+1 Sean and Peter FWIW: ctakes has been used as a system for HIPAA de-identification, meaning, removing PHI from clinical text. So in at least one sense, cTakes can improve an institutions readiness to use clinical data under HIPAA.
On Wed, Nov 2, 2016 at 5:09 PM, Finan, Sean < sean.fi...@childrens.harvard.edu> wrote: > Hi Peter, Patrick, > > Just in case I am the "Sean" in question, I will say that Peter provided > an excellent answer. ctakes doesn't send patient information over the > network. As Peter indicated, in order to protect information you should > run ctakes in a HIPAA compliant environment - just as you would run any > other software dealing with patient data. Also, ctakes is intended for > research use, not clinical advice or application. > > Cheers, > Sean > ________________________________________ > From: Abramowitsch, Peter <pabramowit...@hearst.com> > Sent: Wednesday, November 2, 2016 3:43 PM > To: dev@ctakes.apache.org > Subject: Re: Using cTakes for Identified Patient Information > > If by security you mean, protection of data, this would depend entirely on > the architecture in which CTakes is situated. > CTakes itself does not send anything beyond its perimeter except the UMLS > login credentials. So if it were running entirely within a HIPAA compliant > environment then yes. > > But if you mean by safe & secure that the identified concepts such as > meds, diagnoses, procedures are guaranteed to be so correct that clinical > advice could be based solely on its output, the answer is no. > > I've been down this same road. > > Sean, would you agree? > > Peter Abramowitsch > Sr. Innovations Technologist, Healthcare > Hearst Health Innovation Lab > > > From: <Casimir>, Patrick <patrick.casi...@moffitt.org<mailto: > patrick.casi...@moffitt.org>> > Reply-To: "dev@ctakes.apache.org<mailto:dev@ctakes.apache.org>" < > dev@ctakes.apache.org<mailto:dev@ctakes.apache.org>> > Date: Wednesday, November 2, 2016 at 8:21 PM > To: "'dev@ctakes.apache.org<mailto:'dev@ctakes.apache.org>'" < > dev@ctakes.apache.org<mailto:dev@ctakes.apache.org>> > Subject: Using cTakes for Identified Patient Information > > I am inquiring about the safety and security of using cTakes for text > mining of clinical texts that contain PHI. As an open source, is it safe to > use cTakes within a hospital system that must comply to HIPPA regulations? > > Thanks > > [MOFFITT_2c_RGB for signature] > > Patrick Casimir, PhD > Applied Health Informaticist/Data Scientist > Moffitt Cancer Center > > 12902 Magnolia Drive, Tampa, FL 33612 | tel: 813-7454673 | fax: > 813-7458332 |email: patrick.casi...@moffitt.org<mailto:Patrick.casimir@ > moffitt.org> > > > > > Please consider the environment before printing this email. > > This transmission may be confidential or protected from disclosure and is > only for review and use by the intended recipient. Access by anyone else is > unauthorized. Any unauthorized reader is hereby notified that any review, > use, dissemination, disclosure or copying of this information, or any act > or omission taken in reliance on it, is prohibited and may be unlawful. If > you received this transmission in error, please notify the sender > immediately. Thank you. >
