This Architecture is a collection of tools and resources that help researchers and others navigate an overview of the legal requirements related to data use, sharing, and disclosure for PCOR. Specifically the Architecture:
- Provides a common structure and model for the analysis of legal requirements and ethical consideration and responsibilities in research, particularly PCOR;
- Supports PCOR by illustrating pathways to collect and share data for research that is in compliance with relevant federal laws and regulations and in consideration of state law; and
- Supports a culture of trust among stakeholders by applying meaningful and appropriate privacy and security parameters.
This Architecture and its components are technology-neutral and do not address nor recommend any particular technical standards for a health information technology system. Readers should note that laws may change over time. The legal summaries and analyses in this Architecture are current as of September 2017. In the case of the Common Rule, the analysis reflects the Final Rule that was published in 2017 and due to take effect in 2018.
The Architecture consists of the following five chapters, which can be viewed online through the hyperlinks below. Download the entire Architecture [PDF - 6.9 MB]
Provides background information on the project, an overview of the key legal and ethical issues relevant to PCOR data and an overview of the Architecture.
Explores fundamental concepts to help readers understand the features of the data they are working with and any privacy, security, consent, and ethics issues that may arise while conducting PCOR.
Helps readers identify what specific laws may be triggered by the data they are working with for a particular research project.
Visual decision tool that groups and color-codes key data characteristics to guide readers through the factors that determine whether a statute or regulation applies to a given data type. The Framework also includes information regarding how a reader should navigate statutes and/or regulations and whether there are case-specific determinations relating to the collection and use of data within the context of a particular research project.
Provides example data use scenarios and data flow maps that identify decision or trigger points that note specific laws and explain why those points are legally significant.