APPENDIX A

Study Activities

As contracted with the sponsors, the Agency for Healthcare Research and Quality and the Office of the Assistant Secretary for Planning and Evaluation, the Institute of Medicine created a 12-person committee that was charged with identifying best practices of institutional review boards and private organizations in the protection of privacy and maintenance of confidentiality in health services research. The committee included members with expertise in medical ethics, health services research, epidemiological research, clinical research, IRB function, health and privacy law, statistics, computer science, and health data-base administration. The committee met by telephone conference call in January 2000 and held a workshop in March 2000 (agenda follows). The workshop, which was open to the public, included presentations from IRB administrators and chairs, research foundations, and health care services companies (see Appendix B). The workshop also featured presentations of the drafts of two commissioned papers (see Appendix C and Appendix D). In addition to the workshop, the committee posted an invitation on a list serve and on the National Academies' website to IRBs to contribute information (invitation follows workshop agenda).



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 101
Protecting Data Privacy in Health Services Research APPENDIX A Study Activities As contracted with the sponsors, the Agency for Healthcare Research and Quality and the Office of the Assistant Secretary for Planning and Evaluation, the Institute of Medicine created a 12-person committee that was charged with identifying best practices of institutional review boards and private organizations in the protection of privacy and maintenance of confidentiality in health services research. The committee included members with expertise in medical ethics, health services research, epidemiological research, clinical research, IRB function, health and privacy law, statistics, computer science, and health data-base administration. The committee met by telephone conference call in January 2000 and held a workshop in March 2000 (agenda follows). The workshop, which was open to the public, included presentations from IRB administrators and chairs, research foundations, and health care services companies (see Appendix B). The workshop also featured presentations of the drafts of two commissioned papers (see Appendix C and Appendix D). In addition to the workshop, the committee posted an invitation on a list serve and on the National Academies' website to IRBs to contribute information (invitation follows workshop agenda).

OCR for page 101
Protecting Data Privacy in Health Services Research WORKSHOP ON INSTITUTIONAL REVIEW BOARDS Institute of Medicine Cecil and Ida Green Building, Rooms GR-130 and GR-110 2001 Wisconsin Avenue, N.W. March 13–14, 2000 Monday, March 13, 2000 8:30 a.m. Call to Order, Welcome by Chair Bernard Lo, M.D. Charge to Committee, Introductions, Procedures, and Greetings from Sponsors 9:15 OPRR overview Thomas Puglisi, Ph.D. 9:30 IRB Administrators Art Anderson, M.D., Fort Detrick, U.S. Army Angie Khan, University of Texas Health Science Center, San Antonio 10:00 Discussion 10:30 Break 10:45 IRB Chairs/or Members James Kahn, M.D., University of California at San Francisco Robert Amdur, M.D., University of Florida Steve Garfinkel, Ph.D., Research Triangle Institute Tora Bikson, Ph.D., RAND Corporation 11:45 Discussion 12:30 p.m. Lunch 1:30 Private/or Independent IRB Angela Bowen, M.D., Western Institutional Review Board 1:45 Discussion 2:00 Pharmaceutical Company Harry Guess, Ph.D., Merck 2:15 Discussion

OCR for page 101
Protecting Data Privacy in Health Services Research 2:30 Health Services Companies Fred Teitelbaum, Ph.D., and Jennifer Low, Esq., Express Scripts Brent James, M.D., and Morris Linton, J.D., Intermountain Health Care Andrew Nelson, HealthPartners 3:15 Discussion 3:30 BREAK 3:45 Comparing Privacy Standards Internationally Bartha Knoppers, J.D. 4:15 Discussion 5:30 Adjourn Tuesday, March 14 (GR 110) 8:30 a.m. Call to Order, welcome by Chair, Brief Introductions of Committee 9:00 Technical Update Lawrence Dietz, Esq., Axent Technologies 9:15 Discussion 9:30 Special Considerations Regarding Data on Minors Ross Thompson, Ph.D. 10:00 Discussion 10:15 Break 10:30 Special Considerations of Privacy in Heavily Studied Minority Populations William Freeman, M.D. 10:45 Discussion 11:00 General Discussion 12:00 noon Adjourn Open Session

OCR for page 101
Protecting Data Privacy in Health Services Research INVITATION TO IRBS TO PROVIDE INFORMATION ON PRACTICES OF REVIEWING HEALTH SERVICES RESEARCH* The Institute of Medicine (IOM) is conducting a project on the role of IRBs in the protection of data privacy in health services research. As part of that project, we are requesting general information from practitioners in the field with respect to the issues identified below. We expect that this information request will be of interest to those who currently chair, serve on, or administer an IRB, and whose committee at least occasionally receives protocols for research that depend on secondary data mining or linkage, in health services research or similar secondary analyses of health-related data. By “health services research” we mean studies primarily using already-collected data to examine the impact of organization, financing, and management of health care services on access to, or the delivery, cost, outcomes, or quality of, services. Secondarily, we would include studies of already collected data that associate data sets to examine the outcomes of interventions, where similar privacy issues may arise. Under the Statement of Task for this project, the IOM will gather information on current practices and principles, and if possible, recommend a set of best practices, for use by IRBs in safeguarding data privacy in health services research. The IOM has appointed a committee and has scheduled a workshop intended to supply information to the committee with respect to these issues. Interested persons are invited to provide information regarding the practices of IRBs in protecting data privacy in health services research. This is not intended as a comprehensive survey, and we are not testing any specific hypothesis. Please feel free to elaborate on some or all of the issues identified below. Unless you indicate otherwise on your response, your name and contact information will be made available only to IOM staff, and will not be presented to the study committee. The substance of your response (without your name and contact information) will be provided to the IOM study committee (with your response identified only by general category such as hospital, university, etc.) and will be included in a public access file created by the IOM and made available to the public upon request. By submitting a response, you give permission to the IOM to quote or use all or part of your submission (without specific identification of you) in our final report or other works of the institution, which may be posted on the world wide web or translated into other languages. If you would like to provide information, please send it to the contact points below. Please also feel free, as always, to contact the Responsible IOM Staff Officer listed below if you wish to discuss any aspect of the project. *   Posted on MCWIRB list serve and National Academies Current Projects System website.

OCR for page 101
Protecting Data Privacy in Health Services Research Discussion Issues Policy or practices, if any, for identifying specific studies as health services research. Procedures, if any, for determining which health services research studies are exempt from IRB review. Procedures, if any, to determine whether and which information is identifiable when assessing risk of disclosure in an health services research protocol. Procedures, if any, for weighing the importance of the research relative to the risk (of disclosure) to those whose data are used. Procedures, if any, in place for merging different datasets, and in that context, for assuring that identifiable health information is protected Procedures, if any, used for reviewing protocols to assure that identifiable health information is being protected while the study is actually underway. Procedures, if any, to review protocols for the protection of data after a study is completed. Procedures, if any, for auditing or oversight to make sure protections and procedures are used and enforced. Provisions, procedures and/or principles that should be more widely adopted by IRBs in safeguarding data privacy in health services research. Thank you. Lee L. Zwanziger, Ph.D. Senior Program Officer Institute of Medicine