Today there are many health data sources that are a guardian of an individual’s personal health information, including healthcare providers, hospitals and healthcare systems, health insurance plans, pharmacies, healthcare clinics, and care management companies as examples. Privacy, security and confidentiality are an essential enabler of OMOP’s design, implementation, and evaluation. The use of healthcare information for this initiative must be conducted with detailed attention to protecting the privacy and security of healthcare information.

Trust is essential to create industry and public support for using electronic healthcare information within this type of project. Trust is built through creating transparency of how this data is being used. Data within the internal OMOP IT environment will be acquired from organizations that de-identify all patient records and ensure HIPAA compliance. Additional research with distributed data partners will keep any patient identifiable information secure within their firewalls.

Published research will only include summary analysis results and not contain any person-level data. In addition, the OMOP Executive Board, Scientific Advisory Board and Health Informatics Advisory Board have patient advocates and data privacy experts to provide oversight of the research. Our governance model has the appropriate oversight and accountability mechanisms that will allow for OMOP and its partners to innovate and experiment within clear parameters

The OMOP Research Core Team and Executive Board govern the terms and conditions of the drug safety project to ensure rigorous privacy, confidentiality and security. Since the initiation of OMOP, key principles are being followed by all individuals within the OMOP initiative to provide a secure environment in which to discover improvements in drug safety to benefit public health.

• Employ an open and transparent process, involving all of the stakeholders who will participate in and benefit from the findings and outcomes
• Specify the purpose of the data collection and make it narrowly suited to the need and use it for only the agreeded upon purpose
• Leverage existing data sources that reside in the care delivery and payment systems
• Adhere to policies and procedures for protecting patient privacy and confidentiality
• Implement security safeguards and controls thru the incorporation of technical tools that facilitate trusted use

For additional information on electronic healthcare information privacy and security, please go to the following web sties:

1. National Committee on Vital and Health Statistics. Report on Enhanced Protections for Uses of Health Data: A Stewardship Framework for "Secondary Uses" of Electronically Collected and Transmitted Health Data.

2. Office of the National Coordinator for Health Information Technology - U.S. Department of Health and Human Services.
Regulations and Guidance documents for Privacy and Security and Health Information Technology