Versions Compared

Version Old Version 39 New Version 40
Changes made by

Emily Kraus

Emily Kraus

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page houses the data governance policies and procedures developed by the NACHC Clinical Affairs team in partnership with other NACHC teams and external partners. These policies and procedures can be applied to any activities where data is received, collected, or generated, referred to as 'informatics work' hereinafter.

...

Data Governance Decision-Making 

NACHC's informatics work is overseen by a organization-wide data management, privacy, and security practices and infrastructure is directed and managed by the information technology (IT) department. Within that context, NACHC operates a Data Governance Council ('GC') to advise on their portfolio of informatics work. Informatics work may be housed within the Clinical Affairs Division (CAD) or work led by other divisions that has a data sharing component. The GC does not provide direct informatics project oversight, but does make recommendations and decisions about project participation, implementation, and the technical architecture used to carry out informatics projects. A description of the NACHC data and informatics architecture is available here

...

A data partner is an organization owning and/or sharing data with NACHC which can include organizations providing direct health services such as federally qualified health centers (FQHCs), primary care associations (PCAPCAs), or health center controlled networks (HCCNHCCNs). FQHCs are data owners in that they own the data collected by their organization. PCAs and HCCNs do not collect clinical data but serve as a data steward for clinical data provided by their members and contribute data on behalf of their member organizations. Federal agencies such as the Health Resources and Services Administration may also be data partners, providing data to NACHC on behalf of FQHCs (example: UDS data). 

...

NACHC organizes and tracks informatics work in projects. Depending on the scope of the project, a project may have one or multiple datasets from one or more data partners that is housed by NACHC. When NACHC is performing many distinct analytic services on a given dataset, multiple projects may be established. Each project has   Most projects use Confluence to manage information and safely share data through a Confluence website which defines the project team, provides links to relevant project documentation and agreements, location of project data, and tracks project progress.  Projects have regular status meetings. Minutes and meeting materials from status meetings are made available on Confluence.  At the start of each project, a project team is identified and includes members of the the data contributor and NACHC staff and documented on the project Confluence page. Additionally, members of the project team who will have access to project data are identified at the project inception. As the project team evolves through the project lifecycle, the project team is updated on Confluence and in project-related documentation, as appropriate.

...

NACHC's informatics work includes the following services: subject matter expertise, technical assistance, data management, and analysis services, which are defined in the table below.  Most informatics projects involve multiple informatics services. 

Subject matter expertiseTechnical assistanceData managementAnalysis services
  • Providing guidance materials and sharing knowledge with data  partners on how best to collect, store, and use their data
  • Sharing best practices from the field
Creation of tools
  • Creating and sharing tools for a specific use case
  • Identifying translatable resources
  • Coaching and assisting data partners to improve the quality of their data collection and use 
Educational programming
  • Providing educational programming to cultivate knowledge and build capacity with partners
  • Coaching external and internal requestors in refining analytic requests to be more actionable and purpose driven
  • Improving the use and quality of analytic planning and documentation
  • Receiving,
ingesting, standardizing and
  • normalizing
, cleaning
  • , and transforming data from partners into a format and structure
best suited for analysis
  • aligned with analytic goals 
  • Mapping and normalizing disparate data structures and formats into a common data model
  • Conducting data quality activities and identifying data quality issues 
  • Performing analysis on one or multiple datasets to assess a prescribed outcome or outcomes (e.g., the percent of women who received contraception counseling)
  • Calculate a
predefined
  • quality measure (e.g., the percent of screening-eligible patients who were screened)


Section 2: Data and Resulting Work Products

...

Informatics work involves either data collected by NACHC or owned by another organization and shared with NACHC, where NACHC acts as a data steward. 

...

For some informatics projects, NACHC collects its own data, usually in the form of surveys that are completed by health centers. These surveys will be anonymous and do not collect patient identifiers if received or held directly by NACHC. If a health center is gathering a survey with patient identifiers, these will be removed at the health center or partner level before the data are is sent to NACHC.

Data Shared with NACHC

...

De-identified data is data that has been “stripped of all HIPAA defined identifiers” which includes Personally Identifiable Information (PII) and Protected Health Information (PHI). PII is a subset of PHI and the list of 18 data elements that are considered PHI are documented in the HIPAA Safe Harbor definition. To be considered de-identified under HIPAA, all 18 identifiers must be removed. Some data partners participate in date-shifting to remove real encounter and birth dates.  dates Julia Skapik (Deactivated) remove this?  

A limited data set (LDS) is includes data that has been stripped of all 18 HIPAA identifiers, except age, full dates, and five digit zip code, as identified by Safe Harbor guidelines.  

Identified data sets which include PHI identified beyond that which would qualify as a an LDS and are not accepted by NACHC at this time. 

...

Sharing UDS data with NACHC occurs under a cooperative agreement with HRSA which is overseen by the Director of Knowledge Management and Learning (Currently Margaret Davis (UDS Program Director). The parameters of UDS data sharing and use are defined in two HRSA agreements (Authorization letter, NACHC DUA). Included in these documents are explicit directions about how findings from the UDS data should be communicated in a way that protects the identity of health centers and their patients

The UDS data is stored securely at NACHC (currently in the Amazon cloud and only individuals ). Only NACHC staff who have signed a UDS specific DUA are permitted to access and use the UDS data. Once a DUA has been executed with an individual and access granted to the UDS datasets, all uses of UDS data must be approved by the UDS Program Director. 

...

Informatics work generates the following work products: data quality results, analytic results, value sets, measure definitions, and recommendations. Work products are owned by all members of the project team and can be disseminated in manuscripts, abstracts, reports, presentations, and guidance documents. How and to whom work products are attributed is discussed with all project partners at the outset and as the project evolves to ensure that attribution of work projects is accurate and equitable.  

DEI in Work Products

TBD. Need some guidance here. 

Identification of Health Centers in Work Products

...

According to HIPAA, NACHC is not a covered entity. However, NACHC receives limited and de-identified datasets from HIPAA covered entities. Though the amount of PHI received by NACHC is minimal, NACHC treats all of its data from covered entities as PHI and as such, complies with the relevant security and privacy expectations outlined by HIPAA. 

TEFCA 

Launched in January 2022, TEFCA provides a frameworks for networks to collaborate and share data interoperablyinteroperable. Network to Network collaboration has many similarities to NACHC's informatics work. Thus, NACHC seeks to align with TEFCA when applicable and feasible.

Data Use Agreements (DUAs)

...

Section 4: Other Governance Topics 

Requests

NACHC receives many requests for data that has already been shared with them for an existing project or a request for data related to a new project. Additionally, NACHC receives requests for information partnership meaning a desire from one organization to partner and share data with a health center through support from NACHC.  

Requests for data or information partnerships are evaluated by the GC which meets monthly. Requests can be submitted here. Requests ​must be well defined meaning that they include a detailed description of what data is desired, how the data will be used, the type of use (e.g., research, surveillance, quality improvement or other) and how the request aligns with the NACHC vision and benefits health centers. Incomplete requests cannot be evaluated by the and will be returned to the requester. Requesters will be notified ​of an approval or denial within one week of the data governance council meeting. ​

For requests of data that NACHC has received for other projects, NACHC is not a data owner but a steward of data from other contributing organizations​. Thus ​a request ​approval from ​NACHC's data governance council is the first in a series of required approvals. Approved request will be shared with the originating data contributor ​and if approved by the data contributor, a data use agreement to define the parameters of the data exchange must be executed before any data can be shared. 
NACHC is facilitator of information partnerships​ rather than a broker of data​. NACHC strongly prefers building an information partnership with the goal of collaboratively developing a data sharing project that is beneficial to all parties involved.  

...