Using patient-centered outcomes research (PCOR) data requires balancing the need for sufficient private health information to support meaningful research with the need to protect patient privacy and autonomy. In support of this dual goal, The Office of the National Coordinator for Health Information Technology (ONC) has just released a document that provides a collection of tools and resources aimed at helping a broad audience of stakeholders understand the ethical and regulatory requirements related to collecting, using, sharing, and disclosing PCOR data.
“An architecture is necessary to ensure patient privacy is protected and health information is appropriately secured during collection, access, use, and disclosure as required by law, regulation, and/or policy.” —Legal and Ethical Architecture for PCOR Data
PCOR data will help expand the evidence base for therapies and improve health outcomes for individual patients. The document is divided into 5 chapters:
Chapter 1: Overview of Legal and Ethical Architecture for PCOR Data provides background for the project and an overview of key ethical and regulatory requirements.
Chapter 2: Legal and Ethical Significance of Data for PCOR describes fundamental concepts for organizing data into categories such that legal and ethical frameworks can be applied. The chapter includes key considerations and types of data relevant to PCOR, such as clinical, administrative, patient-generated, etc.
Chapter 3: Linking Legal and Ethical Requirements to PCOR Data organizes the relevant legal provisions according to the key data considerations outlined in Chapter 2: identifiability, subject, source, access and use/purpose, consent/authorization, security, and legal status.
Chapter 4: Framework for Navigating Legal and Ethical Requirements for PCOR is designed as a decision tool that builds on the key data considerations described in Chapters 2 and 3. The goal of this chapter is to help researchers determine whether laws apply to particular data and if so, what requirements to attach to their collection and use.
Chapter 5: Mapping Research Flows to Legal Requirements identifies 6 hypothetical use cases, identifies decision trigger points, and maps representative data flows to the relevant legal requirements.