Versions Compared

Version Old Version 70 New Version Current
Changes made by

Efetobore Omadevuae

Efetobore Omadevuae

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page houses the data governance policies and procedures developed by the NACHC data governance council. These policies and procedures can be applied to activities where data is involved but are primarily focused on data sharing that is defined as 1) NACHC receiving data from an external organization,  or 2) NACHC sharing data with an external organization.  

...

Within that context, NACHC operates a Data Governance Council ('GC') to advise on data sharing. The GC does not provide direct project oversight, but does make recommendations and decisions about project participation, implementation, and the technical architecture used to carry out data sharing. A description of the NACHC technical architecture is available here link is not now working. 

The GC meets monthly and includes members who represent 1) NACHC leadership, regulatory, and analytic staff, and 2) external data partners and project partners who represent a range of perspectives and collective expertise in clinical care, informatics, data science, and population health. Details of the GC membership, scope, and operations are defined in a charter 

...

NACHC uses data either shared with NACHC by a data partner or collected by NACHC. When NACHC has received data from a data partner, NACHC acts as a data steward. Data stewardship is the collection of practices that ensure an organization’s data is accessible, usable, safe, and trusted. 

Data Shared with NACHC

There are many types of data that may be shared with NACHC including UDS data, survey data, clinical data and membership or other health center data. Also may include writing, publishing and disseminating results.

...

NACHC receives UDS data from HRSA that includes health-center level information on a variety of topics including services, staff, capacity, and financial data so that NACHC can perform analyses on behalf of HRSA and FQHCs to describe the health center landscape and services. The UDS data that NACHC receives includes some data that is available publicly and some sensitive data that only NACHC holds. UDS data does not contain PHI but is sensitive. Sharing UDS data with NACHC occurs under a cooperative agreement with HRSA which is overseen by the Director of Knowledge Management and Learning (Currently Margaret Davis). The parameters of UDS data sharing and use are defined in two HRSA agreements (Authorization letter, NACHC DUA). Are these correct and should it be labeled different as there is an LDS DUA this seems like it is an internal document that is needed to access UDS data Included in these documents are explicit directions about how findings from the UDS data should be communicated in a way that protects the identity of health centers and their patients. 

...

Identified data sets which include PHI beyond that which would qualify as an LDS and Identified data sets which include PHI are not accepted by NACHC at this time.  

Survey Data 

NACHC collects data through surveys or assessments of health centers, primary care associations, patients, and other stakeholders. Health centers and their patients have been historically surveyed and researched excessively. NACHC is committed to only collecting data when the survey methods are rigorous, the survey questions are of high quality, and the survey topic will add value to health centers and the community that they serve. NACHC is also committed to collecting, storing, and using survey data based on industry best practices. 

...

Outside of UDS, clinical data, and survey data, NACHC receives data from health center members and financial data. Over time, these other data sources will be incorporated into the broader NACHC data governance portfolio.

Requests for Data 

NACHC receives requests for data that are either a part of a new or existing project. For clinical and UDS data, NACHC uses a central request process, referred to as a front door, to receive, review, and make determinations on requests from external organizations. Front Door instructions are available. update with SOP when avail  NACHC will only approve requests that benefit health centers and align with the NACHC vision


Sometimes requests are soliciting a data sharing partnership such as one organization hoping to partner and share data with a health center through support from NACHC.  NACHC is facilitator of information partnerships​ rather than a broker of data​. NACHC strongly prefers building an information partnership with the goal of collaboratively developing a data sharing project that is beneficial to all parties involved.  

...

Data Use Agreements (DUAs)

A Data Use Agreement (DUA) is an agreement that governs the sharing of data between research collaborators who are covered entities under the HIPAA privacy rule. A DUA establishes the ways in which the information in a limited data set may be used by the intended recipient, and how it is protected. NACHC requires the execution of a data use agreement (DUA) whenever dataset is being shared with or by NACHC. For projects where a LDS is being shared, a DUA is required by HIPAA. For projects where deidentified dataset is being shared, a DUA is executed based on NACHC policy. NACHC observes the HIPAA Privacy Rule standards for a DUA. The purposes of a DUA are to:

...

When underlying data are biased, NACHC recognizes the risk that resulting models or analytic results may also be biased. NACHC prioritizes using datasets that have a representative amount of data from each group and annotating products accordingly to call attention to this important issue.

Identification of Health Centers in Work Products

In general, NACHC does not identify health centers in work products. There are some projects where identification of health centers is appropriate. When health centers need to be identified, NACHC solicits written approval to do so and engages health centers in a thorough review process. 

For some work products that present health center level findings, there could be a risk to health centers to be re-identified by other means, especially with maps or health centers that see special populations. NACHC mitigates this concern with intentional and thorough review as well as small cell suppression.

Section 5: Data Security and Privacy 

...

Federal regulations require that research projects involving human subjects be reviewed by an Institutional Review Board (IRB). According to the FDA, an IRB is an appropriately constituted group that has been formally designated to review and monitor biomedical research involving human subjects. The IRB must approve or determine the project to be exempt or approved prior to the start of any research activities. The IRB cannot provide approval or determinations for research that has already been concluded.

...

The federal regulations define both "research" and "human subject." Research is defined as a systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge. Studies must be reviewed by an Institutional Review Board (IRB) only if both definitions apply.  A project may involve data from human subjects, but not meet the definition of research and would, therefore, not require an IRB review. Research is defined by federal regulations at 45 CFR 46.102 (Protection of Human Subjects 2009), as "a systematic investigation including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge."

...

For the purpose of discussing data governance, NACHC observes the following definitions.

Research:

Quality Improvement:

Evaluation:

Research:

Add definitions of research, quality improvement, evaluationResearch refers to a systematic investigation, including research development, testing, and evaluation, designed to develop or contribute to generalizable knowledge. Research involves the collection and analysis of data to answer a specific question or to test a hypothesis, often with the intention of publishing the results to inform the broader field. It adheres to rigorous methodological standards and often requires ethical review and approval.

Quality Improvement (QI):

Quality Improvement is a systematic, formal approach to the analysis of practice performance and efforts to improve it. In healthcare, QI involves the continuous study and improvement of processes to enhance patient outcomes, service efficiency, and staff satisfaction. QI projects are typically local, specific to a particular organization or practice, and aim to bring immediate benefits by refining existing processes and procedures. Unlike research, QI does not aim to generate generalizable knowledge but rather focuses on improving quality and performance in a specific context.

Evaluation:

Evaluation is the systematic assessment of the design, implementation, and outcomes of a program, policy, or initiative. The purpose of evaluation is to determine the effectiveness, efficiency, and impact of the subject being evaluated. Evaluation involves the collection and analysis of information to understand the strengths and weaknesses of an initiative, inform decision-making, and guide future planning. Evaluations can be formative (to improve a program during its development) or summative (to assess the overall impact after implementation).