The PEDSnet data network takes a number of steps to limit risks to privacy.
Consistent with our Privacy Principles, PEDSnet has taken a number of steps when creating the data network to minimize the risk if anyone's data being misused or made public, or of their privacy being put at risk. Here are several key decisions we've made:
- PEDSnet data, whether at member sites or at the DCC, is stored on computers that are outfitted and maintained to be secure from unwanted access; these systems are integrated into the same security mechanisms that the hospitals use to protect patients' medical data. Similarly, datasets that contain individual information are transferred between PEDSnet sites, or between PEDSnet and PCORnet, only using secure file transfer systems.
- The PEDSnet core data resource is constructed as what's called a limited dataset. That means that data available to respond to standard queries or for researchers contains dates, since it's important to know how old a child is for many clinical questions, and approximate locations, so researchers can get area-level information about the environment. But it doesn't contain things like names, addresses, phone numbers, or medical record numbers. The link between the PEDSnet core data and these individual identifiers stays with the hospital that took care of you, and if a researcher wants to get additional information – for example, to ask you if you want to be part of a study – that request goes back to each PEDSnet member. This way, the chance that information that allows you to be identified would be accidentally released if there were a database or query failure is limited.
- Another way to limit the chance that an individual can be recognized is to combine data for many people and only report counts of things (patients, prescriptions, tests, etc.). This is how the PEDSnet DCC and the PCORnet CC try to frame as many data requests as possible; some studies can be entirely designed and executed using only this level of data.
Minimum Necessary Data
- When someone requests data from PEDSnet, the DCC commits to providing only the information necessary to answer the research question, rather than releasing all the information we hold about people involved in the study.
- Before any detailed data are released for a study, PEDSnet requires that the study plan be reviewed and approved to insure that it's feasible, makes sense, and answers a question that's relevant to families in PEDSnet.
- Access to individual data, or to small collections of data, is permitted only to users who have permission from PEDSnet principal investigators to access the data network. Each time a person accesses the network, they need to identify themselves, and a record of access is kept.
In addition to these concrete steps, the PEDSnet Data Coordinating Center and each member site operate under the guidance of their Institutional Review Board, which is charged with protecting the safety and privacy of patients and families that participate in research. Members of these IRBs also form the PEDSnet regulatory workgroup, which participates in policy-making for data sharing. Similarly, the Data Privacy workgroup, with representatives from family stakeholders, the PEDSnet Executive Committee, and informatics teams, works to identify priorities and develop policy addressing limiting risk to privacy and making sure PEDSnet engages in effective dialogue with families around learning health research.