The Joint Commission announces a voluntary Responsible Use of Health Data (RUHD) Certification program for U.S. hospitals and critical-access hospitals, effective Jan. 1, 2024.

Protecting patient privacy is a foundational element of a strong data use policy. The new certification will provide guidance and recognize healthcare organizations navigating the appropriate sensitivities needed to safely transfer data to third-party organizations, also known as secondary use of data.

Secondary use of data refers to the use of health data for purposes other than clinical care, such as quality and operations improvement, discovery or algorithm, and artificial intelligence development. The certification will provide an objective evaluation as to whether an organization is committed to utilizing best practices in its secondary use of data and promoting responsible use of data by demonstrating established protocols regarding transparency, limitations of use, and patient engagement.

Nearly 85% of U.S. hospitals have the capability to export their patient data for reporting and analysis purposes, according to the Office of the National Coordinator for Health Information Technology. However, there is no standard approach to use de-identified data nor to validate best use practices. Organizations working toward standardization may help address the unmonitored handling of secondary health data.

“As more healthcare organizations are leveraging clinical data for secondary purposes, there have been increased calls to assure responsible data stewardship,” says Jonathan B. Perlin, MD, PhD, MSHA, MACP, FACMI, president and CEO, The Joint Commission Enterprise.

“The Joint Commission recognizes it can play an important role in validating that robust policies and procedures are in place to help protect, govern, and accountably use secondary data. We believe our Responsible Use of Health Data Certification will help healthcare organizations use data responsibly to improve the safety, quality and equity of care, develop new technologies, and discover new therapies benefitting all patients,” Perlin adds.

RUHD Certification is based on principles adopted from the Health Evolution Forum’s “The Trust Framework for Accelerating Responsible Use of De-identified Data in Algorithm and Product Development.” The certification’s requirements cover these areas:

  • De-identification process
  • Data controls
  • Limitations on use
  • Algorithm validation
  • Patient transparency
  • Oversight structure

RUHD Certification will validate to patients and other stakeholders that an organization has policies and procedures in place to protect health record data. Hospitals achieving RUHD Certification will be recognized publicly for establishing an objective and rigorous process for meeting the necessary requirements.

Hospitals may immediately begin working toward RUHD Certification and apply as soon as January 1.