Health Research Data Governance

Have you completed training modules for human subjects protection, submitted an IRB application, or engaged in a Data Use Agreement? Perhaps you are familiar with the NIH Data Management and Sharing Policy or the General Data Protection Regulation (GDPR). Then you have been a partner in health research data governance.

Not so long ago the Health Insurance Portability and Accountability Act (HIPAA) of 1996 was brand new. It was not uncommon to store unencrypted data on our desktop computers, and we transferred data via “sneaker-net.” Thanks to our biomedical Informatics and information technology pioneers, we began to set boundaries and establish best practices to handle sensitive data responsibly and foster trust among patients, healthcare providers, and researchers. Ultimately, this led to more rigorous standards for ensuring that health data were made available to support research, while ensuring that patient privacy and confidentiality principles were adopted by the biomedical and health research community.

The purpose of health research data governance is to ensure the legal and ethical stewardship of protected health information (PHI). Governance plans include the policies, processes, and standards that ensure data are collected, stored, and used responsibly while maintaining data integrity, privacy, and security. From electronic health records (EHRs) to the fitness data on our wrists, both individuals and institutions face complex challenges in balancing data access for innovation with stringent privacy protections. As data sharing across institutions and even borders increases, governance models must evolve to handle large volumes of real-world health data and adapt to rapidly changing regulations.

Resources

Articles

• Abraham R, Schneider J, Vom Brocke J. Data governance: A conceptual framework, structured review, and research agenda. International journal of information management. 2019 Dec 1;49:424-38.

• Solomonides A. Research Data Governance, Roles, and Infrastructure. In: Richesson RL, Andrews JE, Fultz Hollis K (editors). Clinical Research Informatics. Health Informatics. 2023. Springer, Cham.

• Hallinan CM, Ward R, Hart GK, Sullivan C, Pratt N, Ng AP, Capurro D, Van Der Vegt A, Liaw ST, Daly O, Luxan BG, Bunker D, Boyle D. Seamless EMR data access: Integrated governance, digital health and the OMOP-CDM. BMJ Health Care Inform. 2024 Feb 21;31(1):e100953. doi: 10.1136/bmjhci-2023-100953. PMID: 38387992; PMCID: PMC10882353.

• Micheli M, Ponti M, Craglia M, Berti Suman A. Emerging models of data governance in the age of datafication. Big Data & Society. 2020 Aug;7(2):2053951720948087.

• Mayo KR, Basford MA, Carroll RJ, Dillon M, Fullen H, Leung J, Master H, Rura S, Sulieman L, Kennedy N, Banks E, Bernick D, Gauchan A, Lichtenstein L, Mapes BM, Marginean K, Nyemba SL, Ramirez A, Rotundo C, Wolfe K, Xia W, Azuine RE, Cronin RM, Denny JC, Kho A, Lunt C, Malin B, Natarajan K, Wilkins CH, Xu H, Hripcsak G, Roden DM, Philippakis AA, Glazer D, Harris PA. The All of Us Data and Research Center: Creating a Secure, Scalable, and Sustainable Ecosystem for Biomedical Research. Annu Rev Biomed Data Sci. 2023 Aug 10;6:443-464. doi: 10.1146/annurev-biodatasci-122120-104825. PMID: 37561600; PMCID: PMC11157478.

• Suver C, Harper J, Loomba J, Saltz M, Solway J, Anzalone AJ, Walters K, Pfaff E, Walden A, McMurry J, Chute CG, Haendel M. The N3C governance ecosystem: A model socio-technical partnership for the future of collaborative analytics at scale. J Clin Transl Sci. 2023 Nov 14;7(1):e252. doi: 10.1017/cts.2023.681. PMID: 38229902; PMCID: PMC10789985.