Enterprise Data Request Process: Research Compliance

Below is a summary of research compliance documentation requirements for de-identified, limited, and identified research data requests.

For Internal UCSF Clients

A UCSF faculty, staff, or student seeks a data extraction or report.

  • De-identified Data: None
  • HIPAA Limited Data: IRB Approval
  • Identified Data: IRB Approval

For External Non-UC Clients

A collaborator at a non-UC academic institution or medical center, a vendor, or an external registry seeks a UCSF patient data set.

  • De-identified Data: Appropriate Contract/Agreement
  • HIPAA Limited Data: IRB Approval, Appropriate Contract/Agreement
  • Identified Data: IRB Approval, Appropriate Contract/Agreement