Versions Compared

Version Old Version 13 New Version 14
Changes made by

Emily Kraus

Emily Kraus

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

There are four domains of governance that are relevant to NACHC's informatics work: data governance, information governance, software governance, and partnership governance. Within those domains, NACHC adheres to eight governance principles: accountability, transparency, integrity, protection, compliance, availability, retention, and disposition as identified by the American Health Information and Management Association (AHIMA). Definitions of each are available on a related site. Relevant topics within each governance domain are addressed below. 

Section 1: Governance Approach


Roles 

NACHC conducts informatics work in partnership with data partners and project partners. 

...

 Most informatics projects involve multiple informatics services. 

Work Products and Attribution

Informatics work generates the following work products: data quality results, analytic results, value sets, measure definitions, and recommendations. Work products are owned by all members of the project team and can be shared in manuscripts, abstracts, slides, and guidance documents. How and to whom work products are attributed is discussed with all project partners at the outset and as the project evolves to ensure that attribution of work projects is accurate and equitable.  

Identification of Data 

There are three types of data that may be shared with NACHC.

...

Currently, NACHC receives only de-identified data and limited datasets. Notably, these levels of identification are focused on patient identification and do not address identification of health centers, which can also be sensitive but does not fall under HIPAA (see next section).

Identification of Health Centers

If and how health centers are identified is addressed in

Section 2: Contracts and Regulatory

Data Use Agreements (DUAs)

Because a LDS is still PHI, the HIPAA Privacy Regulations contemplate that the privacy of individuals will be protected by requiring covered entities (e.g.,health centers) to enter into DUAs with recipients of the LDS (NACHC). The data use agreement must meet standards specified in the Privacy Regulations. The purpose of a DUA, as required by HIPAA, is to:

...

NACHC has a DUA template that has been vetted and approved by NACHC legal council. Alternatively, data partners are welcome to request the use of their institutional DUA template that can be customized for the project by NACHC staff. A process to initiate a DUA is documented below.

DUA Responsibilities 

When NACHC is the provider of the data:

...

If NACHC is the recipient of a LDS of PHI from a non-NACHC source, the NACHC project lead with either use the NACHC template or be asked to sign the other party’s Data Use Agreement.  When using another party's DUA, the NACHC project lead is responsible for reviewing the Data Use Agreement and determining if it complies in material terms with the NACHC DUA template.  If the other party’s DUA differs materially from the NACHC DUA template, or if there is any uncertainty, the NACHC legal council must be consulted.

Process to Initiate a Data Use Agreement (DUA)

Not all projects require a DUA but each project where data is being shared should consider the need for a data use agreement upon project initiation. The following process is recommended. 

    1. NACHC project lead completes the NACHC DUA Checklist to determine if a DUA is needed. This should occur as part of the project's initiation.
    2. The checklist is reviewed with data partner at an early project meeting to confirm the need for a DUA and level of identification of a dataset
    3. Once completed, the DUA checklist is stored in the project Confluence page. 
    4. If the DUA checklist identified a need for a DUA, the checklist is shared with the NACHC contract officer to begin the creation of a project-specific DUA.

Institutional Review Board (IRB)

NACHC adheres to the Office for Human Research Protections regulations (45 CFR part 46) of human subjects research. NACHC informatics work is primarily quality improvement (QI) in nature which OHRP provides specific IRB guidelines. In general, OHRP states that QI is not human subjects research. Research is defined as systematic investigation, including research development, testing and evaluation, designed to develop or contribute to generalizable knowledge.  When QI projects do not align with this research definitions, HHS regulations for the protection of human subjects do not apply and there is no requirement under these regulations for such activities to undergo review by an IRB, or for these activities to be conducted with provider or patient informed consent.

However, NACHC does conduct research and some quality improvement projects with research elements, which requires IRB review. NACHC has a relationship multiple IRBs but recommends the use of the IRB at AT Still University with whom NACHC has an established relationship. A detailed manual is available to provide guidance for an IRB submission. NACHC also supports data partners or project partners use of an affiliated IRB. When IRB is needed, NACHC appoints an institutional primary investigator. Individuals who can be NACHC PI's maintain the appropriate CITI certifications and have an established PI number with AT Still's IRB.