For the latest COVID-19 campus news and resources, visit umassmed.edu/coronavirus.

Search Close Search
Search Close Search
Page Menu

How to Obtain Data?

UMMS faculty and staff can obtain data for Research, Education, Quality Assurance and Improvement purposes. Health Insurance Portability and Accountability Act (HIPAA) and human subjects research regulations and institutional policies govern these data requests depending on the purpose. As such, there is an authorization protocol that must be followed to obtain data where specific criteria vary depending on the purpose (Research, Education, Quality Assurance and Improvement) for which you are requesting data.

The process for requesting data is outlined below:

Generic Step-By-Step process

  1. Identify the Objective of the Study

    The Research Informatics Core (RIC) supports any study type, including Patient Recruitment for Research, Retrospective Research, Quality Improvement, Clinical Trials, and Education.

  2. Identify the Data Domains and Types

    Data Domains

    The Research Informatics Core provides a list of available Data Domains and attributes from the Data Lake. Please review the detailed information in the Data Catalog section to verify that the data required for your study is stored in the repository.

    Data Types
    The data types and the objective of the study (Research or Non-Research ) will determine if your study should have an IRB protocol.

    PHI Data for Research Projects
    When requesting data containing Protected Health Information (PHI) for a research project, including quality improvement projects designed to develop or contribute to generalizable knowledge, IRB protocol is required. A new study request should be submitted to the UMMS IRB.

    PHI Data for Non-Research Projects
    When requesting data containing Protected Health Information (PHI) for a non-research project, an IRB determination is required to determine that the proposed activity is not human subjects research. Please see the IRB’s Request for Not Human Subject Research Determination Form for guidance.

    IRB documentation
    RIC ensures the security of patient information by controlling and auditing the distribution of data after UMMS Institutional Review Board (IRB) documentation is obtained.

    All data projects involving the Data Lake must have the appropriate IRB documentation prior to data release.

    The IRB may choose to engage the Privacy Office or Information Security during its review of a project. The IRB/Privacy Office may contact investigators directly during this phase with questions about the intended use or disclosure of the requested data elements.

    For any questions regarding IRB protocols, please contact the UMMS IRB.

    De-identified Data Sets
    If a study involves only de-identified data, void of dates, and all other PHI, a de-identified dataset can be requested by submitting a Data Request form. 

  3. Submit a Data Request
    This form provides details of the data extract. Once received, a member of the RIC support team will be assigned to the project. 
    Here is the link to the Project Request Form.

  4. Data Extract Review Session
    The RIC team member assigned to a project will conduct a working session with the investigator to discuss research needs, provide guidance on available resources, and develop the following steps to provide a quote for the services to be approved by the principal investigator. 

    Once funding confirmation is received from the department’s financial administrator, RIC will start work on the project.

For research projects that involve data sources not available in the Data Lake, an exception can be obtained to use such sources if any of the following conditions are met:

  1. The Research Informatics Core can’t deliver the dataset
  2. A large number of variables required for the study cannot be replicated with the data available in the Data Lake.
  3. The investigator has the necessary expertise to develop the appropriate data structures that can support the research study.

The exception process may include security, IRB, and privacy reviews as applicable. In such cases, please request a consultation with RIC for guidance throughout the process and assistance initiating necessary reviews.

If the research project involves sharing data with third party vendors or External Academic Collaborators, necessary approvals -- including contracts, Business Associates Agreement (BAA), and Data Use Agreement (DUA) – must be obtained, as applicable. RIC will provide guidance throughout the process and help initiate necessary reviews.