The authors explain that unanswered questions remain in many clinical trials and certain information is often left out. They note that “withholding data, positive or negative, can cause harm,” and that withholding data can also prevent independent investigators from detecting errors in previously published studies.

However, due to groups such as the Academic Research Organization Consortium for Continuing Evaluation of Scientific Studies, which comes together to advocate for sharing and standards, the move toward sharing clinical trial data is progressing.

Organizations such as the U.S. Food and Drug Administration and the National Institutes of Health (NIH) have also promoted clinical trial data sharing. For example, since many trial results previously went unreported, the NIH requires all trials that it partly or fully funds to be registered and report summary results.

Furthermore, to continue increasing data sharing and rewarding those for doing so, the authors explain that new incentive structures are necessary. They provide suggestions for moving forward such as acknowledging the original producers of data in publications; providing funding for sharing data; giving credit for data sharing in academic promotions; reimbursing health systems that share data with patients and researchers; and creating a standardized recognition system for data generators.

The authors conclude that “the revolution in data sharing that has transformed domains ranging from physics to genetics is just beginning for clinical medicine.” They add, “as we move toward a world of open data, cardiology has the opportunity to lead and, in so doing, to serve as a model for all of medicine.”

<<< Return to top

As physicians, practice managers and users of connected devices, what are we to do regarding electronic security and our medical practices? There are some very quick and common-sense steps to ensure quality and the balance of security, inconvenience and ensuring legitimate access.

The first is to understand your practice’s security setup. Talk to your IT administration and ensure that basic consensus operations are implemented. For example, do office computers have hard drive encryption, preventing the hard disk from being removed and analyzed for passwords, patient or practice information? This can be implemented in a fashion that is transparent to the user. Talk to your device representatives and ensure that updates are pushed to all device programmers and that patches, if available, are given as an option to patients with devices that can be upgraded.

The second is to make sure that your own computer and device systems are up to date and continually patched. Even the simplest of office and electronic medical record systems needs to be actively managed and updated. Personal systems that are connected to the hospital network or contain any protected medical information must be kept up-to-date with all known exploits removed. Routers, computers and even connected devices should be continually updated with the latest firmware and fixes.

Finally, it is critical to use good sense when transporting or transmitting medical information in any form. Laptops that contain protected information must have strong encryption, in addition to any flash drives or portable storage. There are numerous free tools that IT professionals can help implement in all operating systems. Email should generally be regarded as insecure and vulnerable to interception during transmission — although with modern programs the presence of end-to-end security is now indicated to the user and should be used if available. Keep in mind that even with encrypted transport, account administration at either end of email may generally access emails and records.

Security does not need to be, and should not be, an overzealous mission that becomes self-defeating. After a brief heyday of strict password-changing in the early 2000s, IT administrators ultimately realized that the enforced changing of passwords every few months does not actually improve security, as users will just write them down or increment one small aspect of the password. Similarly, requiring a difficult to remember and combination of odd symbols password is less important than ensuring adequate length of a password and prevention of commonly used words. In the physical world, placing everything in an office under a lock and key has the possibility of keeping legitimate users out, makes things difficult in an emergency and makes for an unwelcoming environment. The best fixes preserve this balance with local systems, while all online systems, or those widely exposed to the internet, must be given continuous attention and tight security.

This article was authored by G. Stuart Mendenhall, MD, FACC, cardiologist at the University of Pittsburgh Medical Center.

<<< Return to top