Non-Profit University Researchers or California State Agencies – Application Checklist (IPA)

Before You Start
1. Confirm your eligibility Before you start the application process, please confirm your eligibility. OSHPD is authorized to disclose HIPAA-limited versions of its patient-level data files to:
  • Researchers with nonprofit educational institutions/universities
  • State agencies
2. Review data sets Next, review the variables in the data sets to see if the data meets your analytical need.
IPA Request Process
3. Complete and submit an UNSIGNED preliminary request package for review
  • Download the IPA REQUEST FOR NONPUBLIC PATIENT LEVEL DATA Form and the justification grids for each data set.
  • Follow the detailed instructions below when completing the request form. Do not sign this version of the request.
  • Go to http://www.oshpd.ca.gov/Boards/CPHS and register on the California Committee for the Protection of Human Subjects website, if you have not already done so.  Follow their instructions on how to prepare a draft Research Protocol.  When submitting your request documents to OSHPD, include a PDF of your draft CPHS Protocol as we also review it with your request.  An OSHPD request submitted without a draft Research Protocol will be delayed until you provide us a copy.
  • Provide a letter of sponsorship from the Department Chair at your university/institution.
  • If your institution is nonprofit, please provide a copy of the IRS 501(c)(3) certificate with your request package. 501(c)(3) status allows you to receive the most current three years of IPA PDD/ED/AS data we have at the time complimentary.  Please note that the California Department of Public Health also charges for the birth certificate and death certificate data that comprise part of the PDD/Linked Birth and PDD/Linked Death data.
  • OSHPD will review the preliminary request package and an analyst will contact you if there are any questions about your request.
4. Pre-CPHS letter and Privacy Officer approval Once the request appears complete, you will be sent a “Pre CPHS Letter” which you will then be able to use as an attachment when submitting your CPHS Protocol to the California Committee for the Protection of Human Subjects.

When your Research Protocol has been approved by CPHS, your request will then be submitted to our Privacy Officer and Deputy Director with your approved Protocol.  If there are any questions about your request during this part of the process, an analyst will contact you.

When the Privacy Officer and Deputy Director have approved your data request, you will receive:
  • A copy of the complete request with a Request Number, date received, and date revised
  • A Data Use Agreement (DUA). The Data Use Agreement must list everyone who will be accessing patient-level data, as listed in the request.
  • Any invoices that are due at that time
Have the forms signed, PDFed, and e-mailed to OSHPD. For students, the Faculty Advisor must also sign the request form.
5. Requests containing PDD/Linked Birth or PDD/Linked Death data If your request contains PDD/Linked Birth or PDD/Linked Death data, we will then forward your approved OSHPD request, with your signed documents and payment, to the California Department of Public Health.  Once they have approved your request, we will be notified and then will arrange to ship your data.
6. Approved requests Generally, from the time the request is received until the data is shipped, the interactive IPA request takes approximately six months.  It may be longer or shorter depending on the complexity of the request.
7. Once OSHPD approves the completed package, you will be contacted about payment and shipping options NOTE: Data is not released until all required approvals have occurred and payment has been received.

At the time of data release, OSHPD will contact you to arrange shipping options: encrypted CD to be picked up by you; shipped Overnight Delivery, with encrypted CD(s); or encrypted files sent via Accellion (Secure FTP).
Instructions for Preparing the IPA Request for Nonpublic Patient Level Data Form
Identification/Eligibility
Complete contact information Complete the contact information section for your university/institution on the first page of the request form. List the names of Principal Investigators, if there is more than one person as the PI, which must match the draft CPHS Protocol. Submit unsigned; this is a draft until officially finalized later in the process.
Purpose
Please indicate the purpose for which the data are requested Give a brief description of what your study is about.
Please give a broad overview Please describe how the data will be used for your research.

Your Research Protocol and your OSHPD request need to be consistent; if it is helpful, you may copy a reasonable portion of your Protocol here. OSHPD needs enough information about your research to be able to determine why you are asking for nonpublic patient-level data.
Requested Data
Mark the years and the confidential data sets/products you would like to order You will need to complete and attach the appropriate justification grid with the request package:
  • OSH-HIRC-513 PDD Justification Grid
  • OSH-HIRC-514 ED/AS Justification Grid
  • OSH-HIRC 515 PDD/Linked Birth Grid
  • OSH-HIRC 516 PDD/Linked Death Grid
  • OSH-HIRC-517 CCORP Grid
Format
Indicate the format you prefer Choose format from SAS or comma delimited text.
Justification
What is the required sample size you need to test your hypothesis? Briefly explain what your required sample size will be, if known
Describe and justify the subset needed If you need a geographic subset, please indicate if you need it by patient county, hospital county, or both, or by ZIP Code.  If you need a data subset by diagnosis, please include a list of the appropriate diagnosis codes.  Include whether or not you need these if they are the principal diagnosis on the record, or secondary diagnoses.  If requesting a diagnosis subset that contains procedure codes, please note that ED/AS data only contains CPT 4 procedure codes.

If you need all records for given years, clearly explain why.
Applications
Please indicate if you will be doing the following:
Geographic Information System (GIS) If yes, please describe.
Combination/merge/coordination with other data set(s) or databases If yes, please describe the other data sets / linking variables (for example, census data, hospital level demographics, socioeconomic indicators, etc).
Linked patient-level information (i.e., across years) If yes, please describe method for linking patient-level data across years/data set. We need this information even if you are just linking within/between OSHPD data sets.
Products
What products will be developed from this project? Clearly indicate what kind of final product, such as a report or articles, will be developed from this project.
Please include a brief description of each product including the level of detail for any chart, graph, table, or map For each product, tell the level of detail contained in any chart, graph, table, or map you will be creating.
Describe how you will treat small cells (<15) in data products to avoid identifying individuals Descibe how you will treat a small cell size (15 or fewer). For example, if there are 15 or fewer in a cell, will you delete or combine the cell with another?
Security (Requestor or Outside Contractor)

Please see “Recommended Practices for Safeguarding Access to Confidential Data” on the request form for what we will be looking for in your answers about security for your facility.

System System on which the data will reside.  Be very specific when writing about data security, for example, indicate if your computer is stand-alone, networked, or if you are accessing data on a server.
Hardware/Software Does the system contain anti-virus software (all systems)?  Is it on continuous scan?

Name of anti-virus, anti-spyware and firewall you are using?

Do you have remote access software on this system?

Has an External Firewall, i.e. Netgear, Cisco pix or other NCSA certified your system?

Note: Windows™ firewall does not provide adequate security.
Access Control Access should be restricted to the authorized individual(s).

Is password length and configuration acceptable (alphanumeric and not observable either from the screen or able to be captured by any electronic means)?

If VPN is being used, explain how it is being kept secure.

Is there remote access software or hardware, i.e. PC Anywhere, Remote Control, SNMP, etc?  (If ‘yes,’ requestor must remove from system).  Are WiFi and file sharing capability also disabled and/or removed (with the exception of authorized remote access through a secure portal)?
Physical Environment Please describe your location, office space and how you are protecting the privacy of this data. 

Monitor must be positioned to prevent others from viewing text on screen.

Printers should be placed in close proximity for quick retrieval of printouts.

Password-protected screen savers must be used when a computer is in a shared workspace.
Data Storage Data stored on hard drives must be encrypted.  Store removable media (CD-ROM, diskette, USB device, etc.) in a locked cabinet or drawer.
Encryption If data is stored on hard drives it must be encrypted.  Acceptable encryption standards include Triple-DES, PCP, AES, Windows file encryption system.
Who will have access to the data at the facility? List the names and titles of the people that will access the data.
Relationship of personnel to facility? What connection do they have to your facility?
For Outside Contractor Security If your facility is working with an outside contractor, you must:
  • Indicate “X” in the “Yes” box and provide their contact information.
  • Indicate clearly what data they will have access to, how it will be provided to them and what they will be doing with the data.
  • Provide written documentation of an agreement between the contractor and your university/institution.
  • Complete the security questions above specific to each organization. They may need to provide this information to you so that you can complete this section. The security measures need to be stated clearly.

This page was last updated on Wednesday, July 27, 2016.

Data Years Available
  PDD ED/AS
PUF 2010-2014 2010-2014
AB 2876 1983-2016 2005-2016
IPA 1983-2016 2005-2016
Custom 1983-2016 2005-2016

Contact Us

Healthcare Information Resource Center
2020 West El Camino Avenue, Suite 1100
Sacramento, CA 95833
Tel: (916) 326-3802
Fax: (916) 324-9242
Hours: Monday-Friday 8 a.m. to 5 p.m. (PST)
E-mail HIRC