Privacy Program
CHIA is committed to serving as the Commonwealth’s health care data hub while protecting patient privacy and maintaining rigorous data security standards.
Data Release
CHIA’s data release regulation (957 CMR 5.00) governs access to health care data by government agencies, payers, providers, researchers, and others within the limits of federal and state privacy and data security laws. All requests for data undergo rigorous internal legal and technical review before the Executive Director approves or denies each request.
Prior to receiving data, all recipients must execute a written agreement, which memorializes privacy and security obligations designed to protect patient information.
Privacy and Security Leadership
CHIA’s Senior Privacy Officer and Chief Information Security Officer are responsible for the day-to-day management of the agency’s privacy and data security program, including updating policies, practices, and procedures to keep pace with changes in technology and privacy law. All CHIA employees receive ongoing training with respect to data privacy and security.
Technical Safeguards
CHIA employs administrative, physical, and technical safeguards to protect patient privacy to the maximum extent practicable.
Recommended Links
CHIA Regulations (CMR)
Access CHIA's regulations governing health care data collection and reporting in Massachusetts, including current rules, administrative bulletins, and hearings.
MA APCD
Learn about the Massachusetts All Payer Claims Database, including what data is collected, how to request access, and how to submit claims data to CHIA.
Case Mix
Access Massachusetts hospital case mix data, including inpatient discharge, emergency department, and outpatient observation datasets, documentation, and data specification manuals.