Introduction to health data sharing

Data sharing is a cornerstone of modern healthcare systems, driving innovation, improving patient outcomes, and supporting cross-sector collaboration. As the Ministry of Health in the Kingdom of Saudi Arabia, we recognize the importance of health data in meeting the needs of stakeholders and researchers, supporting evidence-based decisions, advancing medical research, and driving public health initiatives.

Health data sharing enables the exchange of vital information between healthcare providers, researchers, and third parties, ensuring rapid access to accurate and reliable data. It also enables stakeholders to access data-driven insights, improve healthcare delivery, and address public health challenges more efficiently.

Furthermore, sharing health data with researchers and third parties, in accordance with a robust governance framework that takes into account privacy regulations, ethical standards, and national data policies, contributes to groundbreaking scientific discoveries and accelerates innovation.

These procedures outline the steps and activities required to process data sharing requests, whether from individuals or entities. By establishing clear guidelines and defined workflows, we aim to foster collaboration, ensure compliance, and maximize the value of health data to support healthcare excellence in Saudi Arabia.

First: Procedures for Sharing Data with Individuals and Researchers

  1. Check the Health Data PlatformBefore submitting a data sharing request, the researcher or individual must ensure that therequired data is not already available on the health data platform.
  2. Submit the RequestIf the data is not available on the Health Data Platform, the applicant fills out the data sharing application form via the Data Sharing Platform.
  3. Register the Request The Management Officeregisters the request, reviews the required data and the purpose for sharing it, and ensures its compliance with data privacy and management laws and regulations.
  4. ApprovalsIf the application is accepted, the applicant receives an email with a notification of approval, specifying a timeframe for data sharing
  5. Partial or total rejectionIf the application is rejected partially or completely, the applicant will be notified of the reasons for this. If alternatives are available, they will be provided to the applicant within the specified time frame.

Second: Procedures for Sharing Data with Entities

  1. Check the Health Data PlatformThe entity willing to obtain the data must first ensure that the required data is not available on the health data platform.
  2. Submit the RequestIf the data is not available, the entity submits a formal request through the data sharing platform.
  3. Register the RequestThe Data Management Office at the Ministry of Health registers the request for review and approval.
  4. Review the RequestThe Data Management Office, in coordination with the relevant internal departments, shall:
    • Review the purpose of the request and the appropriateness of the availability and quality of the required data.
    • Classify the data to determine whether it includes personal or sensitive data and determine the controls that must be applied.
    • Ensure compliance with regulations and laws related to data protection and privacy.
  5. Data Sharing Agreement
    • If the data sharing is initially approved, a valid data sharing agreement with the requesting entity is verified.
    • If there is an agreement in effect between the two parties: The requested new data will be added as an annex to that agreement, making sure that it continues to be valid.
  6. Approval for Data SharingOnce the data sharing agreement is finalized and the confirmation of the legal and technical requirements, the final approval of the application is made. Coordination is made between the technical team at the Ministry of Health and the technical team of the requesting entity to agree on the mechanism for exchanging data and the technical parameters (such as file type or programming interfaces, the level of security required, etc.)
  7. Periodic ReviewA periodic review of the data shared shall be conducted in accordance with the period specified in the data sharing agreement, and this review shall include:
    • Verifying the entity's compliance with the terms of the agreement.
    • Review the continuous need for the data.
    • Update the terms of the agreement when necessary.

Compliance with National Regulations and Laws

In conclusion, all steps related to requesting data sharing, reviewing and dealing with it must be carried out in full compliance with the relevant regulations, laws and controls issued by the National Data Management Office and the National Cybersecurity Authority, to ensure the protection, integrity, privacy and purpose of data sharing