The data-sharing review process

New contracts that propose data sharing with external entities are being closely reviewed by the UCSF contracting units. Data-sharing engagements that meet any of the below escalation criteria will undergo review by the IT Governance Committee on Enterprise Information & Analytics (EIA).

The data sharing review process includes the following steps:

1. Determination that an engagement needs to undergo review. Your Contracting Officer will evaluate the specifications of each data sharing engagement using the following escalation criteria to determine whether the engagement needs to undergo Committee review.
2. Submission of the data sharing review request. Your Contracting Officer will submit the review request by following the steps outlined in the How to Submit a Data Sharing Review Request section below.
3. Preliminary Review of Submitted Request. The submission will undergo a preliminary review to verify that the submission contains the required information and that all supporting documentation has been provided to ensure that the Committee has the necessary information for their use during the review. Please note that you may be contacted for additional information about the details of the engagement in preparation for the Committee review.
4. Scheduling the Review. Once all the required documentation has been gathered, the review of the engagement will be scheduled for a weekly data-sharing review session. Your Contracting Officer will be invited to attend the review session to help address any questions that the Committee may have about the engagement.
5. Committee Review of the Engagement. The IT Governance Committee on Enterprise Information & Analytics will review the engagement in collaboration with your Contracting Officer. The Committee strives to reach a decision for each review during the first discussion about the engagement, but it is feasible that additional information or discussion with the external entity may be required for the completion of the review.
6. Committee Review Outcome Follow-up. Following each review session, you will receive an update about the status of the review of your engagement. If conditions are stipulated for the approval of your engagement, you will receive a communication that outlines the conditions that must be met before the contract for your engagement can be finalized.

How to submit a data-sharing review request 

1. Complete the Safety Net Submission Form. New review requests can be created by clicking the New button at the top of the page. Please note that this link can be used for any future edits that you may need to make to your submission, as well.
2. For all submissions, please ensure that copies of all contractual documents associated with the data sharing engagement are included in the submission.
3. Provide a detailed description of what data will be shared and upload any available data dictionaries or other supporting documentation that describes what data will be shared.
4. For engagements where data is being shared for research purposes and the data being shared contains Protected Health Information (PHI), Research Health Information (RHI), or was derived from an identified data source, please also include copies of the associated IRB protocol application, IRB approval letter (if available), HIPAA authorization forms, and any associated informed consent forms. If the IRB protocol has not yet been approved, please note this in the submission form and provide copies of the draft IRB documentation.