Abstract
Context:
The rapid emergence of new technologies support collection and use of a wide variety of data from clinical, genomic, social and behavioral, environmental, and financial sources, and have a great impact on the governance of personal health information.
Papers in the special issue:
The papers in this special issue on governance touch on the topic from a variety of focuses, including leadership perspectives, local and federal case studies, and the future importance of patient engagement.
Themes:
This special issue focuses on three major themes—that data governance is growing in importance and presenting new challenges that must be addressed, that health care organizations must prioritize governance design, implementation, and functions as a priority, and that governance seems to be naturally converging on an archetype as described by this set of papers.
Future State of Governance:
In order to deal with issues such as data de- and re-identification, data governance must be studied as its own field.
Keywords: data governance, data policy, learning healthcare system, distributed research network, PCORnet, Mini Sentinel, Open Data
Context
New technologies have rapidly emerged to support collection and use of a wide variety of data from clinical, genomic, social and behavioral, environmental, and financial sources. Personal information is increasingly available for a number of purposes including business operations, quality improvement, and research; and it is critical to ensure high standards for privacy, security, and appropriate use of personal health information in order to preserve trust. Moreover, the rapid scientific and technical advances in distributed clinical research and genomics warrant further exploration of data governance for “big data” in multiple domains. The convergence of increasing amounts of personally generated data (e.g., digital data from wearable devices, etc.), advances in health information technology (HIT), and advances in research suggest a paradigm shift. Yet, despite these rapid changes in the field, access to literature on health data governance—including pragmatic, risk-based strategies to manage the privacy of new sources of electronic health data—is in short supply. This insightful collection of eGEMs papers provides the reader with a sense of the varied and rapidly evolving landscape that is data governance in health and health research environments.
Papers in this Special Issue
While the eight papers in this special issue are varied in focus and perspective, they all demonstrate the changing nature of data governance and the importance of addressing governance on a systems level, and can be broadly lumped into the following three groups.
Several papers consider governance from a national and policy leadership perspective. Dr. Jalpa A. Doshi and colleagues set the stage for a discussion about ways to promote greater use of federal data sources by reviewing data access policies for several publicly funded state and federal data sets. The authors discuss the variations found in data access policies, and provide recommendations for policymakers and data owners to consider to maximize the utility and availability of data sets. In a somewhat different approach, Dr. Kevin Haynes and colleagues of HealthCore, Inc. comment on the present state of data completeness and collection within the United States health care system. The authors discuss where there are persistent gaps in data, and ways in which those gaps create technical and governance challenges that affect research and that reflect opportunities for big data in health care to facilitate more connectedness and better research. Similarly, Dr. Stephanie R. Morain et al. describe a study in which they interviewed 29 institutional leaders looking to move toward a Learning Health Care System. The authors highlight leaders’ perspectives on governance such as differentiating between treatment and research, the conditions under which an institutional review board is needed, and ways toward achieving transparency of research and learning activities with patients and other stakeholders.
A series of case studies in governance from major networks ground the special issue in specific pragmatic issues faced by those building learning health systems. Dr. Allison Cole and colleagues at the University of Washington Institute of Translational Health Sciences describe methods used by the Data QUEST team to extract electronic health record (EHR) data for clinical and translational research based on the Data QUEST Coordinating Center processes. The authors discuss the impact of early governance and process decisions in population selection, and how their own experiences can inform other researchers’ work. Andrea Paolino of Kaiser Permanente and her colleagues, in a case study, use the PORTAL Network to explain how they implemented governance strategies from the onset of their project, and why the widespread use of such a network would be beneficial for researchers and patients. The authors also discuss future implications of the success of a network like PORTAL. Melanie Davies (Harvard Pilgrim Health Care Institute) and colleagues outline the innovations PopMedNet brings to health care data research and governance—describing the methods and infrastructure of the program, and focusing on specific implementation approaches and challenges as they relate to implementation and use. The authors discuss several case studies in which PopMedNet was implemented in areas of comparative effectiveness research, medical product safety surveillance, and public health monitoring in order to show how the architecture is applicable to many health data research networks.
Looking to the future, a series of papers highlight the growing importance of patient engagement as a touchstone of governance. Dr. Carolyn Petersen (Mayo Clinic) makes a strong case for eliciting and including patient preferences regarding the use of their health data in primary care and research, and provides a desideratum for an application that supports data sharing while respecting these preferences. Central to this effort is the development of patient-targeted educational materials that address their concerns about data sharing. Meanwhile, Dr. Dixie Baker of Martin, Blanck & Associates and colleagues present a commentary on the variety of ways in which patients can be informed of their data uses and also educated on privacy and the usefulness of consenting to the use of their data, and the variety of factors that may sway a patient’s decisions on this front. The authors then describe the Fair Information Practices Principles (FIPPs) and how the Platform for Engaging Everyone Responsibly (PEER) has been translating these principles into practice.
Themes
Several themes emerge from the papers in this special issue. First, data governance is growing in prominence as a centrally important challenge in the health and health research enterprise. The emergence of distributed research networks and the importance of large, population-based studies that use existing clinical data are driving the need for governance policies and procedures.
Second, no longer can health care organizations relegate the design, implementation, and functions of data governance to a secondary position or address data governance as an afterthought or add-on. The papers in this special issue suggest that health care organizations need more specialized personnel to ensure that a robust governance apparatus is in place and is well maintained throughout the life of a data resource. Such personnel include those who do not traditionally participate as members of clinical research teams. Regulatory experts, data privacy and security specialists, and stakeholders such as patient advocacy representatives should be considered as essential members of the data governance team.
Third, the papers that address governance in these environments describe similar approaches to data governance, albeit customized to the architecture and particular requirements of a given network. As a result, data governance in distributed environments seems to be converging on an archetype of sorts. This archetype includes centralized institutional review board structure and function, standing data governance committees within projects and research networks, and establishment of data governance policies and procedures early on in the life of a research enterprise.
The Future State of Governance
With the increasing availability of health-related data within and beyond the structure of single institutions—especially in the context of distributed networks—the importance of governing the access, use, and disposition of these data is becoming manifest at an exponential rate. Researchers, clinicians, administrators, patients, and the general public are understandably and appropriately concerned that health-related data are useful for the good of the public, while essential privacy and confidentiality protections mandated in the Common Rule (45 CFR Part 46 [3]) are maintained. The papers in this special issue indicate that the research community is thinking hard about how to address this concern. However, this community and these papers represent a small constituency of those who stand to be affected by the lack of data governance, and just one example is provided here.
The Open Data initiative launched by the White House1 further motivates the need for sound data governance. Through this initiative, states, counties, and municipalities are encouraged to share data for public use in serving the public good. Perhaps most familiar to those reading this issue, investigators are required to include a Resource Sharing Plan in grant applications, in which the procedures for making de-identified research data available for public use are described. However, even when best practices in data de-identification are followed, it is possible in some cases to re-identify individuals who are represented in those data. Estimating the risk of re-identification of de-identified data is an essential function of data governance, largely wrought from the requirement that federally funded research data sets be shared. Methods for estimating the risk of re-identification have been described.2 How frequently this risk is estimated is not well known, but this should be a focus of future governance efforts.
The future of data governance should include not only metrics such as those described above, but the development of a scientific field, one that extends well beyond operational and administrative concerns, but one that constantly develops new knowledge about data governance through research in its own field. Some of this activity might be undertaken by those who have received training in data security or regulatory affairs, but others—with the motivation and skills to treat data governance as a legitimate field of scientific inquiry—are needed. The development of such a discipline would be evident in the growth of both training programs and a literature that are dedicated to the science of governance. This would in no way discount the importance of the operational side of data governance; rather, the science would inform and strengthen the practice of data governance.
Acknowledgments
n/a
References
- 1. https://www.whitehouse.gov/sites/default/files/omb/memoranda/2013/m-13-13.pdf.
- 2.Dankar FK, El Emam K, Neisa A, Roffey T. Estimating the re-identification risk of clinical data sets. BMC Medical Informatics and Decision Making. 2012;12:66. doi: 10.1186/1472-6947-12-66. http://bmcmedinformdecismak.biomedcentral.com/articles/10.1186/1472-6947-12-66. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 3. http://www.hhs.gov/ohrp/humansubjects/guidance/45cfr46.html.