Data Broker Corner
The Data Broker Group within the Office of Privacy and Data Security is here to provide a variety of data services for the UHealth community at large to utilize. A main function of the Data Broker Group is to provide both a centralized and standardized review of clinical data requests, such as Patient Contact List requests.
Patient Contact Lists can be requested for a variety of reasons, including:
- Fundraising purposes
- Marketing purposes
- Notifications of changes in patient care
- Physician Departure Letters
- Other patient communications
Prior to submitting a request for a patient contact list, make sure that all involved departments have reviewed and approved the content of the communication, including the Privacy Office. The content needs to be reviewed and approved, at a minimum, by an administrator or other leadership of the responsible department/business unit. The Privacy Office will review the communication from a patient privacy perspective. For Privacy Office review, please send the communication to email@example.com.
- Once you have all necessary approvals, e-mail a data request to firstname.lastname@example.org, cc’ing the data broker group (email@example.com). To reduce processing time, please include the following information in the e-mail:
- The reason for the request
- How will the communication be sent (paper mail, e-mail, etc.)
- Who will be doing the mailing (list the name of the department or third-party vendor)
- What inclusion criteria should be used to create the list (i.e. date of service range, provider name, service location, etc.). The inclusion criteria must be clear and explicit so that an accurate list can be generated which meets the need of the request.
- What columns/fields should be included in the list (i.e. Patient Name, Address, email address etc.)
Additionally, if a third-party vendor is to be used, ensure that an active, fully executed HIPAA Business Associate Agreement (BAA) is in place. Please make sure to share only the minimum necessary information needed to perform the mailing with the vendor. For example, Medical Record Numbers can be provided internally so that patient names can be verified, but the external vendor may not need that data field to perform the mailing.
For further information on the Data Broker program please contact the Office of Privacy and Data Security at 305-243-5000 or at firstname.lastname@example.org.