Handbook for Ethical DEIB Data Collection and Use


Nonprofit health care strives to dismantle the barriers that prevent communities from achieving their best health. In order to expand access and end disparities, hospitals, health systems, and foundations need to competently navigate the cultural intricacies that turn barriers into open opportunities for dialogue, collaboration, and partnership. 

The document below is a guide for foundations across the healthcare ecosystem on how best to assess their readiness for collecting and using DEIB-related data. The guide also provides real-world examples of how a foundation can apply these learnings into their practice. 

We thank the American Prospect Research Association (APRA) for their work in creating a robust DEIB data framework for all non-profit organizations. Throughout the document, we will call out information sourced from that APRA framework.



  • Increased business intelligence: prospecting, screening, understanding gaps in support vs. representation of care coverage, etc.
  • Develop authentic donor journeys: representative donor journeys developed in partnership with the community, for the community.
  • Create authentic engagement experiences: creating experiences that foster deep connection to the health mission in partnership with the community, for the community.
  • Transparency and inclusion: being proactive about current representation on boards, donors, initiative support, impact, etc.

Business Case

Diversity, Equity, Inclusion, and Belonging (DEIB) means something different to every organization. The goal of this assessment is twofold:

  1. Make a business case for why your organization should consider integrating DEIB donor data collection into your fundraising practice.
  2. Evaluate your organization's readiness to collect DEIB donor data and to provide guidance on ethical ways of collecting and storing sensitive donor information.

Making the Case for DEIB Donor Data Collection 

With a growing diverse population across the nation, it's to our organizations' advantage that we integrate DEIB practices into our fundraising. Beyond being able to better connect with donors, there are positive intended outcomes into implementing DEIB donor data collection.

  1. Research profiles and lists for prospecting: Collecting DEIB data can inform how you cultivate, solicit, and steward donors.
  2. Higher donor engagement: DEIB data can inform how you communicate with your donors and what channels your organization might consider reaching target donor audience.
  3. Philanthropy is evolving: Funders are familiar with DEIB work—being proactive and transparent about DEIB data collection can strengthen partnerships.
    • Stronger donor community will always lead to a bigger impact
    • Position your organization as an industry leader
    • Communities we serve will expect development shops to be culturally competent
  4. Influence strategy: Data might reveal information needed to build a case for support. Now you may have the data to support a launch of a new project or initiative.
  5. Increase support by being inclusive of all funders.
  6. Be better prepared to engage the next generation of supporters.
  7. Donor transparency.

For more details, refer to the DEIB Data Toolkit.

Organizational Readiness

Phase 1: Determine How to Operationalize Your DEIB Data

Here are suggestions to guide your approach:

Start with one or two data points from the toolkit below. Consider using fields that are already built into your database or Customer Relationship Management (CRM) system to avoid customization fees.

Determine how you will collect data. Here are some examples, courtesy of APRA's DEI Data Guide

  • Event registration
  • Solicitation response devices
  • Website update forms
  • Patient information that is HIPAA compliant
  • Direct contact or conversation with frontline colleagues

If your organization has a data culture and practice, identify DEIB gaps and how incorporating data can advance equity and the organization’s mission.

  • Map out policies and processes to use DEIB data.
  • Create custom fields/mapping in partnership with database team members.
  • Test your business case.
  • Determine the impact of DEIB data collection on your organization.
  • Conduct strategic outreach to non-donors who have similar donor profiles as existing donors. Determine if there is an influence on engagement scores.
  • Determine if there is a need to customize your CRM in partnership with your vendor. To learn more, visit the Technical Readiness section of this handbook.

Phase 2: Evaluating Your Readiness

Stakeholder buy-in

Start with a conversation with your database team member. Make the business care why and how this data can support your organization.


Set Your Goals

Which specific data points you'll need to achieve your goals.



How you will share with constituents what data you'll be collecting and how you will use it.



The type of data you will be collecting and the methods/procedures you will use to collect, store, and process the data.



Policies and practices to promote good data stewardship.


Technical Readiness

  • Work closely with your database or CRM’s Customer Success Manager and your organization’s System Administrator.
  • The Customer Success Manager is critical in determining what fields currently exist in the system and what would need a custom field. This role will also be able to partner in the potential development and creation of any customizations required if it exists as part of your contract.
  • As of 2023, a ballpark figure for customization is $100/hour for a developer to make customizations to tables and fields, modify security access, and ensure reportability for a one-time project. For those with a Salesforce Premier Success contract, please reach out to your Customer Success Manager for customizations included in the contract. For those with Blackbaud CRM, the range could be from $25K-$100K based on the complexity of what’s being customized.
  • The System Administrator is critical in creating the fields, picklists, and security access to the DEIB information. This role will also be able to partner in the development and creation of any customizations required if it does not exist as part of the vendor contract.

DEIB Data Toolkit

The majority of the information provided below comes from the American Prospect Research Association (APRA) DEI Data Guide

Data Categories

As much as possible, use out-of-the-box solutions for DEIB fields and meta data for tracking changes. If these do not exist, repurpose fields or add custom fields if your database includes that option. 

Click on each field below to explore the data options.


Gender Identity**
Preferred Language** (Modify based on community population or regional variance)
Religious Affiliation**
Military Status**
Marital Status**
Political Affiliation**

*Ethnicity is based on the Federal Statistical Policy Directive No. 15 (SPD 15). It is under review to create a single category between race and ethnicity by 2024.

**Identifies categories that are not traditionally part of the basic package for most database systems and that would require some level of customization with your database partner.

Data Access

It is best practice to restrict access to these fields and delegate management of changes to terminology and regional variance over time.

Access Level

Security Group


  • Fundraisers
  • Reporting and Analytics
  • Data Governance


  • Records Management


  • Records Management
  • Reporting and Analytics

Data Governance

  • Chief Data Officer
  • Chief Operating Officer
  • Chief Financial Officer
  • Chief Risk Officer

Ways to Collect DEIB-related Data

For all forms of collection, it is important to state a clear objective for why the foundation is asking for this information. 

  • Donor surveys 
  • Event registration 
  • Solicitation response devices 
  • Remittal devices for direct mail
  • Online forms (post-transaction) 
  • QR code linking to intake form on appeals 
  • Link placed in electronic communications 
  • Newsletters, stewardship outreach, appeals 
  • Website update forms 
  • Patient information transfer from facility to foundation (for elements the foundation can have under HIPAA such as gender identity)
  • Direct contact with frontline fundraisers

DEIB Data Storage

  • Data Security — Make sure DEIB data is stored on a secure database. You must be able to restrict access to those individuals who need the information to do their work. Best practice is to ensure the database is set up with encryption at rest. 
  • Data Accessibility — Restrict access to DEIB data to limit the number of people who can see and process this data. DEIB data should only be used by individuals who need the information based on their job duties to carry out their work. 
  • Metadata — Note when the data was collected, whether the data was self-identified, and how the information was obtained. 
  • Data Retention — Review the existing DEIB data in your database. Is the information reliable and accurate? Is there metadata that helps you understand the provenance of the data? Consider reviewing the data annually. 
  • Vendors — Avoid sharing DEIB data with vendors unless there is a clear and defined business purpose for the vendor to be using the data in partnership with the foundation. 

DEIB Data Usage

As mentioned in the Business Case, DEIB is a way forward in philanthropy. The more we know about our donors, the better we can connect them to our mission and uphold the integrity of our work. Below are additional ways to use DEIB data in healthcare philanthropy.

  • Donor transparency – DEIB donor information provided in a public-facing metric can help hold the local foundation accountable to ensuring the donor population is representative of the communities they are serving.
  • Lists for prospecting, appeals, and events — If a donor has established an endowed scholarship to benefit underrepresented populations, DEIB data could provide potential donors to that scholarship fund. The identity data is a data point that can be pulled from your system for use in prospecting. Additionally, if there are identity-based giving groups, having DEIB data helps to cultivate or inform about opportunities for such groups/events.
  • Research profiles — Including sensitive DEIB data in research profiles should be avoided unless there is a specific business interest. When this information is needed in a profile, ensure that the profile is kept confidential and securely shared. Some identity data, such as military status and age, are necessary to further specific cultivation activities. Additional best practices also include using pronouns in profiles and phonetic pronunciation of names.
  • Alternatives to using identity data — In many cases, DEIB data that has been translated into funding interest codes or research lists can be used in lieu of the actual, specific DEIB data points. This allows for broader application of the data and is more geared towards funding-specific initiatives.
  • Conversations with frontline fundraisers and leadership — DEIB data can be used to better inform portfolio composition and suggestions for more diverse board members. When using DEIB data for this purpose, be sure the data is in aggregate form to maintain individuals’ confidentiality.
  • DEIB data usage in algorithms, artificial intelligence (AI), and segmentation — While algorithms are powerful analysis tools, they have a particular vulnerability towards discrimination, which is often inadvertent and can easily go unnoticed. Also known as algorithmic bias, it is what we experience when a machine-learning (ML) model produces a systematically wrong result. Algorithms can be discriminatory in that they seek tiny patterns of influence in the data, which can leave underrepresented groups out of the conversation. Bias can be reflected in the data an algorithm’s authors choose to use (for example, unvalidated affinity scores), as well as their data blending methods, model construction practices, and how the results are applied and interpreted. The following should be considered before using or creating algorithms, machine-learning models, and additional data segmentation:
    • Label bias: The most common source of bias in algorithms are the labels used to develop and train a machine-learning model, which are often measured with errors that reflect structural inequalities. Foundations should check for the presence of bias before any model training. If/when bias is identified, appropriately changing the labels will require a deep understanding of the domain, the ability to identify and extract relevant data elements, and the capacity to iterate and experiment.
    • Physical location: The physical location of the tools or materials used in an assessment should also be considered. If a care practice or data strategy is developed for a broad population based solely on this smaller sample, the likelihood of perpetuating racial or socioeconomic discrimination is increased.
    • Data collection and reporting: Algorithms may reproduce racial, gender, class, and other disparities via the people building them or through the data used to train them. Foundations will often use machine-learning models that were built by vendors or by external consultants, which make it impossible for the end-user to completely erase inequalities. Foundations can work to avoid these biases through maintaining diverse data sets, consistent subgroup reporting, and through external validation. 

Things to Consider

What to Avoid

Always validate any DEIB data directly with the donor.

  • Do not infer an individual’s race/ethnicity based on visual elements such as social media, photos, or third party sources.
  • Do not use unvalidated purchased data from a company/vendor.
  • Frontline fundraisers should not make assumptions or note DEIB information without the donor’s consent.
  • Proxy or self-reported information can be included.

Privacy Considerations

Depending on where your foundation is located, privacy laws may apply when collecting, storing, and using both DEIB data and Personal Identifiable Information (PII). If you have questions about collecting and using data, we recommend consulting with your health system’s compliance, privacy, or legal officers. At a minimum, you should be familiar with the following:
  • The Health Insurance Portability and Accountability Act (HIPAA): For more information about this topic, download the AHP publication Fundraising Under HIPAA. Provided that all HIPAA requirements are met by the covered entity, permitted fundraising protected health information (PHI) may be used, which includes the following: 

    • Name, address and other contact information
    • Email address
    • Gender
    • Age (date of birth)

    Allowable PII includes:    

    • Name
    • Address
    • Contact information
    • Age
    • Birthdate
    • Gender
  • The California Consumer Privacy Act (CCPA): The law gives former patients, donors, etc., in the U.S. the right to find out what data is being held by companies and the right to be forgotten.
  • The General Data Protection Regulation (GDPR): DEIB-related data is considered “special category” data under GDPR. Foundations can only use this type of data if they have the consent of the data subject. GDPR is pan-European legislation.
  • European Handbook on Data Equality : Any donor being asked to provide DEIB-related data should be given a full explanation for collection and use of this data. Additionally, the foundation will need to provide how they intended to keep the information secure and confidential.
  • Canadian privacy laws- Canada has over 28 federal, provincial, and territorial privacy statutes that govern the protection of personal information in the private, public, and health sectors. Please consult your chief legal officer to ensure your foundation’s collection and use meets the various regulations in your local area.
  • Personally Identifiable Information (PII). Protection of personal or identifying information that can be used to distinguish or trace an individual’s identity. Disclosure without written consent is prohibited.
  • Protected Health Information (PHI). Protection of any information in a medical record that can be used to identify an individual that was created, used, or disclosed in the course of providing health care service. Examples include medical record number, biometric identifiers such as fingerprints, health plan beneficiary numbers, and full-face photos.

The privacy considerations above are adapted from the APRA DEI Data Guide.

Now What?

Regardless of where your organization is at in its DEIB journey, ethical and inclusive practices add value to our field and create opportunities for learning, innovations, and better decision making. We hope these resources will create dialogue and a starting framework for you and your organization to build on.