Who else is working in your sector? Group discussions.
- Public safety
- Advanced Manufacturing
- Clean energy
- Education and Workforce Development
Lead: Tom Eppenberger, Kaiser Permante Research
Question re: putting equipment in remote location and network to be able to collect data that is actionable. Fitnet is looking to put tablets in, using advanced wireless to collect data. Sprint is a natural fit because they’re headquartered in Kansas City. Testing 4G hotspot, working pretty well. SciWynet is interesting, NSF funded. Eldercare monitoring is fixed in home, using regular networks; also a set up as a living laboratory with fiber network. Tomorrow they’ll show an interactive interface for remote physical therapy, private homes that have Google fiber. Network requirements in eldercare: regular networks carry data to their server, also instant alerts sent back. Legal matters and privacy data is limited (by law?); they use what people have (e.g., SMTP). The higher level of data gives more info (of course).
Question: HIPPA compliance, yes is required, also webtracks(?) for immunizations and other compliance requirements by Hospitals.
Bragging right: HIPPA (core thing), by covered entity, who is collecting health data–if data is shared, notification requirements getting faster. Not good consistency about what HIPPA compliant is. Tele-housecalls app is running on Amazon, wasn’t possible last year but now is as reserved instances. Headed in a good direction. General best standards? Groups working on this? Is very local. Data at rest is not officially a HIPPA requirement, but it’s good practice.
Research and human protection: large scale identification of de-identified still may not be anonymized enough. Differs across institutions. Who is going to be the entity taking liability? So many people involved. Users of software: most of cases, someone loses a laptop or otherwise by employees. Hospital, covered entity, carries the insurance for that. But hospital goes to vendor for assurances, less concern because “it’s cloud based,” people getting used to the idea that data is moving around. In Kansas City, most of the data is hosted locally. Kaiser: looking at cost, mobility of data. IT risk players and all say yes, but lawyers have historical precedent about dealing with historical perspectives and concerns. Who runs the business, lawyers or doctors?
Public best practices and standards? Unlikely, because of legacy agreements, who signs (Kansas City is the State of KS) and being subject to state rules, non-profit vs for profits vs research institutions.
Where is the comity between organizations? not automatic acceptance but given weight, special rules to their organizations, IRB vs compliance. That exists but not perfectly yet in IRB. Reciprocal referral agreement, loose agreement that one group takes lead and communicates changes and updates. Four to five institutions on board, another 4 or 5 coming along. Research approval vs HIPPA. Technology compliance? It’s not enough to “be HIPPA compliant” — seven pages of requirements in eldercare case. Will healthcare community share their requirements? Have they been shown as complaint with larger hospital standards. Vendors may have already deployed for other institutions, but “our team” may not be satisfied with that, other priorities. Checklist or process that multiple providers could agree to might be possible.