Privacy and Security Framework for PCOR

Project Background

Patient-centered outcomes research (PCOR) depends on access to clinical data, which requires the protection of patient privacy in accordance with approved research protocols while providing sufficient granularity to allow meaningful conclusions to be drawn. But current laws and policies regarding use of individual data are nuanced and sometimes conflicting, creating confusion for researchers, providers, and patients. Additionally, there is a need to identify standards that could be used to implement workflows to support patient privacy preferences as data are shared.

The resources resulting from this project consider the legal and regulatory requirements relative to patient consent, privacy, and autonomy in examining the factors of collection, access, use, and disclosure of electronic health data that were current at the time of the project.

Project Dates

This project began in 2015 and ended in 2018.

Project Goal

The goal of this project was to develop resources to support the protection of privacy and security of electronic health data as it is used for PCOR.

The project resulted in a framework and testing of technology that support the use of health data from a wide variety of sources for PCOR. 

Learn More


To find more information about the responsible use and protection of electronic health data for PCOR, review the Legal and Ethical Architecture for PCOR Data.

Use Cases

Learn more about the use cases to enable the interoperable exchange of patient consent:

Final Report

To learn more about the Privacy and Security Framework for PCOR project, read the Final Report [PDF - 1MB].

Please contact with questions about this project.