Hacker News new | past | comments | ask | show | jobs | submit login

That's not what the blog post linked here says.



I didn't see anyplace in the blog post where they say how the data in the chart (that they couldn't use) was stored. Did I miss that part? Are we talking about the online chart that they used?

Just because they couldn't use the online (clinical) chart to store research data doesn't mean that the data that backs the clinical chart application is stored in any less secure way. There are very specific methods that are used to store PHI electronically. The fact that the clinicians (who needed access) could access it doesn't mean it wasn't stored securely -- they were supposed to have access to it.

In all clinical research there is a clear separation between clinical (as in, used for treatment) and research (as in, should never be used for treatment) data. When you try to hit that gray in-between area is when you start to have issues with IRBs. In particular, when you are both the treating physician and the researcher, you have to be particularly careful about keeping the two sides separate. There is no way anyone should be allowed to store research data in the clinical record -- even if the researchers otherwise have access to the clinical chart.

Also -- it should be mentioned that not all study data is automatically PHI. In fact, most of it shouldn't be. Once it's been de-identified, then the data isn't PHI any more and can be more freely used for research. This is why there is so much emphasis on the security for storing the "unblinding" documentation.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: