Most general practices in Australia use electronic health record (EHR) systems to manage patient information. The range of variables recorded in the EHR may include patient demographics, pre-existing conditions, immunisations, pathology results, prescriptions, reasons for encounters and clinical assessments. General practitioners (GPs) have a role as custodians of EHR data.
1 While the primary use of EHRs is to inform and enhance patient care, their detailed longitudinal nature, recorded in electronic format during routine interactions at the point of care, makes the secondary use of EHR data an attractive data source for researchers and policy makers.
2,3
Pooled data from general practice EHRs provide an insight into general practice workload and the delivery of clinical care, with large sample sizes. The comprehensive nature of general practice enables the study of outcomes, including those that may be difficult to capture in other settings, from across the entire patient journey. The data collection costs associated with using pooled EHRs are also less than those of other data collection methods, particularly methods involving individual consent.4,5 However, there are difficulties related to data quality and,6 especially for pooled data, interoperability.7
In Australia, as in the UK and USA, there has been substantial investment in pooling EHRs.5 For example, in 2011, National Prescribing Service (NPS) MedicineInsight was funded by the Australian Government to establish a national general practice database. It de-identifies general practice EHRs at the source, then extracts longitudinal data from general practice information systems using third-party extraction tools such as the GeneRic Health Network Information for the Enterprise (GRHANITE)8 and cdmNET.9 By October 2018 NPS MedicineInsight had grown to include 662 participating general practices and 2.3 million regular patients.10 It has since been used in a range of research and quality improvement projects, ranging from pharmaco-epidemiological studies to large cohort studies.11,12 In another example, the Lumos program – a collaboration between NSW Health, Primary Health Networks and general practices – de-identified data from general practice EHRs that are linked to other New South Wales health and registry data.13 From 1 August 2019, many general practices in Australia have been submitting de-identified data to Practice Incentives Program Eligible Data Sets with their local Primary Health Networks,14,15 and may be familiar with the extraction process.
Enhanced system capabilities have allowed the types of research studies possible with EHR data to include opportunities for pragmatic interventional studies with randomisation within the database at the point of care.4,5 For example, when a potentially eligible patient visits, the GP may see a computer- generated flag on the screen linked to the participant information statement and consent form.16,17 In these interventional studies, consenting patients may be randomised by the trial to different treatment groups, and outcomes may be collected from the EHRs.17 There are also other opportunities for using EHRs to facilitate recruitment by identifying study eligibility criteria in the EHR, and for data collection, by linking questionnaires to EHRs to provide additional data or adding additional coded fields to the EHR to evaluate outcomes.5
While some GPs have a dual role as both the custodian of EHR data and researcher, increasingly, practices are approached to make EHRs available for research and quality improvement. GPs have ethical as well as legal responsibilities to ensure patient medical records are confidential, stored and managed securely, and fit for purpose.18 In this article, we aim to discuss the ethical considerations associated with the use of general practice EHRs, individually and pooled, for research.
In Australia, standards for the conduct of human research, including the use of health records and other personal materials, are set by the National statement on ethical conduct of human research (National Statement).19 The National Statement encourages research that is based on ‘the values of respect, research merit and integrity, justice, and beneficence’, with careful consideration, judgement and appraisal of its unique context.19 The potential benefit of the research needs to be greater than its risks for the research to proceed ethically.20 The National Statement stipulates careful consideration of the benefits and risks of research as well as informed consent, and we will use it to guide our discussion.
Balancing the potential benefits and risks
Risk is ‘a potential for harm, discomfort or inconvenience’.19 In using pooled EHRs for research, the risks to patients and GPs include potential psychological, social, economic and legal harms that may be associated with breaches of confidentiality when a person or organisation is re-identified.
The Five Safes framework has been adopted by several Australian and international agencies as a multidimensional structure to minimise risk (Figure 1).21 Researchers should have the knowledge and skills to use the data in an appropriate manner (safe people). The research project should deliver public benefits, with its design meeting the stated objectives (safe project). Procedures to minimise the risk of potential breaches of confidentiality to patient participants in EHR-based research may include the removal of patient identifiers at source, encryption, and allocation of a unique identifier before data storage (safe data). High levels of security should be ensured through data management standards and infrastructure, and restriction of lower-level geographical information is important to prevent unintended identification (safe setting). The collection, storage and handling of EHR data should be in accordance with Australian privacy legislation.22,23 Human research ethics committees (HRECs) routinely review storage plans for de-identified data, considering security, legislation, data backup, period of storage and plans for destruction of the data at conclusion of the project. Final checks should also be conducted on all research outputs to further minimise confidentiality risks (safe outputs).
Figure 1. Extraction from general practice electronic health records with the Five Safes framework21
Figure showing primary data extraction from general practice electronic health records from a single practice into a secondary dataset and the secondary data extraction into the research dataset, together with the Five Safes framework
However, in some instances, confidentiality concerns remain because it may be possible to re-identify participants or link participant information from different sources, particularly in small samples or in cases with rare conditions. The confidentiality of the patient, GP, general practice staff and the general practice needs to be protected at all times. HRECs consider situations where there is potential for misuse of data – for example, with vulnerable people who ‘may have an increased likelihood of being wronged or of incurring additional harm’,24,25 such as children or people with impaired intellectual function. It is important that analyses of pooled EHR data are not used or presented in ways that might exacerbate inequalities or perpetuate social injustice – risks that have been identified by other uses of ‘big data’, especially in commercial settings.26
As large repositories of real-world data from EHRs become increasingly used, the FAIR Guiding Principles have been developed to promote best practice among data custodians. Data should be Findable, Accessible, Interoperable and Reusable to promote transparency and reproducibility of data-driven research.7 Additionally, data custodians, whether a GP with a single EHR system or large aggregated data systems such as NPS MedicineInsight, have a responsibility to ensure that the data are fit for purpose; that is, that they meet benchmarks for completeness, conformance and plausibility, and that they comply with the research merit and integrity requirement.27,28
Informed consent
In most research, participant consent is voluntary and based on sufficient information about the research, including potential benefits, risks and impacts on participants such as costs to patients or increased workload to clinicians, with opportunities for participants to ask questions and discuss the information together with others if they wish to.19 Participant information should be conveyed in a timely, meaningful and accessible way to meet the needs of a diverse Australian population, encompassing participants, including patients, providers and general practices. People do not need to provide any reason for non-participation. Participants are entitled to withdraw from research at any stage without any consequences.
However, in large-scale projects using pooled EHR data, seeking such explicit consent may not be feasible or practical. In these circumstances, for low-risk research with a high potential benefit, an opt-out approach or a waiver of consent for research may be considered by an HREC. Opt-out consent models require that reasonable attempts are made to explain the research in a way that is timely, meaningful and accessible, with opportunities to decline or withdraw participation, and an adequate plan to protect confidentiality. An opt-out approach must also align with State and Territory, Commonwealth and international laws.19 Participating general practices should display waiting room posters with information on using EHRs for research, contacts for further information and instructions to decline or withdraw by completing an opt-out form that is available from the practice reception or online.29,30 It is possible to opt out prospectively, but it may not be possible to remove de-identified data retrospectively if consent is withdrawn. In both explicit and presumed consent with opt-out approaches, consent is an active process with three main components, including capacity, adequate information and opportunities to consider the information.31
Insurance
GPs may wish to review what data is being extracted from the practice EHRs and to consider opt-out procedures for individual patients. GPs should check their personal and practice medical indemnity to ensure coverage for research participation. Research projects that are sponsored by universities or other external agencies often carry additional insurance. It is prudent to review any insurance arrangements in the formal agreement to participate in the research.
Conclusion
There are benefits of using EHRs for research as well as potential risks to patients, GPs and the practices. GPs, in their role as custodian of EHR data, should ensure there are processes for informing patients – in a timely, meaningful and accessible way – about pooling EHRs, its uses and opt-out procedures (Box 1). Careful consideration and judgement are required to ensure ethical requirements are met, with particular attention to confidentiality, data quality and informed consent.
Box 1. Issues for general practitioners to consider when approached by researchers with a request for electronic health record (EHR) data |
- Is there ethics approval from a National Health and Medical Research Council–approved ethics committee?
- To what extent is the ethics approval dependent on an opt-in or opt-out approach to informed consent?
- How will the EHR data be used and handled?
- How will patient, general practitioner, general practice staff and practice confidentiality be ensured?
- Is there adequate insurance coverage for research participation?
- Does the research team have the skills to undertake this research?
- Are the potential benefits of the research greater than the risks?
|
Key points
- Pooled general practice EHR data provide an insight into general practice workload and the delivery of clinical care, and have high potential to contribute to research and policy that is relevant to the community.
- GPs have ethical as well as legal responsibilities to ensure patient health records are confidential, including that they are handled safely, with good governance and provenance arrangements for secondary use.
- GPs should ensure there are processes for informing patients about pooling EHRs, their uses and opt-out procedures.
- Careful consideration and judgement are required to ensure ethical requirements are met, with particular attention to confidentiality and informed consent.