An alternative approach based on the same idea, Platt indicated, is to let a user log onto a remote system and do the analyses. The user needs to be able to access the system through a firewall, which many organizations are hesitant to permit. Other protections can be built into the system as well, such as a mechanism for determining whether the research has oversight by an IRB. A steering committee or IRB could be involved in reviewing and approving queries. Network management could provide for auditing, authentication, authorization, scheduling, permissions, and other functions. Local controls at the source of the data could monitor what kind of question is being asked, who is asking the question, and whether the question is worth answering.
A logical extension of such a system would be a multisite system in which research data from several different organizations are behind several different firewalls (see Figure 4-2). According to Platt, a single question could be distributed to multiple sites and the responses compiled to produce an answer. Source data, such as information from electronic health records, could flow into research systems through firewalls. The result would be a system in which remote investigators can gain the information they need to answer a question while data are protected.
Platt described a system developed by his group that implements this concept. The system, called Mini-Sentinel, is being used by FDA to do postmarket medical product safety surveillance. It has a distributed database with data on more than 125 million people, 3 billion instances of drug
FIGURE 4-2 Distributed networks can facilitate working remotely with research datasets derived from routinely collected electronic health information, often eliminating the need to transfer sensitive data.
SOURCE: Platt, 2012. Presentation at IOM Workshop on Sharing Clinical Research Data.