Healthcare data utilization is poised for a transformation with the introduction of the Responsible Use of Health Data (RUHD) Certification program by The Joint Commission. This voluntary program, set to be effective from January 1, 2024, marks a big step toward standardizing the secondary use of patient data in U.S. hospitals and necessary access in hospitals. Secondary use of data involves a range of activities beyond direct patient care, including quality improvement, research, and the development of algorithms and artificial intelligence. The RUHD Certification program aims to provide an objective goal for healthcare organizations, ensuring that they adhere to best practices in data handling, including transparency, limitations of use, and patient engagement.
This initiative comes at an important juncture, as nearly 85% of U.S. hospitals now have the capability to export patient data for reporting and analytical purposes. There has been a lack of standardized approaches to using de-identified data or validating best practices in its usage. The Joint Commission, a nonprofit standards-setting organization, recognizes the need for a structured framework to guide healthcare organizations in responsibly handling this data.Jonathan B. Perlin, M.D., Ph.D., president and CEO of the Joint Commission Enterprise, outlined the increasing reliance on clinical data for secondary purposes. He notes the growing calls for responsible data stewardship and asserts that the Joint Commission can play a role in validating robust policies and procedures for the accountable use of secondary data.
The RUHD Certification is oriented around principles from the Health Evolution Forum’s: “The Trust Framework for Accelerating Responsible Use of De-Identified Data in Algorithm and Product Development.” The certification criteria focuses on several areas including the following:
- de-identification process
- data controls
- limitations on use
- algorithm validation
- patient transparency
- oversight structure
This comprehensive approach ensures that all aspects of data use and protection are considered. For hospitals achieving the RUHD Certification, it may act as a public acknowledgment of their commitment to data protection and responsible use. It validates to patients and other stakeholders that the hospital has in place effective policies and procedures to maintain the privacy of health record data. This certification is a testament to an organization’s commitment to data privacy, and a step forward in enhancing patient trust and confidence.
The need for such a certification is evident by the current situation of HIPAA, which provides guidance for de-identifying data, but there is no specific governance overseeing how healthcare data is gathered and transferred to third parties. The RUHD program addresses this by ensuring that healthcare organizations and patients are confident about the de-identification of information and its secure sharing with third-party organizations. The RUHD Certification will be available to both accredited and nonaccredited U.S. hospitals and critical access hospitals. It is designed to guide and recognize healthcare organizations in safely using data for secondary purposes. The standards set by the certification include establishing a governance structure for the use of de-identified data, complying with HIPAA for data de-identification, establishing data controls, managing internally developed algorithms, and maintaining transparency with patients about the secondary use of their de-identified data.