to main content Responsible Use of Health Data | Ñî¹óåú´«Ã½Íøygfcmw¡¤(Öйú)Õ¾Èë¿ÚÖ±½Ó½ø

Ñî¹óåú´«Ã½Íøygfcmw¡¤(Öйú)Õ¾Èë¿ÚÖ±½Ó½ø

A Message From Our Chief Innovation Officer

Healthcare as a whole is on the brink of a new era in data collection, reporting and use. Patient data collected by hospitals and other healthcare organizations have intrinsic value in that it can potentially improve outcomes for all patients. Ñî¹óåú´«Ã½Íøygfcmw¡¤(Öйú)Õ¾Èë¿ÚÖ±½Ó½ø’s Responsible Use of Health Dataâ„¢ Certification program will help healthcare organizations use data responsibly to improve the safety, quality and equity of care, develop new technologies, and discover new therapies benefiting all patients.
,,As a physician and an expert in the patient experience, I’m well aware of the privacy and security concerns surrounding health data. For patients especially there are a lot of unknowns when it comes to talking about their health data. They may hear about data breaches at their local hospital or health system – or even receive notice that their data has been potentially exposed – and wonder how secure their health data is and whether anything is being done to better protect it and them.,,

James I. Merlino, MD - Chief Innovation Officer - Ñî¹óåú´«Ã½Íøygfcmw¡¤(Öйú)Õ¾Èë¿ÚÖ±½Ó½ø

A doctor high-fives a young boy sitting with his mother in a clinic
A doctor reviewing data on a desktop computer
A nurse in scrubs holds hands with an elderly patient

Why Security of Patient Data is So Important

The mission of Ñî¹óåú´«Ã½Íøygfcmw¡¤(Öйú)Õ¾Èë¿ÚÖ±½Ó½ø is to continuously improve healthcare for the public, and we support the responsible use of data for the greater good with the imperative that privacy and patient rights are protected.


While the Health Insurance Portability and Accountability Act (HIPAA) provides guidance for de-identifying data, there is no governance to specifically oversee how healthcare data is gathered and transferred to a third party.


Two important stakeholders in the process of data use are the patients, who need to be confident their information remains de-identified, and healthcare organizations, who need to be sure the data they’ve collected is shared with third-party organizations utilizing best practices to protect privacy and patient rights.

Utilizing Healthcare Data for the Greater Good

Nearly 85% of U.S. hospitals have the capability to export their patient data for reporting and analysis purposes. The goal of using health data is to improve care, including the potential for developing new therapies, treatments and technologies. This vital, valuable information needs to be handled in a consistent way following rigorous processes while also providing confidence that privacy and security are maintained throughout.


The Responsible Use of Health Data (RUHD) Certification provides guidance and recognizes healthcare organizations navigating the appropriate sensitivities needed to safely use and transfer secondary data – the use of health data for purposes other than clinical care, such as quality and operations improvement, discovery or algorithm, and AI development. It aims to help healthcare organizations use data responsibly when developing new technologies and discovering new therapies benefitting all patients.

“The American Heart Association (AHA) supports Ñî¹óåú´«Ã½Íøygfcmw¡¤(Öйú)Õ¾Èë¿ÚÖ±½Ó½ø's Responsible Use of Health Data Certification, recognizing its significance in fostering responsible and ethical data practices within healthcare organizations to foster discovery of new therapies and advance quality. This certification aligns with the AHA's unwavering commitment to safeguarding patient privacy and security while leveraging health data to enhance patient care outcomes.”


Jennifer Hall, Chief, Data Science and Analytics, American Heart Association

How We Can Help

Responsible Use of Health Data Certification is available to accredited and nonaccredited U.S. hospitals and health systems. The certification will provide guidance and recognize healthcare organizations navigating the appropriate sensitivities needed to safely use data for purposes beyond clinical care, known as secondary use of data. Based on principles from Health Evolution Forum's "The Trust Framework for Accelerating Responsible Use of De-identified Data in Algorithm and Product Development," the certification will provide an objective evaluation as to whether an organization is utilizing best practices in its responsible use of health data and demonstrating that protocols are in place regarding transparency, limitations of use and patient engagement.

Certification Standards

The areas covered by standards include:

  • Oversight Structure: Establish a governance structure for the use of de-identified data.
  • Data De-Identification: Comply in accordance with HIPAA.
  • Data Controls: Establish data controls to protect against unauthorized re-identification of data.
  • Limitations on Use: Prohibit the misuse of data.
  • Algorithm Validation: Have processes to manage internally developed algorithms.
  • Patient Transparency: Communicate with key stakeholders about secondary use of de-identified data.

This certification provides an assessment on an organization’s commitment to protecting secondary use of deidentified health data through focused policies and procedures. An organization is fully responsible for its own expert analysis and confirmation that it is properly following laws, rules, and regulations related to development of any referenced policies and procedures around data use and transfer.