Summary
Cosmos, one of the world’s largest community collaborations in the healthcare ecosystem, is used by health systems to facilitate research and to enable evidence-based medicine at the point of care. The Cosmos platform supports a collaboration of more than 1,200 hospitals and 30,000 clinics around the world and was designed by electronic health record systems provider, Epic. Members of the Cosmos community can access the dataset with confidence that it is secure and that patient privacy is fully protected. Indeed, Epic has taken extraordinary care to earn their trust. Cosmos is designed to meet or exceed the highest levels of security and privacy when compared with the SAFE Data Standard and is fully de-identified as determined by Privacy Analytics®, a third-party expert in data privacy.Cosmos: The realization of a longstanding dream
Epic develops healthcare software to help people get well, help people stay well, and help future generations be healthier. For many years, members of the Epic community have been intrigued by the possibility of creating a high-quality, representative, and integrated dataset that could be queried safely to improve the health of people everywhere. This vision has now become a reality with Cosmos, one of the world’s largest community collaborations of health systems focused on improving patient care through their combined knowledge and data.
Cosmos facilitates rapid research and enables evidence-based medicine at the point of care for over 1,200 hospitals and 30,000 clinics. These organizations—many of them premier research institutions—securely contribute data from their systems to a unified environment that is then made available to community members for analysis.
"The research community’s usage of Cosmos is growing fast, increasing by 600% year over year. The additional protections from expert-determined de-identification have only accelerated this growth."
Phil Lindemann,
VP of Data and Analytics at Epic
Researchers within member organizations can query the vast array of data elements, making most studies performed “the largest studies of their kind,” according to Phil Lindemann, VP of Data and Analytics at Epic. Cosmos is young, but its use and impact are growing. Already, two dozen scientific papers have been written based on research conducted with Cosmos, and the community expects Cosmos to become a routine source for published studies.
Bringing Cosmos to the point of care to improve patient outcomes
Cosmos also provides a tool for doctors, like Look-Alikes™ that can connect doctors with other doctors regarding patients that are medical mysteries or being treated for an ultra-rare condition. Look-Alikes™ is now live with an initial set of organizations and growing. And for more chronic conditions, Cosmos will power Best Care Choices for My Patient™ to help physicians review treatment outcomes for patients similar to the ones they are currently caring for in the exam room in real-time. With Best Care Choices for My Patient™, doctors can leverage the longitudinal outcomes in Cosmos for patients like theirs and use the information, in addition to the current literature, their experience, and education, to make a more informed care decision.
Secure and protected access
A key Cosmos principle is that health systems that share their individual data will be able to securely access the full community’s de-identified data, which requires an enormous amount of trust. To facilitate this shared trust, health systems agree to a “rules of the road” that governs usage for all other health systems that access Cosmos, with no exceptions.
From the beginning, Epic has respected the importance of patient privacy and established strict data protection practices. “We wanted users to be able to delve deeply into the data with complete confidence that they were doing so in alignment with all local, country, and regional regulations,” explained Lindemann. “So, we applied to Cosmos everything we’d learned about the safe handling of patient information from our experience with the Epic EHR.” Data protection practices for Cosmos go beyond the requirements of the Health Insurance Portability and Accountability Act (HIPAA). As part of these practices, all original patient identifiers are removed from the data before they even leave the health system. Only fully de-identified data can be accessed and all actions by end-users within the secure environment are monitored and audited for an additional layer of trust.
Risk assessed by a third-party expert
Epic turned to Privacy Analytics, a global authority in data privacy solutions, to evaluate the data security measures in place for Cosmos, determine the likelihood of being able to identify patients, and make recommendations for transforming data as needed to reduce that likelihood.
Lindemann continued, “We wanted members to be able to conduct deep, long-form, highly statistical research at the line level, so it was extremely important that Privacy Analytics could assure our community that doing so would be safe and respectful of patients’ privacy but also meet the research needs of all health systems in the community.”
Privacy Analytics evaluated the entire Cosmos environment as well as the data elements within it to offer its expert determination on the risk of identifying patients. The transformation strategy was developed carefully, minimizing the impact of the transformations required by distributing it across several types of data and maintaining the field granularity required for planned research studies.
Privacy Analytics determined that the Cosmos ecosystem is designed to meet or exceed the highest levels of security and privacy when evaluated using the SAFE Data Standard, as well as the highest levels of recipient trust outlined in the standard. As a result, Privacy Analytics found that the Cosmos dataset could safely retain many data types that would otherwise need to be removed, such as the association between mothers and babies. Thus, Cosmos’ exemplary protective controls and measures enhance the value of the Cosmos data without compromising patient privacy.
Cosmos’ Controls and Recipient Trust Measures
Highly restricted environment
- Encrypted connections, IP restrictions, no access to the Internet or ability to import
- Outputs are screened with aggregation enforced (e.g., cluster sizes of 11)
- Access logging, monitoring, alerting
- Best practice security (physical, logical)
- Proof that data retention policy is enforced
- Regular control testing, periodic auditing
- Strong history of privacy protection
Very high trust
- Individuals with access to data are trained on reidentification risks
- Individuals are regularly reminded of their obligations
- Users are monitored to ensure terms of use are understood, enforced
Epic designed the Cosmos platform with controls aligned to the highest level of control in the SAFE Data Standard.
A model for large scale health data collaborations
To maintain the privacy and safety of Cosmos and their representative health systems, Epic is always anticipating future changes to Cosmos. New data types are being added to Cosmos regularly and each new data type requires a new evaluation of the possibility of re-identification. Lindemann said, “It wasn’t as if we got an initial stamp of approval from Privacy Analytics and went our separate ways. Privacy Analytics is always there to support us if we have any questions or need rapid changes for the best outcomes.”
Many of the large research facilities that Epic has worked with over the years had already used Privacy Analytics to de-identify their local datasets. “We chose Privacy Analytics because of its history, reputation, ability to manage complexity, and knowledge of healthcare data,” said Lindemann. “The research community’s usage of Cosmos is growing fast, increasing by 600% year over year. The additional protections from expert-determined de-identification have only accelerated this growth.” Thanks to Epic’s careful and thorough approach to data security and patient privacy, Cosmos is destined to become one of the world’s most fruitful and respected sources of information for advancing medical practice and improving patient outcomes.
