+1 Recommend
0 collections
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Establishing the role of honest broker: bridging the gap between protecting personal health data and clinical research efficiency


      Read this article at

          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.


          Background. The objective of this study is to propose the four conditions for the roles of honest brokers through a review of literature published by ten institutions that are successfully utilizing honest brokers. Furthermore, the study aims to examine whether the Asan Medical Center’s (AMC) honest brokers satisfy the four conditions, and examine the need to enhance their roles.

          Methods. We analyzed the roles, tasks, and types of honest brokers at 10 organizations by reviewing the literature. We also established a Task Force (TF) in our institution for setting the roles and processes of the honest broker system and the honest brokers. The findings of the literature search were compared with the existing systems at AMC—which introduced the honest broker system for the first time in Korea.

          Results. Only one organization employed an honest broker for validating anonymized clinical data and monitoring the anonymity verifications of the honest broker system. Six organizations complied with HIPAA privacy regulations, while four organizations did not disclose compliance. By comparing functions with those of the AMC, the following four main characteristics of honest brokers were determined: (1) de-identification of clinical data; (2) independence; (3) checking that the data are used only for purposes approved by the IRB; and (4) provision of de-identified data to researchers. These roles were then compared with those of honest brokers at the AMC.

          Discussion. First, guidelines that regulate the definitions, purposes, roles, and requirements for honest brokers are needed, since there are no currently existing regulations. Second, Korean clinical research institutions and national regulatory departments need to reach a consensus on a Korean version of Limited Data Sets (LDS), since there are no lists that describe the use of personal identification information. Lastly, satisfaction surveys on honest brokers by researchers are necessary to improve the quality of honest brokers.

          Related collections

          Most cited references 28

          • Record: found
          • Abstract: found
          • Article: found
          Is Open Access

          Written informed consent and selection bias in observational studies using medical records: systematic review

          Objectives To determine whether informed consent introduces selection bias in prospective observational studies using data from medical records, and consent rates for such studies. Design Systematic review. Data sources Embase, Medline, and the Cochrane Library up to March 2008, reference lists from pertinent articles, and searches of electronic citations. Study selection Prospective observational studies reporting characteristics of participants and non-participants approached for informed consent to use their medical records. Studies were selected independently in duplicate; a third reviewer resolved disagreements. Data extraction Age, sex, race, education, income, or health status of participants and non-participants, the participation rate in each study, and susceptibility of these calculations to threats of selection and reporting bias. Results Of 1650 citations 17 unique studies met inclusion criteria and had analysable data. Across all outcomes there were differences between participants and non-participants; however, there was a lack of consistency in the direction and the magnitude of effect. Of 161?604 eligible patients, 66.9% consented to use of data from their medical records. Conclusions Significant differences between participants and non-participants may threaten the validity of results from observational studies that require consent for use of data from medical records. To ensure that legislation on privacy does not unduly bias observational studies using medical records, thoughtful decision making by research ethics boards on the need for mandatory consent is necessary.
            • Record: found
            • Abstract: found
            • Article: not found

            Evaluating re-identification risks with respect to the HIPAA privacy rule.

            Many healthcare organizations follow data protection policies that specify which patient identifiers must be suppressed to share "de-identified" records. Such policies, however, are often applied without knowledge of the risk of "re-identification". The goals of this work are: (1) to estimate re-identification risk for data sharing policies of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule; and (2) to evaluate the risk of a specific re-identification attack using voter registration lists. We define several risk metrics: (1) expected number of re-identifications; (2) estimated proportion of a population in a group of size g or less, and (3) monetary cost per re-identification. For each US state, we estimate the risk posed to hypothetical datasets, protected by the HIPAA Safe Harbor and Limited Dataset policies by an attacker with full knowledge of patient identifiers and with limited knowledge in the form of voter registries. The percentage of a state's population estimated to be vulnerable to unique re-identification (ie, g=1) when protected via Safe Harbor and Limited Datasets ranges from 0.01% to 0.25% and 10% to 60%, respectively. In the voter attack, this number drops for many states, and for some states is 0%, due to the variable availability of voter registries in the real world. We also find that re-identification cost ranges from $0 to $17,000, further confirming risk variability. This work illustrates that blanket protection policies, such as Safe Harbor, leave different organizations vulnerable to re-identification at different rates. It provides justification for locally performed re-identification risk estimates prior to sharing data.
              • Record: found
              • Abstract: not found
              • Article: not found

              Is deidentification sufficient to protect health privacy in research?


                Author and article information

                PeerJ Inc. (San Francisco, USA )
                17 December 2015
                : 3
                [1 ]Office of Clinical Research Information, Asan Institute of Life Sciences, Asan Medical Center , Seoul, Korea
                [2 ]Department of Pulmonology and Critical Medicine, Asan Medical Center, University of Ulsan College of Medicine , Seoul, Korea
                [3 ]Department of Oncology, Asan Medical Center, University of Ulsan College of Medicine , Seoul, Korea
                [4 ]Department of Biomedical Informatics, Asan Medical Center , Seoul, Korea
                [5 ]Department of Emergency Medicine, Asan Medical Center, University of Ulsan College of Medicine , Seoul, Korea
                [6 ]Clinical Research Center, Asan Institute of Life Sciences, Asan Medical Center , Seoul, Korea
                [7 ]Human Research Protection Center, Asan Institute of Life Sciences, Asan Medical Center , Seoul, Korea
                © 2015 Choi et al.

                This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ) and either DOI or URL of the article must be cited.

                Funded by: Korean Health Technology R&D Project
                Award ID: HI14C1731
                Funded by: Asan Institute for Life Sciences
                Award ID: 2013-7205
                This study was supported by a grant of the Korean Health Technology R&D Project, Ministry of Health & Welfare, Republic of Korea (HI14C1731) and the Asan Institute for Life Sciences (2013-7205), Seoul, Korea. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.
                Ethical Issues
                Legal Issues
                Science Policy


                Comment on this article