Beginning Jan. 1, hospitals and health systems can pursue a new certification from The Joint Commission on the Responsible Use of Health Data.
The certification developed after requests from Joint Commission members grew requesting guidance in navigating aspects of healthcare amid an emerging world of technology, vast amounts of data and the rise of artificial intelligence.
To achieve certification, hospitals will be evaluated on their practices across six key areas: de-identification processes, data controls, limitations on use of data, algorithm validation, patient transparency and ensuring there is an oversight structure.
"What healthcare organizations are really seeking is the ability to use data for secondary purposes, for algorithm development in particular," Joint Commission CEO Jonathan Perlin, PhD, MD, told Becker's. "I think the industry is also concerned. I think we all want guardrails to prevent the inappropriate secondary use of data. We want to be sure that algorithms don't actually codify bias, as an example. On the other hand, we want to be sure that we are strong and swift and moving forward so that overly exuberant regulations or laws don't impair the ability to do those things that are necessary to improve healthcare."
Ensuring all patient data is handled in a way that protects privacy while advancing healthcare forward is the balance most organizations and researchers are looking to strike, he explained.
"I think we'd all agree that healthcare is not as safe as we want and that we don't use the evidence consistently," Dr. Perlin said. "Too often, there are missed diagnoses or misdiagnosis and the ability of advanced information systems and AI to improve safety, quality, equity and all positive attributes of care is great, but with that comes extraordinary responsibility. And, frankly, that goes for entities across the entire spectrum of the healthcare ecosystem. We're really seeking an external entity to validate that their policies and procedures were adequate so that their patients and their stakeholders felt confident in the use of their system."
Lacking a standard for protecting secondary data across healthcare is where the impetus for the new certification grew — to act as checks and balances in a way that simultaneously builds trust and demonstrates transparency with patients and stakeholders.
Organizations seeking to pursue the new certification will undergo a virtual assessment that will test their systems in place across the six key areas previously mentioned. They should be able to complete the certification process within 90 days, Dr. Perlin said.
"The virtual assessment is meant not only to test systems, but really to provide an operations framework on how to maintain the elements of trust …," Dr. Perlin said. "We're really excited about this being accessible and being not only a way to validate appropriate policies and procedures, but based on the best experts or roadmap as to what the best policies and procedures are."
As technology continues to evolve, priorities for the certification may also change in time so that it is the most up-to-date framework for hospitals and health systems to pursue, he said.