Cosmos: A model for advancing research while protecting patient privacy

Cosmos: A model for advancing research while protecting patient privacy

Clinical research collaboration grows usage by 600% year over year, bolstered by expert privacy protections, leading to faster research and insights in patient care.


Cosmos, one of the world’s largest community collaborations in the healthcare ecosystem, is used by health systems to facilitate research and to enable evidence-based medicine at the point of care. The Cosmos platform supports a collaboration of more than 1,200 hospitals and 30,000 clinics around the world and was designed by electronic health record systems provider, Epic. Members of the Cosmos community can access the dataset with confidence that it is secure and that patient privacy is fully protected. Indeed, Epic has taken extraordinary care to earn their trust. Cosmos is designed to meet or exceed the highest levels of security and privacy when compared with the SAFE Data Standard and is fully de-identified as determined by Privacy Analytics®, a third-party expert in data privacy.

Cosmos: The realization of a longstanding dream

Epic develops healthcare software to help people get well, help people stay well, and help future generations be healthier. For many years, members of the Epic community have been intrigued by the possibility of creating a high-quality, representative, and integrated dataset that could be queried safely to improve the health of people everywhere. This vision has now become a reality with Cosmos, one of the world’s largest community collaborations of health systems focused on improving patient care through their combined knowledge and data.

Cosmos facilitates rapid research and enables evidence-based medicine at the point of care for over 1,200 hospitals and 30,000 clinics. These organizations—many of them premier research institutions—securely contribute data from their systems to a unified environment that is then made available to community members for analysis.

"The research community’s usage of Cosmos is growing fast, increasing by 600% year over year. The additional protections from expert-determined de-identification have only accelerated this growth."

Phil Lindemann,

VP of Data and Analytics at Epic

Researchers within member organizations can query the vast array of data elements, making most studies performed “the largest studies of their kind,” according to Phil Lindemann, VP of Data and Analytics at Epic. Cosmos is young, but its use and impact are growing. Already, two dozen scientific papers have been written based on research conducted with Cosmos, and the community expects Cosmos to become a routine source for published studies.

Bringing Cosmos to the point of care to improve patient outcomes

Cosmos also provides a tool for doctors, like Look-Alikes™ that can connect doctors with other doctors regarding patients that are medical mysteries or being treated for an ultra-rare condition. Look-Alikes™ is now live with an initial set of organizations and growing. And for more chronic conditions, Cosmos will power Best Care Choices for My Patient™ to help physicians review treatment outcomes for patients similar to the ones they are currently caring for in the exam room in real-time. With Best Care Choices for My Patient™, doctors can leverage the longitudinal outcomes in Cosmos for patients like theirs and use the information, in addition to the current literature, their experience, and education, to make a more informed care decision.

Secure and protected access

A key Cosmos principle is that health systems that share their individual data will be able to securely access the full community’s de-identified data, which requires an enormous amount of trust. To facilitate this shared trust, health systems agree to a “rules of the road” that governs usage for all other health systems that access Cosmos, with no exceptions.

From the beginning, Epic has respected the importance of patient privacy and established strict data protection practices. “We wanted users to be able to delve deeply into the data with complete confidence that they were doing so in alignment with all local, country, and regional regulations,” explained Lindemann. “So, we applied to Cosmos everything we’d learned about the safe handling of patient information from our experience with the Epic EHR.” Data protection practices for Cosmos go beyond the requirements of the Health Insurance Portability and Accountability Act (HIPAA). As part of these practices, all original patient identifiers are removed from the data before they even leave the health system. Only fully de-identified data can be accessed and all actions by end-users within the secure environment are monitored and audited for an additional layer of trust.

Risk assessed by a third-party expert

Epic turned to Privacy Analytics, a global authority in data privacy solutions, to evaluate the data security measures in place for Cosmos, determine the likelihood of being able to identify patients, and make recommendations for transforming data as needed to reduce that likelihood.

Lindemann continued, “We wanted members to be able to conduct deep, long-form, highly statistical research at the line level, so it was extremely important that Privacy Analytics could assure our community that doing so would be safe and respectful of patients’ privacy but also meet the research needs of all health systems in the community.”

Privacy Analytics evaluated the entire Cosmos environment as well as the data elements within it to offer its expert determination on the risk of identifying patients. The transformation strategy was developed carefully, minimizing the impact of the transformations required by distributing it across several types of data and maintaining the field granularity required for planned research studies.

Privacy Analytics determined that the Cosmos ecosystem is designed to meet or exceed the highest levels of security and privacy when evaluated using the SAFE Data Standard, as well as the highest levels of recipient trust outlined in the standard. As a result, Privacy Analytics found that the Cosmos dataset could safely retain many data types that would otherwise need to be removed, such as the association between mothers and babies. Thus, Cosmos’ exemplary protective controls and measures enhance the value of the Cosmos data without compromising patient privacy.

Cosmos’ Controls and Recipient Trust Measures

Highly restricted environment

Very high trust

Epic designed the Cosmos platform with controls aligned to the highest level of control in the SAFE Data Standard.

A model for large scale health data collaborations

To maintain the privacy and safety of Cosmos and their representative health systems, Epic is always anticipating future changes to Cosmos. New data types are being added to Cosmos regularly and each new data type requires a new evaluation of the possibility of re-identification. Lindemann said, “It wasn’t as if we got an initial stamp of approval from Privacy Analytics and went our separate ways. Privacy Analytics is always there to support us if we have any questions or need rapid changes for the best outcomes.”

Many of the large research facilities that Epic has worked with over the years had already used Privacy Analytics to de-identify their local datasets. “We chose Privacy Analytics because of its history, reputation, ability to manage complexity, and knowledge of healthcare data,” said Lindemann. “The research community’s usage of Cosmos is growing fast, increasing by 600% year over year. The additional protections from expert-determined de-identification have only accelerated this growth.” Thanks to Epic’s careful and thorough approach to data security and patient privacy, Cosmos is destined to become one of the world’s most fruitful and respected sources of information for advancing medical practice and improving patient outcomes.

Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...


Value Retention

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.


Are you achieving intended outcomes from data?

Your Challenge

Do you need help...


Unbiased Results

Client Success


Situation:’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.


Do the right people have the right data?

Your Challenges

Do you need help...


Usable and Reusable Data

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.



Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...


Security / compliance efficiency


Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.


Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...


Consent / Contracting strategy

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 



Are You Effectively Planning for Success?

Your Challenges

Do you need help...


Build privacy in by design

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.


Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.