Research and Clinical Data Access

The ability to use protected health information (PHI) in research supports clinical and translational research. The use of PHI carries special obligations for management of access in order to protect the rights and welfare of patients as delineated by the Health Insurance Portability and Accountability Act (“HIPAA”).

A presentation was developed by Information Security, Privacy and IRB to provide guidance to the Research communuty.  It addresses HIPAA, data storage, data handling and data destruction.  

View HIPAA Presentation

The following information is provided as best practice guidance for working with clinical data. If you have any questions regarding how best to protect clinical data during research, please feel free to reach out to the UMass Chan Medical School Information Security Team @ infosec@umassmed.edu or contact Emily Martins, Information Security and Compliance Manager (774) 455-4404.

• Data De-identification
• Detailed De-identification Guidance
• Limited Data Sets
• Research Data Storage
• Securing Research Data
• Destroying Research Data
• Vetting Third-Party Access
• Procedure for Third-Party Vendors and Protected Health Information