Data Protection

The Center for Outcomes Research (COR) is committed to maintaining the confidentiality and security of sensitive and protected health information for each registry. Our staff members are dedicated to providing quality services while upholding ethical standards. COR employees at every level are required to comply with relevant laws, regulations, policies, and contract provisions as they conduct research within each outcomes registry. All COR employees are familiar with relevant laws and regulations, including the following:

• The Conflict of Interest Law, Mass. Gen. Laws ch. 268A, regulating public employee conduct
• Mass. Gen. Laws chapters 7, 30, and 30B of the Procurement Law, which guides employees’ actions when purchasing goods or services for the commonwealth
• Mass. Gen. Laws ch. 55, relating to public employee political activity
• Massachusetts Public Records Law, ensuring the public’s right to access documents and files
• Fair Information Practices Act, Mass. Gen. Laws ch. 66A, protecting the data confidentiality of personal information
• The Health Insurance Portability and Accountability Act (HIPAA), regulating the privacy and security of health information as it relates to contractual provisions with public agency clients
• The Health Information Technology for Economic and Clinical Health Act of 2009 (“HiTech”), implementing health information safeguards to ensure that health information technology does not jeopardize the privacy and security of health information
• Mass. Gen. Laws ch. 93H, relating to Security Breaches, which requires notification of consumers if their personal information is breached
• Good clinical practice (GCP) for clinical trials with investigational drugs and medical devices
• University of Massachusetts employee policies