O  m  b  u  d  u                   About / Mission Terms Privacy Comfort and support for pregnancy loss Join Login







l,

Privacy


Ombudu© considers privacy a first order of priority for its users. In order for a personal health record system such as Ombudu© to be useful and effective in improving the health of its user, accurate information both by the individual user and the provider must be documented.  This information must be protected from breeches by non-authorized users. Ombudu does not collect or store any user identifiers(see below)

Ombudu© protects its users privacy by the following:

There are no user identifiers collected or stored in this project. Only a User Name and a Password. When user registered, she / he is asked to create a unique user name that does not contain any link to their I.D.such as initials, birth dates, relatives, etc. (see information about PHI below)

Anonymous user name

Unique Password which is encrypted using MD5 encryption.  When this password is stored in the OmbuduTM database, it is stored as a random 32 digit number which cannot be restored into the original password.

The information or "Data" will only be used to understand and improve the program and to prepare a capstone paper for a Master's Degree.

You cannot be identified by this information.

The entire program resides on a secure server (SSL)and the information is transmitted encrypted.

Only the user can control who has access to the program by sharing her Username and Password combination.



Some Questions and Answers about OmbuduTM

1.  Is the technology to collect the Data appropriate for what is being collected?
Yes. This Personal Prenatal Health Record uses a mobile, cross-browser, cloud-based platform to collect and store relevant information for pregnant woman so access to this information is always available should the woman's provider not have access to the records. The interface is simple to use. A cloud-based infrastructure provides universal accessibility for the users.


2.  What clinical data is being collected?
The clinical data collected will be general medical and obstetrical history, symptoms, vital signs, obstetrical visit findings, assessments, plans for care, medications and drug allergies


3.  Exactly how it will be collected using this tool?
a.  Information is collected by the preganrt woman (user history) and Provider Entry (Objective findings, assessments and plans)
b.  Informatoin is collected by drop down menu choices and text boxes
c.  The clinical data will be inserted into a MySql Database using PHP Hypertext Preprocessor scripting language
d.  The scripts are executed on a secure SSL server.
 
4.  How will be viewed and used in clinical encounters using this tool?
a.  The data is only accessible by the registered user.  The registered user may view the data stored in her Ombudu record at anytime
c.   The provider can view and enter findings in the record when the registered user enters her username and password in the presence of the user.
d.   Providers will not have access to the record unless the user is present
 
5.  Can the data re-identified?
a.   Ombudu does not know the identification of the users- only the username.
b.   There will be no re-identification of data
c.   There will be no sharing of username and passwords

6.  How anonymous data be handled?
a.   The data may be collated and evaluated anonymously to determine the usefulness, usability and functionality of a Personal Prenatal Health Record or for its analysis

7.  What happens to the data on the tool?
a.  At the completion of the short evaluation research project, the clinical data will be removed from the online database and not be accessible

Following is some information and references about HIPAA, Protected Health Information (PHI) and "patient" user Identifiers.  As a stand-alone-program, open to the public on the Internet, and not associated, affiliated or connected to any HIPAA "covered entites", HIPAA Privacy rules do not apply to Ombudu.  However, the design of Ombudu was to keep all users anonymous. No personal identifiers are requested and there are no "cookies" to track users.

HIPAA PHI: List of 18 Identifiers and Definition of PHI

From: http://cphs.berkeley.edu/hipaa/hipaa18.html

List of 18 Identifiers

1. Names;
2. All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
3. All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older;
4. Phone numbers;
5. Fax numbers;
6. Electronic mail addresses;
7. Social Security numbers;
8. Medical record numbers;
9. Health plan beneficiary numbers;
10. Account numbers;
11. Certificate/license numbers;
12. Vehicle identifiers and serial numbers, including license plate numbers;
13. Device identifiers and serial numbers;
14. Web Universal Resource Locators (URLs);
15. Internet Protocol (IP) address numbers;
16. Biometric identifiers, including finger and voice prints;
17. Full face photographic images and any comparable images; and
18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data)

There are also additional standards and criteria to protect individual's privacy from re-identification. Any code used to replace the identifiers in datasets cannot be derived from any information related to the individual and the master codes, nor can the method to derive the codes be disclosed. For example, a subject's initials cannot be used to code their data because the initials are derived from their name. Additionally, the researcher must not have actual knowledge that the research subject could be re-identified from the remaining identifiers in the PHI used in the research study. In other words, the information would still be considered identifiable is there was a way to identify the individual even though all of the 18 identifiers were removed.

Definition:  What is PHI?

Protected health information (PHI) is any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service such as diagnosis or treatment. HIPAA regulations allow researcher's to access and use PHI when necessary to conduct research. However, HIPAA only affects research that uses, creates, or discloses PHI that will be entered in to the medical record or will be used for healthcare services, such as treatment, payment or operations.

For example, PHI is used in research studies involving review of existing medical records for research information, such as retrospective chart review. Also, studies that create new medical information because a health care service is being performed as part of research, such as diagnosing a health condition or a new drug or device for treating a health condition, create PHI that will be entered into the medical record. For example, sponsored clinical trails that submit data to the U.S. Food and Drug Administration involve PHI and are therefore subject to HIPAA regulations.

What is not PHI?

In contrast, some research studies use data that is person-identifiable because it includes personal identifiers such as name, address, but it is not considered to be PHI because the data are not associated with or derived from a healthcare service event (treatment, payment, operations, medical records) not entered into the medical records, nor will the subject/pregnant woman user be informed of the results. Research health information that is kept only in the researcher's records is not subject to HIPAA but is regulated by other human subjects protection regulations.

Examples of research health information not subject to HIPAA include such studies as the use of aggregate data, diagnostic tests that do not go into the medical record because they are part of a basic research study and the results will not be disclosed to the subject, and testing done without the PHI identifiers. Some genetic basic research can fall into this category such as the search for potential genetic markers, promoter control elements, and other exploratory genetic research. In contrast, genetic testing for a known disease that is considered to be part of diagnosis, treatment and health care would be considered to use PHI and therefore subject to HIPAA regulations.

Also note, health information by itself without the 18 identifiers is not considered to be PHI. For example, a dataset of vital signs by themselves do not constitute protected health information. However, if the vital signs dataset includes medical record numbers, then the entire dataset must be protected since it contains an identifier. PHI is anything that can be used to identify an individual such as private information, facial images, fingerprints, and voiceprints. These can be associated with medical records, biological specimens, biometrics, data sets, as well as direct identifiers of the research subjects in clinical trials.

Summary of the HIPAA Privacy Rule

http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/guidance.html#assess

 

Ombudu© Team
Contact: info@ombudu.com