Report: HHS needs consistent data-sharing protocol

HHS contains 11 agencies, including NIH, CDC, FDA, CMS, AHRQ and others. (Sarah Stierch/CC BY 4.0)

Despite being under the same agency umbrella, the 11 HHS sister agencies face significant hurdles sharing data among one another.

HHS wants to do something about the problem, officials said on Monday as they published a comprehensive report detailing the data-sharing environment within HHS.

The Office of the Chief Technology Officer found significant deviations in data governance among HHS agencies—including major players such as the Centers for Medicare & Medicaid Services, the Food and Drug Administration and the Centers for Disease Control and Prevention—but also a cultural reluctance to share data on a regular basis.

The report (PDF), conducted by HHS Chief Data Officer Mona Siddiqui, M.D., and a small team of HHS staff, was light on recommendations but asserted how much value could be created by opening up silos of data within the agency.

"The report is part of an ongoing effort to build and implement an enterprise-wide data strategy at HHS. Creating a data-driven department requires implementing a cohesive data governance structure as well as a platform to encourage data sharing, acknowledge data as an asset, and design policy around evidence," HHS said in a release.

Overall, the report identified five major challenges standing in the way of robust data sharing:

  1. Process for data access: The agency lacks a consistent and standardized practice for requesting internal data. Furthermore, the system currently contains no consequences if the responding agency delays or denies the request.
  2. Technology for data access and analysis: Sister agencies within HHS don't always use the same technical formats or approaches when formatting their data. Some data aren't even machine-readable yet. This means sharing data, even when done successfully, can have challenges and opportunities for misinterpretation.
  3. Regulatory environment: All data collection efforts within HHS have their own statutes, regulations and policies governing them. These can differ between efforts, and some regulations restrict data-sharing in the first place.
  4. Disclosure risk management: In step with the regulatory issues, personally identifiable information (PII) cannot be shared without patient consent. But as relevant health data get increasingly granular, getting consent for each datum becomes a prohibitively mountainous task. In some cases, agencies can get around the issue by simply not collecting PII or scrubbing it before release, but this can't always be done.
  5. Norms and resource constraints: The report noted several norms that prevent HHS staff from making data requests of each other. Agencies naturally want to discover nonpublic data outside their agency, but doing so through a request is often seen as a strain on resources. The report noted that many staff said they didn't "want to burden sister agencies” by requesting data.

Of course, this problem of data sharing between federal agencies is far from being limited to HHS. Just last week at a committee hearing, officials told lawmakers about struggles to make Department of Defense and Veterans Affairs EHR systems talk to each other.

The HHS report noted that while all of these issues can and should be addressed, a comprehensive improvement will likely come hand-in-hand with new use cases for open data.

"Creating a robust technical environment for data analysis, workflow management, and streamlining data acquisition will be essential," the report said. "If data is to be leveraged as an asset using advanced analytic tools and predictive modeling, the use of data must be essential to a Departmental strategy rather than purely individual project based."