Ethics and Integrity in Data Use and Management

  • Slides: 32
Download presentation
Ethics and Integrity in Data Use and Management John E. Sidle, M. D. ,

Ethics and Integrity in Data Use and Management John E. Sidle, M. D. , M. S. May 10, 2010 This module was recorded at the health informatics-training course – data management series offered by the Regional East African Centre for Health Informatics (REACH-Informatics) in Eldoret, Kenya. Funding was made possible by NIH’s Fogarty Center and a grant from the Rockefeller Center. The training was held at the Academic Model Providing Access to Healthcare (AMPATH), a USAID-funded program, supported by by the Regenstrief Institute at Indiana University. . The modules were created in in collaboration with USAID-funded program, supported Institute at Indiana The modules were the School of Informatics at IUPUI. Content licensed under Creative Commons Attribution-Share Alike 3. 0 Unported

Objectives Examine a brief history of ethics in research and data management Discuss pertinent

Objectives Examine a brief history of ethics in research and data management Discuss pertinent principles of ethics in data management Discuss the concept of “data integrity” and ethics in data management Discuss applications for data management personnel in ethical use of data

Outline Definitions Ethical Principles in Bioethics Guidelines and Regulations Data Integrity Applications for ethics

Outline Definitions Ethical Principles in Bioethics Guidelines and Regulations Data Integrity Applications for ethics and maintenance of data integrity

Definitions In·teg·ri·ty n. 1. Strict adherence to a standard of value or conduct. 2.

Definitions In·teg·ri·ty n. 1. Strict adherence to a standard of value or conduct. 2. Personal honesty and independence. 3. Completeness: unity 4. Soundness Eth·ic n. 1. A principle of right or good conduct. 2. A system of moral values. 3. ethics (sing. In number). The branch of philosophy dealing with the rules of right conduct. Source: Webster’s II New Riverside Dictionary, Based on the Webster’s II New College Dictionary (1996)

Ethical Principles Beneficence n n Minimize harm Maximize Benefits Respect of Persons (Autonomy) n

Ethical Principles Beneficence n n Minimize harm Maximize Benefits Respect of Persons (Autonomy) n n Informed voluntary consent Vulnerable subjects must be protected Justice n n n Equity in distributing risks and benefits between populations “fairness” in dealing with research participants Equity between institutions and research partners

Clinical Data vs. Research Data: Are the Ethics Different? Privacy and Confidentiality Informed Consent

Clinical Data vs. Research Data: Are the Ethics Different? Privacy and Confidentiality Informed Consent vs. Implied Consent Data Integrity / Data Quality Data Security and Storage

Ethical Guidelines (for Research) Declaration of Helsinki n n ethical standard used by the

Ethical Guidelines (for Research) Declaration of Helsinki n n ethical standard used by the International Committee of Medical Journal Editors guidelines govern all medical research CIOMS Guidelines n n Council for International Organizations of Medical Sciences developed guidelines in collaboration with WHO Belmont Report National Guidelines (Kenya)

Regulations US: Code of Federal Regulations Title 45, Part 46 (45 CFR 46) FDA–

Regulations US: Code of Federal Regulations Title 45, Part 46 (45 CFR 46) FDA– 21 CFR 50 and 56 NIH--“he who has the gold makes the rules” HIPAA—related both to clinical records and use of subject data in research

45 CFR 46 US Code of Federal Regulations Title 45, Part 46 (45 CFR

45 CFR 46 US Code of Federal Regulations Title 45, Part 46 (45 CFR 46) n n n Human Subjects Protections IRB requirements Protection of Vulnerable Subjects Human subject means a living individual about whom an investigator (whether professional or student) conducting research obtains: (1) data through intervention or interaction with the individual, or (2) identifiable private information. n

Privacy/Confidentiality Applies to both clinical and research data Major concern for patients when it

Privacy/Confidentiality Applies to both clinical and research data Major concern for patients when it comes to electronic records and data Must be safeguarded by all members on the team

HIPAA Health Insurance Portability and Accountability Act of 1996 (HIPAA), HHS issued regulations entitled

HIPAA Health Insurance Portability and Accountability Act of 1996 (HIPAA), HHS issued regulations entitled Standards for Privacy of Individually Identifiable Health Information. For most covered entities, compliance with these regulations, known as the Privacy Rule, was required by April 14, 2003.

HIPAA and Privacy Rule The Privacy Rule, at 45 CFR parts 160 and 164,

HIPAA and Privacy Rule The Privacy Rule, at 45 CFR parts 160 and 164, establishes a category of health information, defined as protected health information (PHI), which a covered entity may only use or disclose to others in certain circumstances and under certain conditions. Usually requires an individual to provide signed permission, known as an Authorization before a covered entity can use or disclose the individual's PHI for research purposes. Need for authorization may be waived in some instances by an IRB (and a Privacy Board)

Individually Identifiable Information and Protected Health Information Includes any subset of health information, including

Individually Identifiable Information and Protected Health Information Includes any subset of health information, including demographic information, that identifies the individual (or there is a reasonable basis to believe that the information can be used to identify the individual). 1. Name 2. All elements of dates except Year. 3. SSN 4. Driver's License Number 5. Geographic subdivisions smaller than a State. 6. URL's and IP's 7. Vehicle Identifiers including VIN and License # 8. Phone numbers

PHI Individually identifiable information becomes PHI when it is created or received by a

PHI Individually identifiable information becomes PHI when it is created or received by a covered entity: n n n US health plans US health care clearinghouses US health providers that transmit electronic health information A researcher is not a covered entity unless he/she is also a provider within a covered entity. Research is also governed by HIPAA if data is obtained from a covered entity. IRB may on occasion waive the HIPAA restrictions on use of PHI

How does all this translate to practice? Electronic health information (clinical or research) n

How does all this translate to practice? Electronic health information (clinical or research) n n n Can improve quality and safety of medical care (beneficence) Is key to showing outcomes in research on health and health practices (beneficence) Confidentiality and Privacy can be lost (breach of autonomy and beneficence) Can be used without a patient’s knowledge or consent (breach of autonomy) Might exclude some populations (breach of justice)

Data Integrity The assurance that data is accurate, correct and valid. Accuracy and consistency

Data Integrity The assurance that data is accurate, correct and valid. Accuracy and consistency of stored data, indicated by an absence of any alteration in data between two updates of a data record. Data integrity is imposed within a database at its design stage through the use of standard rules and procedures, and is maintained through the use of error checking and validation routines. Exact duplication of the sent data at the receiving end, achieved through the use of error checking and correcting protocols. Assurance that the data are unchanged from creation to reception.

Data Integrity (2) Process to maintain data integrity depends on: n n n Collection

Data Integrity (2) Process to maintain data integrity depends on: n n n Collection (accurate representation) Data transfer (accurate recording and transfer of data) Storage and Security (preventing loss of data) Sharing of Data Use of data (analysis)

Data Integrity (3) Fabrication and Falsification of data are one of the most serious

Data Integrity (3) Fabrication and Falsification of data are one of the most serious challenges to data integrity Human error also contributes to loss of data integrity Concern about research misconduct was a primary motivation for a 1990 conference on data management sponsored by the US Department of Health and Human Services. Conference summarized the many ways in which the conduct of research depends on responsible data management.

Data Integrity (4) Responsible research begins with experimental design and protocol approval It involves

Data Integrity (4) Responsible research begins with experimental design and protocol approval It involves recordkeeping in a way that ensures accuracy and avoids bias It guides criteria for including and excluding data from statistical analyses It entails responsibility for collection, use, and sharing of data.

Data Integrity (5) Everyone with a role in research has a responsibility to ensure

Data Integrity (5) Everyone with a role in research has a responsibility to ensure the integrity of the data. The ultimate responsibility belongs to the principal investigator, but the central importance of data to all research means that this responsibility extends to anyone who: n n n helps in planning the study collecting the data analyzing or interpreting the research findings publishing the results of the study maintaining the research records.

Data Collection and Integrity Because data collection can be repetitious, timeconsuming, and tedious there

Data Collection and Integrity Because data collection can be repetitious, timeconsuming, and tedious there is a temptation to underestimate its importance. Those responsible for collecting data must be adequately trained and motivated They should employ methods that limit or eliminate the effect of bias They should keep records of what was done by whom and when

Analysis and Selection of Data The use of statistical methods varies widely among research

Analysis and Selection of Data The use of statistical methods varies widely among research disciplines and also clinical programs (reporting) It is a laudable ideal to analyze and report all data Because it is not possible to report everything that has been done, researchers must make decisions about which studies, data points, and methods of analysis to present.

Analysis and Selection of Data (2) Must critically evaluate the reasons for inclusion or

Analysis and Selection of Data (2) Must critically evaluate the reasons for inclusion or exclusion of data, the measures taken to avoid bias, and possible ways in which bias may nonetheless influence data selection Must clearly document how the data were obtained, selected, and analyzed-- especially if the methods are unusual or potentially controversial

Retention of Data What should be retained? It may be impractical to store extraordinarily

Retention of Data What should be retained? It may be impractical to store extraordinarily large volumes of primary data. At minimum, enough data should be retained to reconstruct what was done. How long should clinical records be retained?

Sharing of Data This is considered an important part of responsible research. De-identified data

Sharing of Data This is considered an important part of responsible research. De-identified data should be shared so that others can verify your conclusions or analysis Sharing of personal patient information is NOT a good practice as noted in Privacy sections earlier.

Data Security Limiting Access n n n Locked Paper Records Offices Limiting access to

Data Security Limiting Access n n n Locked Paper Records Offices Limiting access to Paper or Electronic records to appropriate personnel Password Protection of electronic records Defined privileges for electronic data users Firewalls to prevent outside access Regular Backups and proper archiving

Ownership of Data Who owns the data that is generated? n n n Patient?

Ownership of Data Who owns the data that is generated? n n n Patient? Institution? Funder? Investigator? Publisher?

Ethics in Publication—General guidelines pertinent to data Research should strive to answer specific questions—not

Ethics in Publication—General guidelines pertinent to data Research should strive to answer specific questions—not just collect or mine data Statistical issues (sample size) are an important part of design to ensure that the research data is likely to answer the question IRB approval is required when using human subjects, human tissues, or medical records

Publication Ethics and Data Management/Data Analysis Data should be appropriately analyzed Inappropriate analysis is

Publication Ethics and Data Management/Data Analysis Data should be appropriately analyzed Inappropriate analysis is not necessarily ethical misconduct Fabrication or falsification of data is always ethical misconduct

Publication Ethics and Data Management/Analysis Sources and methods of obtaining and processing data should

Publication Ethics and Data Management/Analysis Sources and methods of obtaining and processing data should be disclosed Data exclusions should be explained in full Methods used to analyze data should be explained in detail Post hoc analysis of subgroups is acceptable as long as this is disclosed Data Bias should be discussed in all publications of data or analysis

Questions? ?

Questions? ?

THE WORK IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL"

THE WORK IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.