The Center for Health Information and Analysis (CHIA) is committed to serving as the Commonwealth's health care data hub while protecting patient privacy and maintaining rigorous data security standards.
CHIA's data release regulation (957 CMR 5.00) governs access to health care data by government agencies, payers, providers, researchers, and others within the limits of federal and state privacy and data security laws. All requests for data undergo rigorous internal legal and technical review before the Executive Director approves or denies each request.
Prior to receiving data, all recipients must execute a written agreement, which memorializes privacy and security obligations designed to protect patient information.
CHIA's Senior Privacy Officer and Chief Information Security Officer are responsible for the day-to-day management of the agency's privacy and data security program, including updating policies, practices, and procedures to keep pace with changes in technology and privacy law. All CHIA employees receive ongoing training with respect to data privacy and security.
CHIA employs administrative, physical, and technical safeguards to protect patient privacy to the maximum extent practicable.
