PERMISSION ONTOLOGY FOR INFORMED CONSENT AND HIPAA COMPLIANCE Maria Adela Grando PhD [email protected] Division Biomedical Informatics, University California San Diego CTSA ONTOLOGY WORKSHOP - Febrary 11st 2013, Orlando- STATE OF THE ART • Mostly, the research enterprise relies on paper-based Informed Consent documents which contains permissions given by subjects to share specimens and clinical data for future research. • It is rare that consent forms are collected electronically. • There is potential to use electronic Informed Consents for: • providing compliance with subject’s permissions, while maximizing access to resources informed CONsent for clinical record and Sample use in research (iCONS) Patient I Look-up Registry I can check publications generated from my data and samples Electronic IC I authorize U to perform operation O over my data D or sample S under certain constraints C Clinical Data Warehouse Permission Repository BioSample Repository Permission Ontology Resource Mediator Home As a Stanford researcher can I get blood samples? Healthcare Institution Informed Consent Management System I share my blood samples with non-profit US researchers Query User U requests Data D and sample S to perform operation O on subjects like I under constraints C Results User U receives data D and sample S in compliance with subject’s permission Research Institution User U PERMISSION ONTOLOGY • For describing permissions obtained from subjects who signed an Informed Consent or HIPAA form, in a uniform, machine-interpretable, implementation-independent way • To enable interoperability and sharing of Informed Consent permissions and HIPAA constraints between clinical data warehouses and bio-repositories, independently of their implementation choices. SNAPSHOT PERMISSION ONTOLOGY A <subject> has <permission> or <obligation> to perform an <operation> over <biological specimens> or <medical records> under constraints RESOURCE MEDIATOR • We have built for UCSD Moores Cancer Center Biorepository a Resource Mediator Prototype, for: • Providing researchers access to clinical data and biospecimens resulting from the research study “Collection and Banking of Tissue, Blood and Urine for Use in Cancer Research” • We have tested the prototype with: • de-identified patient cases (700 patients, 2635 medical record entries) • 8 randomly chosen (from 33) researchers’ requests for data and samples RESOURCE MEDIATOR GUI RESOURCE MEDIATOR 2) Is in compliance with subject’s permissions and HIPAA constraints? 1) Are the resources available? Can I have access to blood samples and diagnostic data from patients with breast cancer? RESOURCE MEDIATOR We have provided ontology-reasoning for determining compliance with IC permissions and HIPAA constraints: User U request access to patient treatment history User U is denied by HIPAA access to alcohol abuse treatment history User U has IC permission to access cancer treatment history User U has IC permission to access cancer treatment history CONCLUSIONS • There is a need for: • a standard to maximize the availability of resources while providing compliance with subject’s Informed Consent permissions and HIPAA constraints • We propose: • an Electronic Informed Consent Management System, • a Permission Ontology, • a Resource Mediator based on an hybrid approach combining the proposed Permission Ontology and a XACML-policy engine FUTURE WORK Institution A IC Form + HIPAA Clinical Data Warehouse Permission Repository Institution B BioSample Repository IC Form + HIPAA Clinical Data Warehouse Permission Repository Permission Ontology Resource Mediator BioSample Repository Query User U requests Data D and sample S to perform Operation O on subjects like I under constraints C Results User U receives data D and sample S in compliance with subject’s Research Institution User U ACKNOWLEDGEMENT 5 year NIH-founded National Center for Biomedical Computing, started in September 2010. Collaborators Development Team • Aziz Boxwala (Project management) • Joanne Barker (Health Communications) • Mona Wong (App Development) • Jeff Sale (App Development) • Elizabeth Johnstone (Literature review) Advisors • Richard Schwab (MCC Biorepository) • Michael Caligiuri (HRPP chair) • Scott Vandenberg (Director, Tissue Repository) • Michael Kalichman (Director, Center for Ethics) • Angela McMahill (Research Compliance Officer) QUESTIONS? MATERIAL FOR THOUGHT… • Permission Ontology available at NCBO Bioportal: http://bioportal.bioontology.org/ • M. A. Grando, R. Schwab, A. Boxwala, N. Alipanah, ”Ontological approach for the management of informed consent permissions“ (2012), accepted for 2nd IEEE Conference on Healthcare informatics, Imaging, and Systems Biology, September 27-28, UCSD, San Diego. To appear. Available on request.