to main content Responsible Use of Health Data Certification | The Joint Commission

Leverage Your Data

Patient data collected by healthcare organizations possess immense value beyond their primary purpose. It is estimated that nearly 85% of hospitals in the U.S. have the capability to export their patient data for reporting and analysis purposes. By leveraging this data, organizations can gain insights into disease trends, identify potential treatments, enable earlier diagnoses, and ultimately improve outcomes for all patients. With this certification, patients and consumers can rest assured that their de-identified information will be managed in a consistent and private manner.

Certification Benefits

Responsible Use of Health Data™ (RUHD™) certification is critical to protect patient privacy, maintain trust in the healthcare system, and ensure the ethical and legal use of sensitive medical information. Certification can help:

  • Protect patients by outlining clear processes related to a patient’s right to be informed of data-sharing practices and understand their options.
  • Utilize healthcare data for the greater good by helping understand disease trends, potential treatments, earlier diagnoses, and potentially improving outcomes for all patients.
  • Provide a blueprint for more robust and consistent processes to validate privacy and patient rights protection.
  • Mitigate risk and provide confidence in patient privacy.

Areas Covered:

  • Oversight Structure: Establish a governance structure for the use of de-identified data.
  • Data De-Identification: Comply in accordance with HIPAA.
  • Data Controls: Establish data controls to protect against unauthorized re-identification of data.
  • Limitations on Use: Prohibit the misuse of data.
  • Algorithm Validation: Have processes to manage internally developed algorithms.
  • Patient Transparency: Communicate with key stakeholders about secondary use of de-identified data.

What It Takes to be Certified

Any hospital may apply for the voluntary Responsible Use of Health Data certification if the following requirements are met:

  • The organization must be in the United States, operated by the U.S. government, or operated under a charter of the U.S. Congress.
  • The organization is a hospital that is compliant with applicable federal laws, including applicable Medicare Conditions of Participation.

Trust Framework

Based on principles from the Health Evolution Forum’s “The Trust Framework for Accelerating Responsible Use of De-identified Data in Algorithm and Product Development,” the certification program will provide an objective evaluation as to whether an organization is utilizing best practices in their secondary use of data and promoting the responsible use of healthcare data by demonstrating that protocols are in place regarding transparency, limitations of use, and patient engagement.
,,This certification is the first step to provide a needed framework for implementing responsible practices, allowing healthcare organizations and other businesses to harness the benefits of data sharing while ensuring the safeguarding of patient confidentiality and autonomy.,,

James I. Merlino, MD - Chief Innovation Officer - The Joint Commission


This certification provides an assessment on an organization’s commitment to protecting secondary use of deidentified health data through focused policies and procedures. An organization is fully responsible for its own expert analysis and confirmation that it is properly following laws, rules, and regulations related to development of any referenced policies and procedures around data use and transfer.