The rollout of Epic Electronic Medical Record (EMR) system in 2018 and its continuing maturity, along with data from legacy clinical systems present an opportunity to researchers who wish to utilize health and clinical data in their research. These systems contain a wealth of data that can be harnessed to create new lines of research, increase our knowledge of disease mechanisms, and stimulate discoveries and new therapies.
AITS is leading a multidisciplinary team to investigate these possibilities and create a roadmap for harnessing the full potential of these systems (see Capabilities and Potential Uses below). The team includes representatives from the Epic Team, Clinical Research Center, Office of Healthcare Compliance and Privacy, School of Medicine Scholarship & Discovery, and IT Security.
As an initial step, the planning team investigated, delineated, and introduced enhancements to the process for requesting and obtaining structured and unstructured data from Epic and legacy clinical systems as shown in this flow diagram. The path to follow for the request depends on the intended use of the data:
A. Non-research Use
To obtain EMR data for projects related to Treatment, Payment, Operations, investigators should call the IT Service Desk (860-679-4400). The ticket from the IT Service Desk will then be routed to the Cogito team for review, who will assign and provide the data to the investigator.
B. Research Uses
1. The Principal Investigator (PI) submits a research study protocol to the Institutional Review Board (IRB) for review and approval.
2. Following IRB approval, the PI submits a ticket to the IT Service Desk (860-679-4400) requesting the patient data approved by the IRB. The request must include the IRB-approved protocol or the Human Subjects Research Determination form and IRB Determination letter, as well as the ADS Request form (form | instructions). Please be as specific as possible for the data you are requesting. Refer to this guide for the most commonly requested data elements.
3. The IT Service Desk ticket is then routed to the Cogito Team for review. The Cogito Team determines that:
a) the request can be fulfilled with a data extract. The Cogito team extracts and sends the data extract directly to the PI. Or,
b) the request cannot be fulfilled with a data extract. The Cogito team then directs the PI to complete a UAR (User Account Request), which must be completed by the PI and routed to the PI's Department Chair for approval. To be granted access:
-
-
- The UAR must be approved.
- The research staff must complete the EMR Self–Training, UConn Health’s compliance, and privacy training.
- The research staff must sign the EHR Agreement.
-
4. Upon confirmation that the conditions above have been met, the UConn Health IT Security team will assign the appropriate role-based template to the research team member.
5. Research team member direct access for direct EMR access will require review at least once every six (6) months.
Capabilities for Using Epic in Biomedical Research
Epic offers a number of capabilities to aid biomedical research. Below is a summary.
(1) De-identified and Limited Data Set Data Warehouse. Removing the eighteen (18) explicit identifiers of the individual such as name, address, and contact information renders the dataset as de-identified and exempt from HIPAA regulations (Safe Harbor Rule of HIPAA [45 CFR 164.514(b)].
The availability of de-identified data alleviates the need of the research team to obtain HIPAA Waivers for retrospective chart reviews, thereby reducing administrative burden and improving efficiency. In addition, de-identified data can serve as a key resource of information for ensuring the presence of adequate number of cases/patients for potential recruitment and enrollment in future studies, thereby enhancing grant’s chances of funding and success of the research study.
Although appropriate in some applications - such as those mentioned above -, de-identified data are inadequate for other applications. For example, removing identifiers may render the remaining data less useful to research as key data elements (such as zip codes and dates) essential to study recruitment efforts and predictive modeling are destroyed. To address this drawback, limited data sets are used. A limited dataset is protected health information (PHI) from which certain identifiers of the individual are removed but may contain dates and certain geographic information associated with an individual, particularly
Epic provides access to de-identified data through Coboodle Healthcare Data Warehouse and a visualization/reporting tool – called SlicerDicer – that enables researchers to create on-demand self-service reports without writing computer code (such as Structured Query Language, aka SQL) or submitting a request.
(2) Point of Care Recruitment. As Epic matures, it will have a very large number of patients who could become potential recruits in research studies. Epic facilitates recruitment by automatically sending out MyChart recruitment requests to a cohort of patients. This will greatly reduce the administrative burden and tedious work involved in recruiting for research studies.
(3) Research Electronic Data Capture During Routine Clinical Care. Currently, a limited number of research studies are built directly in Epic for data capture and storage.
(4) Global Multi-Organization Data Warehouse
Epic offers COSMOS, a global data warehouse containing data from hundreds of organizations and hundreds of millions of patients. UConn Health went live with COSMOS in later 2022.
Planned Capabilities:
FDA and HIPAA Compliant System. Health informatics research by virtue of its nature requires a higher level of data security and protection of participant privacy because it involves a greater level of FDA and HIPAA sanctioned data (PHI, PII, and other forms of confidential data). These protections can be guaranteed in a 21 CFR Part 11 compliant system. Making such a system available presents UCH with an opportunity to secure more extramural funding for pharmaceutical clinical trials and other studies requiring HIPAA and Part 11 compliance.