I will need to bring this up with the steering committee Russ Waitman
On Oct 21, 2014, at 10:44 AM, Dan Connolly <[email protected]<mailto:[email protected]>> wrote: I haven't read the whole thing, but I just noticed this (emphasis mine): 3.3 Comments on Protected Health Information (PHI) The CDM will contain some of the 18 elements that define PHI under HIPAA, including encounter dates and date of birth. However, these dates will remain under the control of the institutions that already maintain PHI. To maximize analytic flexibility and allow for all types of analyses, complete and exact dates should be included in the CDM. Distributed analytic programs will use the date fields for analysis, but will generate results that contain the minimum necessary information to address the question. The results returned to the requester will typically be aggregated and not include any PHI. Queries that generate results sets with PHI (eg, a person-level analysis under an IRB, with all necessary data agreements in place) will be clearly flagged as such and will only be distributed with the appropriate approvals clearly documented. As with all distributed queries, sites should review all results before release. Two options I can see: * add original-date restoration to our CDM building plans and scripts (#145<https://informatics.gpcnetwork.org/trac/Project/ticket/145>) * re-iterate that this wasn't in the GPC proposal nor our approach to de-identify/re-identify patient data (#73<https://informatics.gpcnetwork.org/trac/Project/ticket/73>) and suggest that they change the CDM spec -- Dan _______________________________________________ Gpc-dev mailing list [email protected]<mailto:[email protected]> http://listserv.kumc.edu/mailman/listinfo/gpc-dev
_______________________________________________ Gpc-dev mailing list [email protected] http://listserv.kumc.edu/mailman/listinfo/gpc-dev
