Access to Clinical Data

Access to Clinical Data

 Data Extract Requests can be made by completing the CDW Service Request Form.

All data requests must be accompanied by a signed Data Access Letter (fillable pdf, complete electronically) with the Data Extract box checked.  All data that is received by the requester must be stored in a secure manner which conforms to the UT Health Policies for PHI data.

Depending on the complexity of the request, a fee may be charged to cover the costs of extracting the data.


I2b2 Access Request can be made by completing the Data Access Letter (fillable pdf, complete electronically) and the i2b2 access box checked.  Submit the letter to Susan Guerrero for review and approval. 

 I2b2 use is limited to hypothesis development, preparatory to research, and providing supporting data for grant applications.

 Data Extract Requester Role and Responsibilities

The release of health information data to a requester requires additional conditions to ensure compliance with established policy, FERPA and HIPAA. The data requester must adhere to the following requirements:

1)      Data Requests for the purpose of research must include the following:

          a.  IRB approval ID, OR

          b.  a waiver of authorization granted by the IRB, OR

          c.  an IRB preparatory review permission document

 2)      Requests for information for clinical purposes must include:

         a.  detailed description of intended use of the data

3)      De-identified information from the health information system is not to be used or disclosed outside    of the scope of the requester’s project. 

4)      The requester must ensure use and disclosure of protected health information complies with UTHCHS privacy policies and the Standards for Privacy of Individually Identifiable Health Information 45 CFR§ 160, 162, 164. 

5)      Procedures to adequately protect received data at all times from unauthorized access are known and implemented during the course of the project.

6)      Disposal of received data by the researcher is in accordance with the procedure outlined below once the research project is completed

 Data Disposal Procedure

Computer systems store data on a variety of storage media (e.g., hard drives, floppy disks, CD-ROMs, tapes, memory). It is important that data delivered to the requester be securely removed from the media once the project has ended in order to prevent unauthorized disclosure and/or use.  Moving a file to the ‘Recycle Bin’ or performing the format function on external media does not ensure complete erasure of the data.  Instead, proven data shredding software product must be used to guarantee data is erased and no longer retrievable at a later date.

These open source software applications meet the data shredding requirement and should be used to delete all versions of the requested data.

1)      Fileshredder          www.fileshredder.org

2)      R-Wipe & Close    www.r-wipe.com