Joint Commission Creates Certification Around Secondary Uses of Data

The Joint Commission has created a voluntary Responsible Use of Health Data (RUHD) certification program for U.S. hospitals and critical access hospitals, effective Jan. 1, 2024. 

The new certification from the nonprofit standards-setting organization will provide guidance and recognize healthcare organizations navigating the appropriate sensitivities needed for secondary uses of data. 

Secondary use of data includes quality and operations improvement, discovery, or algorithm and artificial intelligence development. The certification will provide an objective evaluation as to whether an organization is committed to using best practices in its secondary use of data and promoting responsible use of data by demonstrating established protocols regarding transparency, limitations of use and patient engagement. 



Nearly 85 percent of U.S. hospitals have the capability to export their patient data for reporting and analysis purposes, according to the Office of the National Coordinator for Health Information Technology. However, the Joint Commission points out that there is no standard approach to use de-identified data nor to validate best use practices. Organizations working toward standardization may help address the unmonitored handling of secondary health data.



“As more healthcare organizations are leveraging clinical data for secondary purposes, there have been increased calls to assure responsible data stewardship,” said Jonathan B. Perlin, M.D., Ph.D., president and chief executive officer of the Joint Commission Enterprise, in a statement.
“The Joint Commission recognizes it can play an important role in validating that robust policies and procedures are in place to help protect, govern and accountably use secondary data. We believe our Responsible Use of Health Data Certification will help healthcare organizations use data responsibly to improve the safety, quality and equity of care, develop new technologies, and discover new therapies benefitting all patients.”



RUHD Certification is based on principles adopted from the Health Evolution Forum’s “The Trust Framework for Accelerating Responsible Use of De-Identified Data in Algorithm and Product Development.”

The certification’s requirements cover these areas:
• De-identification process
• Data controls
• Limitations on use
• Algorithm validation
• Patient transparency
• Oversight structure


The Joint Commission said that RUHD Certification will validate to patients and other stakeholders that an organization has policies and procedures in place to protect health record data. Hospitals achieving RUHD Certification will be recognized publicly for establishing an objective and rigorous process for meeting the necessary requirements.