IRB Manual
      7.9 Use of the Computerized OMH Records for Research Purposes
   
The purpose of this policy is:

 
(1)   
to ensure that the confidentiality of patient data is protected when computerized records are used for research purposes;

 
(2)   
to ensure that appropriate approvals are given for the use of resources necessary to comply with the data request; and

 
(3)   
to ensure that the use of the data is consistent with OMH policies, and applicable laws and regulations.

   
This policy applies to all research requests for computerized data, regardless of whether the data to be provided includes information which can be used to identify individual patients. This policy does not apply to the use of computerized records for purposes directly related to the care and treatment of individual patients.

   
Identifiers include names, social security numbers, patient I.D. numbers through which data can be directly or indirectly linked to a particular person. Combinations of non-unique information may become identifiers particularly when small populations are involved. For example, date of birth, sex and diagnosis may identify a particular patient.

    Applicable Laws, Regulations etc.:

 
(1)   
Sections 33.13 and 33.16 of the Mental Hygiene Law (clinical records confidentiality, access to patient records)

 
(2)   
45 CFR 46 (Federal research regulations)

 
(3)   
Assurance of Compliance with Regulations for the Protection of Human Subjects (agreement between DMH and DHHS)

    Approvals:

    Five categories of approvals need to be obtained:
 
(1)   
(a) Consent of the patient, or
    (b)If the patient lacks capacity, consent of the patient's legally authorized representative, or
    (c) Waiver of consent.

 
(2)   
Approval of the study by an OMH IRB and, if appropriate, IRB approval of a waiver of consent.

 
(3)   
Facility Director

   
If the research involves records from a small number of facilities the investigator should obtain the approval of each Director for access to the records. If data pertaining to patients at several facilities is needed, the investigator can, instead, rely on the approval of the person who is the "responsible OMH official" in charge of the database.

 
(4)   
Responsible OMH Official

    (a) Approvals of the Director of each facility whose data will be used (a copy of the approval(s) must be sent to the responsible OMH official), or

    (b) Approval of the responsible OMH official. Note: This approval can not be used to override a disapproval of a facility Director.

    Following is a partial list of databases and their corresponding responsible OMH official.

DMHIS - Deputy Commissioner for Quality Assurance
Incident Reporting - Deputy Commissioner for Quality Assurance
Restraint and Seclusion - Deputy Commissioner for Quality Assurance
Pharmacon - Bureau of Health Services
Laboratory Data Bases - Bureau of Health Services
Level of Care - Director, Bureau of Evaluation and Services Research
Patient Characteristics - Director, Bureau of Evaluation and Services Research

 
(5)   
Person authorized to approve use of staff time and resources needed to fill data request.

   

All personnel who work on computerized databases to generate reports for research purposes will be required to sign a confidentiality statement. A copy is attached.


    OMH Guidelines for IRB's when Reviewing Requests for Information from Computerized Databases

   
When reviewing a request to access computerized patient records, e.g.. DMHIS, Pharmacon, the IRB must ensure that these records are afforded the same high level of confidentiality that is required for information contained in patient charts.

Access to computerized records for research purposes may only be given with the approval of the IRB and the consent of the patient, or the patient's legally authorized representative. However, consent may be waived by the IRB and approved by the Commissioner* if all of the following conditions have been met:

*The consent of the Commissioner (given by the Commissioner's designee) is obtained as part of the routine RFMH approval process.

 
(1)   

the research involves no more than minimal risk to the patients;

 
(2)   
the waiver will not adversely affect the rights or welfare of the patients
 
(3)   

the research could not practicably be carried out without the waiver;

 
(4)   
whenever appropriate, the patients will be provided with additional pertinent information after participation;
 
(5)   
the research is proposed by a qualified researcher who certifies to the IRB that information which tends to identify a patient will not be disclosed.

    The investigator should address the following issues in the request to the IRB for approval of the study to allow the IRB to adequately address confidentiality:

 
(1)   
Who will be accessing the data - the investigator, another member of the research team, computer center personnel etc.? Appropriate signed confidentiality agreements should be provided. (Samples are attached).

 
(2)   
What is the research question that the data will address? Is the data request limited to the data necessary to address these issues?

 
(3)   
What data is being requested? Specify the variables to be provided. Are any identifiers included, e.g.. name, social security number, patient I.D., or combinations of variables which could identify a patient, such as date of birth and ward? Is any of the information being collected of a sensitive nature, e.g.. drugs used to treat patients with HIV related conditions. Access to such information must be justified.

 
(4)   
How will the data be used? For example: to identify potential subjects for a research project; to examine prevalence of a specific condition.

   
The way in which the data will be used often raises confidentiality issues that require special consideration. For example, if patient contact is to be made based on information in the data base, special consideration must be given to protecting the confidentiality of the patient. (Initial contact by an OMH employee, script of telephone and written communication that does not reveal to others the fact that the subject has received services from OMH etc).

 
(5)   
If identifiable information is required to address the research question the investigator must describe to the IRB the procedures that will protect the confidentiality of the data in all formats (hard copy, floppy disks, computer data files). This should include:

Can data be encoded using study I.D.'s in place of personal identifiers and cross-referencing cases to a master list?

Is there a point during the study, or at the completion of the study, when identifiers can be deleted? If identifiers must be retained, continuing IRB approval and oversight of the study is required until the identifiers are destroyed.

    Optional:

   

If your IRB anticipates that requests for data from computerized databases will routinely be made for data that does not include identifiers, you may wish to consider developing an IRB approved "master protocol" for such requests. A sample is attached. The purpose of this "master protocol" would be to allow rapid access to data by qualified researchers to encourage research use of OMH databases. The master protocol would be approved by the IRB, facility director, RFMH, Commissioner's Designee and the OMH officials responsible for the databases.

When an investigator has a research data request which falls within the approved master protocol he/she should provide the IRB with:

* a copy of the master protocol amendment which has had the project specific information added and has been signed by the principal investigator, and

* a signed "Researcher Agreement to Maintain the Confidentiality of Patient Data".

This documentation will constitute a "minor amendment to an approved protocol" and can be approved via an expedited review by a single member of the IRB designated by the Chairperson. Consistent with OMH policy, the project may commence when the amendment has been approved by the institute/facility director and the IRB and a copy of the approved amendment has been sent to RFMH and to the OMH official responsible for each database.

Both the master protocol and any research projects conducted as amendments to the master protocol are subject to ongoing review by the IRB. Reviews will be conducted at intervals of no more than one year.

When the master protocol is used, computer personnel filling data requests should be provided with a copy of the completed master protocol amendment, which includes the project specific information, and has been signed by the institute/facility director and a member of the IRB to certify approval by expedited review.

     
   


2000 Research Foundation for Mental Hygiene, Inc. All Rights Reserved.
Terms under which this service is provided to you. Read our privacy guidelines