Clinical Research and Data: HIPAA, the Common Rule, the General Data Protection Regulation, and Data Repositories

The inexorable march of Moore’s Law has resulted in changes in all areas of our lives, including how we do clinical research. Researchers and patients are more connected. We store, access, and manipulate data in different ways; we conduct studies in multiple countries sharing data and samples around the world; and cybersecurity and hacking are a reality. This article touches on different legal aspects arising at the intersection of technology, data, and clinical research— specifically HIPAA (the Health Insurance Portability and Accountability Act), human subjects research, the European data law (the General Data Protection Regulation), and data repositories. It attempts to explain how two different law-making bodies, the US and the EU, have tried to balance the necessity of using data for research purposes that benefit society with the privacy issues and risks of that same data.

The full article can be downloaded below.  

Medical Device Cybersecurity: Regional Incident Preparedness and Response Playbook

Cybersecurity attacks on Healthcare and Public Health (HPH) critical infrastructure, such as healthcare delivery organizations (HDOs), are occurring with greater frequency. Disruptions in clinical care operations can put patients at risk. The global ransomware event known as WannaCry demonstrated how the performance of vulnerable medical devices may be compromised by an exploit, whether it intentionally targets the healthcare system or is purely opportunistic. Similarly, other attacks such as Petya/NotPetya have highlighted key challenges in preparedness and response across the HPH critical infrastructure sector. Securing critical infrastucture is a shared responsibility across many stakeholders, and with respect to medical devices the primary stakeholders are FDA, Medical Device Manufacturers (MDMs), and HDOs.

A common preparedness and response challenge FDA heard from its stakeholders in the aftermath of the aforementioned attacks is that HDOs did not know with whom to communicate (e.g. MDM-HDO interactions); what actions they might consider taking; and what resources were available to aid in their response. Without timely, accurate information and incorporation of medical device cybersecurity into their organizational emergency response plans, it was difficult for HDOs to assess and mitigate the impact of these attacks on their medical devices. To address this unmet need, the MITRE team (with the support of FDA), engaged with a broad distribution of stakeholder groups to understand the gaps, challenges, and resources for HDOs participating in medical device cybersecurity preparedness and response activities. These stakeholders included HDOs of varying size and demographics, state departments of health, medical device manufacturers, and government agencies. Information gathered resulted in the creation of this playbook that may serve as a resource for HDOs. The playbook provides a stakeholder-derived, open source, and customizable framework that HDOs may choose to leverage as a part of their emergency response plans in order to ultimately limit disruptions in continuity of clinical care as well as the potential for direct patient harm stemming from medical device cyber security incidents.

The full playbook can be downloaded below.  

A quick look at the UK's new National Health Service app

The National Health Service (NHS) in England is introducing a new app that will allow patients to access NHS services on their smartphones and tablets, to be gradually rolled out across the country starting from December this year.

Developed by NHS Digital and NHS England, it will be available through the App Store and Google Play for patients aged 16 and over, who will be able to use the app to access their GP records and the NHS 111 symptom checker, book appointments, order repeat prescriptions, register as organ donors and set data sharing preferences, using a single identity verification system.

The full article can be viewed at this link.  

Trusted Multi-Party Computation and Verifiable Simulations: A Scalable Blockchain Approach

Large-scale computational experiments, often running over weeks and over large datasets, are used extensively in fields such as epidemiology, meteorology, computational biology, and healthcare to understand phenomena, and design high-stakes policies affecting everyday health and economy. For instance, the OpenMalaria framework is a computationally-intensive simulation used by various non-governmental and governmental agencies to understand malarial disease spread and effectiveness of intervention strategies, and subsequently design healthcare policies. Given that such shared results form the basis of inferences drawn, technological solutions designed, and day-today policies drafted, it is essential that the computations are validated and trusted. In particular, in a multi-agent environment involving several independent computing agents, a notion of trust in results generated by peers is critical in facilitating transparency, accountability, and collaboration. Using a novel combination of distributed validation of atomic computation blocks and a blockchain-based immutable audits mechanism, this work proposes a universal framework for distributed trust in computations. In particular we address the scalaibility problem by reducing the storage and communication costs using a lossy compression scheme. This framework guarantees not only verifiability of final results, but also the validity of local computations, and its cost-benefit tradeoffs are studied using a synthetic example of training a neural network.

The full article can be downloaded below.  

The Role of Consumer Consent in Health Information Exchange (HIE) 

The traditional one-way information transfer considered the healthcare provider as the expert communicator and the patient as passive receiver of information. Patient-centered care operates based on patients’ preferences to improve patient safety and increase patient satisfaction and participation. A mutual exchange of information ensures that both patients and healthcare professionals form a partnership. Greater patients’ participation in Health Information Exchange can lead to higher degree of trust among all types of demographic groups. Patients need to be more engaged in decisions about data exchange through HIE in order to trust the technology and the healthcare system. The right of informed choice and consent is a meaningful means to achieve the support of consumers regarding HIE. However, the process of handling informed consent has caused variety of concerns such as security and privacy risks for patients. In this study, the role of consumer consent is discussed using the literature review method.

The full paper can be downloaded below.  

July 2018 report from Michelle De Mooy, Center for Democracy & Technology

This report explores the potential for harmful bias in mHealth interventions and considers the impact of such bias on individuals, companies, and public health, ultimately providing recommendations for app developers to ensure that the tools they build are inclusive and nondiscriminatory. This report seeks to advance the conversation about — and implementation of — equity and inclusivity in automated decisions in the health sector in ways that benefit both the public and the companies using data to make decisions by: (a) providing a landscape of the mHealth ecosystem; (b) synthesizing research and investigations to draw out key issues and
concerns related to bias in automated decision-making in the commercial health context; and (c) making recommendations that advance identification and mitigation of bias and discrimination in processes that produce commercial health app content.

Part II of this report provides an overview of the mHealth marketplace, covering the types of mHealth apps available, how data flows in and out of these apps, who uses these apps, how these apps are regulated, and how effective these apps are. Part III discusses the efficacy of mHealth and suggests that reducing bias is vital to delivering effective health interventions with these tools. Part IV examines how and when bias can be introduced into mHealth interventions.

Part V provides a recommended roadmap of inquiry for developers and others involved in mHealth to identify and mitigate bias. Part VI is a review of areas for future research, and Part

VII is a brief conclusion.

In today’s digital world, different systems interact with each other for data and information exchange. We expect each interaction / transaction between the systems to be secure and reliable. Blockchain is a new technology that promises an efficient, cost-effective, reliable, and secure system for conducting and recording any transaction without the need of middleman.

Author: Ralph Johnson III

Federal and state mandates have compelled healthcare systems to adopt “meaningful use” electronic health record (EHR) systems. Off-the-shelf, onthe-spot, one-source EHR systems such as EPIC® have become popular choices. Indeed, EPIC® recently captured a substantial proportion of the Houston Texas Medical Center (TMC), CVS Pharmacy mini-clinics, and extended into academic institutions. Current reported estimates are contentious but vary between 2047% of the EHR market share. Therefore, it is only sensible to conduct a review of EPIC.