Patient Information Access and Management Policies

There are two major regulations that govern the use of patient information in research studies: Department of Health and Human Services (DHHS) Protection of Human Subjects 45 CFR 46 and the HIPAA Privacy Rule.

The Ohio State University Medical Center department of Medical Information Management (MIM) has a detailed guide and policy to access information for research activities that includes:

General information
Accessing patient information in order to prepare a research protocol
Use of patient information to identify and/or contact potential research subjects
Request for access to data on deceased individuals
Request for access to clinical information of subjects enrolled in a clinical trial
Access to health system data for retrospective data review

University Hospital Policy 09-11 Use of Patient Information by Hospitals and Medical Staff is a detailed policy and procedure manual that applies to all departments and units to address the appropriate access, use and security of patient information. This includes the appropriate access and use of information for research purposes, acceptable process for subject recruitment, use of information for IRB-Exempt research, use of de-identified or coded patient information and use of patient information for research databases or repositories.

Protect information, when emailing outside of the medical center use secure email.
Instructions on how to send secure mail: SecureMail-MedCenter IS Fact Sheet

If you need additional information or do not have an OSUMC login to access the Medical Information Management website, please contact the Privacy Office at 614-293-4477.

Information about case studies
A case study limited to one or two cases typically does not require IRB approval, but authorization from the patient is still needed. For case studies involving OSUWMC patients, the Release of Information (ROI) form should be used to get the patient’s authorization for their de-identified information to be used in a case study. The case study must be de-identified. The form should say that they authorize the staff writing the case study to release information to x journal/meeting for the purpose of a de-identified case study. Put the range of the specific dates that will be referenced. Under ‘Specific Reports to be Disclosed’ indicate that the case study will be de-identified. Once the form is signed, it should be kept in your record in case the case study is ever questioned. Please see below for example of how the form can be completed for obtaining permission from the patient.
- View blank release of information form
- View an example of release of information form
If a signed authorization cannot be obtained, the Chair of the HIPAA Steering Committee would need to grant an exception. Please contact the Privacy Office or the HIPAA Helpline at (614) 293-4477 for more information.
RDR i2b2 - The Ohio State Research Data Repository

The Ohio State University Research Data Repository (RDR) is an IRB-approved database populated with a coded-limited dataset sourced from OSU Wexner Medical Center Electronic Health Record via the Information Warehouse. Application level access to the RDR is implemented via the Informatics for Integrating Biology and the Bedside (i2b2) software product developed at the Partners Healthcare System which has been adopted by over 80 Academic Health Centers across the country. The RDR provides OSU researchers the ability to perform self-service cohort discovery for research purposes in order to support hypothesis generation, feasibility analysis, and study population enrollment reports. The RDR is available for use by Ohio State biomedical research community members (faculty and staff) affiliated with the OSU Wexner Medical Center and/or one of the seven OSU health sciences colleges: Dentistry, Medicine, Nursing, Optometry, Pharmacy, Public Health, and Veterinary Medicine.
Training
More information about RDR and i2b2

More Information about RDR and i2b2:

General RDR Questions: ccts-informatics@osumc.edu
National i2b2 Consortium Website: https://www.i2b2.org/software
OSU RDR i2b2 Website: https://i2b2.osumc.edu/webclient/index.php
Request a project-specific RDR Consult: https://researchrecord.osu.edu
Research Data Repository (RDR) Available Data Fields (PDF)

Research and HIPAA

Patient Information Access and Management Policies

Information about case studies

RDR i2b2 - The Ohio State Research Data Repository

Training

More information about RDR and i2b2

Share this page