Tools designed to protect PHI in multi-site research

Research that involves multiple health research partners can raise the risk of exposure of personal health information (PHI). In response, researchers have developed two tools to protect data privacy, according to a paper at BMC Medical Informatics & Decision Making.

The first is a work plan template for the lead programmer and the second a checklist for site analysts.

The researchers determined that tools for protecting data privacy should allow for a range of protected PHI; clearly identify information to be protected under HIPAA; and help analysts determine which data elements can be allowed in a given project and how that data will be protected during transfer between institutions.

The work plan provides a guide to communicating the details of multi-site programming, including the information the program will produce and whether the output will contain PHI. The checklist aims to ensure that the multi-site program works as expected and that it contains no information beyond that in the research agreements.

Among the best practices identified in the checklist include:

  • Isolating the data to be released in a single directory to make it easy to distinguish from other datasets.
  • Use of a secure file transfer protocol that encrypts the data during file transfer.
  • Avoiding the use of email for file transfer.

The researchers have made both tools available to the public.

With file transfer the most vulnerable aspect of these collaborations, the final section of the checklist uses prompts for project managers to sign off on aspects such as where documents are stored and that characteristics of the dataset match that approved for release.

Amid concerns that tighter HIPAA regulations could hamper clinical trials, at the same time, the wider adoption of cloud storage makes it more important than ever to know exactly where information resides and that vendor's potential vulnerabilities.

To learn more:
- read the research
- find the tools