Enterprise Data Request Process: for Research

The Enterprise Data Request Process allows you to request clinical data sets for use in research. You can also request to share clinical data sets with external third parties to facilitate work collaborations and vendor engagements.

We've set up a system that will automatically guide your request through the completion of the required steps. For detailed process steps, see below.

For Internal UCSF Faculty, Staff, Students

Submit a Request for CTSI Data Extraction Consultation

A consultant will work with you, provide guidance on whether you need de-identified, limited, or identified data sets, as applicable, and will work with you to define a data specification that will be used by the Reporting Technical Team to fulfill your request.

Additional expectations of you:

Because you are conducting research, there are requirements for compliance documentation that you may need to complete to obtain your data, depending on the type of data you request and to whom the data are delivered. Your consultant will ensure that you have appropriate documentation. Familiarize yourself now:

Are you interested in the rest of the process? Here are the details of what will happen; you will receive instructions during your consultation or via email to complete these steps.  You don't need to initiate any of these steps yourself at this time.

  1. The CTSI Consultant will help you to submit a clinical data request form to fulfill your request.
  2. The ServiceNow system informs Principal Investigator (PI) of request. This system will email the Principal Investigator specified in the Enterprise Data Request Form to notify them of your research data request. This is informational only; no action is required by the Principal Investigator or you for this step.
  3. Verify current attestation form. The ServiceNow system checks whether you have a current Statement of Responsibility attestation form on file. An attestation form is considered current if it was signed by you during the past 2 years. If you do not have a current attestation form on file, the attestation form is emailed to you via DocuSign to read and sign.

For External Third Parties

  1. Submit a Request for CTSI Data Extraction Consultation

    A consultant will work with you to determine how to proceed.

  2. The CTSI Consultant will help you to submit the Enterprise Data Request Form (a ServiceNow form) to fulfill your request.
  3. The ServiceNow system inform Principal Investigator (PI) of request

    The ServiceNow system automatically emails the Principal Investigator specified in the Enterprise Data Request Form to notify them of your research data request. No action is required by the Principal Investigator or you for this step.

  4. Establish/verify contract

    An agreement/contract must exist between UCSF and the external third party who is seeking access to UCSF clinical data sets. The contract/agreement must contain sufficient terms and conditions to cover the parameters of the data sharing request. The ServiceNow system emails the appropriate contracting unit to verify that a sufficient agreement/contract exists. Unless you are contacted by the contracting unit to assist with the establishment or review of the contract/agreement, no further action is required by you for this step.The contracting unit will determine whether your data sharing request needs to undergo review by the Enterprise Information & Analytics Steering Committee during the process of establishing a contract for your collaboration and will work with you to submit the data sharing request for review if required. Please visit https://data.ucsf.edu/data-sharing to learn more about these data sharing reviews.

  5. Security assessment of third party system

    This step is completed only if the external third party is taking possession of the data set on their third party system. The ServiceNow system prompts the IT Security and Policy team to perform a security assessment of the third party system to ensure that the third party system meets UCSF Minimum Security Standards. Unless you are contacted by the IT Security and Policy team to assist with the security assessment, no further action is required by you for this step.

  6. Research Compliance Check

    The Reporting Technical Team extracting your research data set for you performs a research compliance check to ensure that the appropriate compliance documentation is completed for your data request. The requirements for compliance documentation are determined based upon the type of data set requested and to whom the data is delivered.