UNSTRUCTURED
A method of data sharing among healthcare researchers that could provide high levels of efficiency for data access while achieving advanced privacy protections could do much to enable multicenter studies based on data extracted from the electronic health record (EHR). We propose a specific use of a data enclave that fits within the “expert pathway” of the Health Insurance Portability and Accountability Act (HIPAA) rule, which would and that can allow sharing of protected healthcare information (PHI) with substantial reductions in burdens related to data use agreements (DUAs) and IRB reviews. Data is held by an infrastructure custodian acting under a business associate agreement. Researchers access the data while it is retained by the custodian, using remote desktop functionality with analytic tools on the custodian’s site, versus not on personal workstations or laptops. Because researchers cannot review line item data, but rather aggregate results, no IRB or DUA is needed. We anticipate that this data enclave method could be implemented as an effort to improve data access and provide high-quality data insights without weakening patient privacy protections under HIPAA. Lastly, we conclude that a comprehensive federal privacy law or standard is warranted alongside this proposed administrative control process for data enclaves to address important privacy loopholes.