The Center for Healthcare Outcomes & Policy (CHOP) currently houses a variety of data sets. Most are extremely complex, consisting of protected data for millions of patient records. These include national Medicare files, National Cancer Registry data (e.g., SEER), the Health Care Cost and Utilization Project (state and national data sets), commercial insurance claims data sets (e.g., Blue Cross and Blue Shield of Michigan, Michigan driver's license database), statewide clinical registry data (e.g., Bariatric Surgery, Breast Cancer and Trauma), survey data, and other data (e.g., MarketScan commercial insurance data, American Hospital data, etc.).
Research is conducted at the University of Michigan's North Campus Research Complex (NCRC), a 20,000-square-foot office-based biomedical research space. All buildings at the NCRC have regulated access control which require identification badges for entering and exiting. Security personnel are stationed in the building complex at all times and regular patrols are conducted.
Our systems are designed to permit appropriate access to protected information while preventing inadvertent access or transmissions. Incoming data sets are processed, decrypted as necessary, and loaded onto a file storage service hosted by University of Michigan Medical School Information Services department. The CHOP data storage volume is internally managed with no public internet connections. Internal connections for development of analytic data sets are limited to CHOP research analysts and systems administrators, through use of secure authentication and change management processes. The file storage service is designed for high availability with redundant controllers, network paths, RAID 6 data drive configurations and regular secure backups. The infrastructure for this service is located in a dedicated locked and professionally managed University data center; this center has regulated access and monitored security mechanisms, including eye retinal scans for entry and individually locked equipment cabinets.
The University of Michigan Health System requires HIPAA training as a condition of employment; this certification is renewed annually. UMMHS and CHOP has policies and procedures to govern the use and protection of protected health information, which data users are required to understand and follow. For example, Research Analysts are prohibited from copying unencrypted or non-aggregated protected health data to portable media such as laptops and flash drives. Any outgoing protected data are encrypted and logged out of the system by the Data Administrator. Original media with confidential data remain encrypted and are locked in a cabinet. Please reference the document entitled “Protection and Use of Health Data”.
Availability of Research Results
In accordance with the National Institutes of Health's policies, project resources are made publicly available. Please notify us if you would like a grant associated publicly listed as an available resource.