460 likes | 641 Views
CCTS Kentucky Center for Clinical and Translational Science. Conducting Clinical Research Using the UK Clinical Data Warehouse Todd R. Johnson, PhD Director, Division of Biomedical Informatics Tamela Harper, MHA Biomedical Intelligence Reporting Officer BMI Project Director.
E N D
CCTSKentucky Center for Clinical and Translational Science Conducting Clinical Research Using the UK Clinical Data Warehouse Todd R. Johnson, PhD Director, Division of Biomedical Informatics Tamela Harper, MHA Biomedical Intelligence Reporting Officer BMI Project Director
Initiatives from the BMI Core • UK Data Warehouse • IRB Protocol to Streamline Researcher Access to Data • Web Based Applications- tools for researchers • REDCap • i2b2 • UK Participant Recruitment • ResearchMatch • Open Scholar • Harvard Profiles
UK Data Warehouse • What is it? • Datasets available • Types of Access • Obtaining Access • Location • Security • Regulatory Concerns • Human Subject Protections • HIPAA
UK Data Warehouse……What is it? The Data Warehouse links disparate sources of data into one location.
EMR and CDW Differences • EMR • Optimized to access and write data about a single patient • OLTP System (Online Transaction Processing) • Supports large number of simple insert, update and delete transactions to patient records in a multi-access, multi-user environment • CDW • Optimized to access and aggregate data across tens and thousands of data • OLAP System (Online Analytical Processing) • Supports low volume of complex queries that involve aggregations across patients. • New data is added, but existing data is rarely modified
Datasets Available • UK HealthCare Clinical Data • Large commercially deidentified health claims data, commonly referred to as I3 • Kentucky Medicaid • Potential collaborations are undergoing to add datasets • KDOC • Markey Cancer Center Biospecimen Core Program
UK HealthCare Clinical Data The data includes • electronic medical records • billing data • patient safety measures • other administrative data being used for operations.
UK HealthCare Clinical DataTypes of Research Access Approved Under Umbrella IRB # 11-0750-F6A • Decedent Research • Deidentified Research • Aggregate patient counts for preparatory research using the i2b2 tool • Deidentified data pull from CDW • Current dimensions include: • Visit information (Age at visit, LOS) • Demographics (age, gender, race) • Diagnosis codes • Future dimensions include: • Lab results (June 2012) • Procedures (August 2012) • Medications (December 2012)
Large commercially deidentified health claims data The medical claims database contains approximately 15 million annual lives January 1, 2007– December 31, 2009 for a commercially insured employed population with dependents. • enrollment records • medical claims • prescription claims • lab results data
Large commercially deidentified health claims data Approved Under Umbrella IRB # 11-0473-P3H Deidentified Research- • Currently being built into an i2b2 interface • All data pulls must be conducted by staff and require consultations. • Data can not be linked to any other data even if deidentified. • Must be accessed on a virtual machine. • SAS and Excel provided on VM for statistical analysis. • Statistical assistance through the Dept. of Statistics Applied Statistics Lab
Kentucky Medicaid The database contains Kentucky medical claims and prescription claims data for the last fifteen years for Medicaid. Researchers at UK can have access to data with proper UK IRB and KY Cabinet IRB approvals.
UK Data Warehouse……Why do we need it? • Creates a true single source for data retrieval • Integrate critical information from over 100 clinical information systems • Assess quality of data • Improve Clinical Phenotyping • Billing codes, even when accurate, often do not reflect clinical reality • Accuracy varies by phenotype, context of care, hospital, clinic, and even provider • Include key insititutional and national standards for key measures • 30-day Readmissions • ICU readmissions (same stay) • Hospital acquired conditions, etc • Improves ability to make “secondary use” of clinical data in a timely, efficient manner for analysis • Quality improvement initiatives • Patient safety • Decision support • Heath care delivery • Corporate compliance • Research
Regulatory Concerns • Human Subject Protection • HIPAA • Data Warehouse is being built for operational purposes and is part of the covered entity • TPO- treatment, payment, or operational activities
Types of access Operational Research • Aggregate counts (i2b2 interface) • UK HealthCare data- • no IRB needed, additional training and documents required. • Large commercial deidentified database- • no IRB required, but consultation needed for data pull. Additional training and documents required. • Data Extracts (deidentified or identified) • KY Medicaid • UK and KY Cabinet IRBs required and consultation for data pull. • UK HealthCare data- • Consultation required and IRB may be required.
Types of Access • Deidentified data sets linked to other data sets • Limited data sets • Identified data sets Individual IRB approval
Obtaining Access Biomedical Informatics Service Request https://redcap.rdmc.org/redcap/surveys/?s=mR4EKq
Obtaining Access • Receive an email with next steps depending on what was requested
Obtaining Access Complete training requirements or schedule consultation • Training Requirements • CITI • HIPAA • Corporate Compliance • ORI Blackboard- HIPAA for researchers • Documentation Requirements • Signed Data Use Agreement • Students must have mentor signature • Signed HIPAA Assurance of Compliance
Obtaining Access Complete Access Application • answer questions about completing training and/or upload documents • upload signed Data Use Agreement and HIPAA Assurance form • upload IRB approval letter and application (Forms A and B) if needed.
Location • Center for Clinical and Translational Science (CCTS) and Institute for Pharmaceutical Outcomes & Policy (IPOP) • Physically housed within the new College of Pharmacy -BioPharm Complex
Security • Within UK’s network but behind its own firewall • Allow individual IP addresses to “poke” holes in the firewall • Access tightly controlled
D105.0000 Confidentiality and Data Security Guidelines for Electronic Data University of Kentucky (UK) Institutional Review Board (IRB)
REDCap • Secure web based application for building and managing online surveys and databases • Created by Vanderbilt University-UK is part of their consortium • However, UK data is housed on a local server with in house control behind a firewall
REDCap 326 Active Consortium Partners 41,110 users 29, 070 projects in production University of Kentucky (2008) Over 500 users Over 160 projects in production Over 260 projects in development
ProjectTypes You have 3 basic Project Types to choose from in REDCap Single Survey Data Entry Forms Single Survey + Data Entry Forms
REDCap- Server Security • Web server and database server are housed on separate servers • Behind a firewall in IPOP within UK’s network • Secure communications maintained by SSL • https://redcap.rdmc.org/redcap/ • Research data is backed up daily using MySQL Administrator • Windows Server 2008 R2 edition
REDCap-Data SecurityLogging In • Researcher accounts are set up using UK LinkBlue accounts (MC or AD)- Pass word protected • Authentification occurs using LDAP- Employees leaving UK will not be able to be authenticated during login • Auto logout of user • Once REDCap accounts are created, researchers create a project ( owner with full rights) can add users to their project for data capture • Owner provides restrictions to user rights • Now has password reset functionality!
REDCap- Data Security for Data Collection and Entry • Data is encrypted when transmitted to the REDCap server • Portable devices do not download data, it is entered into a secure web based connection (https) behind a firewall • No loss of PHI on portable devices! • Files are all password protected! • Data can be exported as de-identified and usage rights limited
REDCap-Data SecurityUser Rights • View Only, Edit only, View and edit • Expiration dates to limit login periods • Restrict access to individual data capture forms • Delete, edit, or add records • Records can be locked and digitally signed • Full access to import/extract data for analysis • Audit trail logging • Data exportation restrictions
REDCap-Data Security Collection of Survey Data • Studies can be designed to meet individual IRB approvals • Data collected with identifiers or anonymously • Respondents invited via email or web link • If invited through email: • REDCap tracks and validates through email address for reminder emails • Prevents duplication of responses • Investigator can only see a unique ID generated for that respondent • Investigator is unable to determine which respondent has supplied which set of answers • IP addresses are scrubbed from data viewed by Investigator • IP addresses are not shared with other REDCap consortiums
REDCap-Data SecurityUser Rights- Data Exportation • Full data set or • Deidentified data set • Advanced deidentification features • Removal of free form text • Removal of dates • Date shifting (interval integrity) • Removal of tagged identifiers • CSV files for analysis • Excel • SAS • SPSS • STATA • R
User rights This page may be used for granting new users access to the project and for editing the rights of current project users. You may edit the rights of a current user by selecting them from the dropdown list below or add a new user by entering their user name in the text box and hitting the Tab key.
REDCap- Data Exportation • Exporting data from REDCap can be made more secure by using the internal email function especially large data sets or sensitive data • Can be sent to users outside of REDCap as well • Email recipient receives unique URL to download • Second email includes password for downloading files • File stored securely until retrieved or removed from server upon specified expiration data
REDCap- Data SecurityMalicious users protection • Filtered, sanitized, and escaped for all string data found in URL • Submitted data filtered for harmful markups prior to being displayed on web page • SQL queries are escaped • SQL query data type is checked to prevent mismatching of the data (number is a number)
Training Resources Be sure to check out the Training Resources tab for how-to videos and examples of REDCap Projects
Onlinedesigner This will be the section you use to add and remove questions to your survey or data entry form Start by clicking the Add Question Here button
Invite participants Survey Link Email Webpage
Branching logic Branching Logic may be employed when fields/questions need to be hidden under certain conditions. If branching logic is defined, the field will only be visible if the conditions provided are true
Contact Information 789 S. Limestone 175A BioPharm Complex Lexington, KY 40536-0596 Phone: 859-257-9384 Fax: 859-257-1263 E-mail: tamela.harper@uky.edu