Versions Compared

Version Old Version 32 New Version 33
Changes made by

Emily Kraus

Emily Kraus

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Data governance policies and procedures to inform data-related activities were developed by the NACHC Clinical Affairs team in partnership with other NACHC teams and external partners. These policies and procedures can be applied to any activities where data is received, collected, or generated, referred to as 'informatics work' hereinafter.

...

Patient data has become increasingly valuable to potential attackers. The rapid and continuous evolution of both healthcare information technology and attacker tools makes data security a constantly moving target, with methods of protection struggling to stay in front of attack efforts. NACHC believes that the security, privacy, and confidentiality of patient and health center data is of paramount importance. As such, NACHC takes a number of steps to ensure data security, protect their environment from security threats, and address security incidents when they occur. A summary of NACHC's data security and privacy policies are available here

NACHC adheres to data security standards defined in the HIPAA security rule (45 CFR Part 160), the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and the Common Agreement (Section 12), Not every part of these three resources apply directly to NACHC's informatics work, thus NACHC complies and aligns with them to the degree that they apply to the NACHC informatics work.  

Section 4: Other Governance Topics 

Requests

NACHC receives many requests for data that has already been shared with them for an existing project or a request for data related to a new project. Additionally, NACHC receives requests for information partnership meaning a desire from one organization to partner and share data with a health center through support from NACHC.  

Requests for data or information partnerships are evaluated by the GC which meets monthly. Requests can be submitted here. Requests ​must be well defined meaning that they include a detailed description of what data is desired, how the data will be used, the type of use (e.g., research, surveillance, quality improvement or other) and how the request aligns with the NACHC vision and benefits health centers. Incomplete requests cannot be evaluated by the and will be returned to the requester. Requesters will be notified ​of an approval or denial within one week of the data governance council meeting. ​

For requests of data that NACHC has received for other projects, NACHC is not a data owner but a steward of data from other contributing organizations​. Thus ​a request ​approval from ​NACHC's data governance council is the first in a series of required approvals. Approved request will be shared with the originating data contributor ​and if approved by the data contributor, a data use agreement to define the parameters of the data exchange must be executed before any data can be shared. 
NACHC is facilitator of information partnerships​ rather than a broker of data​. NACHC strongly prefers building an information partnership with the goal of collaboratively developing a data sharing project that is beneficial to all parties involved.  

...