Obtaining IHIS access for research
The College of Medicine Department of Research Information Technology (COMRIT), in collaboration with The Ohio State University Health System, has established a formal, standardized process for granting research access to the electronic health record, IHIS (Integrated Healthcare Information System). This process ensures consistent evaluation and approval of access to protected health information (PHI), while maintaining compliance with applicable regulations and institutional policies.
The Health Information System Access Review Committee (HISARC) is responsible for reviewing and approving requests for IHIS access for research purposes for individuals who do not obtain access through medical center employment. HISARC determines and authorizes the minimum level of access necessary for researchers to fulfill their job responsibilities.
Requirements for access to IHIS for research
- OSU Wexner Medical Center (OSUWMC) Credentials
- Active OSUWMC MedCenter credentials (name#) are required.
- Individuals without an OSUWMC user ID and password must obtain an OSUWMC Guest Account via the OSU Identity Management portal.
- Guest account requests must be submitted by an OSUWMC employee.
- Fingerprint Background Check (FBI/BCI) must be done through OSUWMC.
- Contact departmental HR representative to schedule with ID Processing.
- Drug Screening
- Contact departmental HR representative to schedule appointment with University Health Services.
- Requests must come from a supervisor.
- Employee health will not accept self-requests for drug screenings.
- Cost may be associated for certain roles/titles.
- Annual HIPAA and Institutional Data Compliance eLearning Completion
- Listed as Key Personnel on IRB Approved Protocol (some job title/role exemptions)
- Vaccination (for individuals who will have face-to-face contact with patients)
- Contact departmental HR representative to schedule appointment with University Health Services.
- (Access-specific) IHIS training is required before access is granted.
- IHIS access request can be submitted prior to IHIS training completion.
Additional requirements for students, visiting scholars, unpaid research contributors
- Researcher Confidentiality Education Form (internal access)
- Personal Attestation for Research Electronic Health Record Access (internal access)
- Estimated end date for access. HISARC will approve up to one year at a time with the option to renew.
Clinicians and Ohio State University medical students
These individuals already have clinical access by nature of their role and may use their clinical access for research once they meet the following requirements:
- Register in the IHIS Researcher Registry
- Listed as key personnel on the IRB approved protocol
- Annual HIPAA and Institutional Data Compliance eLearning Completion
- Complete appropriate IHIS research training if at least 50% of efforts on research
Overview of approval process
Once an eServices ticket to request IHIS for research is submitted by an OSUWMC employee (see submission instructions below), the approval process proceeds as follows:
- Verification by COMRIT: The College of Medicine Research IT (COMRIT) verifies the new user’s employment status, HIPAA training, background check, drug screening, IRB, and access needs prior to the next Health Information System Access Review Committee (HISARC) meeting, held on the second and fourth Thursdays of each month.
- HISARC review: HISARC reviews the request, determines the minimum necessary access level, and approves the request in eServices (typically within 2-4 business days). The ticket is then assigned to the IHIS Training Team.
- Training verification by IHIS training team: The IHIS Training Team verifies whether the user has completed all required training. If training is complete, the eServices ticket is approved and assigned to the IHIS Accounts Team (1-3 business days). If training is incomplete, the user is notified; tickets unresolved after 60 days are closed as incomplete.
- Account creation by IHIS accounts team: The IHIS Accounts Team creates the user account and provisions the approved access level within 1-5 business days. If filtering for In-basket plus SlicerDicer access is required, the ticket is assigned to the IT Team; otherwise, the ticket is marked as closed/complete.
- Configuration of SlicerDicer by IT team: The IT Team configures SlicerDicer access based on the user provided list of MRNs, providers, or department codes. This process typically takes 5-10 business days for MRNs filters and 3-7 business days for department or provider filters.
This process ensures that all requirements have been fulfilled before granting access to IHIS for research purposes.
IHIS for research request for HISARC approval flowchart:
How to request IHIS access for research purposes
To submit an eServices request, go to Service Portal - Self-Service Portal
- Supervisor/Manager's name and MedCenter Logon ID (PI or other individual involved in research)
- Cost center and fund
- Research staff external to OSU begin process by requesting and OSU Guest Account first via my.osu.edu, then proceed with the eServices “Onboarding Form”.
- Newly hired OSUWMC staff can begin process with an Onboarding Form.
- OSUWMC staff can begin process with a “Modification to General Accounts and Access for an Established User”.
- View step-by-step instructions (internal access only)
HISARC is charged with determining the minimum access necessary to complete the research. There are several access levels that can be granted for research purposes:
- IHIS research aggregate data only: Users can use SlicerDicer to determine feasibility. This template is also required for Cosmos users.
- In-basket only: Users can only view charts that are sent to them via IHIS in-basket (similar to email). This is typically used for users who are only looking at a defined subset of patients.
- In-basket plus SlicerDicer (filtered access): In-basket functionality plus access to an identified set of MRNs/departments/studies (provided by requestor). Parameters set by IT. Best for users with a large number of identified charts to review. View Quick Start Guide
- Read/view only: Only (all records): users can see all charts in the system but cannot edit the chart contents. This access can be used for research recruitment under a HIPAA waiver, including viewing outpatient schedules and inpatient units, and data extraction.
- Full/documentation access (all records): Users can see all charts in the system and can document within the record. This is useful for researchers who wish to record research related activities, such as the consent process or research notes, or pending orders to a licensed provider, such as an order for research samples.
- Research scheduling: Access allows researchers to schedule patients to their schedule or to a provider’s schedule.
- Research billing: Access used to assure research-related charges are not billed to the patient. Will reconcile patient accounts and study work queues.
- IHIS reporting power user research SlicerDicer: Restricted level which allows patient level information PHI via SlicerDicer. Requires read only or documentation main templates. Must enter IRB protocol upon access.
- Requests can be submitted via eServices/Service Now Portal
- Tip sheet: Requesting IHIS access for research
- Cosmos requests
- In-basket plus SlicerDicer (filtered access)
- Quick start guide
- Provider-based departments (for clinic codes)
- MyTools - Physician finder (for provider codes)
- For internal transfers between research roles, IHIS access must be requested by the individual’s new supervisor through eServices. These requests are subject to the standard research access provisioning and approval process.
- IHIS research training team email: ihisresearchtraining@osumc.edu
- Approval of access modeled after another user is not guaranteed.
- Information regarding required CITI training can be found on the Office of Responsible Research Practices (ORRP) website
- Information about eCOI can be found at the Office of Research Compliance website
- IT Help Desk at 614-293-3861, option 8 for IHIS
Individuals in this category must maintain a current, formal affiliation with OSU, which includes active enrollment at OSU, participation in an approved and documented research rotation, or active employment and compensation through OSU or OSUMC.
Inclusion on an approved IRB protocol does not constitute an acceptable affiliation on its own. Access to IHIS for research purposes is not permitted for non-OSU undergraduate students or former OSU/OSUMC employees, including professors, researchers, and physicians unless they meet one of the above criteria.
Only someone associated with the medical center can submit these requests.
- An OSUWMC identity is required and may be requested through my.osu.edu. Instructions are available at https://my.osu.edu/user/medCenterGuestProcessDoc (OSU log-in required). Only someone currently associated with OSUWMC will be able to request a guest account.
- An onboarding request must be submitted through eServices to establish the user in the system. Step-by-step instructions are available below.
- Please note that guest accounts and IHIS access expire one year after creation. The guest account can be extended through my.osu.edu, and a new eServices request will need to be submitted for IHIS access.
- Approval can take 2-6 weeks, so please plan accordingly.
Research study monitors and FDA auditors
Research monitor and auditor access requests are made through CareLink rather than through eServices. Requests must be submitted by OSU/OSUMC research study staff. Monitor self-requests will be denied.
Use these internal access links for requesting access, releasing charts, and monitor/auditor guidance to understanding this system.
- Requesting Monitor or FDA Auditor Access to CareLink
- Releasing Patient Records to Research Monitors and Auditors
- CareLink User Manual for Research Monitors and Auditors
Please contact Kristin Scarpitti (kristin.page@osumc.edu) with any questions.