Ethics, Privacy, etc. Peter Szolovits 6.872/HST.950

Similar documents
Patient Data Privacy in. Electronic Records

WHAT IS AN IRB? WHAT IS AN IRB? 3/25/2015. Presentation Outline

The Impact of The HIPAA Privacy Rule on Research

LifeBridge Health HIPAA Policy 4. Uses of Protected Health Information for Research

HIPAA Privacy Regulations Governing Research

IRB 101. Rachel Langhofer Joan Rankin Shapiro Research Administration UA College of Medicine - Phoenix

YALE UNIVERSITY THE RESEARCHERS GUIDE TO HIPAA. Health Insurance Portability and Accountability Act of 1996

New HIPAA Privacy Regulations Governing Research. Karen Blackwell, MS Director, HIPAA Compliance

New Study Submissions to the IRB

Geisinger IRB Member Orientation Session 2. Debra L. Henninger, MHS RN CCRC Associate Director, Research Compliance

M6728. Goals. The Nuremberg Code. Ethics in Research Informed Consent/IRBs Reporting Research Results

(Type inside gray boxes, cells will expand) A. EIGHT POINT CRITERIA for IRB Review

The HIPAA Privacy Rule and Research: An Overview

ETHICAL AND REGULATORY CONSIDERATIONS

"Getting Your Protocol Through the IRB"

The Queen s Medical Center HIPAA Training Packet for Researchers

Evaluation ethics Evaluation resources from Wilder Research

INSTITUTIONAL REVIEW BOARD Investigator Guidance Series HIPAA PRIVACY RULE & AUTHORIZATION THE UNIVERSITY OF UTAH. Definitions.

HIPAA PRIVACY TRAINING

Navigating HIPAA Regulations. Michelle C. Stickler, DEd Director, Research Subjects Protections

APPLICATION FOR RESEARCH REQUESTING AN IRB WAIVER OF CONSENT AND HIPAA AUTHORIZATION

Efficacy of Tympanostomy Tubes for Children with Recurrent Acute Otitis Media Randomization Phase

X Name of Patient (Please Print) X Signature of Patient (or Parent/Legal Guardian) X Name of Parent/Legal Guardian (Please Print)

HIPAA Policies and Procedures Manual

THE JOURNEY FROM PHI TO RHI: USING CLINICAL DATA IN RESEARCH

Student Orientation: HIPAA Health Insurance Portability & Accountability Act

Pablo Tebas, M.D. Joseph Quinn, RN, BSN Yan Jiang, RN, BSN, MSN

Privacy and Security Orientation for Visiting Observers. DUHS Compliance Office

SCHOOL OF PUBLIC HEALTH. HIPAA Privacy Training

Best practices in using secondary analysis as a method

APEC Preliminary Workshop: Review of Drug Development in Clinical Trials

San Francisco Department of Public Health Policy Title: HIPAA Compliance Privacy and the Conduct of Research Page 1 of 10

IRB Process for SURF April 21, 2015

Access to Patient Information for Research Purposes: Demystifying the Process!

ERB Submission Guidance

What is HIPAA? Purpose. Health Insurance Portability and Accountability Act of 1996

DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION (PHI)

The SOP applies to all human subject research falling under the purview of the University of Missouri Institutional Review Board.

General Procedure - Institutional Review Board

Signature (Patient or Legal Guardian): Date:

PATIENT INFORMATION Please Print

CHI Mercy Health. Definitions

NOTICE OF PRIVACY PRACTICES

Pennsylvania Hospital & Surgery Center ADMINISTRATIVE POLICY MANUAL

Patient: Gender: Male Female. Mailing Address: Ethnicity: Not Hispanic or Latin Hispanic/Latin Home Phone #:

CLINICIAN S GUIDE TO HIPAA PRIVACY

The HIPAA privacy rule and long-term care : a quick guide for researchers

SAINT AGNES MEDICAL CENTER CLINICAL RESEARCH CENTER Fresno, California. STANDARD OPERATING PROCEDURES Institutional Review Board

MAIN STREET RADIOLOGY

Commission on Dental Accreditation Guidelines for Filing a Formal Complaint Against an Educational Program

Payment: We are permitted to use and disclose your health information to receive payment for our services. For example, we may:

UNIVERSITY OF PENNSYLVANIA HEALTH SYSTEM

Objectives. By the end of this educational encounter, the clinician will be able to:

Practice Limited to Infants, Children, & Adolescents

Responsible Party Information (Information used for patient balance statements) Responsible Party Another Patient Guarantor Self

Institutional Review Board (previously referred to as Human Participants Research Board) Updated January 2004

DO I NEED TO SUBMIT FOR THIS?... & OTHER FREQUENTLY ASKED QUESTIONS. March 2015 IRB Forum

Department of Defense DIRECTIVE. SUBJECT: Protection of Human Subjects and Adherence to Ethical Standards in DoD-Supported Research

HIPAA and HITECH: Privacy and Security of Protected Health Information

1. Applicant Name: (Please check one) [ ]Insured/Patient [ ]Patient s Designee [ ]Provider. 2. Patient Name: 3. Patient Address:

Human Subjects Research Policy Update. Naomi Coll Director of Research Policy and Compliance

Scripps Clinic Medical Group (SCMG) and SCRIPPS HEALTH INFORMED CONSENT STATEMENT FOR. Study Title: SCMG & Scripps Health Bio-Repository

This notice describes Florida Hospital DeLand s practices and that of: All departments and units of Florida Hospital DeLand.

Guide to Accessing Quality Health Care Spring 2017

Utilizing the NCI CIRB

HEALTH HISTORY QUESTIONNAIRE

Implementing the Revised Common Rule Exemptions with Limited IRB Review

School Based Health Services Consent Form

Jayme Yodice, MA 1905 J.N. Pease Place Suite 104 Licensed Psychological Associate Charlotte, NC NC

WELCOME. Payment will be expected at the time of service. Please remember our 24 hour cancellation notice.

University of Kansas Medical Center StrokeJTlA Database Project Informed Consent

Columbia Medical Practice- Pediatrics Ken Klebanow M.D. and Associates

Johns Hopkins Notice of Privacy Practices for Health Care Providers

Can Improvement Cause Harm: Ethical Issues in QI. William Nelson, PhD Greg Ogrinc, MD, MS Daisy Goodman, CNM. DNP, MPH

THE COUNSELING PLACE ADULT INTAKE FORM Yearly Family Income:

Welcome to University Family Healthcare, PA.

Institutional Review Board Policies and Procedures

Faculty Profile. PART I Privacy Training for Health Professionals. Disclaimer. Always Be Prepared 7/11/2013. Why should you care about Privacy?

NOTICE OF PRIVACY PRACTICES

MCCP Online Orientation

OREGON HIPAA NOTICE FORM

System-wide Policy: Use and Disclosure of Protected Health Information for Research

HIPAA COMPLIANCE APPLICATION

- Cardiac Catherization - Cardiac Angioplasty - Cardiac Bypass - MUGA - CT Scan

PATIENT INFORMATION Indiana Plastic Surgery Center, PC

Optional PREFERRED CARE. Covered 100%; deductible waived. Covered 100%; deductible waived

NOTICE OF PRIVACY PRACTICES

Institutional Review Board Manual. University of the Incarnate Word


Parental Consent For Minors to Receive Services

HIPAA Privacy Training for Non-Clinical Workforce

It defines basic terms and lists basic principles that all LSUHSC-NO faculty, staff, residents and students must understand and follow.

ETHICS COMMITTEE: ROLE, RESPONSIBILITIES AND FUNCTIONS K.R.CHANDRAMOHANAN NAIR DEPARTMENT OF ANATOMY, MEDICAL COLLEGE, THIRUVANANTHAPURAM

THE CHILDREN S INSTITUTE OF PITTSBURGH NOTICE OF PRIVACY PRACTICES

FAMILY PHARMACEUTICAL SERVICES NOTICE OF PRIVACY PRACTICES effective 9/23/2013

Associates in ear, nose, throat/ Head & Neck surgery, pllc

NOTICE OF PRIVACY PRACTICES

The care of your newborn child, or the placement of a child with you for adoption or foster care; or

ADMISSION CONSENTS. 1. Yes No Automobile Medical or No Fault insurance due to an accident?

PATIENT REGISTRATION FORM (ecw)

Transcription:

Ethics, Privacy, etc. Peter Szolovits 6.872/HST.950

Treatment of Human Subjects:The Belmont Report 1979 Ethical Principles and Guidelines for the Protection of Human Subjects of Research Balancing (societal) benefits vs. (individual) risks History of abuses Nazi experiments Nuremberg code Tuskegee syphilis study

Nazi Medical Experiments Freezing / Hypothermia Genetics Infectious Diseases Interrogation and Torture Killing / Genocide High Altitude Pharmacological Sterilization Surgery Traumatic Injuries A cold water immersion experiment at Dachau concentration camp presided over by Professor Ernst Holzlöhner (left) and Dr. Sigmund Rascher (right). The subject is wearing an experimental Luftwaffe garment http://en.wikipedia.org/wiki/nazi_human_experimentation unknown. All rights reserved. This content is excluded from our Creative Commons license. For more information, see http://ocw.mit.edu/fairuse.

Tuskegee Syphilis Experiment 1932-1972 experiment to study natural progression of disease 399 African-American sharecroppers w/ syphilis failed to treat even after penicillin was shown to be an effective treatment in 1940 s Public domain image from Wikimedia Commons. http://en.wikipedia.org/wiki/tuskegee_syphilis_experiment

Practice & Research The term practice refers to interventions that are designed solely to enhance the well-being of an individual patient or client and that have a reasonable expectation of success. The term research designates an activity designed to test an hypothesis, permit conclusions to be drawn, and thereby to develop or contribute to generalizable knowledge. Research and practice may be carried on together when research is designed to evaluate the safety and efficacy of a therapy.... if there is any element of research in an activity, that activity should undergo review for the protection of human subjects. From the Belmont Report

Basic Ethical Principles Respect for Persons Beneficence Justice From the Belmont Report

Respect for Persons Each person is an autonomous agent, capable of deliberation about personal goals and of acting under the direction of such deliberation Persons with diminished autonomy are entitled to protection: e.g., children, physically or mentally disabled, prisoners. Requires Informed Consent Adequate information Voluntary participation From the Belmont Report

(Informed Consent) Study involves research, purpose of research, duration, procedures, what is experimental? Foreseeable risks and discomforts Possible benefits to participants or others Alternative procedures that might be beneficial How confidentiality will be maintained For research involving more than minimal risk, what compensations and treatments may be available, and where to get further information Participation is voluntary; no penalty for refusal http://www.hhs.gov/ohrp/policy/consent/index.html

Beneficence Do no harm one should not injure one person regardless of the benefits that might come to others minimize risk to participants Maximize possible benefits to society but, research subjects may not benefit directly Some tradeoffs are unavoidable From the Belmont Report

Justice Varied views of equal treatment equal share individual need individual effort societal contribution merit Select participants fairly Distribute benefits fairly From the Belmont Report

Enforcement: The Common Rule Applies to all US Government funded projects involving human subjects Institutional Review Boards (IRB) review and must approve all such proposed research; responsible to protect subjects yearly review of research protocols, informed consent, training of researchers, etc. Criteria of Belmont Report. expedited review for research involving no more than minimal risk ; consent may be waived exemptions for educational research, food quality research, and retrospective research on public or de-identified data IRB s also responsible for protection of confidentiality MIT s IRB is the Committee on Use of Humans as Experimental Subjects (COUHES) http://www.hhs.gov/ohrp/policy/consent/index.html

Privacy vs. privacy

Protecting What? Privacy Individual s desire to limit disclosure of personal information Confidentiality Information sharing in a controlled manner Security Protecting information against accident, disaster, theft, alteration, sabotage, denial of service, Against what? Evil hackers Malicious insiders Stupidity Information Warfare 13

Privacy Right to be let alone; e.g.: snooping on Dan Quayle by J. Rothfeder outing of Arthur Ashe (HIV), Henry Hyde (adultery) celebrity medical problems (Tammy Wynette, Nicole Simpson) applies mostly to known individuals 14

Privacy in obscurity Right to remain unknown Correlation among pervasive databases: census marketing health Images by MIT OpenCourseWare. 15

Confidentiality Use and sharing of information by multiple users at many institutions Should be controlled by coherent policy Enforced by appropriate technology E.g., who may use results of your life insurance physical exam, for what purposes? 16

Legitimate Concerns (some may be ameliorated by ACA) Difficulty getting insurance Individual insurers may deny you coverage based on your medical history if it includes: Use of prescription drugs to treat anxiety, depression or a physical condition, including Ativan, Klonipin, Paxil, Prozac, Serzone, Zoloft, Xanax and Wellbutrin. Counseling for anxiety, depression, grief or an eating or sleep disorder. Even if you briefly sought counseling as a way to cope with the Sept. 11 terrorist attacks, you could be denied individual health insurance, according to researchers with Georgetown's Health Privacy Project. (MSN, March 9, 2004) Medical Information Bureau Data on all applicants for private life insurance in past 7 years 17

Additional Legitimate Concerns When employer pays insurance premiums, you may lose your job Self-insured companies Small employers facing experience rated policies Non-employment discrimination based on health Adoption Politics Social stigma 18

Employer s Clinic & Wellness program Patient s Employer Care Provider (physician, hospital Clinical Laboratory Consulting Physician State Bureau of Vital Statistics Patient Managed Care Organization Medical Researcher Life Insurance Company Accrediting Organization Retail Pharmacy Health Insurance Company Spouse s Employer Medical Information Bureau Lawyer in malpractice case Pharmacy Benefits Manager long term repository, patient-identified data short term repository, patient-identified data flow of patient-identified medical information flow of non-identifiable medical information temporary access, patient-identified data long term repository, non-patient-identified data temporary access, non-patient-identified data

Security Integrity of data No unauthorized modifications No dropped bits Availability Natural disaster Adversary attack Inadequacy of backup, fail-over Enforcement of confidentiality policies

De-Identification

Identifiable HIPAA: Name, address, phone number, fax number, email address, URL, IP address, social security number, medical record n., health plan n., account n., certificate/license n., vehicle id, device id, biometric id, full-face photo, date of birth, zip code, gender, race, profession any other unique identifying number, characteristic, or code actual knowledge that the information could be used to identify Patterns of doctor visits, immunizations, etc. identifiable by inference depends on knowledge and abilities of data user Small bin sizes lead to identifiability Aggregate data into larger bins dob => age 3 digits of zip code 22

Sweeney s Cambridge 1997 Cambridge, MA voting list on 54,805 voters Name, address, ZIP, birth date, gender, Combinations that uniquely identify: Birth date (mm/dd/yy)12% BD + gender 29% BD + 5-digit ZIP 69% BD + 9-digit ZIP 97% Unique individuals Kid in a retirement community Black woman resident in Provincetown 23

Problem of other information Governor Weld s data found in Mass de-identified dataset Dates you visited a health care provider (over a lifetime) are probably unique Can be used to re-identify you if someone has both de-identified data and other data that link to identifiers Genetics makes this immensely more problematic Think Gattaca 24

Danger of Re-identification 25 Figure by Sweeney, Latanya. "Computational disclosure control: A primer on data privacy protection." Massachusetts Institute of Technology, 2001.

Protection via generalization 26 Figure by Sweeney, Latanya. "Computational disclosure control: A primer on data privacy protection." Massachusetts Institute of Technology, 2001.

Computational Disclosure Control Make sure data cannot be traced back to a set of size < n Generalization Suppression of unique combinations Account for leakage from what has been suppressed; e.g., backcalculating from aggregate statistics How to estimate external information? Every release becomes more external info. 27

Methods of Generalization/ Suppression Underlying problem (find minimal generalization/suppression to achieve a level of anonymity) is NP-hard (Vinterbo) Mainly heuristic search over space of possible generalizations/suppressions Scrub, Datafly, µ-argus (Netherlands), k-similar Lasko: spectral anonymization Build a model of data that captures the n-th order statistics of the distribution Synthesize fake patients from that distribution 28

MIT OpenCourseWare http://ocw.mit.edu HST.950J / 6.872 Biomedical Computing Fall 2010 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback