sion. The committee believes that this approach serves to protect patient privacy well in similarly controlled settings while allowing care providers easy and immediate access to vital information, but it probably would not scale well to larger units.

Policies on Research Uses of Health Information

Organizations (especially those linked to either a medical school or a medical research program) must also develop policies to guide researchers in procedures for maintaining patient privacy while using health information. These policies should contain a clearly formulated statement that defines "intended use" and defines identifiable versus aggregate data access. Procedures for removing identifying factors need to be clearly specified for both the paper and the electronic medical record and for record abstracts or audit material. The standard (and generally acceptable) pathway for review of requests for research access to medical record information is through an organization's institutional review board (IRB), whose members evaluate the potential for patient risk as a result of granting access (Box 5.2). Sites visited by committee members had experienced no instances of researcher abuse of confidentiality policies, and their IRB mechanisms seemed to function well to reduce such risk.8

Policies with regard to institutional review boards also may include procedures on how to obtain IRB approval, a clearly specified statement of IRB function and protocols, and lists of its regularly scheduled meetings and reviews. One site visited by committee members had a particularly well-developed process that required researchers from outside the organization to seek collaborative relationships with staff physicians and obtain approval for an appointment as a visiting scientist before applying for access to the organization's patient health information. This site would not allow external researchers to copy records in any form for their own use; paper records needed to be audited or read on-site. Visiting scientists were allowed only copies of aggregate datasets with all identifiers removed, and then only with the approval and knowledge of their collaborating on-site researchers. The information system was defined formally as an organizational resource to be carefully guarded and preserved; outsiders were allowed access only if they agreed to apply for, and could achieve, internal legitimization.9 Staff from this site routinely


Of note is the fact that a great deal of internal research activity is not reviewed by an IRB or any other oversight committee. Such studies include reviews of quality of care, surgical outcomes, and resource utilization. It is not clear the extent to which identified patient information is necessary for this research, but because the studies do not relate directly to patient care, there arise issues of confidentiality in the use of patient information.


Establishing a formal affiliation between a researcher and the organizational owner of patient information better enables an IRB or other specified group to monitor compliance with the originally approved research protocol.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement