To Protect and Validate:
Use of Clinical Data for Simulation
Stephanie H. Hoelscher MSN, RN, CHISP/Texas Tech University Health Sciences Center Justin Fair MBA, CPHIMS/University Medical Center
Conflict of Interest
Stephanie H. Hoelscher MSN, RN, CHISP
Justin Fair MBA, CPHIMS
Agenda
• Objectives • Purpose • Background • Domain Build • Data Points • Technical Strategy • Validation• Obstacles and Recommendations • Conclusion
Learning Objectives
Analyze the process used to devise
the data points for de-identification
of PHI in the new domain
Explain the Safe Harbor process of
de-identification, as outlined by the
Office for Civil Rights (OCR)
Describe the obstacles encountered
during the validation process
http://www.himss.org/ValueSuite
Introduction of Value of Health STEPS
Electronic Secure Data
By integrating a real EHR into the scenarios, the students will benefit from evidenced based clinical data and support tools.
Purpose
The purpose is to outline an effective
method to de-identify protected health
information (PHI) and then validate the
efficacy of the process when creating a
new electronic health record (EHR)
Background – The Reason
•Why are we doing this?
Simulation centers can be used for the purposes of teaching electronic documentation to current as well as future nurses, doctors, and other healthcare professionals
Simulation centers are currently used in most teaching facilities nationwide
With the implementation of EHR the need to ensure students can not only care for patients clinically, but document care, is vitally important
Background – The Team
•An inter-professional research team worked together to strategize
the best ways to hide PHI as well as staff and provider data
•The Team…
Texas Tech University Health Sciences Center F. Marie Hall Sim
Life
Center
Texas Tech University Health Sciences Center School of Nursing
University Medical Center Clinical Informatics (UMC)
Texas Tech University Health Sciences Center School of Medicine
Cerner Corporation
Background – Core Group
Core Group
Dr. Susan McBride – PI
Dr. Sharon Decker
Dr. Laura Thomas
Dr. Alyce Ashcraft
Jeff Watson
Shelley Burson
Matthew Pierce
Steph Hoelscher
Background – The Plan
•Clinical data from a large inpatient facility in Texas
was used to populate a new EHR domain for the
purposes of training healthcare professionals
•
Domain Roadmap…
Construction of new domain (hardware, application, database) Upload of selected patient clinical data
Validation of functionality and presence of patient data Scramble event to de-identify the data
Development of Query
•
Potential Scenario Selection Criteria - Urosepsis
Diagnosis of urosepsis Adult, 60 years or older Female
Patient not expired at time of query
•
What was actually provided?
All sepsis patients with ICD-9 code 995.91 Adult, 60 years or older
Female and male
Patient not expired at time of query Inpatient visit
Process Definitions
•Verbiage for validation:
High level (validation/unit testing)
Viewing or testing the basics of the domain A brief scan through the domain
Test functionality – did we break anything? Test for presence or absence of PHI
Deep dive (validation/integration testing)
Testing EVERYTHING as thoroughly as possible
Search or test every note, folder, form, etc… Validation of clinical workflow
Technical Strategy
•
Safe Harbor
method of data de-identification
(OCR,
2012)
•This method lists 18 specific data points recommended for
de-identification of protected health information
•Examples include:
Names
Telephone and fax numbers Social security number
Medical record numbers
Biometric identifiers, including finger and voice prints Full-face photographs and comparable images
Technical Strategy
Technical Strategy
•The main de-identification tool used was a data scrambling toolkit
•Created for the purposes of de-identifying or re-identifying patient data in a training-type domain (Cerner, 2008)
Method = scrambling tool via “obfuscation”
This obliterates the data so that is no longer readable
Obfuscation is a mapping method, common data encryption tool
Character mapping with scripting
Keeps uppercase, lowercase, and numbers intact Does not scramble characters
Technical Strategy
“I walked 11 miles today” would translate into “O vqsatr 55 dostl zgrqn”
Validation Strategy
•A basic validation strategy for using clinical de-identified
data…
To determine the “at-risk” data points
This includes the list of institutional, as well as national
requirements for the de-identification of patient data (OCR,
2012)
To measure the success of de-identification, the data to be
validated needs to be established prior to de-identification
Success!
Challenges for Validation
Limited literature with solutions
Ethical considerations
IRB submission
Faculty and staff HIPAA compliance
Scrambling tool limited in capabilities
Due to free text, manual validation was mandatory Scripting required to encompass free text entries
Request for provider and staff de-identification, as well as patient
PHI
Recommendations
You have to have the right team, practice partners, vendors…
Make sure to include your executives in your academic partnership
with the inter-professional team
Governance and oversight Executive champions
Get your providers involved, they can be invaluable
Students are interested in having an EHR in their learning
experience (Sherrill & Breed, 2008)
Thoroughly map out your process in advance
Recommendations
Limit the number of cases to validate
5 cases is much easier than 100
Depending on the size of your facility, there may be limited
personnel with the necessary skill set to accomplish the tasks
Part of the goal is to develop ways to offset this load Regardless of the size of your facility, you can do this!!!
Obstacles will arise, these may delay your progress
Leaders need to be attentive to delays, but don’t let them discourage you!
Communicate effectively
Be flexible with issues that are not foreseen or could not be avoided
Conclusion
The process is repetitive, but worth it
We continue to validate and develop new, expanded scripting with our vendors Goal = make it PERFECT!
An inter-professional team really works Well organized meeting schedule
Good buy-in from executives, faculty, and providers Research and development continues
More scenarios Stay tuned!
Manuscript hopefully coming this spring
http://www.himss.org/ValueSuite
Summary of Value of Health STEPS
Electronic Secure Data
By developing ways to effectively de-identify PHI, we will be able to use true clinical data for education
Questions
Stephanie H. Hoelscher MSN, RN, CHISP
@xannthippe
Justin Fair MBA, CPHIMS
References
Cerner Corporation. (2008). Data masking & management of test databases: A database scrambler white paper [PDF]. Retrieved from http://www.cerner.com/solutions/White_Papers/
Matney, S., Brewster, P.J., Sward, K.A., Cloyes, K.G., & Staggers, N. (2011). Philosophical approaches to the nursing informatics data-information-knowledge-wisdom framework. Advances in Nursing Science, 34(1), 6-18
Milano, C. E., Hardman, J. A., Plesiu, A., Rdesinski, R. E., & Biagioli, F. E. (2014). Simulated electronic health record (sim-ehr) curriculum: Teaching EHR skills and use of the EHR for disease management and prevention. Academic Medicine, 89(3), 399-403. Retrieved from http://ovidsp.tx.ovid.com.ezproxy.ttuhsc.edu
Office of Civil Rights (OCR). (2012). Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Retrieved from
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/hhs_deid_guidance.pdf
Sherrill, K., & Breed, D. (2008). Three partnerships to teach nurses about electronic documentation and the EHR [PowerPoint
slides]. Retrieved from http://www.thetigerinitiative.org/docs/partnershipstoteach nurse show touseelectronichealthrecords.pdf Tappen, R.M. (2011). Advanced Nursing Research: From Theory to Practice. Sudbury, MA: Jones & Bartlett Learning
