Obtaining IHIS Access for Research
The College of Medicine Office of Research in collaboration with The Ohio State University Health System has developed a defined process for granting access to the electronic health record, IHIS (Integrated Healthcare Information System), for research purposes. This process creates uniformity in the approval of access to protected health information (PHI) for research purposes and promotes compliance with regulations and institutional policies.
Overview of Approval Process
The Health Information System Access Review Committee (HISARC) is responsible for the review and approval of IHIS access for research purposes.
Learn more about the IHIS access for research request approval process
Once an eServices ticket to request IHIS for research is submitted (by an OSUWMC employee), the approval process is completed as follows:
- Verification by COMRIT: The College of Medicine Research IT (COMRIT) verifies the new user’s employment status, HIPAA training, background check, drug screening, IRB, and user needs before the next Health Information System Access Review Committee (HISARC) meeting, which occurs on the second and fourth Thursday of each month.
- HISARC Review: HISARC reviews the request, determines the minimum necessary access level for the user, and approves the request in eServices. This step typically takes 2-4 business days. The ticket is then assigned to the IHIS Training Team.
- Training Verification by IHIS Training Team: The IHIS Training Team verifies whether the user has completed required training/s. If so, they approve the eServices ticket and it is assigned to the IHIS Accounts Team (1-3 business days). If training is incomplete, the user is notified. If not resolved within 60 days, the ticket is closed/incomplete.
- Account Creation by IHIS Accounts Team: The IHIS Accounts Team creates the user account and provisions the approved access level (1-5 business days). If slicer/dicer access is needed, the ticket is assigned to the IT Team; otherwise, it is marked as closed/complete.
- Configuration of SlicerDicer by IT Team: The IT Team configures SlicerDicer access based on the (user provided) list of MRNs, providers, or department codes. This may take 5-10 business days for MRNs, and 3-7 business days for departments or providers.
This process ensures that all necessary checks and trainings are completed before granting access to IHIS for research purposes.
IHIS for Research Request for HISARC Approval Flowchart:
How to Request IHIS Access for Research Purposes
- MedCenter Logon ID for person needing access which can be requested here:
- Fingerprint background check (FBI/BCI) and date completed (must be done through OSUWMC)
- Drug screening and date completed
- Vaccinations and date completed (if interacting with human subjects)
- OSUWMC Annual HIPAA Privacy and Security Training and date of completion
- Supervisor/Manager's name and MedCenter Logon ID
- Cost center and fund
- IRB protocol information:
- Added as key personnel or sub-investigator
- Requires completion of CITI human subjects training
- Requires completion of CITI responsible conduct of research (RCR) training
- Requires completion of annual Conflicts of Interest disclosure (eCOI)
- OSU IRB protocol number
- PI name and MedCenter Logon ID
- Whether written HIPAA authorization is used
- Information on HIPAA waiver for written authorization (full, partial, none)
- Added as key personnel or sub-investigator
- IHIS training is required before access is granted.
- Note: IHIS access request can be submitted prior to IHIS training completion.
HISARC is charged with determining the minimum access necessary to complete the research. There are several access levels that can be granted for research purposes:
- In-basket only: users can only view charts that are sent to them via IHIS in-basket (similar to email). This is typically used for users who are only looking at a defined subset of patients.
- In-basket plus SlicerDicer: In-basket functionality plus access to an identified set of MRNs/departments/studies (provided by requestor). Parameters set by IT. Best for users with a large number of identified charts to review.
- Read/view only: only (all records): users can see all charts in the system but cannot edit the chart contents. This access can be used for research recruitment under a HIPAA waiver, including viewing outpatient schedules and inpatient units, and data extraction.
- Full/documentation access (all records): users can see all charts in the system and can document within the record. This is useful for researchers who wish to record research related activities, such as the consent process or research notes, or pending orders to a licensed provider, such as an order for research samples.
- Research Scheduling: access allows researchers to schedule patients to their schedule or to a provider’s schedule.
- Research Billing: Access used to assure research-related charges are not billed to the patient. Will reconcile patient accounts and study work queues.
- If the request is for an internal transfer from another research role or new to research but previously worked at OSUWMC in another capacity, access to the system will still need to be requested in eServices. These requests go through the traditional provisioning process for research access.
- Contact the IHIS Research Training team ihisresearchtraining@osumc.edu for questions regarding IHIS research training requirements.
- Supervisor/Manager information should be an individual involved in research or a PI
- You can request to model access on another user. However, requests are not guaranteed, as requests are reviewed for minimum necessary access.
- For background checks: contact departmental HR representative to schedule with ID Processing
- For drug screens and vaccinations: contact departmental HR representative to schedule appointment with University Health Services. Note that unpaid research volunteers may need to pay out of pocket or by project funds to meet this requirement.
- Annual HIPAA Privacy and Security eLearning must be completed through BuckeyeLearn (go.osu.edu/buckeyelearn)
- Information regarding required CITI training can be found on the Office of Responsible Research Practices (ORRP) website (https://orrp.osu.edu/irb/training-requirements/)
- Information about eCOI can be found at the Office of Research Compliance website (https://orc.osu.edu/regulations-policies/coi/ecoi/)
Only someone associated with the medical center can submit these requests.
- An OSUWMC identity is required and may be requested through my.osu.edu. Instructions are available at https://my.osu.edu/user/medCenterGuestProcessDoc (OSU log-in required). Only someone currently associated with OSUWMC will be able to request a guest account.
- An onboarding request must be submitted through eServices to establish the user in the system. Step-by-step instructions are available below.
- Please note that guest accounts and IHIS access expire one year after creation. The guest account can be extended through my.osu.edu, and a new eServices request will need to be submitted for IHIS access.
- Approval can take 2-6 weeks, so please plan accordingly.
Step-by-step instructions for submitting the eServices request:
- Research staff external to OSU begin process by requesting and OSU Guest Account first via my.osu.edu, then proceed with the eServices Onboarding Form.
- OSUWMC staff can begin process with an Onboarding Form.
- View step-by-step instructions (internal access only)
How to Request Electronic Health Record Access for Research Monitors and FDA Auditors
Research monitor and auditor access requests are made through CareLink rather than through eServices.
Use the below links for requesting access, releasing charts, and monitor/auditor guidance to understanding our system.
- Requesting Monitor or FDA Auditor Access to CareLink (internal access only)
- Releasing Patient Records to Research Monitors and Auditors (internal access only)
- CareLink User Manual for Research Monitors and Auditors (internal access only)
Please contact Kristin Scarpitti (kristin.page@osumc.edu) with any questions.