MDPHnet is a distributed data network based on the PopMedNet architecture. A common data model, the ESP data model, facilitates data extraction across disparate systems. Each site hosting ESP that is linked to MDPHnet is considered a “data partner”. The system allows data partners and Massachusetts Department of Public Health (MDPH) staff to send queries to run against data pulled from electronic medical records (EHR) and receive aggregated results.
There are several key features of the PopMedNet system:
- Distributed analytic capabilities: Users can log into the secure MDPHnet website and retrieve aggregated results pulled from different data partners. The initial MDPHnet pilot will link the Massachusetts League of Community Health Centers (MLCHC) to MDPHnet and allow MDPH and MLCHC staff, as well as Community Health Center (CHC) providers, to run queries on data stored in the MLCHC ESP server. MDPHnet can expand to include other ESP installations and additional authorized users.
- Multiple topics: The MDPHnet pilot focuses on influenza-like illness and diabetes. Eventually, the project scope can be expanded to all diseases for which ESP has validated algorithms, or specific types of general extracts from the ESP common data model. The ESP data model includes a broad range EHR data, so additional analyses could be developed across a range of topics.
- Minimal data transfer: Organizations maintain control over their proprietary and confidential information and can assess, on a case-by-case basis, each data request. Data are released from the data partner as summary data, which minimizes the need to release protected health information. MLCHC staff determine whether the request should be executed. If approved, the applicant would be presented with the data as xml, excel or delimited files. Data can be released exactly as requested, or cells can be suppressed as a result of low cell counts, at the data partner’s discretion.
- Fine-grained authorization and permissions: Each data partner has an administrator that determines which groups are able to query each type of data. Query authorization can be narrowly defined to a specific user, or more broadly defined within a role (all investigators, for example) or group (ex. MDPH staff, or a specific data partner).
- Menu-driven query: One way that users are be able to query the data is through selection of data elements from a menu. Users are presented with simple drop-down lists and check box options to make their selections from the menu. Available data element options are determined through the Governance Advisory Committee, but could include such information as time periods (one year, one month, seasonal, etc.), patient demographics such as age, gender, race or ethnicity, clinical conditions, vital signs, drug or vaccination history.
- Strong security and authentication: MDPHnet is hosted and implemented in compliance with Federal Information Security Management Act (FISMA) requirements. Additionally, the implementation architecture and software has passed several security reviews and audits. Security features include password expiry, secure transmission of queries and results, automatic log-off, comprehensive notification features, and automated file deletion.
- Automated, extensive auditing: All aspects of the system are captured in an audit trail. Things as simple as when a query was initiated to when it was completed, to when a user last logged in and the type of query that was requested, are captured in the system’s audit trail. Users are able to print reports based on a variety of features.
References
Brown JS, Holmes JH, Shah K, Hall K, Lazarus R, Platt R. Distributed health data networks: a practical and preferred approach to multi-institutional evaluations of comparative effectiveness, safety, and quality of care. Med Care. 2010 Jun;48(6 Suppl):S45-51.
Maro JC, Platt R, Holmes JH, Strom BL, Hennessy S, Lazarus R, Brown JS. Design of a National Distributed Health Data Network. Ann Intern Med. 2009 Sep 1;151(5):341-4