Compliant Access to Clinical Data
The process of obtaining clinical data varies depending on the intent of the project and on the specifics of the data being requested. HIPAA regulations apply whenever the intent is to use data for research purposes.
If you are working with PHI, you must submit an IRB protocol and a Data Privacy Attestation.
If you are not working with PHI, you will only need to submit a Data Privacy Attestation.
If you are still assessing the feasibility of a proposed study, the project is considered "preparatory to research" and you will only need to submit a Data Privacy Attestation.
If you plan to use the data for educational purposes only, you can follow our simplified process for obtaining clinical data for educational purposes.
Clinical Operations and Quality Improvement
If you have a clinical operations or quality improvement project, you can generally obtain data from the clinical operations department at your hospital. In the case where that department refers you to us, we're happy to oblige.
Join an Approved Data Project
In order for us to grant you access to a clinical data set (e.g. in Box or Chart Review), you must complete a data obligations attestation.
If PHI is involved the investigator who obtained the inital Privacy Office approval should open attestation and invite you as a collaborator.
Obtaining Data from Hospital Systems other than Epic/Cerner
RIC has access to the Epic reporting database from both hospitals, as well as the now-retired Cerner, so in most cases we are able to supply the data required by your research study. However when the data being sought is not in Epic but rather in some clinical ancillary system such as GE PACS or the Philips bedside monitor system, we collaborate with the appropriate hospital clinical reporting team to get you access to the data you require. You must still complete the appropriate compliance process.
If the data is transportable (e.g. a data extract), the Hospital IT staff responsible for the data deliver it to us, and we then release it to you once you have successfully completed the applicable compliance process to obtain clinical data for research purposes, described above.
If the data must be viewed in-place (e.g. for PACS) we notify the Hospital IT staff responsible for the system in question when they are permitted to release the data to you, after you have successfully completed the appropriate compliance process.
Please refer to our guide to compliance requirements for obtaining clinical data from RIC to determine which process is most appropriate.