The rollout of Epic Electronic Medical Record (EMR) system in 2018 and its continuing maturity, along with data from legacy clinical systems present an opportunity to researchers who wish to utilize health and clinical data in their research. These systems contain a wealth of data that can be harnessed to create new lines of research, increase our knowledge of disease mechanisms, and stimulate discoveries and new therapies.
AITS is leading a multidisciplinary team to investigate these possibilities and create a roadmap for harnessing the full potential of these systems (see Capabilities and Potential Uses below). The team includes representatives from the Epic Team, Clinical Research Center, Office of Healthcare Compliance and Privacy, School of Medicine Scholarship & Discovery, and IT Security.
As an initial step, the planning team investigated, delineated, and introduced enhancements to the process for requesting and obtaining structured and unstructured data from Epic and legacy clinical systems as shown in this flow diagram. The path to follow for the request depends on the intended use of the data:
A. Non-research Use
To obtain EMR data for projects considered Continuous Process and Quality Improvement, Clinical/Revenue Cycle Operations, or to request a list of patients with specific characteristics, investigators should complete the ADS (form | instructions). A similar path may be followed for such non-research requests by calling the IT Service Desk (860-670-4400).
B. Research Uses
- Submit application to the Institutional Review Board (IRB) for review and approval.
- Complete the ADS (form | instructions) and attach the IRB approval letter or the Human Subjects Research Determination form. Please be as specific as possible for the data you are requesting. Refer to this guide for the most commonly data elements.
- The ADS request is then reviewed by the Privacy Office and the Epic Cogito Team. The review team might contact the requestors for questions and clarifications.
- Upon approval of the ADS request, the dataset is provided to the requestor. Please note that the dataset is furnished to the PI as the ultimate authority responsible for safeguarding the data.
- If the request is made for clinical notes or other unstructured data requiring direct access to Epic for data extraction, internal conversations among the Privacy Office, Epic Cogito Team and the requestor take place before access can be granted. If approved, the Cogito Team provides a list of Medical Record Numbers (MRNs) that the requestor is limited to reviewing.
Capabilities for Using Epic in Biomedical Research
Epic offers a number of capabilities to aid biomedical research. Below is a summary, but please refer to this Guide for detailed information. Also, please note that some of these capabilities are not currently available at UConn Health. Our goal is to design and implement a strategy to facilitate access to these capabilities.
(1) De-identified and Limited Data Set Data Warehouse. Removing the eighteen (18) explicit identifiers of the individual such as name, address, and contact information renders the dataset as de-identified and exempt from HIPAA regulations (Safe Harbor Rule of HIPAA [45 CFR 164.514(b)].
The availability of de-identified data alleviates the need of the research team to obtain HIPAA Waivers for retrospective chart reviews, thereby reducing administrative burden and improving efficiency. In addition, de-identified data can serve as a key resource of information for ensuring the presence of adequate number of cases/patients for potential recruitment and enrollment in future studies, thereby enhancing grant’s chances of funding and success of the research study.
Although appropriate in some applications - such as those mentioned above -, de-identified data are inadequate for other applications. For example, removing identifiers may render the remaining data less useful to research as key data elements (such as zip codes and dates) essential to study recruitment efforts and predictive modeling are destroyed. To address this drawback, limited data sets are used. A limited dataset is protected health information (PHI) from which certain identifiers of the individual are removed but may contain dates and certain geographic information associated with an individual, particularly
Epic provides access to de-identified data through Coboodle Healthcare Data Warehouse and a visualization/reporting tool – called SlicerDicer – that enables researchers to create on-demand self-service reports without writing computer code (such as Structured Query Language, aka SQL) or submitting a request.
(2) Point of Care Recruitment. As Epic matures, it will have a very large number of patients who could become potential recruits in research studies. Epic facilitates recruitment by automatically sending out MyChart recruitment requests to a cohort of patients. This will greatly reduce the administrative burden and tedious work involved in recruiting for research studies.
(3) Research Electronic Data Capture During Routine Clinical Care. Currently, a limited number of research studies are built directly in Epic for data capture and storage.
(1) FDA and HIPAA Compliant System. Health informatics research by virtue of its nature requires a higher level of data security and protection of participant privacy because it involves a greater level of FDA and HIPAA sanctioned data (PHI, PII, and other forms of confidential data). These protections can be guaranteed in a 21 CFR Part 11 compliant system. Making such a system available presents UCH with an opportunity to secure more extramural funding for pharmaceutical clinical trials and other studies requiring HIPAA and Part 11 compliance.
(2) Global Multi-Organization Data Warehouse
Epic offers COSMOS, a global data warehouse containing data from hundreds of orgaizations and hundreds of millions of patients. Read more about COSMOS Executive Summary and Overview. The UConn Health Epic system does not have this capability at this time, but we hope to add it on our roadmap.