Below is a summary of research compliance documentation requirements for de-identified, limited, and identified research data requests.
For Internal UCSF Clients
A UCSF faculty, staff, or student seeks a data extraction or report.
- De-identified Data: None
- HIPAA Limited Data: IRB Approval
- Identified Data: IRB Approval
For External Non-UC Clients
A collaborator at a non-UC academic institution or medical center, a vendor, or an external registry seeks a UCSF patient data set.
- De-identified Data: Appropriate Contract/Agreement
- HIPAA Limited Data: IRB Approval, Appropriate Contract/Agreement
- Identified Data: IRB Approval, Appropriate Contract/Agreement