PERMISSION ONTOLOGY FOR INFORMED CONSENT AND HIPAA COMPLIANCE

Maria Adela Grando PhD

mgrando@ucsd.eduDivision Biomedical Informatics, University California San Diego

CTSA ONTOLOGY WORKSHOP- Febrary 11st 2013, Orlando-

STATE OF THE ART

• Mostly, the research enterprise relies on paper-based Informed Consent documents which contains permissions given by subjects to share specimens and clinical data for future research.

• It is rare that consent forms are collected electronically.

• There is potential to use electronic Informed Consents for:• providing compliance with subject’s permissions, while maximizing

access to resources

informed CONsent for clinical record and Sample use in research (iCONS)

Electronic ICI authorize U to perform operation O over my data D or sample S under certain constraints C

Look-up RegistryI can check publications generated from my data and samples

Patient I

Clinical Data Warehouse

QueryUser U requests Data D and sample S to perform operation O on subjects like I under constraints C

User U

Research Institution

HealthcareInstitution

ResultsUser U receives data D and sample S in compliance with subject’s permission

Home

Permission Repository

Info

rmed

Con

sent

Man

agem

ent S

yste

m

BioSample Repository

I share my blood samples with non-profit US researchers

As a Stanford researcher can I get

blood samples?

Res

ourc

e M

edia

tor

Permission Ontology

PERMISSION ONTOLOGY• For describing permissions obtained from subjects who

signed an Informed Consent or HIPAA form, in a uniform, machine-interpretable, implementation-independent way

• To enable interoperability and sharing of Informed Consent permissions and HIPAA constraints between clinical data warehouses and bio-repositories, independently of their implementation choices.

SNAPSHOT PERMISSION ONTOLOGYA <subject> has <permission> or <obligation> to perform an <operation> over <biological specimens> or <medical records> under constraints

RESOURCE MEDIATOR

• We have built for UCSD Moores Cancer Center Biorepository a Resource Mediator Prototype, for:• Providing researchers access to clinical data and biospecimens

resulting from the research study “Collection and Banking of Tissue, Blood and Urine for Use in Cancer Research”

• We have tested the prototype with:• de-identified patient cases (700 patients, 2635 medical record

entries)• 8 randomly chosen (from 33) researchers’ requests for data and

samples

RESOURCE MEDIATOR GUI

RESOURCE MEDIATOR

Can I have access to blood

samples and diagnostic data

from patients with breast cancer?

1) Are the resources available?

2) Is in compliance with subject’s permissions and HIPAA constraints?

RESOURCE MEDIATORWe have provided ontology-reasoning for determining compliance with IC permissions and HIPAA constraints:

User U request access to patient treatment history User U is denied by HIPAA access to alcohol abuse treatment historyUser U has IC permission to access cancer treatment history

User U has IC permission to access cancer treatment history

CONCLUSIONS• There is a need for:

• a standard to maximize the availability of resources while providing compliance with subject’s Informed Consent permissions and HIPAA constraints

• We propose:• an Electronic Informed Consent Management System,• a Permission Ontology,• a Resource Mediator based on an hybrid approach combining the

proposed Permission Ontology and a XACML-policy engine

FUTURE WORK

QueryUser U requests Data D and sample Sto perform Operation O on subjects like I under constraints C

User U

Research Institution

ResultsUser U receives data D and sample S in compliance with subject’s

Institution A

BioSample Repository

Res

ourc

e M

edia

tor

Clinical Data

Warehouse

PermissionRepository

IC Form+

HIPAA

Institution B

BioSample Repository

Clinical Data

Warehouse

PermissionRepository

IC Form+

HIPAA

Permission Ontology

ACKNOWLEDGEMENT

5 year NIH-founded National Center for Biomedical Computing, started in September 2010.

CollaboratorsDevelopment Team

• Aziz Boxwala (Project management) • Joanne Barker (Health Communications)• Mona Wong (App Development)• Jeff Sale (App Development)• Elizabeth Johnstone (Literature review)

Advisors• Richard Schwab (MCC Biorepository)• Michael Caligiuri (HRPP chair)• Scott Vandenberg (Director, Tissue Repository)• Michael Kalichman (Director, Center for Ethics)• Angela McMahill (Research Compliance Officer)

QUESTIONS?

MATERIAL FOR THOUGHT…• Permission Ontology available at NCBO Bioportal: http://bioportal.bioontology.org/

• M. A. Grando, R. Schwab, A. Boxwala, N. Alipanah, ”Ontological approach for the management of informed consent permissions“ (2012), accepted for 2nd IEEE Conference on Healthcare informatics, Imaging, and Systems Biology, September 27-28, UCSD, San Diego.

To appear. Available on request.