to main content Certification Program Protects Patient Privacy and Organizational Trust | The Joint Commission

Dateline @ TJC

Certification, accreditation and communications experts within The Joint Commission share experiences, case studies and news that add insight and value to the accreditation and certification journey.

Certification Program Protects Patient Privacy and Organizational Trust


Male physician in white coat uses laptop. Image is overlaid with icons demonstrating the use of data.

By James Merlino, MD, Executive Vice President and Chief Innovation Officer, The Joint Commission

Safely Allowing the Secondary Use of De-identified Patient Data

Reflecting the surge in the secondary use of data, nearly 85% of U.S. hospitals have the capability to export their patient data for reporting and analysis. These data can be used internally for research, clinical and operations improvement, and the creation of registries. The data can also be exported externally to third parties for the development of new therapies, treatments and technologies. The ever-increasing use of artificial intelligence and machine learning has expanded the potential uses of data while creating new complexities governing data usage.

While HIPAA provides guidance for de-identifying data, there is no governance overseeing how healthcare data is gathered and transferred to a third party. Due to this void, healthcare organizations are struggling to validate their data management practices and seeking guidance on how to protect patient privacy and their organization against abuses.

RUHD Certification Provides Blueprint for Robust and Consistent Practices

The Joint Commission's Responsible Use of Health Data™ (RUHD) Certification sets up guard rails and provides guidance for healthcare organizations to safely use properly de-identified patient data for purposes beyond clinical care, known as secondary use. Achieving this certification helps to ensure that patient privacy is protected and allows valuable data to expand science, research, and potential new therapeutics and treatment options to advance safe, high-quality, and equitable care.

Available to all U.S. hospitals and health systems, whether or not they are accredited by The Joint Commission, the certification adopts principles identified by the Health Evolution Forum’s “Trust Framework for Accelerating Responsible Use of De-identified Data in Algorithm and Product Development.” This framework identifies fair and achievable guidelines for healthcare organizations to follow when allowing the use of their secondary data for algorithm and product development.

The RUHD Certification program objectively evaluates whether a healthcare organization is using best practices to protect privacy and patient rights and to ensure the appropriate use of sensitive medical information. Certification also helps mitigate risk and protect patient privacy by providing a blueprint of robust and consistent practices relating to patient privacy and rights. The certification’s requirements include:

  • A guideline ensuring the appropriate use of a data de-identification process in accordance with HIPAA standards.
  • Data controls that secure data and protect against unauthorized re-identification of patients.
  • Limitations on use that prohibit data misuse or data use beyond specified purposes.
  • Algorithm validation that addresses the potential for bias.
  • Patient transparency that reveals secondary use of de-identified data to patients and stakeholders.
  • An oversight structure that requires a governance process for the use of secondary data, including regular reporting of activities to an organization's fiduciary board.

Given its mission to support healthcare organizations in continually improving patient care, The Joint Commission sees RUHD Certification as a way to help healthcare organizations contribute to an interconnected data infrastructure that facilitates collaboration in addressing disparities in care and clinical outcomes.

Healthcare organizations achieving RUHD Certification will be recognized for establishing an objective and rigorous process for meeting the necessary requirements. Healthcare facilities may immediately begin working toward RUHD Certification. To learn more, please visit The Joint Commission website.

James Merlino, MD, is Executive Vice President and Chief Innovation Officer at The Joint Commission. In this role, Dr. Merlino focuses on the transformation of The Joint Commission’s services utilizing data and innovation to advance healthcare safety and quality worldwide. Previously, he was Chief Clinical Transformation Officer at Cleveland Clinic.