What Information Do I Need in Order to Request Data?
Please use the resources on this page to assist you in determining:
1) whether your project requires IRB approval, and
2) the proper method for submitting your data request.
Once you have established your point of contact, please make sure you have collected all of the information outlined on the Data Requests - Required Info page prior to completing a Data Request Intake Form or Electronic Health Data Request. This may include inclusion/exclusion criteria, billing/procedure codes, required data elements, etc.
How Do I Submit a Research Data Request?
How you can request data for pediatric research depends on the purpose of the project, the source of the data, and whether the information you need is considered identifiable.
Please review the following information in order to determine what category your project falls under. In addition, you can refer to the PRO Data Requests Diagram or contact the PRO for additional guidance.
If your purpose for this dataset is to track performance and/or improve care within your institution/department and you do not have any plans of publishing the results outside of it, then your study likely qualifies as an operations/QI project. For operations/QI requests at UNMC, please contact the UNMC EHR Core. For operations/QI requests at CHMC, please contact the CHMC IT Department.
If you just need to know about how many patients meet some basic criteria in order to make future operations or research plans, then your study type is likely considered to be a feasibility request.
If you are wishing to look at patient outcomes or clinical practice that has already occurred and compare across groups, then your study is likely considered a retrospective review.
If you need a list of patients that meet your basic existing study criteria so that you can screen and approach those that apply, your dataset would be considered a patient list.
If you need to keep track of information going forward for a group of patients who either consented to your study or enrolled in a registry, your study would be considered prospective or a registry.
Depending on the source of your data, the workflow will be different. Examples of data sources include:
- Children's Hospital & Medical Center
- Nebraska Medicine
- PHIS (Pediatric Health Information System)
- Other (e.g., national registry or survey)
Please refer to the diagram below for the correct contacts for data requests.
See also: What is identifiable information?
Please refer to the HIPAA Journal website for detailed information on the HIPAA Privacy and Security Rules. In summary, Protected Health Information (PHI) is any health information that can be tied to an individual, which under HIPAA means protected health information includes one or more of the following 18 identifiers. If these identifiers are removed the information is considered de-identified protected health information, which is not subject to the restrictions of the HIPAA Privacy Rule.
- Names (Full or last name and initial)
- All geographical identifiers smaller than a state (please refer to the website for exceptions)
- Dates (other than year) directly related to an individual
- Phone Numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health insurance beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers (including serial numbers and license plate numbers)
- Device identifiers and serial numbers;
- Web Uniform Resource Locators (URLs)
- Internet Protocol (IP) address numbers
- Biometric identifiers, including finger, retinal and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data