Protecting Identifiers in Human Subjects Data

Introduction to concepts and basic techniques for disclosure analysis and protection of personal and health identifiers in research data for public or restricted access, following applicable JHU data governance policies. See Overview section for details.

Projects meeting some of the following criteria require Data Trust review (See link for complete list. JHED login required):

  1. Data going to a commercial third party (excluding sponsored research agreements of less than 500 records).
  2. Involving sponsored chart reviews with more than 499 records and a waiver of consent.
  3. Involving 500 or more records that will be shared with a third party or transferred outside the JHM firewall.
  4. Involving a live data feed from an enterprise clinical system.
  5. Involving PHI collection via an app.
  6. Referred by the IRB, CCDA, or other data stewards due to concerns about size, sensitivity or security.

From FAQ: Data Trust Review of Research Data Requests

Data Trust Council data sharing policies

Data Trust Council data sharing policies

Research use of data from most Johns Hopkins Medicine (SOM, JHHS) health and business databases and sources, including the sharing of data with external collaborators or databases, may require review and approval by the JHM Data Trust Council (Link to JHM Data Trust resource site: requires JHU Affiliation JHED login) 

The JHM Data Trust Council is responsible for overall governance of patient and health plan member-related data stored in the clinical enterprise systems of Johns Hopkins Medicine entities. In addition to coordinating policies for better quality and security for data access, the Council also oversees the process for those requesting data for research or operations. Note that medical and health data that is not derived from or interact with JHM medical systems (e.g. surveys or measures of clinical patients that have no association with data in EPIC medical records) may not be subject to Data Trust review or jurisdiction. SOM IRB will help determine which studies should involve Data Trust in requests to access or share data. See also the left margin box on this page for criteria. 

The Data Trust provides a single portal and process for data requests, in particular, data from the EPIC electronic medical records system. Access to data for approved request is managed by the Center for Clinical Data Analysis (CCDA)

The council has several Subcouncils that help coordinate the flow of data between categories, including ambulatory quality, hospital operations and research. (See Data Trust Organization for details. JHU affiliate access required.) The Research Data Subcouncil develops policy for research, informatics, and analytics, reviews large research data requests and requests involving sharing data with third parties. 

Data Trust Research Data Subcouncil policy on sharing and de-identifying data:

https://intranet.insidehopkinsmedicine.org/data_trust/requesting_access_to_data_trust_infrastructure.html. (JHU affiliation/JHED ID required.  Public overview page about Data Trust can be found here at the JHM ICTR website.)

The Data Trust Research Data Subcouncil's approval of access of JHM data by a third party (whether collaboration or data repository deposit) requires:

  • IRB approval and appropriate legal agreements, typically a Data Use Agreement (DUA) mediated by the SOM Office of Research Administration
  • Completion of a Data Security Checklist specifying how data will be protected at JHU.
    • A preferred method is to utilize the  SAFE Desktop operated by  JHU Central IT and managed by CCDA. This virtual cloud environment allows collaborative access to both data and software for analysis, restricting offline data transfers. [See the Secure Storage Choices section.]
    • Data access configurations not using SAFE Desktop or other pre-approved methods may require a Data Security Profile with closer involvement of IT@JH to approve 'in-house' solutions. (Note that one or both of these forms may be required by SOM IRB as well if acquiring or sharing JHM data for research.)
  • Review of de-identification plans and protocols:
    • The Data Trust does not require full de-identification (at HIPAA's "expert determination") when both parties can assure restricted access (under a DUA), however, they encourage removal of identifiers at, or approaching, the HIPAA "limited dataset" or "Safe Harbor" levels. [See section: What is a de-identified dataset? and Data Trusts page:  Data Minimization Guidelines]
    • The CCDA will review de-identification and disclosure protection protocols, with assistance by JHU Data Services
  • Data shared for non-research purposes involves additional requirements. See Requesting data from an Analytic Team.

See also (JHU affiliate/JHED ID required to access links):