Skip to Content
SBMI Horizontal Logo

Access to Clinical Data

All data access or search requests can be made by completing our Data Request form.

Image access requests can be made by completing our Image Request form.

Data Access requests - where the researcher may search through the database themselves - must be made by completing the Request to Access Protected Health Information form.

Request access to ENACT/i2b2 here: ACT Request Form.

All data that is received by the requester must be stored in a secure manner which conforms to the UTHealth Policies for PHI data.

Depending on the complexity of the request, a fee may be charged to cover the costs of extracting the data. You will be given a quote before any work is started.


 Data Extract Requester Role and Responsibilities

The release of health information data to a requester requires additional conditions to ensure compliance with established policy, FERPA and HIPAA. The data requester must adhere to the following requirements:

1)      Data Requests for the purpose of research must include the following:

          a.  IRB approval ID, OR

          b.  a waiver of authorization granted by the IRB, OR

          c.  an IRB preparatory review permission document

 2)      Requests for information for clinical purposes must include:

         a.  detailed description of intended use of the data

3)      De-identified information from the health information system is not to be used or disclosed outside    of the scope of the requester’s project. 

4)      The requester must ensure use and disclosure of protected health information complies with UTHCHS privacy policies and the Standards for Privacy of Individually Identifiable Health Information 45 CFR§ 160, 162, 164. 

5)      Procedures to adequately protect received data at all times from unauthorized access are known and implemented during the course of the project.

6)      Disposal of received data by the researcher is in accordance with the procedure outlined below once the research project is completed

 Data Disposal Procedure

Computer systems store data on a variety of storage media (e.g., hard drives, floppy disks, CD-ROMs, tapes, memory). It is important that data delivered to the requester be securely removed from the media once the project has ended in order to prevent unauthorized disclosure and/or use.  Moving a file to the ‘Recycle Bin’ or performing the format function on external media does not ensure complete erasure of the data.  Instead, proven data shredding software product must be used to guarantee data is erased and no longer retrievable at a later date.

These open source software applications meet the data shredding requirement and should be used to delete all versions of the requested data.

1)      Fileshredder

2)      R-Wipe & Close