Campus alert status is yellow: For the latest campus alert status, news and resources, visit

Search Close Search
Search Close Search
Page Menu

How to Obtain Data?

UMMS faculty and staff can obtain data for Research, Education, Quality Assurance and Improvement purposes. Health Insurance Portability and Accountability Act (HIPAA) and human subjects research regulations and institutional policies govern these data requests depending on the purpose. As such, there is an authorization protocol that must be followed to obtain data where specific criteria vary depending on the purpose (Research, Education, Quality Assurance and Improvement) for which you are requesting data.

The process for requesting data is outlined below:

Generic Step-By-Step process

  1. Identify the Objective of the Study

    The Research Informatics Core supports any study type, including Patient Recruitment for Research, Retrospective Research, Quality Improvement, Clinical Trials, and Education.

  2. Identify the Data Domains and Types
    Data Domains

    The Research Informatics Core provides a list of available Data Domains and attributes from the Data Lake. Please review the detailed information in the Data Catalog section to verify that the data required for your study is stored in the repository.

    Data Types
    The data types and the objective of the study (Research or Non-Research ) will determine if your study should have an IRB protocol.

    PHI Data for Research Projects
    If you are requesting data containing Protected Health Information (PHI) for a research project, which includes quality improvement projects when they are designed to develop or contribute to generalizable knowledge, you must have an IRB protocol. You should create and submit a new study request to the UMMS IRB.

    PHI Data for Non-Research Projects
    If you are requesting data containing Protected Health Information (PHI) for a non-research project, you must have an IRB determination that the proposed activity is not human subjects research. Please see the IRB’s Request for Not Human Subject Research Determination Form for guidance.

    IRB documentation
    The Research Informatics Core ensures the security of patient information by controlling and auditing the distribution of data after UMMS Institutional Review Board (IRB) documentation is obtained.

    All data projects involving the Data Lake must have the appropriate IRB documentation prior to data release.
    The IRB may choose to engage the Privacy Office or Information Security during its review of a project. The IRB/Privacy Office may contact you directly during this phase if they have questions about your intended use or disclosure of the requested data elements.
    For any questions regarding IRB protocols, please contact the UMMS IRB.

    De-identified Data Sets
    If your study involves only de-identified data, void of dates, and all other PHI, you can request a de-identified dataset by Submitting a Data Request. 

  3. Submit a Data Request
    By submitting this form you will provide the details of the data extract. Once we receive the request, a member of our support team will be assigned to your project.
    Here is the link to the Data Request Form.

  4. Data Extract Review Session
    The team member assigned to your project will conduct a working session to discuss your research needs, give guidance on available resources, and develop the following steps to provide a quote for the services to be approved by the principal investigator. 
    Once we receive a confirmation on funding from your department’s financial administrator, we will start work on your project.

For research projects that involve data sources not available in the Data Lake, you can obtain an exception to use such sources if any of the following conditions are met:

  1. The Research Informatics Core can’t deliver the dataset
  2. A large number of variables required for the study cannot be replicated with the data available in the Data Lake.
  3. The investigator has the necessary expertise to develop the appropriate data structures that can support the research study.

The exception process may include security, IRB, and privacy reviews as applicable. In such cases, please request a consultation with the Research Informatics Core. The RIC team will guide you through the process and help initiate necessary reviews.

If your research involves sharing data with 3rd Party Vendors or External Academic Collaborators, you will need to obtain necessary approvals including contracts, Business Associates Agreement (BAA), and Data Use Agreement (DUA) as applicable. The Research Informatics Core will guide you through the process and help initiate necessary reviews.