Compliant Access to Clinical Data

The process of obtaining clinical data varies depending on the intent of the project and on the specifics of the data being requested. HIPAA regulations apply whenever the intent is to use data for research purposes.


If you are working with PHI, you must submit an IRB protocol and a Data Privacy Attestation.

Read More

If you are not working with PHI, you will only need to submit a Data Privacy Attestation.

Read More

If you are still assessing the feasibility of a proposed study, the project is considered "preparatory to research" and you will only need to submit a Data Privacy Attestation.

Read More



If you plan to use the data for educational purposes only, you can follow our simplified process for obtaining clinical data for educational purposes.

Read More

Clinical Operations and Quality Improvement

If you have a clinical operations or quality improvement  project, you can generally obtain data from the clinical operations department at your hospital. In the case where that department refers you to us, we're happy to oblige.

Read More

Join an Approved Data Project

In order for us to grant you access to a clinical data set (e.g. in Box or Chart Review), you must complete a data obligations attestation. 

If PHI is involved the investigator who obtained the inital Privacy Office approval should open attestation and invite you as a collaborator.


Obtaining Data from Hospital Systems other than Epic/Cerner

RIC has access to the Epic reporting database from both hospitals, as well as the now-retired Cerner, so in most cases we are able to supply the data required by your research study. However when the data being sought is not in Epic but rather in some clinical ancillary system such as GE PACS or the Philips bedside monitor system, we collaborate with the appropriate hospital clinical reporting team to get you access to the data you require. You must still complete the appropriate compliance process.

If the data is transportable (e.g. a data extract), the Hospital IT staff responsible for the data deliver it to us, and we then release it to you once you have successfully completed the applicable compliance process to obtain clinical data for research purposes, described above.  

If the data must be viewed in-place (e.g. for PACS) we notify the Hospital IT staff responsible for the system in question when they are permitted to release the data to you, after you have successfully completed the appropriate compliance process.

Please refer to our guide to compliance requirements for obtaining clinical data from RIC to determine which process is most appropriate.