Registries and Informed Consent
http://www.100md.com
《新英格兰医药杂志》
To the Editor: The Scottish Executive project Have a Heart Paisley was designed to improve the delivery of health care between primary and secondary care providers. Integral to its success is a cardiac-disease registry. European legislation governing the collection of personal data for such registries creates challenges1,2 similar to those outlined in a report by Tu et al. (April 1 issue)3 and in an editorial by Ingelfinger and Drazen.4
Before developing a strategy to meet these challenges, we sought advice from officers of the United Kingdom Data Protection Act and General Medical Council. On the basis of this advice, an "opt-out" consent strategy was developed; its premise is the need to take all reasonable measures to inform those whose personal data could be stored regarding the registry's purpose, data set, storage method, and users.5 Information was provided through a media campaign, a leaflet mailed to each household, and distribution of the leaflet in public settings. People can opt out at no cost by mail or by telephone. This comprehensive public-awareness campaign fulfills the ethical imperative of informed consent and the implied right of individual people to refuse inclusion while maintaining a registry that is complete.
Alexander M. Clark, Ph.D.
University of Alberta
Edmonton, AB T6R 2G3, Canada
Rosemary Jamieson, M.B.A.
Argyll and Clyde Health Board
Paisley PA2 7BN, United Kingdom
Iain N. Findlay, M.B., Ch.B.
Royal Alexandra Hospital
Paisley PA2 9PN, United Kingdom
findli@aol.com
References
Data Protection Act of 1998. London: Her Majesty's Stationery Office, 1998.
Strobl J, Cave E, Walley T. Data protection legislation: interpretation and barriers to research. BMJ 2000;321:890-892.
Tu JV, Willison DJ, Silver FL, et al. Impracticality of informed consent in the Registry of the Canadian Stroke Network. N Engl J Med 2004;350:1414-1421.
Ingelfinger JR, Drazen JM. Registry research and medical privacy. N Engl J Med 2004;350:1452-1453.
Clark AM, Blatchford O, Jamieson R, Paterson N, Findlay IN. Ensuring the ethics and legality of disease registers: the solution of the Have a Heart Paisley Register. Br J Health Care Comput Inf Manage 2003;20(2):44-8.
To the Editor: Ingelfinger and Drazen recommend that institutional review boards (IRBs) determine whether the requirement for consent from patients can be waived when identifiable health-related data are collected for research as part of population-based disease registries. However, there clearly is a legal and social consensus that the availability of such data for ongoing public health practice outside of research settings is critical.1 Many registries for chronic and infectious diseases in the United States are used by public health professionals for surveillance, program evaluation, and control of disease outbreaks. Federal privacy legislation permits access to health information without consent for such public health purposes.2 This access, as well as the privacy of the data, is generally mandated by federal, tribal, state, or local legislation. Recent evaluations have shown that IRBs are disconcertingly inconsistent in assessing the risks and benefits of data-collection activities.3 Policy recommendations that address the balance between privacy and the importance of population-based data to public health clearly need to acknowledge the role, contributions, and authority of legally mandated public health activities as well as academic investigators.4
Matthew T. McKenna, M.D., M.P.H.
Phyllis Wingo, M.P.H., Ph.D.
Centers for Disease Control and Prevention
Atlanta, GA 30333
mtm1@cdc.gov
James Jerry Gibson, M.D., M.P.H.
South Carolina Department of Health and Environmental Control
Columbia, SC 29201
References
Hodge JG Jr. Health information privacy and public health. J Law Med Ethics 2003;31:663-671.
HIPAA privacy rule and public health: guidance from CDC and the U. S. Department of Health and Human Services. MMWR Morb Mortal Wkly Rep 2003;52:Suppl:1-17.
McWilliams R, Hoover-Fong J, Hamosh A, Beck S, Beaty T, Cutting G. Problematic variation in local institutional review of a multicenter genetic epidemiologic study. JAMA 2003;290:360-366.
Burris S, Buehler J, Lazzarini Z. Applying the common rule to public health agencies: questions and tentative answers about a separate regulatory regime. J Law Med Ethics 2003;31:638-653.
To the Editor: The article by Tu et al. about the Registry of the Canadian Stroke Network and the accompanying editorial by Ingelfinger and Drazen once more describe the problems epidemiologists face in countries where legislation comprehensively protects the privacy of personal information and thus hampers the organization and operation of registries. To collect the results of consultations from family practitioners for the Morbidity Registry Austria, we developed — in cooperation with federal authorities for data security — a procedure that enables us to pursue our goals legally. In collaborating doctors' offices, specifically designed software splits patients' records into personal and medical information. The personal data are encrypted and transmitted to a cooperating trust center for coding before being forwarded to us; medical data are sent to us directly. In this way, necessary information can be combined without knowledge of the identity of the patients. Since the trust center also documents results from hospital discharges and runs the nation's mortality registry, we can legally link data on first symptoms, morbidity, diagnoses, and mortality.
Gerald Haidinger, M.D.
Christian Vutuc, M.D.
Manfred Maier, M.D.
Medical University of Vienna
1090 Vienna, Austria
gerald.haidinger@meduniwien.ac.at
Editor's note: The authors report that parts of their study are funded by the Jubilaeumsfonds of the Austrian National Bank (grant no. 10437).
The authors reply: Dr. Clark and colleagues suggest a broad public-notification strategy and an opt-out option as a practical alternative to opt-in informed consent for clinical registries. The Office of the Information and Privacy Commissioner of Ontario has suggested a similar approach to us, now in use in phase 3 of the Registry of the Canadian Stroke Network. An information poster and brochures describing the purposes of the registry are available on the stroke and general medical wards at each participating hospital. The brochures outline the purposes of the registry and describe how patients may opt out of it. So far, several thousand patients have been enrolled in phase 3 of the project, and the opt-out rate is extremely low.
Dr. Haidinger and colleagues suggest that the privacy of registry patients can be protected by splitting patients' data into personal and medical information. This approach has been used by the investigators of the Registry of the Canadian Stroke Network since the beginning of the project: a unique patient identifier, the health-card number, is encrypted at the point of data entry into the registry software and is then sent separately by courier to the central data-coordinating center. The de-identified medical information is sent separately, over secure telephone lines, to a central data server. Numerous other security measures — physical, technological, and administrative — are used at the central data-coordinating center, the Institute for Clinical Evaluative Sciences. The encrypted health-card number permits linkage to other population-based Canadian administrative databases at the institute, such as physician-claims, drug-benefits, and mortality databases. All personnel involved in data collection and analysis undergo privacy training and sign a legally binding data-confidentiality agreement. This approach has permitted us to conduct many unique clinical registry studies while ensuring that patient confidentiality is protected.1,2,3
We agree with Dr. McKenna and colleagues' comment that privacy legislation should specifically exempt public health professionals from the requirement to obtain patients' consent to collect identifiable data for public health practice. We also suggest that this exemption be extended to minimal-risk observational research studies with public health benefits. Observational research studies conducted under such exemptions have played a critical role in the control of numerous outbreaks of infectious disease throughout history, including, most recently, the outbreak of the severe acute respiratory syndrome in Hong Kong and Canada.4,5 They have also provided invaluable knowledge in many other areas of medicine and have thus saved the lives of countless patients around the world.
Jack V. Tu, M.D., Ph.D.
Institute for Clinical Evaluative Sciences
Toronto, ON M4N 3M5, Canada
tu@ices.on.ca
Frank L. Silver, M.D.
Moira K. Kapral, M.D.
University of Toronto
Toronto, ON M4N 3M5, Canada
References
Gladstone DJ, Kapral MK, Fang J, Laupacis A, Tu JV. Management and outcomes of transient ischemic attacks in Ontario. CMAJ 2004;170:1099-1104.
Lee DS, Austin PC, Rouleau JL, Liu PP, Naimark D, Tu JV. Predicting mortality among patients hospitalized for heart failure: derivation and validation of a clinical model. JAMA 2003;290:2581-2587.
Tu JV, Jaglal SB, Naylor CD. Multicenter validation of a risk index for mortality, intensive care unit stay, and overall hospital length of stay after cardiac surgery. Circulation 1995;91:677-684.
Lee N, Hui D, Wu A, et al. A major outbreak of severe acute respiratory syndrome in Hong Kong. N Engl J Med 2003;348:1986-1994.
Booth CM, Matukas LM, Tomlinson GA, et al. Clinical features and short-term outcomes of 144 patients with SARS in the greater Toronto area. JAMA 2003;289:2801-2809.
Before developing a strategy to meet these challenges, we sought advice from officers of the United Kingdom Data Protection Act and General Medical Council. On the basis of this advice, an "opt-out" consent strategy was developed; its premise is the need to take all reasonable measures to inform those whose personal data could be stored regarding the registry's purpose, data set, storage method, and users.5 Information was provided through a media campaign, a leaflet mailed to each household, and distribution of the leaflet in public settings. People can opt out at no cost by mail or by telephone. This comprehensive public-awareness campaign fulfills the ethical imperative of informed consent and the implied right of individual people to refuse inclusion while maintaining a registry that is complete.
Alexander M. Clark, Ph.D.
University of Alberta
Edmonton, AB T6R 2G3, Canada
Rosemary Jamieson, M.B.A.
Argyll and Clyde Health Board
Paisley PA2 7BN, United Kingdom
Iain N. Findlay, M.B., Ch.B.
Royal Alexandra Hospital
Paisley PA2 9PN, United Kingdom
findli@aol.com
References
Data Protection Act of 1998. London: Her Majesty's Stationery Office, 1998.
Strobl J, Cave E, Walley T. Data protection legislation: interpretation and barriers to research. BMJ 2000;321:890-892.
Tu JV, Willison DJ, Silver FL, et al. Impracticality of informed consent in the Registry of the Canadian Stroke Network. N Engl J Med 2004;350:1414-1421.
Ingelfinger JR, Drazen JM. Registry research and medical privacy. N Engl J Med 2004;350:1452-1453.
Clark AM, Blatchford O, Jamieson R, Paterson N, Findlay IN. Ensuring the ethics and legality of disease registers: the solution of the Have a Heart Paisley Register. Br J Health Care Comput Inf Manage 2003;20(2):44-8.
To the Editor: Ingelfinger and Drazen recommend that institutional review boards (IRBs) determine whether the requirement for consent from patients can be waived when identifiable health-related data are collected for research as part of population-based disease registries. However, there clearly is a legal and social consensus that the availability of such data for ongoing public health practice outside of research settings is critical.1 Many registries for chronic and infectious diseases in the United States are used by public health professionals for surveillance, program evaluation, and control of disease outbreaks. Federal privacy legislation permits access to health information without consent for such public health purposes.2 This access, as well as the privacy of the data, is generally mandated by federal, tribal, state, or local legislation. Recent evaluations have shown that IRBs are disconcertingly inconsistent in assessing the risks and benefits of data-collection activities.3 Policy recommendations that address the balance between privacy and the importance of population-based data to public health clearly need to acknowledge the role, contributions, and authority of legally mandated public health activities as well as academic investigators.4
Matthew T. McKenna, M.D., M.P.H.
Phyllis Wingo, M.P.H., Ph.D.
Centers for Disease Control and Prevention
Atlanta, GA 30333
mtm1@cdc.gov
James Jerry Gibson, M.D., M.P.H.
South Carolina Department of Health and Environmental Control
Columbia, SC 29201
References
Hodge JG Jr. Health information privacy and public health. J Law Med Ethics 2003;31:663-671.
HIPAA privacy rule and public health: guidance from CDC and the U. S. Department of Health and Human Services. MMWR Morb Mortal Wkly Rep 2003;52:Suppl:1-17.
McWilliams R, Hoover-Fong J, Hamosh A, Beck S, Beaty T, Cutting G. Problematic variation in local institutional review of a multicenter genetic epidemiologic study. JAMA 2003;290:360-366.
Burris S, Buehler J, Lazzarini Z. Applying the common rule to public health agencies: questions and tentative answers about a separate regulatory regime. J Law Med Ethics 2003;31:638-653.
To the Editor: The article by Tu et al. about the Registry of the Canadian Stroke Network and the accompanying editorial by Ingelfinger and Drazen once more describe the problems epidemiologists face in countries where legislation comprehensively protects the privacy of personal information and thus hampers the organization and operation of registries. To collect the results of consultations from family practitioners for the Morbidity Registry Austria, we developed — in cooperation with federal authorities for data security — a procedure that enables us to pursue our goals legally. In collaborating doctors' offices, specifically designed software splits patients' records into personal and medical information. The personal data are encrypted and transmitted to a cooperating trust center for coding before being forwarded to us; medical data are sent to us directly. In this way, necessary information can be combined without knowledge of the identity of the patients. Since the trust center also documents results from hospital discharges and runs the nation's mortality registry, we can legally link data on first symptoms, morbidity, diagnoses, and mortality.
Gerald Haidinger, M.D.
Christian Vutuc, M.D.
Manfred Maier, M.D.
Medical University of Vienna
1090 Vienna, Austria
gerald.haidinger@meduniwien.ac.at
Editor's note: The authors report that parts of their study are funded by the Jubilaeumsfonds of the Austrian National Bank (grant no. 10437).
The authors reply: Dr. Clark and colleagues suggest a broad public-notification strategy and an opt-out option as a practical alternative to opt-in informed consent for clinical registries. The Office of the Information and Privacy Commissioner of Ontario has suggested a similar approach to us, now in use in phase 3 of the Registry of the Canadian Stroke Network. An information poster and brochures describing the purposes of the registry are available on the stroke and general medical wards at each participating hospital. The brochures outline the purposes of the registry and describe how patients may opt out of it. So far, several thousand patients have been enrolled in phase 3 of the project, and the opt-out rate is extremely low.
Dr. Haidinger and colleagues suggest that the privacy of registry patients can be protected by splitting patients' data into personal and medical information. This approach has been used by the investigators of the Registry of the Canadian Stroke Network since the beginning of the project: a unique patient identifier, the health-card number, is encrypted at the point of data entry into the registry software and is then sent separately by courier to the central data-coordinating center. The de-identified medical information is sent separately, over secure telephone lines, to a central data server. Numerous other security measures — physical, technological, and administrative — are used at the central data-coordinating center, the Institute for Clinical Evaluative Sciences. The encrypted health-card number permits linkage to other population-based Canadian administrative databases at the institute, such as physician-claims, drug-benefits, and mortality databases. All personnel involved in data collection and analysis undergo privacy training and sign a legally binding data-confidentiality agreement. This approach has permitted us to conduct many unique clinical registry studies while ensuring that patient confidentiality is protected.1,2,3
We agree with Dr. McKenna and colleagues' comment that privacy legislation should specifically exempt public health professionals from the requirement to obtain patients' consent to collect identifiable data for public health practice. We also suggest that this exemption be extended to minimal-risk observational research studies with public health benefits. Observational research studies conducted under such exemptions have played a critical role in the control of numerous outbreaks of infectious disease throughout history, including, most recently, the outbreak of the severe acute respiratory syndrome in Hong Kong and Canada.4,5 They have also provided invaluable knowledge in many other areas of medicine and have thus saved the lives of countless patients around the world.
Jack V. Tu, M.D., Ph.D.
Institute for Clinical Evaluative Sciences
Toronto, ON M4N 3M5, Canada
tu@ices.on.ca
Frank L. Silver, M.D.
Moira K. Kapral, M.D.
University of Toronto
Toronto, ON M4N 3M5, Canada
References
Gladstone DJ, Kapral MK, Fang J, Laupacis A, Tu JV. Management and outcomes of transient ischemic attacks in Ontario. CMAJ 2004;170:1099-1104.
Lee DS, Austin PC, Rouleau JL, Liu PP, Naimark D, Tu JV. Predicting mortality among patients hospitalized for heart failure: derivation and validation of a clinical model. JAMA 2003;290:2581-2587.
Tu JV, Jaglal SB, Naylor CD. Multicenter validation of a risk index for mortality, intensive care unit stay, and overall hospital length of stay after cardiac surgery. Circulation 1995;91:677-684.
Lee N, Hui D, Wu A, et al. A major outbreak of severe acute respiratory syndrome in Hong Kong. N Engl J Med 2003;348:1986-1994.
Booth CM, Matukas LM, Tomlinson GA, et al. Clinical features and short-term outcomes of 144 patients with SARS in the greater Toronto area. JAMA 2003;289:2801-2809.