TN-POPnet FAQs
See below for answers to common questions about TN-POPnet and the Enterprise Data Warehouse (EDW) maintained by the Center for Biomedical Informatics (CBMI) that helps to support it.
How do TN-POPnet and the EDW protect patient’s privacy?
TN-POPnet and the EDW protect patient privacy for every patient, every time through
vetted cybersecurity systems as follows:
- TN-POPnet and EDW data resides on the encrypted hard drives on the UTHSC ITS servers that are physically housed in the UTHSC ITS department computer center.
- All data security protocols are followed as per UTHSC ITS policies and procedures.
- HIPAA Information Risk Assessment is conducted annually on the CBMI and Tennessee Population Health Consortium (TN-PHC) by the Office of Cybersecurity to assess their information security practices.
- UTHSC and the UTHSC Office of Cybersecurity apply the controls spelled out by the HIPAA security rule in protecting patients. The Office of Cybersecurity does not stop there but instead implements robust security controls across the Campus that exceed the direction of the HIPAA security rule and diligently identify, protect, detect, respond, and recover from any cyber risks. The Office of Cybersecurity and ITS stand ready to discuss in detail any specific concerns or technical details a data provider/participating organization requests.
- Data in the OMOP/OHDSI common data model on the TriNetX appliance on the UTHSC ITS department computer center is accessible only by the Center for Biomedical Informatics (CBMI) team. For routine quality assurance work, TriNetX personnel will have access to the TriNetX OMOP/OHDSI data model and will operate according to the provisions laid out in the UTHSC- TriNetX BAA. Similarly, data in the PCORnet common data model employed by TN-POPnet on the UTHSC ITS department computer center is only accessible by the Tennessee Population Health Consortium (TN-PHC) team.
- Data custodians (CBMI and TN-PHC) and system owners coordinate with the Office of Cybersecurity to apply appropriate security controls that protect the data according to the classification label and overall impact level recorded in the official data classification table.
- In adherence to the UTHSC policies, the CBMI and TN-PHC workforce undergoes periodic HIPAA Privacy and Information Security Awareness Training.
- Continuous monitoring of the security, usage, access patterns of data and systems occur via automated solutions or manual processes that identify threats to the confidentiality, integrity, and availability of the data and systems to include normal system operations, installing of updates, and ensures changes are managed.
- Data security is further ensured through the following protocols:
- Awareness: UTHSC, through the Office of Human Subjects Protections and the IRB, mandates all the research personnel undertake CITI training to understand the logistics of HIPAA, FISMA, and the importance of ethics in conducting research.
- Logistical Security:
- Data in Transit: Users communicate with CBMI applications via Secure Shell (SSH) and Secure Sockets Layer (SSL, i.e. https) protocols.
- Data at Rest: CBMI uses Oracle Data Management Systems with transparent data encryption (TDE). Non-Oracle databases (MySQL & PostgreSQL) are encrypted using PGP encryption. All encryption uses AES256 algorithms which meet or exceed NIST standards (c.f. FIPS 140-2) per FISMA.
- Data Transfer- All data transfers will be conducted per UTHSC ITS policies. Datasets will be transferred either through vault email system, or through Office 365 OneDrive, or secure platforms as mandated by UTHSC ITS. Large datasets with identifiable information will be transferred through UTHSC approved methods and encrypted devices. Any changes in UTHSC IT security policies and procedures will be relayed to clients and implemented immediately.
- Incident Management and Reporting: Data security related incidents, if identified by CBMI or if reported by a client will be immediately reported to UTHSC ITS - Information Security team. CBMI will follow all UTHSC ITS policies in regard to incident management and develop contingency plans accordingly.
- For any dataset with identifiable information or limited datasets extracted per request
from the researcher the following policies will be adhered to:
- IRB approval will be needed for access to datasets extracted from the data warehouse.
- Post completion of the research, researchers will follow UTHSC policies on data destruction in accordance with current protocols as delineated by the UTHSC-IRB.
Why do TN-POPnet and the EDW require provision of identified patient data?
- The data is not de-identified prior to being provided to UTHSC, this is because,
- TN-POPnet and the EDW link patient data across health systems and some health systems provide data from more than one EHR system (e.g. Cerner, Allscripts, Eclinical works). This results in patient duplication i.e., if a patient visits various hospitals with different EHR systems, then he/she is assigned 3 different unique identifiers (MRN) in their respective systems and when the data is integrated duplication would be prevalent. Since the same data is being brought as it is into the EDW and TN-POPnet, we have developed de-duplication methods to correctly identify the MRNs.
- Also, in a given EHR system a patient might be assigned multiple unique identifiers (MRNs), which in turn contribute to duplication. So, we have processes to identify the duplicates or unused MRNs and replace them with the active MRNs
- After these deduplication efforts, to meet the de-identification requirements of the United States Health Insurance Portability and Accountability Act (HIPAA) privacy rule, we create synthetic ids for every patient identifier and replace the former with the latter. We also maintain a (separate, password protected) cross-walk table which is used to re-identify the patients; this re-identification process is only performed based on IRB approval and only for project-specific approvals. The entire process requires advanced to expert-level SQL expertise.
- Further, the data de-identification process is annually reviewed by the Office of Cybersecurity as part of the HIPAA Security Risk Assessment.
Who at UTHSC is responsible for data security and management of TN-POPnet and the
EDW?
- The Office of Cybersecurity and the IT infrastructure fall under Dennis Leber, Chief Information Security Officer and Chief Technology Officer.
- The EDW falls under CBMI, directed by Robert Davis MD, MPH, Governor’s Chair, Professor of Pediatrics, UTHSC. The TN-POPnet falls under the TN-PHC, directed by Jim Bailey, MD, MPH, Executive Director and Professor of Medicine and Preventive Medicine, UTHSC.
Do TN-POPnet and the EDW clearly identify the data owner for all data included?
The Office of Cybersecurity and the IT infrastructure has standards and procedures
to classify all systems and identify the system and data owners for all data included
in TN-POPnet and the EDW.
Do TN-POPnet and the EDW clearly identify individual IRB approved projects and assure
that project owners only have access to data for which they have IRB approval?
- CBMI has a process in place to track all data extractions requests received for TN-POPnet and the EDW from the UTHSC researcher, clinician, or both and/or affiliates who have access to CBMI and TN-PHC services at UTHSC.
- Data is extracted strictly per IRB-approved protocol and provided to the UTHSC researcher by a UTHSC ITS-approved secure data transfer method.
- Data is extracted per IRB-approved protocol and provided to the UTHSC researcher by a UTHSC ITS-approved secure data transfer method.
Reference: