Transcript CIDER Lab-1

CIDER - Today’s research, Tomorrow’s treatments
BMI Class Lab-1
September 8, 2010
Bijoy George,
Program Manager, CBMI
http://cbmi.wustl.edu/
Agenda














Introduction to CIDER
Research need
Types of clinical data in CIDER
Privacy and data security
Public Notification / Opt Out
Auditing
User responsibilities
Definition of Project
Data privileges
Process workflows
CIDER Application Login page
Hands on Lab
Quiz
Take Home Assignment
Clinical and Translational
Research Needs
 Goals:
1. Rapidly convert advances in basic science to
improvements in patient care
2. Relay findings from clinical studies back to bench for
further refinement of the disease management
process
 To achieve these goals, researchers need



to integrate diverse and complex biomedical data
sets
to co-analyze and visualize the data
to reduce the barrier b/w basic science and clinical
research
Clinical and Translational
Research Needs
 How were these goals achieved in the past?
 It was possible to acquire the clinical data manually
by reviewing an individual patient’s data from a
hospital’s EMR
 Time consuming and redundant process
 Not feasible for studies with large patient populations
 Poses significant privacy and confidentiality risks to
patients
Research Needs
1. Review Preparatory to Research




Are there enough patients to conduct research?
Applies to prospective or retrospective studies
Defined criteria / haven’t defined it yet, but have an idea
Count of patients is sufficient
2. Prospective/Retrospective studies
 Recruit patients / Need to get clinical data
3. Medical record data mining studies
 Need historical clinical data for patients matching criteria
 Survey identified patients for additional information
Quality Improvement
 It is possible to do analysis and compare the
performance within one hospital as well as
across hospitals if data is available in one
central location
 Can identify the process improvement steps and
can implement those to improve the patient care
 Enormous opportunities to improve patient care
using QC/QI initiatives
Problem Statement
 Quality Improvement
 Review Preparatory to Research
 Participant Recruitment
 Clinical Studies Data Acquisition
 Retrospective
 Prospective
 Historical
Solution
In Patient Visits
Out Patient Visits
CIDER
CIDER
Clinical Investigation Data Exploration Repository
 Joint venture of BJC HealthCare & WUSM
 Data repository to contain patient care (inpatient
and outpatient) data
 Advanced query functionality through web
interface
 Restricted data access / Role management
 Data interfaces to external CSMS systems
CIDER
Scenarios - 1
 Review preparatory to research
 “I can get a grant to conduct a research study using
historical clinical data to find out the relationship
between changes in serum PSA values and survival
following treatment for Hormone Refractory Prostate
Cancer (HRPC). How do I find out whether there are
enough patients?“
 Using CIDER, one can find out the total number of
patients satisfying the above criteria quickly without
getting any formal approvals for the study.
Scenarios - 2
 Prospective studies
 “I am planning to conduct a research study/protocol on
the possible connection between Diabetes and Acute
Coronary Syndrome (ACS) and I need at least 100
patients aged between 40 and 65, who have had ACS
and had been diagnosed with Diabetes prior to ACS.”
 Using CIDER, PI can find out the total number of patients
satisfying the above criteria quickly without getting any
formal approvals for the study.
 Once the study is approved by IRB, CIDER can provide
the patient details required to contact the patients.
Scenarios - 3
 Retrospective studies
 “I am planning to conduct a research study on the
possible connection between Diabetes and Acute
Coronary Syndrome (ACS) and I need at least 100
patients aged between 40 and 65, who have had ACS
and had been diagnosed with Diabetes prior to ACS.”
 Using CIDER, PI can find out the total number of patients
satisfying the above criteria quickly without getting any
IRB approvals for the study.
 Also, can obtain de-identified data with no IRB approvals.
Clinical Data
 Demographics
• name, address, race, gender, phone number
 Visits
• age, patient type, facility, diagnosis code, procedure code
 Labs
• age, collection time, facility, lab test name, specimen type (e.g. serum vs
CSF glucose), result
 Medications
• age, duration, frequency, medication, route & form
• Aspirin 75 mg tablet, once a day by mouth (PO), indefinitely
 Allergies
• allergen type, allergy reaction, sensitivity, severity, type, onset date
 Vitals
• age, body site, facility, measurement, observation, value and units
 Document
• age, document content, document name, facility and physician
What and how much
data is in CIDER?
• Data since 1993
• ~140, 000 allergies (2009)
• ~4.7 million patients
• ~50 million text documents
• ~25 million visits
• ~130 million vitals
• ~68 million lab results
• ~17 million medication orders
• ~12 million scanned documents
Privacy and Data
Security
 IRB Review
 Opt Out
Opt Out
 Option for patients to opt out of having their
clinical data used for research projects
 Two options
 Public Website
 Telephone IVR
Opt Out
Opt Out
Opt Out public page
Opt out page
Privacy and Data
Security
 IRB Review
 Opt Out
 Public Notification
Public Notification
 Media release
 Local newspapers
Privacy and Data
Security
 IRB Review
 Opt Out
 Public Notification
 Data Security
 Auditing
Auditing
 Every user action is audited





Logins
Running queries to identify patient cohorts
Running queries to obtain patient data
Viewing patient data
Patient data export
 Monthly / On-demand audit reports
 Using reports, auditors can pinpoint who looked
at a particular patient’s data
 CIDER Security Oversight Committee
Privacy and Data
Security
 IRB Review
 Opt Out
 Public Notification
 Data Security
 Auditing
 User responsibilities
User Responsibilities




Follow established rules and procedures
Obtain HIPAA/IRB approval if necessary
Do NOT share user IDs and passwords
Sign the CIDER data confidentiality agreement
after completing the training and follow the
agreement
 User access will be revoked in case of failure to
follow the rules
User Responsibilities
 Safeguard patient privacy and protect clinical data
sets
 Escalate issues/questions to CIDER Administrator
 Download identified data only to approved and
secure location(s)
 Do NOT download, move, or copy identified/limited
data sets to USB drives, CDs, DVDs, other
removable devices, or
servers/workstations/desktops/laptops on unsecure
networks
 In case of questions, please email the CIDER
Honest Broker at [email protected] OR
call the CIDER Help Desk @ 362-8853
User Responsibilities
 What to do if data is lost or compromised?
If you are a CIDER user, and you have encountered an event through which
you think e-PHI (Electronic Protected Health Information) has been
compromised, then please follow the procedures listed below.
If you are a Washington University user
Please fill-out an incident report using an incident report form from the
following link. Washington University Incident Report Form and email it to
[email protected]
If you are a BJC user
If you are a BJC user, and you have encountered a breach of ePHI
(electronic Protected Information) e.g. laptop, USB, device lost or stolen,
virus attack on research server or theft of data, please contact BJC
Information System Security Services at [email protected] and complete an
incident report at the following link. BJC Incident Report
Privacy and Data
Security
 IRB Review
 Opt Out
 Public Notification
 Data Security
 Auditing
 User responsibilities
 Session Timeout
Session Timeout
 The CIDER session is left alone with no user
actions for 10 minutes, the system will log you
off
 A warning message is displayed after 8 minutes
 After 2 minutes of the warning, system will log
out the user
 This is a security measure
 Never leave sessions open without logging out
from CIDER
Privacy and Data
Security
 IRB Review
 Opt Out
 Public Notification
 Data Security




Auditing
User responsibilities
Session Timeout
Project definition and rules applied during queries
What is a project in
CIDER?
 A project is a clinical or translational research
study or a quality assurance/improvement
activity that requires CIDER
 Project components





Principal Investigator
Collaborators
Start date / End Date
Relevant protocol documents and IRB approvals
Elements that filter data access under a project
• Facilities from which data will be available
• Level of identified data access – Data Privileges
Data Privileges
 Data Privilege




Anonymized
De-identified
Limited
Identified (Requires IRB Approval)
Data Privileges
 Anonymized: Data that has no physical link to data
that can be used to identify an individual’s identity.
 De-identified: Data that is not individually
identifiable, but might be used to re-identify the
patient to provide additional clinical information.
 Limited: Data that has a limited set of identifiable
patient information as defined under HIPAA.
 Identified: Data with one or more associated
protected health identifiers that might be used to
identify an individual’s identity.
Data privileges
Data Privilege /
Last
Data
First Name Name
Patient
UPI
Patient
coded
identifier DOB
Anonymized
xxxx
xxxx
####
57785
70
70
Caucasian 67
6
De-Identified
xxxx
xxxx
####
493751
70
70
Caucasian 67
6
Limited
xxxx
xxxx
####
606485
1/15/1939 70
Caucasian 2/1/2006
6
Identified
Tim
Allen
1320701
N/A
1/15/1939 70
Caucasian 2/1/2006
6
Age
Race
PSA Test
date / Age
@ Test
Patient Code not associated to patient identity in database
PSA
Value
What is a project in
CIDER?
 A project is a clinical or translational research
study or a quality assurance/improvement
activity that requires CIDER
 Project components





Principal Investigator
Collaborators
Start date / End Date
Relevant protocol documents and IRB approvals
Elements that filter data access under a project
• Facilities from which data will be available
• Level of identified data access – Data Privileges
• ‘Other’ project rules
Other Project Rules
 Security measures for vulnerable populations
 Age of the patients over the age of 89
 Minors (patients with age < 18)
 Special rules
 Access to SSN
• Needs approval from IRB
 QA/QI Projects
• Includes opt-out patients’ data
• Can include data from all facilities without individual IRB
approvals
Process workflows
 User activation workflow
 Project creation workflow
User Activation
I am working with Dr. Fraser. I need
access to CIDER for research purpose.
Please activate my account.
1
Request account activation
Collaborator
Yes, she is working with me and she
needs access to CIDER.
Need approval from supervisor
2
Approve request
Principal Investigator
Ok. She has successfully completed
her HIPAA training AND CIDER user
training. Activating her account.
Verify HIPAA details
3
CIDER Administrator
Activate account
Notification to user and PI
CIDER
System
Project Creation
I am requesting a project on behalf
of Dr. Fraser.
1
Request for Project activation
Collaborator
The provided project details are
correct. Please activate the
requested project.
Need approval from PI
2
Approve request
3
Activate Project
Principal Investigator
Ok. Based on the IRB Details, identified
privileges can be granted for this
project. Activating the project.
Verify Project details
CIDER Administrator
Notification to PI & creator
CIDER
System
Hands on Lab
 Learning objectives




Familiarize with the CIDER login page
Please remember it is accessible only within WUCON
Have your user account activated
If you have a WUSTLKEY, you can migrate to it and start
using WUSTLKEY once your account is activated
 Learn how to request a new project and submit for
approval (Lab Assignment)
CIDER URL
 https://cider.cbmi.wucon.wustl.edu/cider/
Take Home
Lab Assignment
 Request a project to be established in CIDER
and have it approved before the beginning of
the next class on 09/15/10.
 Please make sure you have a meaningful title for
the project and a brief description of what you
are planning to do using this project.
 Please select my name as the PI; ‘George Bijoy’
 Please specify the project attributes as follows
 Start Date: 09/08/2010
 End Date: 12/31/2010
 Data Privilege = De identified
Quiz
 Please write your First name and Last Name on
the quiz answer sheet to get proper credit
 Please circle the best answer choice for each
question
 Please turn in the completed assignments to me
before the end of the class
 We will go over the answers and you will get
your answer papers graded in the next class
Q&A
 Please feel to contact me any time
 Email: [email protected]