The Joint Commission, a U.S. healthcare quality and safety accreditation organization, has introduced a new voluntary certification program called Responsible Use of Health Data (RUHD) to address privacy concerns related to the secondary use of patient data. The certification aims to validate that hospitals and critical access hospitals have policies and procedures in place to protect, govern, and responsibly use secondary health data. It covers key areas such as data de-identification, controls, limitations on use, algorithm validation, patient transparency, and oversight structure. The RUHD certification is based on principles from the Health Evolution Forum’s Trust Framework for Accelerating Responsible Use of De-identified Data in Algorithm and Product Development, focusing on mitigating risks and prioritizing privacy when transferring patient data to third parties.
The Department of Health and Human Services estimates that around 85% of U.S. hospitals have the capability to export patient data for reporting and analysis. However, there is currently no standard approach to the use of de-identified data, nor to validate best practices. The RUHD certification aims to fill this gap by providing an assessment of an organization’s commitment to protecting the secondary use of de-identified health data through focused policies and procedures. Hospitals can start applying for RUHD certifications from January 1, 2024. While the certification is voluntary, it is expected to play a crucial role in helping healthcare organizations navigate the complexities of mitigating risks and safely transferring data to third-party organizations.
