PHI Download

STARR Tools allow you to download data files for up to 7500 patients to your desktop. Once downloaded, however, these files pose a significant data privacy risk, since it can be easy to forget that they are confidential and must be handled at all times in accordance with the language in the IRB used to generate them. Accordingly, PHI is scrubbed using best-effort techniques prior to download.

If you have a legitimate research need for PHI in downloaded data files, you must

  1. Have permission to work with PHI online, and
  2. Obtain an exemption to the no PHI in downloads policy

You can request an exemption from the no PHI in downloads policy by filling out this survey. Please note that in addition to completing a Data Privacy Attestation (either primary or add-on), you must be named on the IRB you are requesting an exemption for, and you will be required to meet to discuss your project needs as part of the exemption consideration process.

If your exemption is granted, you will be able to download PHI from STARR Tools. As you do so, we ask that you please continue to adhere to the HIPAA "Minimum Necessary" principle and only download the PHI strictly needed to fulfil your research mission, and delete the data files as soon as the use for the PHI has been accomplished.

The full list of requirements for identified data download is:

  1. You must be named on the IRB protocol
  2. The IRB must have an associated approved primary Data Privacy Attestation
  3. If you are not the signator of the primary DPA, you must have completed an add-on attestation
  4. You must have an approved exemption to our policy of scrubbing PHI from data download files