Secondary Use


Secondary use of health data applies personal health information (PHI) for uses outside of direct health care delivery. It includes such activities as analysis, research, quality and safety measurement, public health, payment, provider certification or accreditation, marketing, and other business applications, including strictly commercial activities. Secondary use of health data can enhance health care experiences for individuals, expand knowledge about disease and appropriate treatments, strengthen understanding about effectiveness and efficiency of health care systems, support public health and security goals, and aid businesses in meeting customers’ needs. Yet, complex ethical, political, technical, and social issues surround the secondary use of health data.
Evidence suggests that the public health community can analyze aggregated data to facilitate early detection of emerging epidemics or bioterrorist threats. Commercial enterprises collect health care data to derive products and services that they sell to customers, including third party payers, researchers, and marketing entities.


There are a number of policy and legal issues surrounding secondary use, some of the main concerns include:
  • Lack of clarity regarding which federal laws govern secondary uses of EHR data;
  • Reliance on IRBs, each of which adopts its own internal policies, especially in cases of multi-site research studies;
  • Maintaining some organizational control or stewardship over data while at the same time making it available for secondary
    purposes; and
  • Differences in state health information laws.