Big data in health IT requires new definition of 'research,' says federal advisory committee
If medical practices are to take advantage of widespread electronic health records to create a "learning health system" in which patient data is aggregated and analyzed in order to provide better individual and population health care, regulations regarding which data constitute research and which constitute operations will need clarification, says the federal Health Information Technology Policy Committee.
In an Oct. 18 letter (.pdf) to Farzard Mostashari, the national coordinator for health information technology within the Health and Human Services Department , the advisory committee says a July 26 advance notice of proposed rulemaking regarding secondary uses of EHR data for research uses could end up perpetuating obstacles to the learning health system.
Current rules--both the federal policy for the protection of human subjects, aka the Common Rule, and Health Insurance Portability and Accountability Act--define "research" as activities that contribute to "generalizable knowledge," the letter says.
But since the learning healthcare system will depend on more widespread dissemination of healthcare results "characterizing research as any evaluative activity that contributes to the 'generalizable knowledge' arguably no longer serves the interests of either patients or providers," the letter says.
If data from an EHR is used for treatment purposes or to evaluate the safety, quality and effectiveness of care, such use should not be considered "research" and so require the consent of an institutional review board, or individual patients, the letter says. That exemption should apply even if the results are intended to, or end up being, more widely shared and so a contributory to generalizable knowledge, the letter adds.
Situations where it should apply include evaluations of effectiveness of patients' care, early detection of patient safety issues through identification of patterns of adverse events, monitoring clinicians for adherence to standards of care, evaluation of interventions designed to improve compliance with standards of care and outreach efforts intended to increase patient compliance with those standards, the letter says.
Entities should follow fair information practices, meaning that they are transparent with patients about how their data is used, analysis draws on the minimum amount of data required and data is protected with security measurements commensurate to privacy risks, the letter also says.