About epic data extraction fesability study

Announcements
1

Preliminary Data Extraction on Epic – Key Points from Stacy Smith

  • Feasibility Checks Without IRB Approval:
    • Residents may perform preliminary data queries in Epic without IRB submission if they are not collecting any patient identifiers.
    • Examples include querying aggregate data like:
      • Number of patients with a specific ICD code.
      • Number of ischemic stroke discharges within 48 hours.
    • These types of queries are allowed as long as the data returned is aggregate and non-identifiable.
  • When IRB Oversight Is Required:
    • If the data extraction involves identifiable information (e.g., race, geography, dates of birth, medical record numbers, service dates), then IRB approval is required.
    • Stacy emphasized that the IRB also serves as the privacy board, so any data that could be re-identified must go through IRB review.
  • HIPAA Identifiers to Avoid:
    • Stacy mentioned the 18 HIPAA identifiers that must not be included in preliminary data extraction without IRB oversight.
    • Common pitfalls include:
      • Dates of service.
      • Extremes of age (e.g., a 95-year-old patient could be considered identifiable).
  • Best Practice Recommendation:
    • Before starting any proposal or data extraction, residents should consult with Stacy Smith or Julie Bird to ensure feasibility and compliance.
    • This helps avoid wasted effort and potential rejection due to incomplete or non-compliant submissions.

18 HIPAA Identifiers to Avoid

  1. Names
  2. Geographic subdivisions smaller than a state (e.g., street address, city, county, zip code)
  3. All elements of dates (except year) directly related to an individual, including:
  • Birth date
  • Admission date
  • Discharge date
  • Date of death
  • All ages over 89 (unless aggregated into a category like “90 and older”)
  1. Telephone numbers
  2. Fax numbers
  3. Email addresses
  4. Social Security numbers
  5. Medical record numbers
  6. Health plan beneficiary numbers
  7. Account numbers
  8. Certificate/license numbers
  9. Vehicle identifiers and serial numbers, including license plate numbers
  10. Device identifiers and serial numbers
  11. Web URLs
  12. IP addresses
  13. Biometric identifiers, including fingerprints and voiceprints
  14. Full-face photographs and comparable images
  15. Any other unique identifying number, characteristic, or code

If you’re planning a feasibility query in Epic, make sure the data is fully de-identified and aggregate only.