The Strategic Data Initiative (SDI) Team is tasked with reviewing data-related agreements and updating data use policies to ensure that MDH data is protected. As MDH operations continually move toward reliance on IT systems, it is important to know where, how, and with whom our data is being shared. Under the direction of the Office of Internal Controls, Audit Compliance, and Information Security (IAC/S), SDI uses a multi-disciplinary review approach to ensure adequate safeguards and access controls are in place for all MDH Data-Related Agreements. SDI is charged with updating MDH data protection and usage policies and reviewing agreements for consistency with those policies and guidance from the State Chief Data Officer and the State Chief Privacy Officer.
As of August 3, 2021, all Data Use Agreements, Business Associate Agreements, and other data-related agreements are required to have a risk assessment conducted by the SDI Team as part of their charter. Requests for agreements from third parties and agreements proposed by MDH staff must be directed to the SDI Team for approval prior to execution.
Why SDI?
The Maryland Department of Health is entrusted with both personally identifiable information (PII) and protected health information (PHI) in order to carry out its duties under State and federal law to protect the health and safety of Marylanders.
In conjunction with 2021 Executive Orders from Gov. Larry Hogan outlining the need to make data protection and usage a core business function, MDH updated its data protection and usage policies to implement the following directive:
Data Partners and Trusted Data Partners may use, view, or access MDH Data but must view, analyze, and create/store the Data exclusively in a system with Appropriate Safeguards and Access Controls as determined by the SDI Team.
