Multicenter patient records research: Security policies and tools

The expanding health information infrastructure offers the promise of new m edical knowledge drawn from patient records. Such promise will never be ful filled, however, unless researchers first address policy issues regarding t he rights and interests of both the patients and the institutions who hold their records. In this article, the authors analyze the interests of patien ts and institutions in light of public policy and institutional needs. They conclude that the multicenter study, with Institutional Review Board appro val of each study at each site, protects the interests of both. "Anonymity" is no panacea, since patient records are so rich in information that they can never be truly anonymous. Researchers must earn and respect the trust o f the public, as responsible stewards of facts about patients' lives. The a uthors find that computer security tools are needed to administer multicent er patient records studies and describe simple approaches that can be imple mented using commercial database products.