Security and privacy requirements for a multi-institutional cancer research data grid: an interview-based study

<p>Abstract</p> <p>Background</p> <p>Data protection is important for all information systems that deal with human-subjects data. Grid-based systems – such as the cancer Biomedical Informatics Grid (caBIG) – seek to develop new mechanisms to facilitate real-time federation of cancer-relevant data sources, including sources protected under a variety of regulatory laws, such as HIPAA and 21CFR11. These systems embody new models for data sharing, and hence pose new challenges to the regulatory community, and to those who would develop or adopt them. These challenges must be understood by both systems developers and system adopters. In this paper, we describe our work collecting policy statements, expectations, and requirements from regulatory decision makers at academic cancer centers in the United States. We use these statements to examine fundamental assumptions regarding data sharing using data federations and grid computing.</p> <p>Methods</p> <p>An interview-based study of key stakeholders from a sample of US cancer centers. Interviews were structured, and used an instrument that was developed for the purpose of this study. The instrument included a set of problem scenarios – difficult policy situations that were derived during a full-day discussion of potentially problematic issues by a set of project participants with diverse expertise. Each problem scenario included a set of open-ended questions that were designed to elucidate stakeholder opinions and concerns. Interviews were transcribed verbatim and used for both qualitative and quantitative analysis. For quantitative analysis, data was aggregated at the individual or institutional unit of analysis, depending on the specific interview question.</p> <p>Results</p> <p>Thirty-one (31) individuals at six cancer centers were contacted to participate. Twenty-four out of thirty-one (24/31) individuals responded to our request- yielding a total response rate of 77%. Respondents included IRB directors and policy-makers, privacy and security officers, directors of offices of research, information security officers and university legal counsel. Nineteen total interviews were conducted over a period of 16 weeks. Respondents provided answers for all four scenarios (a total of 87 questions). Results were grouped by broad themes, including among others: governance, legal and financial issues, partnership agreements, de-identification, institutional technical infrastructure for security and privacy protection, training, risk management, auditing, IRB issues, and patient/subject consent.</p> <p>Conclusion</p> <p>The findings suggest that with additional work, large scale federated sharing of data within a regulated environment is possible. A key challenge is developing suitable models for authentication and authorization practices within a federated environment. Authentication – the recognition and validation of a person's identity – is in fact a global property of such systems, while authorization – the permission to access data or resources – mimics data sharing agreements in being best served at a local level. Nine specific recommendations result from the work and are discussed in detail. These include: (1) the necessity to construct separate legal or corporate entities for governance of federated sharing initiatives on this scale; (2) consensus on the treatment of foreign and commercial partnerships; (3) the development of risk models and risk management processes; (4) development of technical infrastructure to support the credentialing process associated with research including human subjects; (5) exploring the feasibility of developing large-scale, federated honest broker approaches; (6) the development of suitable, federated identity provisioning processes to support federated authentication and authorization; (7) community development of requisite HIPAA and research ethics training modules by federation members; (8) the recognition of the need for central auditing requirements and authority, and; (9) use of two-protocol data exchange models where possible in the federation.</p

Roadmap to a Comprehensive Clinical Data Warehouse for Precision Medicine Applications in Oncology

Leading institutions throughout the country have established Precision Medicine programs to support personalized treatment of patients. A cornerstone for these programs is the establishment of enterprise-wide Clinical Data Warehouses. Working shoulder-to-shoulder, a team of physicians, systems biologists, engineers, and scientists at Rutgers Cancer Institute of New Jersey have designed, developed, and implemented the Warehouse with information originating from data sources, including Electronic Medical Records, Clinical Trial Management Systems, Tumor Registries, Biospecimen Repositories, Radiology and Pathology archives, and Next Generation Sequencing services. Innovative solutions were implemented to detect and extract unstructured clinical information that was embedded in paper/text documents, including synoptic pathology reports. Supporting important precision medicine use cases, the growing Warehouse enables physicians to systematically mine and review the molecular, genomic, image-based, and correlated clinical information of patient tumors individually or as part of large cohorts to identify changes and patterns that may influence treatment decisions and potential outcomes

Privacy Governance for Institutional Trust (Or Are Privacy Violations Akin to Insider Trading?)

Currently, we frame individuals online as in a series of exchanges with specific firms, and privacy, accordingly, is governed to ensure trust within those relationships. However, the focus on the relationship between consumers and specific firms does not capture how the online environment behaves. The aggregation and secondary use of consumer data is performed by market actors behind the scenes without any relationship with consumers. Trusting a single firm is not enough; individuals must trust the online market in general. Such institutional trust has gone under-examined in regards to privacy online. Little has been done to measure how aggregating and using consumer data supports a larger online market and impacts institutional trust online. This paper explores how privacy governance should also be framed as protecting a larger market to ensure consumers trust being online. In a series of studies, I empirically examine (a) how typical secondary uses are judged along a generalized (for the good of the market) versus reciprocal (for the good of the consumer) exchange and impact institutional and consumer trust, and (b) whether governance mechanisms (limitations on the use of data such as adequate notice, auditing, non-identifiable information, limited storage, etc.) increase consumer trust in companies. I find: Respondents find secondary uses of consumer data more appropriate if judged more within a generalized exchange (academic research) or within a reciprocal exchange (product search results) or both (credit security). However, most secondary uses of data are deemed privacy violations and decrease institutional trust online. Using privacy notices is the least effective governance mechanism of those included here whereas being subject to an audit was as effective as using anonymized data in improving consumer trust. Institutional trust online impacts a consumer’s willingness to engage with a specific online partner in a trust game experiment. The findings have implications for public policy and practice. Secondary uses of information online need not only be justified in a simple quid-pro-quo exchange with the consumer but could also be justified as appropriate for the online context within a generalized exchange. However, the majority of secondary uses currently popular cannot be justified as within either a general exchange or a reciprocal exchange and are judged inappropriate, violations of privacy, and decrease both interpersonal and institutional trust. Second, if privacy violations hurt not only interpersonal consumer trust in a firm but also institutional trust online, then privacy would be governed similar to insider trading, fraud, or bribery—to protect the integrity of the market. Punishment for privacy violations would be set to ensure bad behavior is curtailed and institutional trust is maintained rather than to remediate a specific harm to an individual

The Assessment of Technology Adoption Interventions and Outcome Achievement Related to the Use of a Clinical Research Data Warehouse

Introduction: While funding for research has declined since 2004, the need for rapid, innovative, and lifesaving clinical and translational research has never been greater due to the rise in chronic health conditions, which have resulted in lower life expectancy and higher rates of mortality and adverse outcomes. Finding effective diagnostic and treatment methods to address the complex challenges in individual and population health will require a team science approach, creating the need for multidisciplinary collaboration among practitioners and researchers. To address this need, the National Institutes of Health (NIH) created the Clinical and Translational Science Awards (CTSA) program. The CTSA program distributes funds to a national network of medical research institutions, known as “hubs,” that work together to improve the translational research process. With this funding, each hub is required to achieve specific goals to support clinical and translational research teams by providing a variety of services, including cutting edge use of informatics technologies. As a result, the majority of CTSA recipients have implemented and maintain data warehouses, which combine disparate data types from a range of clinical and administrative sources, include data from multiple institutions, and support a variety of workflows. These data warehouses provide comprehensive sets of data that extend beyond the contents of a single EHR system and provide more valuable information for translational research. Although significant research has been conducted related to this technology, gaps exist regarding research team adoption of data warehouses. As a result, more information is needed to understand how data warehouses are adopted and what outcomes are achieved when using them. Specifically, this study focuses on three gaps: research team awareness of data warehouses, the outcomes of data warehouse training for research teams, and how to measure objectively outcomes achieved after training. By assessing and measuring data warehouse use, this study aims to provide a greater understanding of data warehouse adoption and the outcomes achieved. With this understanding, the most effective and efficient development, implementation, and maintenance strategies can be used to increase the return on investment for these resource-intensive technologies. In addition, technologies can be better designed to ensure they are meeting the needs of clinical and translational science in the 21st century and beyond. Methods: During the study period, presentations were held to raise awareness of data warehouse technology. In addition, training sessions were provided that focused on the use of data warehouses for research projects. To assess the impact of the presentations and training sessions, pre- and post-assessments gauged knowledge and likelihood to use the technology. As objective measurements, the number of data warehouse access and training requests were obtained, and audit trails were reviewed to assess trainee activities within the data warehouse. Finally, trainees completed a 30-day post-training assessment to provide information about barriers and benefits of the technology. Results: Key study findings suggest that the awareness presentations and training were successful in increasing research team knowledge of data warehouses and likelihood to use this technology, but did not result in a subsequent increase in access or training requests within the study period. In addition, 24% of trainees completed the associated data warehouse activities to achieve their intended outcomes within 30 days of training. The time needed for adopting the technology, the ease of use of data warehouses, the types of support available, and the data available within the data warehouse may all be factors influencing this completion rate. Conclusion: The key finding of this study is that data warehouse awareness presentations and training sessions are insufficient to result in research team adoption of the technology within a three-month study period. Several important implications can be drawn from this finding. First, the timeline for technology adoption requires further investigation, although it is likely longer than 90 days. Future assessments of technology adoption should include an individual’s timeline for pursuing the use of that technology. Second, this study provided a definition for outcome achievement, which was completion o

THE METABOLOMIC EFFECTS OF METFORMIN ON COLON CANCER

Metformin is an oral biguanide that is prescribed to over 120 million people worldwide for the treatment of conditions including type II diabetes mellitus, polycystic ovarian syndrome, and gestational diabetes. This hypoglycemic agent is rapidly emerging as a potential cost-effective anti-oncogenic agent. Over the past decade multiple epidemiologic studies have consistently associated metformin with decreased cancer incidence and cancer-related mortality. More recently numerous preclinical and clinical studies have demonstrated anti-cancer effects of metformin, leading to the proposal of numerous clinical trials to better understand this drug and its mechanism of action. Previously experts believed metformin primarily targeted AMP-activated protein kinase (AMPK), a crucial cellular energy sensor, but more recent data suggest the impact of metformin has a multi-faceted impact on various metabolic pathways. Current understanding of the potential anti-cancer effects of metformin raises the intriguing possibility of a duality of action, suggesting that metformin has the ability to act directly on a tumor while also indirectly lowering insulin levels in the host. This complexity creates challenges in determining the true impact of this drug in the clinical and translational setting. Despite an increase in investment, only one in every 10 new molecular therapeutic agents that enters clinical development receives approval from the Food and Drug Administration. This warrants a demand for better designed clinical trials with more elegant and robust analyses of relevant primary endpoints to determine which targeted therapies are cost-effective, and more importantly which agents will provide the best care for our patients. Stable isotope resolved metabolomics (SIRM) is a powerful tool capable of robust analyses that can address these questions. Using these capabilities we have determined that metformin does significantly impact cellular metabolism by shifting colon cancer cells into glycolytic overdrive, ultimately leading to decreased proliferation and protein synthesis in cancer cells. This study contributes to the literature and implores that we continue to elucidate the full potential of this drug, especially in the setting of personalized medicine where select patients may receive maximal benefit from this agent