One thing’s certain – the vast and growing supply of data contained in electronic medical records systems will play a significant role in improving the speed and efficiency of research into new treatments in the years to come. The challenge will be striking an appropriate balance between the unquestionable promise of this data to enable research – research that will enhance available treatments and save lives – with the rights of individual patients in the privacy of their health information. Attempts to strike that balance are at the heart of current legislative, regulatory and policy initiatives that will shape the manner and extent to which this valuable resource will be used in the future.
Included in the 21st Century Cures legislation that passed the House on Friday, July 10, 2015 are changes to HIPAA intended to expand access to patient health records for research purposes. Specifically, subject to certain requirements, the changes permit use and disclosure of PHI by covered entities for research purposes and remove the prohibition on remote access by a researcher to PHI. In addition, the long-anticipated proposed revisions to the Common Rule, pending with OMB, are expected to significantly alter the consent and IRB review requirements for many research activities, particularly for EMR-based research. For instance, the Advance Notice of Proposed Rulemaking sought comments on proposals to increase data privacy and security requirements for research data, while at the same time reducing informed consent requirements and IRB oversight of research using existing data or biospecimens.
The latest piece of the puzzle came in the form Proposed Privacy and Trust Principles for the Precision Medicine Initiative released by the White House on Thursday, July 8, 2015. The Precision Medicine Initiative, first introduced in President Obama’s State of the Union Address and supported by $215 million in funding to NIH, NCI, FDA and ONC, aims to establish a voluntary national research cohort made up of at least one million individuals who agree to contribute data from a range of sources, which may include access to medical records, analysis of biospecimens, environmental and lifestyle data, patient-generated information, and personal device and sensor data. This data will be aggregated and made available to qualified researchers, including those from academic, non-profit and for-profit entities.