Enforcement of data handling requirements can become a problem when electronic records and other sensitive data are transferred from the originating custodian or source. Further still, once records are transferred, proper enforcement of data handling agreements or obligations may or may not occur. When electronic medical records are exchanged between service provider organizations, policing the handling of this data is crucial and often, unenforceable. Edmond Scientific’s Data Obligations Management (DOM) provides the capability to enforce and verify obligations and handling instructions after the transfer or exchange of data.
Still in development and classified at Technology Readiness Level 2 (TRL2), Edmond Scientific’s DOM allows the originating custodian to “Trust, and Verify” the enforcement of data handling instructions and security and privacy obligations after transfer to a third party or to the cloud by the originating custodian.
In healthcare, this goes beyond simple Data Use and Reciprocal Support Agreements (DURSAs) that establish trust relationships, but allows the originating partner to audit the enforcement of data handling and security obligations of information that is stored and accessed in the cloud or stored locally by a third party trading partner. In this way, data owners and patients are provided a single point-of contact to request annual audits and Accounting of Disclosures as defined by the HIPAA Privacy Rule.