cori
cori logo cori
cori
search
cori
cori
cori
band
cori
Home
News
Research
CORI Data Repository
Data Request Process
Clinical Trial Services
Associated Fees
Publications
CORI Image Collection
Research FAQ
Prospective Research FAQ
Privacy FAQ
Technology
Partnerships
About CORI
Contact Us
cori
cori
cori
cori
cori

Research Data Privacy FAQ

How much of the information that we enter into CORI gets sent to its central data warehouse?

The data that you send to the CORI data warehouse includes all data entered about procedures (including the history and physical exam) but only limited amounts of data about the patient and staff members. Staff information is limited to a unique identifier along with non-identifying information such as gender, specialty, and year graduated, and CORI personnel do not have the key allowing us to identify those staff members. Patient information is limited to the patient age (in years), race and ethnicity, gender, date of procedure, and payer type. In addition, each procedure is labeled with a unique identifier for the site at which the procedure is performed. In order to support our software, we keep information at CORI about each site. Some of this information is used in our research, such as the site type (academic, community, HMO, VA), facility type (office, hospital, ambulatory), and location (by state and region).

Why do you collect a limited data set, instead of a completely de-identified one?

If we used de-identified data, the most important information that would be missing is the date the endoscopy procedure was performed. CORI analysts use this date of service to learn about the number of procedures performed during a time period, to study trends in indications, diagnoses or therapies over time, and to study the use of repeated procedures. In addition, the date of service allows us to perform quality control on our data.

Because you send us this date of service, your data is considered to be a Limited Data Set (LDS) and not fully de-identified data. That means that the most obvious identifiers have been left out, but the risk to the patient of being identified, although very small, is still present. An LDS is considered identifiable health data and must be managed with the same security requirements as data that contains names, addresses, and other obvious identifiers. This includes the prohibition of researchers at CORI from trying to re-identify or contact your patients. However, when only an LDS is captured, patients may not have to consent to the use of their data.

How do you use the race and ethnicity data that you collect?

Race, ethnicity, age, gender and payer type are sometimes used as variables in CORI studies. Most of the time, however, they are used to describe the population that is represented by the data, to give a “snapshot” of our population. Knowing how closely the study population represents that of the whole country helps us understand how well our study results apply to all people.

Is it possible to identify a patient in the CORI database? What about in publications?

All of the primary patient identifiers remain at the local endoscopy sites and are NOT sent to CORI. These include the patient’s name, social security number, medical record number, address and other contact information. While it is highly unlikely, it might be possible in extreme circumstances to identify a patient from a combination of their procedure date, procedure site number, and unusual findings on the history or examination. That is why CORI can’t consider the data that you send to be fully de-identified and why we use strict security procedures for managing that data. Information about individual patients is never published, however. The purpose of our research is to report on populations, not on individuals, so all data is reported in an aggregate fashion.

Is it possible to identify a site in the CORI database? What about in publications?

In order to maintain our software, we must know about our installed sites and each is given a unique identifier to help in that process. With each procedure performed, we record the unique identifier for its site for several reasons. One reason is to perform quality control, monitoring data integrity and site reporting compliance; a second reason is that sites sometimes want data specific to their sites; and third, we also perform prospective research with sites who agree to participate in specific projects and must be able to identify their data. Site information, such as site type, facility type and region, is used for the "snapshot" of our research base which allows scientists to assess the generalizability of our findings. Names of specific sites are never published unless those sites have agreed to participate in a prospective research study.

In addition, we work with various industry partners and it is our policy not to tell those industry partners which hospitals or clinics are using our software without permission from the site for each disclosure.

Our site has an ethnically unique patient population, could we be identified on the basis of that?

It is unlikely that your site could be identified based on its unique population or any other characteristic of the site such as its location or site type. We only report on patients and sites in an aggregate fashion. We may describe individual centers in prospective research, but only after you have agreed to participate in the study.

Who might be a recipient/consumer of the data that we send to the CORI warehouse? What purposes might it be used for?

Most analysis of the data that you send to CORI is performed by CORI’s data analysts, who are employees of OHSU. Our results are reported in peer-reviewed literature and at conferences. In rare instances, data is sent to other analysts, who may include associates in the pharmaceutical industry or device manufacturers. Only fully de-identified data is released in these instances. The CORI Operations Committee carefully monitors the way in which data is used by our associates.

Would you ever release or sell your entire database?

We only use and release data for specific studies that the CORI Operations Committee deems to be scientifically sound and clinically relevant. Only the data that is required for a study is released for analysis.

Do you ever release data from just one site, or identify sites in an aggregate dataset?

We only release data from one site to investigators at that site at their request. When we report our findings, we may describe the characteristics of our sites, but never report on individual sites without their express consent.

cori
spacer
cori
cori Privacy Policy | © 2004-2005
cori
cori
Quick Links
Key Facts
Software Support
CORI Version 3
User Testimonials
Join CORI
Data Request Form
CORI Image Collection
Site Map
cori
cori