PERMISSION ONTOLOGY
FOR INFORMED CONSENT AND
HIPAA COMPLIANCE
Maria Adela Grando PhD
mgrando@ucsd.edu
Division Biomedical Informatics, University California San Diego
CTSA ONTOLOGY WORKSHOP
- Febrary 11st 2013, Orlando-
STATE OF THE ART
• Mostly, the research enterprise relies on paper-based
Informed Consent documents which contains permissions
given by subjects to share specimens and clinical data for
future research.
• It is rare that consent forms are collected electronically.
• There is potential to use electronic Informed Consents for:
• providing compliance with subject’s permissions, while maximizing
access to resources
informed CONsent for clinical record and
Sample use in research (iCONS)
Patient I
Look-up
Registry
I can check
publications
generated
from my data
and samples
Electronic IC
I authorize U
to perform
operation O
over my data D
or sample S
under certain
constraints C
Clinical
Data
Warehouse
Permission
Repository
BioSample
Repository
Permission Ontology
Resource Mediator
Home
As a Stanford
researcher can I get
blood samples?
Healthcare
Institution
Informed Consent Management System
I share my blood
samples with
non-profit US
researchers
Query
User U requests
Data D and
sample S
to perform
operation O
on subjects
like I under
constraints C
Results
User U receives
data D and
sample S in
compliance with
subject’s
permission
Research
Institution
User U
PERMISSION ONTOLOGY
• For describing permissions obtained from subjects who
signed an Informed Consent or HIPAA form, in a uniform,
machine-interpretable, implementation-independent
way
• To enable interoperability and sharing of Informed
Consent permissions and HIPAA constraints between
clinical data warehouses and bio-repositories,
independently of their implementation choices.
SNAPSHOT PERMISSION ONTOLOGY
A <subject> has <permission> or <obligation> to
perform an <operation> over <biological
specimens> or <medical records> under
constraints
RESOURCE MEDIATOR
• We have built for UCSD Moores Cancer Center
Biorepository a Resource Mediator Prototype, for:
• Providing researchers access to clinical data and biospecimens
resulting from the research study “Collection and Banking of
Tissue, Blood and Urine for Use in Cancer Research”
• We have tested the prototype with:
• de-identified patient cases (700 patients, 2635 medical record
entries)
• 8 randomly chosen (from 33) researchers’ requests for data and
samples
RESOURCE MEDIATOR GUI
RESOURCE MEDIATOR
2) Is in
compliance
with subject’s
permissions
and HIPAA
constraints?
1) Are the
resources
available?
Can I have
access to blood
samples and
diagnostic data
from patients with
breast cancer?
RESOURCE MEDIATOR
We have provided ontology-reasoning for determining
compliance with IC permissions and HIPAA constraints:
User U request access to patient treatment history
User U is denied by HIPAA access to alcohol abuse
treatment history
User U has IC permission to access cancer treatment history
User U has IC permission to access cancer treatment history
CONCLUSIONS
• There is a need for:
• a standard to maximize the availability of resources while providing
compliance with subject’s Informed Consent permissions and
HIPAA constraints
• We propose:
• an Electronic Informed Consent Management System,
• a Permission Ontology,
• a Resource Mediator based on an hybrid approach combining the
proposed Permission Ontology and a XACML-policy engine
FUTURE WORK
Institution A
IC Form
+
HIPAA
Clinical
Data
Warehouse
Permission
Repository
Institution B
BioSample
Repository
IC Form
+
HIPAA
Clinical
Data
Warehouse
Permission
Repository
Permission Ontology
Resource Mediator
BioSample
Repository
Query
User U requests Data
D and sample S
to perform Operation
O on subjects like I
under constraints C
Results
User U receives data
D and sample S in
compliance with
subject’s
Research
Institution
User U
ACKNOWLEDGEMENT
5 year NIH-founded National Center for Biomedical Computing,
started in September 2010.
Collaborators
Development Team
• Aziz Boxwala (Project management)
• Joanne Barker (Health Communications)
• Mona Wong (App Development)
• Jeff Sale (App Development)
• Elizabeth Johnstone (Literature review)
Advisors
• Richard Schwab (MCC Biorepository)
• Michael Caligiuri (HRPP chair)
• Scott Vandenberg (Director, Tissue Repository)
• Michael Kalichman (Director, Center for Ethics)
• Angela McMahill (Research Compliance Officer)
QUESTIONS?
MATERIAL FOR THOUGHT…
• Permission Ontology available at NCBO Bioportal:
http://bioportal.bioontology.org/
• M. A. Grando, R. Schwab, A. Boxwala, N. Alipanah,
”Ontological approach for the management of informed
consent permissions“ (2012), accepted for 2nd IEEE
Conference on Healthcare informatics, Imaging, and
Systems Biology, September 27-28, UCSD, San Diego.
To appear. Available on request.