Thursday, December 06, 2012

Here Is Another Very Good Reason For Not Putting Sensitive Information In Your NEHRS / PCEHR

The following appeared a few days ago:

Doubts over e-health records for research

30 November, 2012 Julie Robotham
Patients and GPs are wary about the use of electronic health records for public health research, even if the data is de-identified, according to a UK study with implications for Australia’s development of the sector.
Fiona Stevenson from the Department of Primary Care and Population Health, at University College London, approached 800 patients from the two general practices chosen to evaluate an “opt out” system for patients whose medical and social security records otherwise could be linked though electronic identifiers and stored in a “safe haven”, for later de-identified use by researchers. Half of the patients she selected had opted out.
.....
A spokeswoman for Australia’s Department of Health and Ageing said de-identified personally controlled electronic health record (PCEHR) data could be used for research. Next year the government would develop, “more detailed guidance about access to the PCEHR data for research purposes,” and would seek input from patients.
Full article here:
Then we read this from the US Government.

OCR: No fail-safe for de-identifying patient info

November 29, 2012 | By Dan Bowman
Neither the expert determination method nor the safe harbor method of de-identifying patient data are 100 percent effective, according to new guidance released this week by the U.S. Department of Health & Human Services' Office for Civil Rights. While both methods can lower the risk of re-identifying data to miniscule levels, neither are completely secure, OCR officials write.
"There is a possibility that de-identified data could be linked back to the identity of the patient to which it corresponds," the guidance says.
For the expert determination method, a person deemed an expert--a.k.a, someone "with appropriate knowledge of and experience with generally accepted statistical and scientific principles for rendering information not individually identifiable"--uses their expertise to measure the risk of re-identification for certain sets of data. In a blog post written this week by FierceHealthIT Advisory Board member David Harlow, Harlow says it's worth noting that OCR says that expert determinations should only be valid for a finite amount of time.
More here:
Here are the relevant links:
- here's the guidance (.pdf)
- read Harlow's blog post
All I can say is that it is up to you if you believe DoHA and NEHTA can do a better job than the experts in the US in the task of data de-identification. Me, I won’t take the risk, and will apply the ‘happy to see the information on the front page of the SMH or The Age’ test to the content I provide to these systems.
David.

3 comments:

Anonymous said...

Shouldn't "To" == "For Not" in the Title?

Help must be freezing over if you're now advocating and evangelising the PCEHR/NEHRS now David??

Next you'll be working for either NEHTA or DOHA or both, heaven forbid!

Dr David More MB PhD FACHI said...

Well spotted - done!

If I could be paid as much as that other blogger is rumoured to have been paid..sigh!

David.

Anonymous said...

"more detailed guidance about access to the PCEHR data for research purposes"

Some basic questions come to mind:

1. Does 19 health summaries make a valid sample size?

2. Sounds like another Accenture/IBM beat up to me, maybe they have another system waiting to be purchased or justified?

3. How about they fix up the PCEHR mess first, hang on , no on second thoughts, how about they stop wasting money on a crap foundations. There are many areas that have research scientists that could benefit from any urge to spend money on setting up research data mining.

I suppose the "dollar ticks" will never give up pushing power point benefits to gullible disconnected high level bureaucrats so they can line their back pockets!