Lessons From a User-Trusted Data Trust

What did Johns Hopkins Medicine’s data trust administrator do when faced with the challenge of protecting patient privacy while using records to improve care and facilitate research?
  • Johns Hopkins Medicine is one of the first medical systems in the United States to try to gain value from patients’ records.
  • Valerie Smothers is the data trust administrator working to protect patient privacy while using records to improve care and facilitate research at the same time.
  • The most important conversation is not about the data itself, says Smothers, but about data governance and the policies needed to define the trust’s structure and inner workings.

By Marty Graham, Contributor

When Valerie Smothers talks about the patient privacy rules laid out in the Health Insurance Portability and Accountability Act (HIPAA), she says something not often amidst complaint about its strict rules: The 1996 federal law has been very helpful.

“We have a very clear and useful understanding of what we can and can’t do with patients’ data, thanks to HIPAA,” Smothers says. “It’s not muddy at all. And since we’re patients, too, I appreciate the privacy protections HIPAA gives me.”

Smothers is the data trust administrator at Johns Hopkins Medicine, one of the first medical systems in the nation to try to gain value from millions of patients’ records. Five years ago, she faced the paradoxical challenge of protecting patient privacy while using their records to improve care and facilitate research; this led to compiling patient records in a protected pool with controlled access, a structure that’s increasingly called a data trust.

“We decided we needed a data trust [because] we were moving five hospitals with five different medical records systems—each with purview over the governance of their own data—to one single system under centralized governance.”

As data science drives a hunger for massive amounts of data across industries, data stewards like Smothers grapple with questions about how to simultaneously use data while protecting the people whose data is being collected.

In other sectors, like smart cities, commerce, and even politics, those questions have prompted conversations about how to keep, manage, and share data. While more and more proposals for data trusts are being made beyond HIPAA’s definitions, most of them are short of detail on exactly how managing data and access should work.

Smothers, who’s spent five years developing and administering the Johns Hopkins data trust, is one of select individuals who has actually built a data trust. The conversations she hears in the public and commercial sectors focus on the data itself , and that misses the point: The most important conversation, she says, is about data governance and the policies that must be formed in order to define the trust’s structure and workings.

Trust isn’t just the structure of ownership, Smothers emphasizes. Researchers have to trust the data. And patients, who have become increasingly concerned and suspicious of how their data is used, have to trust the medical system.

Policy First

Johns Hopkins started its trust by establishing governance processes and the roles people play in the structure, including who has authority over which processes. “Whenever there’s sharing of data outside the institution, we need to have agreements in place that set some guardrails for how the data can be used; our institutional review board has many rules regulating the sharing of data for research.”

“Whenever there’s sharing of data outside the institution, we need to have agreements in place that set some guardrails for how the data can be used…”

—Valerie Smothers, data trust administrator, Johns Hopkins Medicine

Having a defined structure and clear path to access makes data sharing more consistent for everyone.

“Not only are we looking out for our patients, we’re looking out for the institution,” Smothers says. “There have been some pretty high profile news items about problematic interactions between data managers and commercial entities that raise legitimate trust issues, both for patients and for researchers who use the data and need to be able to trust it.”

Johns Hopkins established a data council and divided up the governance tasks: privacy and security, stewardship, research and internal clinical use/quality control—each with its own committee.

Stewardship and Accuracy

Taking care of the data—making sure it’s accurate, useful, and secure—is the stewardship committee’s responsibility.

Accuracy, Smothers stresses, is at the very heart of trusting a data trust.

“If you don’t have sound data and a good framework to build upon, you can’t have trustworthy and useful results. We want to make data available for use and we want to encourage people who aren’t fully using the data to consider ways they and their patients may benefit.”

The fundamental issue of making sure the data is standardized is the first part of stewardship: agreeing on what the terms defining data mean.

“You would be surprised by the variations that occur among things we use the same terms for,” Smothers says. “For example, the term ‘length of stay’ may not mean the same thing to you as it means to me. When we joined the five medical record systems, we found we didn’t have the same metrics, and we couldn’t look across the health system and have a common language to talk about something so basic.”

Since improving medical care and processes is one of Johns Hopkins’ key goals, stewardship includes making sure potential users like researchers and doctors know the data available.

Solutions for Researchers

Johns Hopkins has amassed data on 5 million patients to use for research, ranging from clinical drug trials, to studying the use of hallucinogens as therapy, to figuring out the most dangerous mistaken diagnoses and how to avoid them. But how to share the data required careful thought and strategy, especially in light of the dozens of recent hacks and unauthorized third party leaks of confidential information.

“There are researchers who think they’ll just put our data on their laptop and be able to work from home and use a cloud app to transmit it,” Smothers says. But such operations have proved disastrous for cloud-reliant researchers and commercial outfits.

“We do a lot to support research at Johns Hopkins and we’ve tried to create secure solutions for researchers,” Smothers says. “We’ve created a virtual desktop that researchers can log into from wherever they are. The institution has licensed an array of productivity and analytical tools that are part of the virtual desktop, including tools that let researchers collaborate in real time.”

“There’s a lot of logging on that provides both openness and security,” Smothers continues. “If there is misuse afterwards, we have a log of everyone who looked at it and when they did.”

The data trust’s structure and tools have also had a secondary benefit to its users. “As a result of our process, we often point researchers to best practices for data management and data security.”

Many of the data users outside the Johns Hopkins system are quality registries, including surgical reviewers like those affiliated with the American Society of Thoracic Surgeons and the American Society of Neurosurgeons.

“Quality registries started with thoracic surgeons because it’s so difficult to measure how well or poorly surgeons are doing. Within the four walls of your hospital you think you’re doing fine, but looking at many patients and hospitals you may find your outcomes are not so good,” Smothers explains.

One of the tricky areas has been the possibility that the approved researchers and registries will allow third-party access to data. The data administrator says they’ve made every effort to design a system where data goes from users working under the trust’s agreements to would-be users only with the same strict agreements.

Third parties would have no obligation to follow Johns Hopkins’ rules and have no agreements with Johns Hopkins forbidding things like commercializing the data or further sharing. If third parties have the data, they also wouldn’t make the required bright-line commitment to patient anonymity.

“Because there’s already a lot of data out there, it would be easy to match [Johns Hopkins patients’] data from a research study,” she says. “We require that if you want to use the data, that you absolutely promise there will be no attempt to re-identify anonymized data.”

Clinical and Analytic Use

Johns Hopkins subscribes to the precision analytics approach to practicing medicine, which leverages insights from massive amounts of data to develop personalized treatment.

“Suppose there’s a cohort of patients that responds very well to a treatment and a cohort that doesn’t respond well. If a patient is sitting in front of you, you want to be able to identify which cohort that patient belongs to,” Smothers says. “Because big data and big data tools are available, we can start to tease out some of those cohorts and make treatment more personalized.”

Data trusts are so new that there aren’t agreed upon universal standards, Smothers says. And consent—a key feature of medical data trusts—is so vague and involuntary in commercial apps that it has the potential to become meaningless. This leads Smothers to believe that the keepers and users of data should be first talking about data governance.

“With the proliferation of big data, you want to make sure you’re using it responsibly, and so you need to make sure there are rules of the road,” she says. “Data trusts are so new, there are no standards.”

But what a data trust should do—how it should protect, steward, and share the data—is an emerging conversation as cities, businesses, and financial institutions realize how much data they have and how much benefit can come from using it.

Both the IEEE and the Open Data Institute, Stanford University and MIT have open projects and discussions of how data governance should be managed, and how to certify and accredit trusts.

“Our work is just one contribution to the wider debate around data rights,” Open Data Institute staff wrote in an April article. “But what it showed was that in spite of people’s difference, what many people do have in common is that they care about their data rights and the responsibilities around them.”