Data Security and Privacy - PCORnet/DataCommittee GitHub Wiki

###Overview

The vision of a national patient-centered clinical research network for conducting CER relies on the support and trust of individual patients, of the clinicians and healthcare systems participating in and providing data to the network, and of the public. To realize this vision a working group will be created to promote practices, with respect to data acquisition, linkage, storage, analysis, and transmission that are directed toward protecting the security and confidentiality of individual-level clinical data.

Members:

• Abel Kho (lead)
• Rachel Hess
• Ravi Bhosale
• Russ Waitman

Deliverables:

• Processes and standards for preserving patient privacy such as de-identification standards (eg. Safe Harbor), responding a to data breach, privacy preserving record linkage, and recommendations for information security methods such as penetration testing are shared and disseminated.

Metrics (examples):

• Studies performed that use distributed analysis or de-identified data analysis instead of requiring patient identifiers from the networks and patients
• Queries rejected by data marts due to privacy constraints at their institution. Note; the term data mart refers to the data held at an institution (CDRN, PPRN, or a site within a CDRN/PPRN) that is accessed by PCORnet.
• Number of networks and data marts using shared policies, procedures, and methods
• Number of data marts and infrastructure components utilizing common approaches to data security and privacy