Joint Commission Launches Certification Program for Responsible Secondary Use of Health Data
On December 5, 2023, the Joint Commission launched the Responsible Use of Health Data (RUHD) Certification program for U.S. hospitals and critical access hospitals. The voluntary program will provide an objective evaluation of how well hospitals are maintaining privacy best practices for transferring health data to third parties – Known as secondary use of health data.
Hospitals often transfer health data for reasons other than clinical care, such as to support the development of artificial intelligence systems and for quality and operations improvement purposes. The HHS’ Office of the National Coordinator for Health Information Technology (ONC) reports that 85% of hospitals in the United States have the capability to export patient data for reporting and analysis purposes. While the HIPAA Privacy Rule stipulates the methods that should be used when de-identifying protected health information, currently there is no standard approach for using de-identified data nor validating best practices.
The certification program includes an evaluation of whether a hospital is committed to using privacy and security best practices in its secondary use of data and will promote the responsible use of data by demonstrating established protocols for transparency, limitations on use, and patient engagement. The RUHD Certification program is based on principles adopted from the Health Evolution Forum’s “The Trust Framework for Accelerating Responsible Use of De-identified Data in Algorithm and Product Development” framework. Under the program, a hospital will receive an objective evaluation of whether they are de-identifying protected health information in accordance with HIPAA, whether they have established a governance structure for the use of the data, and how the organization communicates with patients about the secondary use of de-identified data. The certification program also assesses data controls, limitations on use, and algorithm variation. Hospitals that achieve RUHD Certification will be recognized publicly for establishing an objective and rigorous process for meeting the necessary privacy requirements.
“As more healthcare organizations are leveraging clinical data for secondary purposes, there have been increased calls to assure responsible data stewardship,” says Jonathan B. Perlin, MD, PhD, MSHA, MACP, FACMI, president and chief executive officer, The Joint Commission Enterprise. “The Joint Commission recognizes it can play an important role in validating that robust policies and procedures are in place to help protect, govern and accountably use secondary data. We believe our Responsible Use of Health Data Certification will help healthcare organizations use data responsibly to improve the safety, quality and equity of care, develop new technologies, and discover new therapies benefitting all patients.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The program will officially commence on January 1, 2024, when applications will be accepted; however, hospitals can begin working toward RUHD Certification immediately.