For almost three years now, cancer researchers have not been getting a complete picture of the disease in California.
After decades of sharing cancer data freely, the Veterans Affairs Department is citing concerns over patient privacy as it rethinks its policies on sharing information about patients. The new policy is spelled out in a VA directive dated Aug. 22, but cancer researchers say information has been withheld in California for much longer.
According to a California cancer surveillance agency report cited in a recent article in “Lancet Oncology,” VA hospitals stopped reporting cancers to California registries in late 2004.
Most hospitals are required by state law to submit data for research, but VA hospitals need not adhere to state laws because they are under federal jurisdiction. The new VA directive specifies several conditions states must meet before VA hospitals will release cancer data.
Although all 50 states are affected by the directive, California plays a particularly important role in this national issue. Not only does California have the largest population of veterans in the U.S., it is also arguably the most significant state in terms of cancer research.
“California is not only a big player in numbers but also a big research player,” said Robert McLaughlin, legal and regulatory affairs officer for the Northern California Cancer Center.
The national Surveillance, Epidemiology and End Results (SEER) program was established in 1973 as an outgrowth of the National Cancer Act. It is tasked with collecting and collating cancer research in several regions of the country, including three in California. California represents about 50% of all the cancer cases reported to SEER in large part because the state’s population is so large and its three SEER regions are so well developed and diligent in maintaining cancer data.
However, without VA cancer patients’ data, research becomes suspect and incomplete. VA patients account for about 4% of the state’s cancer patients — about 3,000 individuals — according to researchers.
“Those states that are less active in the SEER registry will be less at odds with the VA directive,” McLaughlin added.
Two government representatives — one state, one federal — were asked to comment on the issue for this article. Raye Anne Dorn — coordinator for cancer programs at the Veterans Administration in Washington, D.C. — and Kurt Snipes, acting chief of the Cancer Control Branch of the California Department of Public Health in Sacramento, both answered their phones and spoke briefly but said they couldn’t talk officially until their respective press offices approved it.
The state office called back with this statement delivered by public affairs spokesperson Lea Brooks:
“The California Department of Public Health is working on agreements with each of the eight U.S. Department of Veterans Affairs facilities in California that previously reported cancer data to the department. These agreements will limit the department’s use of the data to surveillance only.”
The federal press office did not respond.
Before VA coordinator Dorn disconnected, she did answer one question about why this directive deals only with cancer and not other “reportable” diseases such as tuberculosis, HIV and AIDS.
“They’re covered under other directives,” Dorn said.
But the Veterans Administration continues to share data on other diseases with state researchers, according to Tina Clarke, epidemiologist with the Northern California Cancer Center.
“I don’t understand that at all — why cancer is singled out by the VA but other reportable diseases are still being reported,” Clarke said.
The directive “creates a huge amount of confusion for those of us who use this data,” Clarke said. “And the whole thing is really poorly timed. Baby boomers are getting into prime cancer age now, and keeping a close watch on cancer is more important than ever.”
The VA directive stipulates that researchers who seek to use the data must obtain permission from the VA undersecretary of health or collaborate with an agency researcher and obtain permission from the ethics board of the VA hospital. The directive also requires that the data be encrypted and separated from information representing the population at large.
The data in question — name, address, age, race and medical history of patients — are used in a variety of research areas to track cancer rates, investigate cancer clusters either by geography or demographics, survival rates, treatment regimens and other issues.
California researchers maintain that VA’s reticence to share data has been evident for years, but many trace the national directive’s roots to an incident in Maryland last year. A VA laptop with personal information on more than 26 million veterans was stolen, helping to propel computer security and privacy concerns to the national forefront.
California officials, who have yet to sign the VA directive, are investigating alternatives and possible areas of compromise.
McLaughlin suggests a few minor changes in the wording of the national directive might make some states — including California — more amenable.
“I think with some relatively minor alterations in the wording, this directive could be much more workable than it is now,” McLaughlin said. “The VA directive comes with some provisions that are just not compatible with state systems — at least not with California’s system.”
For example, McLaughlin said the VA directive includes stipulation that veterans’ data be kept in a separate database from other cancer patients. He points out that separating data defeats one of the primary purposes of collecting information in the first place — to get a perspective on the total population.
“You’re either comprehensive or you’re not,” McLaughlin said.
McLaughlin suggests changes in wording could allow states to specify that veterans’ data was not to be shared or released.
“One of the techniques we have for protecting privacy is to flag particular individuals who do not wish to be contacted through the registry. We could create a blanket VA flag that essentially keeps all veterans’ data private. That could work, with the caveat that a researcher could then go to the VA if more contact was required,” McLaughlin said.
“There are a lot of ideas out there on how to make this work by changing and adding a few words, the question is how viable are all those ideas,” McLaughlin said. “I think it could be done at a technical level, but whether it’s possible at a political level is another matter,” he added.
The California Cancer Registry already has a number of security controls in place, McLaughlin said, including encryption programs, to protect all cancer patients’ privacy — including veterans.
“All of these security measures are quite effective,” McLaughlin said. “The data has never been breached or hacked as far as I know,” he said.