Multicenter patient records research: security policies and tools.

The expanding health information infrastructure offers the promise of new medical knowledge drawn from patient records. Such promise will never be fulfilled, however, unless researchers first address policy issues regarding the rights and interests of both the patients and the institutions who hold their records. In this article, the authors analyze the interests of patients and institutions in light of public policy and institutional needs. They conclude that the multicenter study, with Institutional Review Board approval of each study at each site, protects the interests of both. "Anonymity" is no panacea, since patient records are so rich in information that they can never be truly anonymous. Researchers must earn and respect the trust of the public, as responsible stewards of facts about patients' lives. The authors find that computer security tools are needed to administer multicenter patient records studies and describe simple approaches that can be implemented using commercial database products.

[1]  L. Gostin,et al.  Health Care Information and the Protection of Personal Privacy: Ethical and Legal Considerations , 1997, Annals of Internal Medicine.

[2]  A. Krute,et al.  1972 Survey of disabled and nondisabled adults: chronic disease, injury, and work disability. , 1978, Social security bulletin.

[3]  Latanya Sweeney,et al.  Guaranteeing anonymity when sharing medical data, the Datafly System , 1997, AMIA.

[4]  L. Gostin,et al.  The public health information infrastructure. A national review of the law on health information privacy. , 1996, JAMA.

[5]  Joel R. Reidenberg,et al.  Data Privacy Law: A Study of United States Data Protection , 1996 .

[6]  G. Wiederhold,et al.  A security mediator for health care information. , 1996, Proceedings : a conference of the American Medical Informatics Association. AMIA Fall Symposium.

[7]  Lawrence O Gostin,et al.  Health information privacy. , 1995, Cornell law review.

[8]  E. B. Steen,et al.  The Computer-Based Patient Record: An Essential Technology for Health Care , 1992, Annals of Internal Medicine.

[9]  L. Melton,et al.  The threat to medical-records research. , 1997, The New England journal of medicine.

[10]  Kathleen N. Lohr,et al.  Health Data in the Information Age: Use, Disclosure, and Privacy—Part II. , 1994 .

[11]  Sheri A. Alpert Ethics, Computing, And Medicine: Health care information: access, confidentiality, and good practice , 1997 .

[12]  Robert F. Boruch,et al.  Assuring the Confidentiality of Social Research Data , 1979 .

[13]  E N Lazaridis Database Standardization, Linkage, and the Protection of Privacy , 1997, Annals of Internal Medicine.

[14]  Judicial Affairs,et al.  Code of medical ethics : current opinions with annotations , 1994 .

[15]  R. Finnegan,et al.  Medical record management , 1981 .

[16]  Stephen B. Johnson,et al.  Security architecture for multi-site patient records research , 1999, AMIA.

[17]  L. Sweeney Replacing personally-identifying information in medical records, the Scrub system. , 1996, Proceedings : a conference of the American Medical Informatics Association. AMIA Fall Symposium.

[18]  T. B. Jabine,et al.  Access to social security microdata files for research and statistical purposes. , 1978, Social security bulletin.

[19]  Alexander La,et al.  Access to social security microdata files for research and statistical purposes. , 1978, Social security bulletin.

[20]  Walter Müller,et al.  Identification Risks of Microdata , 1995 .

[21]  E. B. Steen,et al.  The Computer-Based Patient Record , 1997 .

[22]  Thomas C. Rindfleisch,et al.  Privacy, information technology, and health care , 1997, CACM.

[23]  J. Fitzmaurice Computer-Based Patient Records , 1999 .

[24]  A M Epstein,et al.  The outcomes movement--will it get us where we want to go? , 1990, The New England journal of medicine.

[25]  L. Gostin,et al.  Privacy and security of personal information in a new health care system. , 1993, JAMA.

[26]  R L Menlove,et al.  The timing of prophylactic administration of antibiotics and the risk of surgical-wound infection. , 1992, The New England journal of medicine.