Legal and Ethical Architecture for Patient-Centered Outcomes Research (PCOR) Data (“Architecture”)

This Architecture is a collection of tools and resources that help researchers and others navigate an overview of the legal requirements related to data use, sharing, and disclosure for PCOR.  Specifically the Architecture:

  • Provides a common structure and model for the analysis of legal requirements and ethical consideration and responsibilities in research, particularly PCOR;
  • Supports PCOR by illustrating pathways to collect and share data for research that is in compliance with relevant federal laws and regulations and in consideration of state law; and
  • Supports a culture of trust among stakeholders by applying meaningful and appropriate privacy and security parameters.

This Architecture and its components are technology-neutral and do not address nor recommend any particular technical standards for a health information technology system. Readers should note that laws may change over time. The legal summaries and analyses in this Architecture are current as of September 2017. In the case of the Common Rule, the analysis reflects the Final Rule that was published in 2017 and due to take effect in 2018.

The Architecture consists of the following five chapters, which can be viewed online through the hyperlinks below.  Download the entire Architecture [PDF - 6.9 MB]

Chapter 1: Overview of Legal and Ethical Architecture for PCOR Data [PDF - 1.09 MB]

Provides background information on the project, an overview of the key legal and ethical issues relevant to PCOR data and an overview of the Architecture.

Chapter 2: Legal and Ethical Significance of Data for PCOR [PDF - 1.13 MB].

Explores fundamental concepts to help readers understand the features of the data they are working with and any privacy, security, consent, and ethics issues that may arise while conducting PCOR.

Chapter 3:  Linking Legal and Ethical Requirements to PCOR Data [PDF - 637 KB].

Helps readers identify what specific laws may be triggered by the data they are working with for a particular research project.

Chapter 4: Framework for Navigating Legal and Ethical Requirements for PCOR [PDF - .2.93 MB].

Visual decision tool that groups and color-codes key data characteristics to guide readers through the factors that determine whether a statute or regulation applies to a given data type. The Framework also includes information regarding how a reader should navigate statutes and/or regulations and whether there are case-specific determinations relating to the collection and use of data within the context of a particular research project. 

Chapter 5: Mapping Research Data Flows to Legal Requirements [PDF - 8.56 MB].

Provides example data use scenarios and data flow maps that identify decision or trigger points that note specific laws and explain why those points are legally significant.

Appendix A: Statutes and Regulations Relevant to PCOR  [PDF - 1.3 MB].

Appendix B: Assessing Potential Barriers and Ambiguity in the Legal Landscape [PDF - 917 KB].

Appendix C: Selected Federal Initiatives [PDF - 916 KB].

Appendix D: Selected Federal Resources [PDF - 905 KB].

Appendix E: Glossary [PDF - 1.1 MB].