Skip to Content

Programs & Resources

Breakout Group 4 -- Summary and Discussion

Access to databases - security, confidentiality,
ownership, integrity

Bernie Huang, Larry Schwartz,
Chris Carr, Mel Greberman,
Richard Hanusik, Mary Lou Ingeholm, Eliot Siegel, and
John Perry

Cancer Imaging Informatics Sept 27, 2002 (footer on all slides)

Charges

  • Management of Data Access Rights
  • Portable Clinical Imaging Records
  • Individual Access to their own Images
  • Images in Clinical Trials, Just Another form of Data?
  • Teaching Files

Overview

  • Management of Data Access
  • Security
  • Ownership
  • Portable Clinical Imaging Records
  • Teaching Files
  • Recommendations

Management of Data Access

  • Individual patients should have access to their own data
  • Should investigators have exclusive access rights to clinical trials data?
    • Is access a necessary incentive for participation?
    • Staged access for research data/timing
  • PIs
  • All participating investigators
  • All US investigators
  • All International investigators
    • Who should investigators make it available to?
  • Compulsory
  • Prohibited

Management of Data Access

  • Depends upon purpose of data-Spectrum from anonymizedteaching files to clinical trials data to an individual's images in an ePR
  • For NCI research should NCI set rules for accessibility of data?-What rules apply after completion of trials?-Should NCI just take over management of data?-Set guidelines for sharing APIs, schemas, etc?-How important is the data? For how long?
  • Mammo
  • Chest
  • Others-Seven year rule like paper world?

Security

  • HIPAA: Does it change the rules?
  • "Common Rule" applies
  • Should there be a single, clear federal standard for security in clinical trials (enforced by NCI?)

Security

  • HIPAA takes a "good practice" approach
  • Integrity: necessary to guard against falsified data?
    • Watermarking
    • Encryption
    • Digital image signatures
  • Does security for clinical trials need to be more stringent than for clinical care?

Ownership

  • Who owns patient images?
  • Who owns clinical trials data?
    -Researchers
  • -Institutions gathering data -Patients: can demand that copies be made available to them -NCI or other sponsors -Public
  • Does ownership = publication rights?
  • Who is responsible if the information is lost?
    • Institution
  • Ownership

    • Uncertainty about rules and burden of security policies a barrier to clinical trials participation?
      • Federal/Private/International

    Portable Clinical Imaging Records

    • Privacy/confidentiality/integrity concerns of patient data
    • Same rules should apply as for other electronic data
    • HIPAA rules
    • Proper use depends on to whom the record is given (physician, patient)

    Teaching Files

    • Rules more relaxed than clinical trials
    • Confidentiality: anonymized; but relevant demographics not scrubbed
    • Access: "owner" determines
    • Security: sufficient to control access
    • Integrity: author/institution responsible for policies
    • Ownership: -Author responsible for securing permission for any borrowed materials-Fair use allows reproduction for educational purposes

    Recommendations to NCI

    • Commission study of security practices and access policies of current NCI trials
    • Generate good practice guidelines
      • Coordinate discussions with other groups working on standards/security
    • CDISC, ANSI HISB, NCVHS, HL7, DICOM, IHE, HIPAA, I3 group
    • Review specifics of recommendations for lung nodule study, BIRN

    Recommendations

    • Agree upon guidelines for encryption, watermarking, etc.
    • Consider requiring new studies to maintain images for public access
      • Policy on legacy databases
    • Consider funding specific trial studies for standardized access mechanisms
    • Evaluate additional costs of any access and security requirements on investigators

    Thank you