Legal and Ethical Architecture for Patient Centered Outcomes Research Data

The HHS Office of the National Coordinator for Health Information Technology (ONC) released a legal and ethical framework and architecture for patient-centered outcomes research (PCOR) and comparative effectiveness research (CER).

The architecture was designed by a team from the Department of Health Policy and Management at the George Washington University Milken Institute School of Public Health including Associate Professor Jane Hyatt Thorpe, Associate Research Professor Lara Cartwright-Smith, Research Scientist Elizabeth Gray, and Senior Research Assistant Marie Mongeon to support researchers and other stakeholders access and use health information for PCOR and CER. 

As they explain in the report, the field of health-related research including PCOR and CER, is expanding at a time when the American healthcare system is experiencing an information revolution. We are rapidly approaching an age in which all patient records and related information will be maintained and accessed electronically. Volumes of data on a scale only recently imaginable are passing between individuals and institutions and are used in ways we could not predict. This “data revolution” is occurring as the U.S. healthcare delivery system undergoes a major transformation to become a more robust, evidence-based endeavor that is highly reliant on healthcare data for purposes ranging from real-time care delivery and coordination to research.

At the same time, access to, use of, and release of health information, particularly individually identifiable health information, is highly regulated at both the federal and state levels. Now more than ever, the law places real as well as perceived barriers and burdens on the collection and use of health information. Important privacy and security issues arise in relation to the use of health information for research, new payment and care delivery structures, and new expectations for patient safety, high quality care, and patient engagement in their own healthcare.

Crucial to PCOR-related efforts is an infrastructure that ensures all parties understand the applicable legal requirements and ethical considerations when an individual’s data is accessed or used for PCOR. The incorporation of patient-level data into PCOR requires balancing both the need for sufficient information granularity to allow for meaningful research protocols and conclusions with the heightened need to protect patient privacy. An architecture is necessary to ensure patient privacy is protected and health information is appropriately secured during collection, access, use, and disclosure as required by law, regulation, and/or policy. In addition, use of an architecture supports a culture of trust that promotes ongoing patient participation in all forms of research-related data collection, including clinical trials, survey data collection, and re-use of routinely collected data.

The architecture that the GW team created is designed as a resource for a variety of stakeholders, particularly researchers who are navigating legal requirements in the design and execution of research, but also individuals at organizations where research is conducted, such as IRB staff and privacy and compliance officers, legal counsel, health policy researchers, advocates, policymakers, research participants, and those who create or collect data that may be used in research.

Access the Legal and Ethical Architecture for PCOR Data here