Versions Compared

Version Old Version 37 New Version 38
Changes made by

Emily Kraus

Emily Kraus

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Data This page houses the data governance policies and procedures to inform data-related activities were developed by the NACHC Clinical Affairs team in partnership with other NACHC teams and external partners. These policies and procedures can be applied to any activities where data is received, collected, or generated, referred to as 'informatics work' hereinafter.

...

Within those domains, NACHC adheres to eight governance principles: accountability, transparency, integrity, protection, compliance, availability, retention, and disposition as identified by the American Health Information and Management Association (AHIMA). Definitions of each are available on a related site. Relevant topics within each governance domain are addressed below. 

Section 1: Governance Approach

Data Governance Decision-Making 

NACHC's informatics work is overseen by a Data Governance Council ('GC'). The GC does not provide direct informatics project oversight, but does make recommendations and decisions about project participation, implementation, and the technical architecture used to carry out informatics projects. A description of the NACHC data and informatics architecture is available here

The GC meets monthly and includes members who represent 1) NACHC leadership, regulatory, and analytic staff, and 2) external data partners and project partners who represent a range of perspectives and collective expertise in clinical care, informatics, data science, and population health. Details of the GC membership, scope, and operations (e.g., scope, voting) are defined in a charter

Section 1: Governance Approach

Roles 

NACHC conducts informatics work in partnership with data partners and project partners. 

...

NACHC organizes and tracks informatics work in projects. Depending on the scope of the project, a project may have one or multiple datasets from one or more data partners that is housed by NACHC. When NACHC is performing many distinct analytic services on a given dataset, multiple projects may be established. Each project has a Confluence website which defines the project team, provides links to relevant project documentation and agreements, location of project data, and tracks project progress.  Projects have regular status meetings. Minutes and meeting materials from status meetings are made available on Confluence.  At the start of each project, a project team is identified and includes members of the the data contributor and NACHC staff and documented on the project Confluence page. Additionally, members of the project team who will have access to project data are identified at the project inception. As the project team evolves through the project lifecycle, the project team is updated on Confluence and in project-related documentation, as appropriate.

Data

Informatics work involves either data collected by NACHC or owned by another organization and shared with NACHC where NACHC acts as a data steward. 

Data Collected by NACHC

For some informatics projects, NACHC collects its own data, usually in the form of surveys that are completed by health centers. These surveys will be anonymous and do not collect patient identifiers if received or held directly by NACHC. If a health center is gathering a survey with patient identifiers, these will be removed at the health center or partner level before the data are sent to NACHC.

Data Shared with NACHC

There are two types of data that may be shared with NACHC.

De-identified data is data that has been “stripped of all HIPAA defined identifiers” which includes Personally Identifiable Information (PII) and Protected Health Information (PHI). PII is a subset of PHI and the list of 18 data elements that are considered PHI are documented in the HIPAA Safe Harbor definition. To be considered de-identified under HIPAA, all 18 identifiers must be removed. Some data partners participate in date-shifting to remove real encounter and birth dates.  

A limited data set (LDS) is data that has been “stripped of all HIPAA identifiers, except age/dates and city/state/zip”. 

Identified data sets which include PHI identified beyond that which would qualify as a LDS and are not accepted by NACHC at this time. 

UDS Data

NACHC receives UDS data from HRSA that includes health-center level information on a variety of topics including services, staff, capacity, and financial data. The UDS data that NACHC receives includes some data that is available publicly and some sensitive data that only NACHC holds. UDS data does not contain PHI but is sensitive and requires physical, technical, and administrative safeguards.

Sharing UDS data with NACHC occurs under a cooperative agreement with HRSA which is overseen by Margaret Davis (UDS Program Director). The parameters of UDS data sharing and use are defined in two HRSA agreements (Authorization letter, NACHC DUA). Included in these documents are explicit directions about how findings from the UDS data should be communicated in a way that protects the identity of health centers. 

The UDS data is stored securely in the Amazon cloud and only individuals who have signed a UDS specific DUA are permitted to access and use the UDS data. Once a DUA has been executed with an individual and access granted to the UDS datasets, all uses of UDS data must be approved by the UDS Program Director. 

Informatics Services

NACHC's informatics work includes the following services: subject matter expertise, technical assistance, data management, and analysis services, which are defined in the table below.  Most informatics projects involve multiple informatics services. 

...

  • Providing guidance materials and sharing knowledge with data  partners on how best to collect, store, and use their data

...

  • Coaching and assisting data partners to improve the quality of their data collection and use 

...

  • Receiving, ingesting, standardizing and normalizing, cleaning, and transforming data from partners into a format and structure best suited for analysis
  • Mapping and normalizing disparate data structures and formats into a common data model
  • Conducting data quality activities and identifying data quality issues 

...

Informatics Services

NACHC's informatics work includes the following services: subject matter expertise, technical assistance, data management, and analysis services, which are defined in the table below.  Most informatics projects involve multiple informatics services. 

Subject matter expertiseTechnical assistanceData managementAnalysis services
  • Providing guidance materials and sharing knowledge with data  partners on how best to collect, store, and use their data
  • Coaching and assisting data partners to improve the quality of their data collection and use 
  • Receiving, ingesting, standardizing and normalizing, cleaning, and transforming data from partners into a format and structure best suited for analysis
  • Mapping and normalizing disparate data structures and formats into a common data model
  • Conducting data quality activities and identifying data quality issues 
  • Performing analysis on one or multiple datasets to assess a prescribed outcome or outcomes (e.g., the percent of women who received contraception counseling)
  • Calculate a predefined quality measure (e.g., the percent of screening-eligible patients who were screened)


Section 2: Data and Resulting Work Products

Data

Informatics work involves either data collected by NACHC or owned by another organization and shared with NACHC where NACHC acts as a data steward. 

Data Collected by NACHC

For some informatics projects, NACHC collects its own data, usually in the form of surveys that are completed by health centers. These surveys will be anonymous and do not collect patient identifiers if received or held directly by NACHC. If a health center is gathering a survey with patient identifiers, these will be removed at the health center or partner level before the data are sent to NACHC.

Data Shared with NACHC

There are two types of data that may be shared with NACHC.

De-identified data is data that has been “stripped of all HIPAA defined identifiers” which includes Personally Identifiable Information (PII) and Protected Health Information (PHI). PII is a subset of PHI and the list of 18 data elements that are considered PHI are documented in the HIPAA Safe Harbor definition. To be considered de-identified under HIPAA, all 18 identifiers must be removed. Some data partners participate in date-shifting to remove real encounter and birth dates.  

A limited data set (LDS) is data that has been stripped of all HIPAA identifiers, except age, dates, and five digit zip code.  

Identified data sets which include PHI identified beyond that which would qualify as a LDS and are not accepted by NACHC at this time. 

UDS Data

NACHC receives UDS data from HRSA that includes health-center level information on a variety of topics including services, staff, capacity, and financial data. The UDS data that NACHC receives includes some data that is available publicly and some sensitive data that only NACHC holds. UDS data does not contain PHI but is sensitive and requires physical, technical, and administrative safeguards.

Sharing UDS data with NACHC occurs under a cooperative agreement with HRSA which is overseen by Margaret Davis (UDS Program Director). The parameters of UDS data sharing and use are defined in two HRSA agreements (Authorization letter, NACHC DUA). Included in these documents are explicit directions about how findings from the UDS data should be communicated in a way that protects the identity of health centers. 

The UDS data is stored securely in the Amazon cloud and only individuals who have signed a UDS specific DUA are permitted to access and use the UDS data. Once a DUA has been executed with an individual and access granted to the UDS datasets, all uses of UDS data must be approved by the UDS Program Director. 

Work Products and Attribution

...

TBD. Need some guidance here. 

Section

...

3: Statutes, Contracts, and Regulatory

Contracts 

At NACHC, Contracts and DUAs are separate....

...

Section 4: Other Governance Topics 

Requests

NACHC receives many requests for data that has already been shared with them for an existing project or a request for data related to a new project. Additionally, NACHC receives requests for information partnership meaning a desire from one organization to partner and share data with a health center through support from NACHC.  

Requests for data or information partnerships are evaluated by the GC which meets monthly. Requests can be submitted here. Requests ​must be well defined meaning that they include a detailed description of what data is desired, how the data will be used, the type of use (e.g., research, surveillance, quality improvement or other) and how the request aligns with the NACHC vision and benefits health centers. Incomplete requests cannot be evaluated by the and will be returned to the requester. Requesters will be notified ​of an approval or denial within one week of the data governance council meeting. ​

For requests of data that NACHC has received for other projects, NACHC is not a data owner but a steward of data from other contributing organizations​. Thus ​a request ​approval from ​NACHC's data governance council is the first in a series of required approvals. Approved request will be shared with the originating data contributor ​and if approved by the data contributor, a data use agreement to define the parameters of the data exchange must be executed before any data can be shared. 
NACHC is facilitator of information partnerships​ rather than a broker of data​. NACHC strongly prefers building an information partnership with the goal of collaboratively developing a data sharing project that is beneficial to all parties involved.  

...