Getty Images

Joint Commission Launches Certification Program For Responsible Health Data Use

The voluntary Responsible Use of Health Data (RUHD) Certification program aims to ensure that participating hospitals have policies in place for the secondary use of data.

The Joint Commission has launched the Responsible Use of Health Data (RUHD) Certification program, a voluntary program aimed at providing hospitals, patients, and other key stakeholders with an objective evaluation of how well a hospital is maintaining health data privacy best practices transferring data to third parties, also known as secondary use of data.

Healthcare organizations are increasingly leveraging health data for purposes beyond clinical care, The Joint Commission stated, such as for operations improvement or artificial intelligence development.

In fact, according to the Office of the National Coordinator for Health Information Technology, nearly 85 percent of US hospitals have the capability to export their patient data for reporting and analysis purposes. The HIPAA Privacy Rule outlines specific requirements to adhere to when de-identifying health data, but there is currently no standardized approach for using de-identified data or validating best practices.

In the interest of ensuring that secondary use of data processes are completed ethically, legally, and with patient privacy at the forefront, The Joint Commission crafted the RUHD Certification program.  

The certification program is based on principles from the Health Evolution Forum’s “The Trust Framework for Accelerating Responsible Use of De-identified Data in Algorithm and Product Development,” a framework that consists of various guidelines for properly using de-identified data to improve health outcomes.

In accordance with this framework, the RUHD certification will evaluate whether an organization is de-identifying data in accordance with HIPAA, whether it has established a governance structure of the use of de-identified data, and how the organization communicates with key stakeholders about the secondary use of de-identified data.

“This certification is the first step to provide a needed framework for implementing responsible practices, allowing healthcare organizations and other businesses to harness the benefits of data sharing while ensuring the safeguarding of patient confidentiality and autonomy,” James I. Merlino, MD, chief innovation officer at The Joint Commission, said in the announcement.

In addition to covering patient transparency and governance, the certification will also consist of checks on algorithm validation, data controls, and data use limitations.  

“As more healthcare organizations are leveraging clinical data for secondary purposes, there have been increased calls to assure responsible data stewardship,” says Jonathan B. Perlin, MD, PhD, MSHA, MACP, FACMI, president and chief executive officer, The Joint Commission Enterprise.

“The Joint Commission recognizes it can play an important role in validating that robust policies and procedures are in place to help protect, govern and accountably use secondary data. We believe our Responsible Use of Health Data Certification will help healthcare organizations use data responsibly to improve the safety, quality and equity of care, develop new technologies, and discover new therapies benefitting all patients.”

The RUHD Certification program will be open to US hospitals and critical access hospitals starting on January 1, 2024. Hospitals that achieve the certification will be recognized publicly by The Joint Commission for effectively establishing and maintaining secondary use processes and procedures.

Next Steps

Dig Deeper on Health data access & privacy