This page houses the data governance policies and procedures developed by the NACHC Clinical Affairs team in partnership with other NACHC teams and external partners. These policies and procedures can be applied to any activities where data is received, collected, or generated, referred to as 'informatics work' hereinafter.

...

Launched in January 2022, TEFCA provides a frameworks framework for networks to collaborate and share data interoperable. Network to Network network collaboration has many similarities to NACHC's informatics work. Thus, NACHC seeks to align with TEFCA when applicable and feasible.

...

• establish the permitted uses and disclosures of the limited data set;
• identify who may use or receive the information;
• prohibit the recipient from using or further disclosing the information, except as permitted by the agreement or as permitted by law;
• require the recipient to use appropriate safeguards to prevent a use or disclosure that is not permitted by the agreement;
• require the recipient to report to the covered entity any unauthorized use or disclosure of which it becomes aware;
• require the recipient to ensure that any agents (including a subcontractor) to whom it provides the information will agree to the same restrictions as provided in the agreement; and
• prohibit the recipient from identifying the information or contacting the individuals.

Because DUA's require a high level of specificity, each DUA is project-specific. DUAs can be two party, meaning between NACHC and a data contributor, or multi-party, meaning between NACHC and multiple parties. The structure and contents of a DUA are customized based on project structure and needs. 

• When NACHC is the provider of the data : NACHC has drafted to an outside organization: NACHC has created a DUA template for use by those who wish to disclose a LDS to with to recipients.  This template may be accessed from the NACHC contracts office. When NACHC is providing a LDS, if any material change is to be made to the NACHC template, or if another party’s version of a DUA is to be used, the NACHC legal council must review and approve the terms of the agreement. 
• When NACHC is the recipient of the data: If  If NACHC is the recipient of a LDS of PHI from a non-NACHC source, the NACHC project lead with either use the NACHC DUA template or be asked to sign modify the other party’s Data Use Agreement.  When using another party's DUA, the NACHC project lead is responsible for reviewing the Data Use Agreement and determining if it complies in material terms with the NACHC DUA template.  If the other party’s DUA differs materially from the NACHC DUA template, or if there is any uncertainty, the NACHC legal council must be consulted.

NACHC has a DUA template that has been vetted and approved by NACHC legal council. Alternatively, data partners are welcome to request the use of their institutional DUA template that can be customized for the project by NACHC staff. A process to initiate a DUA is documented below.

...

Section 4: Other Governance Topics 

Requests

NACHC receives many requests for data that has already been shared with them for an existing project or a request for data related to a new project. Additionally, NACHC receives requests for information partnership meaning a desire from one organization to partner and share data with a health center through support from NACHC.  

Requests for data or information partnerships are evaluated by the GC which meets monthly. Requests can be submitted here. Requests ​must be well defined meaning that they include a detailed description of what data is desired, how the data will be used, the type of use (e.g., research, surveillance, quality improvement or other) and how the request aligns with the NACHC vision and benefits health centers. Incomplete requests cannot be evaluated by the and will be returned to the requester. Requesters will be notified ​of an approval or denial within one week of the data governance council GC meeting. ​

...