Pactuação da minuta de Portaria CPF na 6ª Reunião Ordinária CIT - 27/08/2020

Regulamenta o uso do Cadastro de Pessoas Físicas - CPF como instrumento suficiente e substitutivo para a identificação de indivíduos nos registros de saúde.

A false promise of COVID-19 'big' health data? Health data integrity and the ethics and realities of Australia's health information management practice.

Context: Coronavirus disease (COVID-19) caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) has precipitated an unprecedented volume of medical research. Articles reporting two studies were recently retracted from prestigious journals for reasons including the (thus far) unverifiable provenance of data. This commentary adopts a health information management lens to focus on aspects of data in one of the studies (investigating the use of hydroxychloroquine or chloroquine with or without a macrolide for treatment of COVID-19). The issues: Referencing the Australian context, the current article considers some of the study's reported hospital administrative and coded data categories within the context of Australian hospitals' health information management practices. It highlights potential risks associated with the collection and interpretation of 'big' health data. Implications: This article identifies pitfalls that confront researchers undertaking multi-country studies and the need to consider country-specific: (i) collected administrative data items; (ii) health information-related ethical, legal and management policy constraints on the use of confidential hospital records and derived data; and (iii) differences in health classification systems and versions used in the coding of diagnoses and related procedures, interventions and health behaviours. Conclusions: The article concludes that the inclusion of a qualified, senior Health Information Manager in research teams and on institutional Human Research Ethics Committees would help to prevent potential problems.

WebPalestra: Prontuário. Aspectos legais, Acesso e Confiabilidade

Aspectos legais acerca das informações do prontuário e das pessoas que podem ter acesso a elas, observando os limites da lei de acesso a informação, tendo em vista o sigilo e o caráter de confidencialidade do prontuário. Lei nº 12.527, de 18 de novembro de 2011 e Resoluções do CFM.

Insights from Adopting a Data Commons Approach for Large-scale Observational Cohort Studies: The California Teachers Study.

BACKGROUND: Large-scale cancer epidemiology cohorts (CEC) have successfully collected, analyzed, and shared patient-reported data for years. CECs increasingly need to make their data more findable, accessible, interoperable, and reusable, or FAIR. How CECs should approach this transformation is unclear. METHODS: The California Teachers Study (CTS) is an observational CEC of 133,477 participants followed since 1995-1996. In 2014, we began updating our data storage, management, analysis, and sharing strategy. With the San Diego Supercomputer Center, we deployed a new infrastructure based on a data warehouse to integrate and manage data and a secure and shared workspace with documentation, software, and analytic tools that facilitate collaboration and accelerate analyses. RESULTS: Our new CTS infrastructure includes a data warehouse and data marts, which are focused subsets from the data warehouse designed for efficiency. The secure CTS workspace utilizes a remote desktop service that operates within a Health Insurance Portability and Accountability Act (HIPAA)- and Federal Information Security Management Act (FISMA)-compliant platform. Our infrastructure offers broad access to CTS data, includes statistical analysis and data visualization software and tools, flexibly manages other key data activities (e.g., cleaning, updates, and data sharing), and will continue to evolve to advance FAIR principles. CONCLUSIONS: Our scalable infrastructure provides the security, authorization, data model, metadata, and analytic tools needed to manage, share, and analyze CTS data in ways that are consistent with the NCI's Cancer Research Data Commons Framework. IMPACT: The CTS's implementation of new infrastructure in an ongoing CEC demonstrates how population sciences can explore and embrace new cloud-based and analytics infrastructure to accelerate cancer research and translation.See all articles in this CEBP Focus section, "Modernizing Population Science."

Retrospectiva CONASS 2012: Núcleo de Gestão e Financiamento

Em uma série de vídeos, o CONASS apresenta brevemente as principais ações desenvolvidas em seus Núcleos Técnicos, relatadas por seus respectivos gerentes. Neste vídeo, a Assessora Técnica e gerente do Núcleo de Gestão e Financiamento do CONASS, apresenta as principais áreas de atuação desenvolvidas pelo seu núcleo no ano de 2012: - Lei Complementar n. 141 -- que regulamenta a Emenda Constitucional n. 29 - Contrato Organizativo da Ação Pública da Saúde (Coap) - Auditoria do SUS - Gerência de Unidades Públicas

Considerations for Genomic Data Privacy and Security when Working in the Cloud.

Next-generation sequencing produces large amounts of data. The complexity and data management issues associated with next-generation sequencing have led many laboratories to turn to cloud services, especially when internal information technology infrastructure is inadequate to support data requirements. In addition, public cloud repositories of variants are being increasingly utilized, and their data sets are being populated through crowdsourcing submissions of human genetic variation identified within laboratories. The purpose of this review is to describe the challenges of managing genomic data in the cloud and to discuss potential strategies to surmount these challenges in a compliant manner. The definitions and advantages of cloud systems are outlined. Special regulatory considerations for laboratories are included, and strategies for compliance in the US regulatory environment for genetic information in clinical patient care as well as in research and public databases are also discussed.

Healthcare Data Breaches: Implications for Digital Forensic Readiness.

While the healthcare industry is undergoing disruptive digital transformation, data breaches involving health information are not usually the result of integration of new technologies. Based on published industry reports, fundamental security safeguards are still considered to be lacking with many documented data breaches occurring as the result of device and equipment theft, human error, hacking, ransomware attacks and misuse. Health information is considered to be one of the most attractive targets for cybercriminals due to its inherent sensitivity, but digital investigations of incidents involving health information are often constrained by the lack of the necessary infrastructure forensic readiness. Following the analysis of healthcare data breach causes and threats, we describe the associated digital forensic readiness challenges in the context of the most significant incident causes. With specific focus on privilege misuse, we present a conceptual architecture for forensic audit logging to assist with capture of the relevant digital artefacts in support of possible future digital investigations.

Protecting personal information: Implications of the Protection of Personal Information (POPI) Act for healthcare professionals.

Careless handling of patient information in daily medical practice can result in Health Professions Council of South Africa sanction, breach of privacy lawsuits and, in extreme cases, serious monetary penalty or even imprisonment. This review will focus on the Protection of Personal Information (POPI) Act (No. 4 of 2013) and the implications thereof for healthcare professionals in daily practice. Recommendations regarding the safeguarding of information are made.

Criminal Prohibition of Wrongful Re­identification: Legal Solution or Minefield for Big Data?

The collapse of confidence in anonymization (sometimes also known as de-identification) as a robust approach for preserving the privacy of personal data has incited an outpouring of new approaches that aim to fill the resulting trifecta of technical, organizational, and regulatory privacy gaps left in its wake. In the latter category, and in large part due to the growth of Big Data-driven biomedical research, falls a growing chorus of calls for criminal and penal offences to sanction wrongful re-identification of "anonymized" data. This chorus cuts across the fault lines of polarized privacy law scholarship that at times seems to advocate privacy protection at the expense of Big Data research or vice versa. Focusing on Big Data in the context of biomedicine, this article surveys the approaches that criminal or penal law might take toward wrongful re-identification of health data. It contextualizes the strategies within their respective legal regimes as well as in relation to emerging privacy debates focusing on personal data use and data linkage and assesses the relative merit of criminalization. We conclude that this approach suffers from several flaws and that alternative social and legal strategies to deter wrongful re-identification may be preferable.

Is it time for a HIPAA for physicians?

Practices, hospitals, and healthcare systems are increasingly able to collect data about individual physician clinical performance. There is a strong temptation to use the data to make decisions about physicians' quality of care without first taking the time to establish a system that ensures valid conclusions. In addition, physicians are not informed that their data are being used, and thus do not have an opportunity to correct any inaccuracies. A HIPAA-equivalent law or regulation for physicians would help patients and physicians more accurately address these and other issues related to complex healthcare data. FERPA provides a useful framework for these concerns.

Reasons for deficiencies in health information laws in Iran.

INTRODUCTION: Laws, regulations, and guidelines are necessary external stimuli that influence the management of health data. They serve as external mechanisms for the reinforcement and quality improvement of health information. Despite their inevitable significance, such laws have not yet been sufficiently formulated in Iran. The current study explores reasons for inadequacies in the health information laws. METHODS: In this descriptive study, health-related laws and regulations from the United States, the United Kingdom, and Iran were first collected, using a review of the literature and available data. Then, bearing in mind the significant deficiencies in health information laws in Iran, the researchers asked a group of managers and policy makers in the healthcare field to complete a questionnaire to explore the reasons for such deficiencies. A test-retest method was used to determine the reliability of the questionnaire. Descriptive statistics and tables were then used to analyze the data. FINDINGS: Experts' opinion on reasons for deficiencies in health information laws and regulations in Iran are divided into four principal groups: cultural conditions of the community, the status of the health information system, characteristics of managers and policy makers in the healthcare field, and awareness level among public beneficiaries about laws. CONCLUSIONS: The health departments or ministries in developed countries have brought about suitable changes in their affiliated organizations by developing external data enhancement mechanisms such as information-related laws and standards, and accreditation of healthcare organizations. At the same time, healthcare organizations, under obligations imposed by the external forces, try to elevate the quality of information. Therefore, this study suggests that raising healthcare managers' awareness of the importance of passing health information laws, as an effective external mechanism, is essential.