population - healthshareexchange.org · 6 data access • secure vpn tunnel between extraction...
TRANSCRIPT
1
Population Health Data Extraction Methodologies and Security
Agenda
4
1. Extrac)onMethodologies2. SecurityandContrac)ngApproach3. ChallengeswiththeCurrentModel4. NewArchitecture5. FutureHospitalRepor)ng
5
Clinical Data Repository • Main data repository for all of HSX’s Data
o ADT, LAB & CCDA Data o 6 Million Patients / 150 million clinical messages
• Direct secure connection to the backend database
SQL Extraction Scripts Used • Code Review / Change Management prior to every major extraction • Extraction output was to CSV based format
o Allow the data to be used with various statistical programs after handoff
De-identified Data • Followed Health & Human Services (HHS) HIPAA guidelines
o HSX did not use first names, last names, phone number, MRNs, or DOB. o Displayed the first 3 digits of the Zip Codes o Converted DOB into Age o Checked for populations under 100 in zip codes under scope
Extraction Methodologies
6
Data Access • Secure VPN tunnel between extraction server and Mirth Results database • HIPPA Compliant and HITRUST Certified environment • Data holding tank used encrypted drives & two-factor authentication
HCIF Project • Data Use Agreement Established with BAA • Used an HSX AWS Hosted Server • Utilized HSX monitoring and security tools • HIPAA training provided to all users accessing the data from HCIF
Karla Geisse / Capstone Project • Capstone Preceptor Guidelines and Agreement • Data Use Agreement Executed • Used a dedicated HSX laptop with special provisions • New HITRUST data handoff/sanitation procedures followed
Security and Contracting Approach
7
Data Access • Using PRODUCTION data from the clinical data repository
• Extractions used throttled resources • Higher risk to service outages to members • Data quality/data consistency issues
• Data is pulling from a relational database system made for transactional based processes, not data extraction based processes o Data extractions can take 2-24 hours to run in the current data model
Data Standardization / Normalization • HSX policies prohibit the modification of data that is ingested to Mirth
Results(CDR) from member data sources o Data must be standardized on extractions o Leads to inefficient queries and slower processing time o Higher customized query development needed based on extraction scope
Data Extraction Challenges
8
Data Warehouse • Combination of a different data sources aggregated together for the purpose of
analytics and data extractions, instead of a transactional based data schema • Using a series of concept libraries to standardize the data going into the data
warehouse. • ICD-10 Library • SNOMEDS Library • Gender Library • Race Library
• No longer the need to standardize the data on the extraction query.
Migration to Amazon Web Services (AWS) • Utilizing HIPAA compliant AWS services only • Hosted in a HITRUST certified environment • Using the data processing power of AWS while minimizing the cost around
traditional onsite environments • Qualified for Big Data grants and applied credits to assist with the build
New Data Architecture
Thank You! Nathan Hecker Technical Operation Lead [email protected] HealthShare Exchange of Southeastern Pennsylvania, Inc. 1801 Market Street, Suite 750 Philadelphia, PA 19103 www.hsxsepa.org