Patient Information Access and Management Policies

There are two major regulations that govern the use of patient information in research studies: Department of Health and Human Services (DHHS) Protection of Human Subjects 45 CFR 46 and the HIPAA Privacy Rule.

The Ohio State University Medical Center department of Medical Information Management (MIM) has a detailed guide and policy to access information for research activities that includes:

  • General information
  • Accessing patient information in order to prepare a research protocol
  • Use of patient information to identify and/or contact potential research subjects
  • Request for access to data on deceased individuals
  • Request for access to clinical information of subjects enrolled in a clinical trial
  • Access to health system data for retrospective data review
University Hospital Policy 09-11 Use of Patient Information by Hospitals and Medical Staff is a detailed policy and procedure manual that applies to all departments and units to address the appropriate access, use and security of patient information. This includes the appropriate access and use of information for research purposes, acceptable process for subject recruitment, use of information for IRB-Exempt research, use of de-identified or coded patient information and use of patient information for research databases or repositories.

Protect information, when emailing outside of the medical center use secure email. 
Instructions on how to send secure mail: SecureMail-MedCenter IS Fact Sheet

If you need additional information or do not have an OSUMC login to access the Medical Information Management website, please contact the Privacy Office at 614-293-4477.

Share this page