Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

PCOR: Privacy and Security Blueprint, Legal Analysis and Ethics Framework for Data Use, & Use of Technology for Privacy

Creating resources to improve the privacy of patients and their data.
  • Centers for Disease Control and Prevention (CDC) 
  • Office of the National Coordinator for Health Information Technology (ONC)



Start Date
  • ONC - 6/16/2015
  • CDC- 7/10/2015


  • Standardized Collection of Standardized Clinical and Claims Data
  • Collection of Participant-Provided Information
  • Linking and Use of Clinical and Other Data for Research
  • Use of Clinical Data for Research


STATUS: Completed Project


Patient‑level data are essential to understanding and improving health outcomes. These data must be made available to researchers in a way that ensures the protection of patient privacy while providing sufficient granularity to allow meaningful research questions to be assessed. However, current laws and policies around the use of patient level data are nuanced and sometimes conflicting, creating confusion for researchers, providers, and patients.


This project was a collaborative effort between ONC and CDC to conduct research and create resources to improve the privacy of patients and their data.

Project Objectives:

  • Conduct an “as is” analysis of public health laws and ethical considerations that relate to the release and use of CDC public health and health surveillance data (environmental scan, analysis of findings, and gap analysis).

  • Prepare a final white paper of findings and recommendations for best practice practices for data release beyond CDC, and provide guidance to researchers interested in using CDC data for PCOR.

  • Convene a work group of public health legal and ethics experts to inform the “as is” analysis to provide a “view” of agency wide data use and report of findings.

  • Create a Privacy and Security Data Infrastructure Blueprint.

  • Conduct a Legal Analysis to Inform Development of an Ethical Framework.

  • Identify Mechanisms for Capturing Individual Consent and Preferences for Research.


  • The CDC project team conducted a legal and ethical environmental scan resulting in an analysis of findings report and a gap analysis of laws and ethical considerations to determine what governs the release and use of CDC public health data. The team also created an ethical framework, which focuses on scenarios about legal and ethical uses of data.

  • The ONC project team completed an environmental scan and gap analysis of consent management technologies for research. The environmental scan informed the first round of ‘Basic Consent’ (Treatment, Payment, and Operations) use case pilot testing in cooperation with the Veterans Administration. The project team developed a best practices implementation white paper, based on the lessons learned from the pilot efforts.

  • The ONC team completing additional pilot testing. Basic Choice for Research consisted of supporting the mapping of informed consent to the Fast Healthcare Interoperability Resource (FHIR®) Standard. Granular Choice focused on implemented the FHIR standard for capture and exchange of consent and health information.




  • The CDC team presented a panel presentation “The Boundaries of Privacy and Public Health Concerns” at the PRIM&R Advancing Ethical Research Conference in San Antonio in November 2017.

  • The CDC team presented on the ethical framework to an internal CDC audience in November 2017 as part of an ethics seminar.

  • The ONC team presented at a Health Level Seven (HL7) Educational Session in June 2017. This presentation reviewed the Phase 1: Basic Choice for Treatment, Payment, and Operations pilot efforts and outcomes as related to HL7 FHIR.

  • The ONC team hosted HL7 FHIR Connectathon Consumer Centered Data Exchange demonstration in collaboration with project partners. Presentations highlighted the Basic Choice for Research and Granular Choice pilots.


Below is a list of ASPE-funded PCORTF projects that are related to this project

Standardization and Querying of Data Quality Metrics and Characteristics for Electronic Health Data - Under the FDA, this project created and implemented a metadata standards data capture and querying system for: data quality and characteristics, data source and institutional characteristics, and “fitness for use.” This project targets the need to build bridges across networks and databases, so that information captured in each source can be combined and used for research.

Harmonization of Various Common Data Models and Open Standards for Evidence Generation - This project was a collaborative effort among the Food and Drug Administration (FDA), National Cancer Institute (NCI), National Institutes of Health/National Center for Advancing Translational Sciences (NIH/NCATS), Office of the National Coordinator for Health (ONC), and the National Library of Medicine (NLM). The project built a data infrastructure for conducting patient centered outcomes research (PCOR) using observational data derived from the delivery of health care in routine clinical settings. The sources of these data include, but are not limited to insurance billing claims, electronic health records (EHRs), and patient registries. In addition, the project team harmonized several existing common data models, including PCORnet and other networks.