: ............................................................................................................................. 96 Data Flow 0—General Research Scenario .......................................................................................... 97 Data Flow 0—General Research Scenario (continued) ....................................................................... 98 Data Flow 1—Use Case 1: Combining Data for PCOR ...................................................................... 99 Scenario Narrative: ............................................................................................................................. 99 Data Flow 1—Use Case 1: Combining Data for PCOR ....................................................................... 100 Data Flow 1—Use Case 1: Combining Data for PCOR (continued) ................................................... 101 Data Flow 1—Use Case 1: Combining Data for PCOR (continued) ................................................... 102 Data Flow 1—Use Case 1: Combining Data for PCOR (continued) ................................................... 103 Data Flow 2—Use Case 2: Consent Management ......................................................................... 104 Scenario Narrative: ........................................................................................................................... 104 Data Flow 2—Use Case 2: Consent Management ............................................................................ 105 Data Flow 2—Use Case 2: Consent Management (continued) ......................................................... 106 Data Flow 2—Use Case 2: Consent Management (continued) ......................................................... 107 Data Flow 3—Use Case 3: Release and Use of Specially Protected Health Data .............................. 108 Scenario Narrative: ........................................................................................................................... 108 Data Flow 3—Use Case 3: Release and Use of Specially Protected Health Data .............................. 109 Data Flow 3—Use Case 3: Release and Use of Specially Protected Health Data (continued) .......... 110 Data Flow 3—Use Case 3: Release and Use of Specially Protected Health Data (continued) .......... 111 Data Flow 3—Use Case 3: Release and Use of Specially Protected Health Data (continued) .......... 112 Data Flow 4—Use Case 4: Identification and Re-Identification of PCOR Data ................................. 113 Scenario Narrative: ........................................................................................................................... 113 Data Flow 4—Use Case 4: Identification and Re-Identification of PCOR Data ................................. 114 Data Flow 4—Use Case 4: Identification and Re-Identification of PCOR Data (continued) ............. 115 Data Flow 4—Use Case 4: Identification and Re-Identification of PCOR Data (continued) ............. 116 Data Flow 5—Use Case 5: Research Using Patient-Generated Health Data .................................... 117 Scenario Narrative: ........................................................................................................................... 117 Data Flow 5—Use Case 5: Research Using Patient-Generated Health Data .................................... 118 Data Flow 5—Use Case 5: Research Using Patient-Generated Health Data (continued) ................. 119 Data Flow 5—Use Case 5: Research Using Patient-Generated Health Data (continued) ................. 120 EXPLANATORY NOTES .............................................................................................. 121 HIPAA Notes ............................................................................................................................... 121 Common Rule Notes ................................................................................................................... 128 Part 2 Notes ............................................................................................................................... 135 GINA Notes ................................................................................................................................ 137 State Law Notes ......................................................................................................................... 138 APPENDIX A: STATUTES AND REGULATIONS RELEVANT TO PCOR .............................. 140 INTRODUCTION ....................................................................................................... 141 OVERVIEW OF FEDERAL LAWS: CONTENT-SPECIFIC .................................................. 142 Health Insurance Portability and Accountability Act of 1996 (HIPAA) ............................................ 142 Information De-Identification ........................................................................................................... 144 The Privacy Rule ................................................................................................................................ 145 The Security Rule .............................................................................................................................. 147 The Enforcement Rule ...................................................................................................................... 147 The Breach Notification Rule ............................................................................................................ 148 42 C.F.R. Part 2 (Substance Abuse Information) ........................................................................... 148 Genetic Information Nondiscrimination Act of 2008 (GINA) .......................................................... 151 Patient Safety and Quality Improvement Act of 2005 (PSQIA) ....................................................... 152 Privacy Act of 1974 and Freedom of Information Act (FOIA) ......................................................... 153 OVERVIEW OF FEDERAL LAWS: RESEARCH-SPECIFIC ................................................. 154 Common Rule ............................................................................................................................. 154 Informed Consent ............................................................................................................................. 158 Broad Consent ................................................................................................................................... 159 U.S. Food and Drug Administration (FDA) Regulations .................................................................. 160 HIPAA, Common Rule, and Research ........................................................................................... 161 OVERVIEW OF FEDERAL LAWS: SETTING-SPECIFIC .................................................... 163 Confidentiality of Veterans Affairs Medical Records ..................................................................... 163 Family Educational Rights and Privacy Act (FERPA) ....................................................................... 164 HIPAA Covered Entities Subject to More Stringent Requirements ................................................. 165 State Laws in General and Relationship to Federal Laws ............................................................... 166 HIPAA and Minors ............................................................................................................................. 166 Part 2 and Minors ............................................................................................................................. 167 APPENDIX B: ASSESSING POTENTIAL BARRIERS AND AMBIGUITY IN THE LEGAL LANDSCAPE ............................................................................................................. 174 INTRODUCTION ....................................................................................................... 175 A. Statutory, Regulatory, or Policy Void ....................................................................................... 175 Examples/Analysis ............................................................................................................................. 176 B. Ambiguous or Overlapping Federal Authority .......................................................................... 176 Examples/Analysis ............................................................................................................................. 176 C. Informal Guidance (“Soft Law”) ............................................................................................... 177 Examples/Analysis ............................................................................................................................. 178 D. Regulatory Bottleneck ............................................................................................................ 178 Examples/Analysis ............................................................................................................................. 179 E. Incompatible Stakeholder Implementation or Institutional Policies ........................................... 179 Examples/Analysis ............................................................................................................................. 180 F. State Law Variation ................................................................................................................. 180 Examples/Analysis ............................................................................................................................. 180 G. Legal/Compliance Questions ................................................................................................... 181 Examples/Analysis ............................................................................................................................. 181 H. Ethical Questions and Concerns............................................................................................... 182 Examples/Analysis ............................................................................................................................. 182 I. Additional Areas of Stakeholder Concern and Suggestions ......................................................... 183 Examples/Analysis ............................................................................................................................. 183 APPENDIX C: SELECTED FEDERAL INITIATIVES ........................................................... 184 INTRODUCTION ....................................................................................................... 185 HHS Office of the National Coordinator for Health Information Technology (ONC) ... 185 Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information (2008) .......................................................................................................... 185 HIE Governance (2013) ............................................................................................................... 185 Shared Nationwide Interoperability Roadmap ............................................................................. 186 Health Information Technology Policy Committee (HITPC) Privacy and Security Workgroup .......... 187 Federal Health IT Strategic Plan 2015–2020 ................................................................................. 187 Other ONC PCOR Projects ........................................................................................................... 188 HHS Open Data Initiatives ........................................................................................ 188 HHS Office for Civil Rights (OCR) .............................................................................. 188 HHS Office for Human Research Protections (OHRP) ................................................ 189 Secretary’s Advisory Committee on Human Research Protections (SACHRP) ............ 189 National Committee on Vital and Health Statistics (NCVHS) ..................................... 189 Patient-Centered Outcomes Research Institute (PCORI) ........................................... 189 Centers for Disease Control (CDC) ............................................................................ 190 Federal Trade Commission (FTC) .............................................................................. 190 Substance Abuse and Mental Health Services Administration (SAMHSA) ................. 191 Precision Medicine Initiative (PMI) .......................................................................... 191 PMI Privacy and Trust Principles .................................................................................................. 191 PMI Draft Data Security Policy Principles ..................................................................................... 191 APPENDIX D: SELECTED FEDERAL RESOURCES .......................................................... 193 INTRODUCTION ....................................................................................................... 194 Centers for Disease Control and Prevention (CDC) ................................................... 194 Centers for Medicare & Medicaid Services (CMS) ..................................................... 194 Federal Trade Commission (FTC) .............................................................................. 195 Food and Drug Administration (FDA) ....................................................................... 196 National Committee on Vital and Health Statistics (NCVHS) ..................................... 196 National Institutes of Health (NIH) ........................................................................... 196 National Institute of Standards and Technology (NIST) ............................................ 197 Office for Civil Rights (OCR) ...................................................................................... 197 Office for Human Research Protections (OHRP) ....................................................... 202 Office of the National Coordinator for Health Information Technology (ONC) .......... 203 Substance Abuse and Mental Health Services Administration (SAMHSA) ................. 204 U.S. Department of Veterans Affairs (VA) ................................................................ 205 Research Data Assistance Center (ResDAC) .............................................................. 205 APPENDIX E: GLOSSARY ........................................................................................... 206 Legal and Ethical Architecture for PCOR Data CHAPTER 1: OVERVIEW OF LEGAL AND ETHICAL ARCHITECTURE FOR PCOR DATA Submitted by: The George Washington University Milken Institute School of Public Health Department of Health Policy and Management

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.