Research Data Request Instructions

Before Starting

Confirm Eligibility

OSHPD is authorized to disclose “minimum necessary” versions of its patient-level data files to:

  • Researchers with nonprofit educational institutions/universities
  • Certain State agencies

Register Account

You will need to register an account with OSHPD’s Data Request Portal. Only one person will be able to submit and edit the request. The designated point of contact regarding the request will need to register an account on the Data Request Portal and must be a person who is listed on the request form and is directly participating in the project.

New Research Request Process

Step 1 – Submit Preliminary Request OSHPD’s Data Request Portal

Log in to OSHPD’s Data Request Portal to access the Research Data Request Form. 

  • New Requests will select New Request Option
  • If requesting additional data, for a previously approved project, with a current CPHS protocol, select Supplemental Request. Click here to go to the instructions for submitting a Supplemental Request. 

Note: Supplemental Request can only be submitted through the portal if the original request is digitized in the portal. If you wish to submit a Supplemental Request for a request that was initially submitted outside the Data Request Portal, please email for instructions.

Instructions for Initial Request Submission

1. Submit Research Request form via the OSHPD Data Request Portal

Note: When completing the request form, use TAB to move between fields. 

2. Upload a PDF of your DRAFT California Protection of Human Services (CPHS) Protocol with your request.

Note: CPHS is housed at OSHPD but is not an OSHPD unit.         

3. The Principal Investigator must be registered on the CPHS website at: Follow the CPHS instructions for completing a draft protocol. An OSHPD request submitted without a draft protocol will be asked to complete the request packet and resubmit.

4. Complete the Justification Grids for each data set. You can find them here.

5. A Memorandum of Understanding (MOU) or a Data Use Agreement (DUA) between the primary University and any collaborating University must be included if employees from the collaborating university will have the access to patient level data.

6. A letter of sponsorship for this specific research project from the Department Director (California state agencies) or Department Chair at the sponsoring university/institution on university letterhead must be included.

Note: Must be current within 12 months of request.

7. Please include a copy of the IRS 501(c)(3) certificate with the request package. For-profit universities are not eligible for this data.

8. Please include a letter from the primary University IT department on official University Letterhead.

Note: Must be current within 12 months, letter used for CPHS is fine if current.

9. If using a contractor, please include a copy of the contract.

Note: You must meet the upload requirement to submit your request.

Step 2 – Receive Pre-CPHS letter and submit CPHS Research Protocol

Once the request passes preliminary analyst review, OSHPD will upload a “Pre-CPHS Letter” to the request portal. This should be used as the department support letter when submitting the final draft CPHS Protocol. Turnaround time to receive the Pre-CPHS letter will vary based on the quality of the initial submission and the amount of corrections needed.

Step 3 – CPHS Approval

You will need to submit the Pre-CPHS letter to CPHS to recieve CPHS approval. CPHS is housed at OSHPD but is not an OSHPD unit and thus you will work directly with CPHS to recieve CPHS approval. Receiving CPHS approval does not mean your request is approved to receive data. Each request must undergo additional OSHPD review and may be subject to VSAC review. Data will only be delivered when a request has been approved by all relevent entities. You can find information about whether or not you need VSAC approval below. 

Step 4 – OSHPD Review

Once the CPHS Research Protocol has been approved by CPHS, the request will be submitted to the OSHPD Non-Public Data Request review with the approved CPHS Protocol. If there are any questions about the request during this part of the process, an analyst will contact the requester with further instructions or correction requests. It is the responsibility of the requestor to reach out to OSHPD once their CPHS protocol has been approved.

Areas to Review

The following are common areas that may cause a review analyst to return the request for further information. This is not an exhaustive list so please review your request completely.

  • CPHS protocol must be current and approved or in process.

Note: CPHS protocol must match the OSHPD request.  This includes purpose and narrative, data storage plans, data access plans, personnel, and Principal Investigator (PI).  

  • The PI must be from the sponsoring university.
  • Only the sponsoring university may host the data and grant access. Host universities cannot make copies of the data but can share on networks or load on server. Data cannot be downloaded from host servers for use outside of host university.

Note: Data must be stored on host university servers. Access can be granted via non-downloadable VPN for outside entities and contractors if they are not onsite at the host university or in some cases, at OSHPD (some exceptions made for some California State departments). 

  • Data access roles must be defined for each research team member accessing patient level files (affiliation, job title, role on project); the Data Use Agreement must list all names of team members listed in OSHPD application.
  • Any MOUs between collaborating universities must be included and must outline access to data, explaining how access to the data will be granted to the non-host, and what the MOU is allowing and why the universities are collaborating on the project.

Note: OSHPD data cannot be copied and shared.  Data must be stored on servers owned and operated by the accountable Sponsoring University.

  • All personnel must be listed in the application. Personnel changes to prior request must be noted in the supplemental application.
  • Any collaborating outside organizations must have a current contract included that explains contractual obligations, how access will be granted to the organization, and what the role is for the outside party utilizing the data for analysis or monitoring.

Note: All contractors must be listed on the DUA if accessing the patient level data. All contractors must be listed in the original data request or updated in the supplemental application if added later. Contracts for contractors added to supplemental form must be included in supplemental request.

  • If data will be linked to any non-OSHPD data sets, include the approval letter for use of the data set. Ensure that linkage methodology is clear (i.e., finder file used at OSHPD, or probabilistic linkage, etc.)  Any language that clearly states that the data will not be used to reidentify an individual during linkage is useful for the OSHPD decision process.
  • The signed DUA and Request form must be current. An OSHPD analyst will send the unsigned DUA and unsigned request form to the requester for signature. Sign, scan and email the forms back to the assigned OSHPD analyst. All DUAs must be included for final review.

Note: For graduate students requesting data, the Faculty Advisor must also sign the request form.

Step 5 – Request Approved by OSHPD

When the request has been approved by OSHPD, the PI or authorized designee will be contacted to sign the final approved request form. You will need to upload a PDF of the signed request form to the request portal before OSHPD can arrange data delivery.

Note: If you are only requesting PDD, ED or AS data, you will be contacted to arrange data delivery (skip to step 6). If you are requesting Linked Death or Linked Birth data of any kind, you will undergo an additional approval process outlined below.

Step 6 – Requests containing PDD/Linked Birth or PDD/Linked Death data – VSAC

Requests for PDD/Linked Birth or PDD/Linked Death data must also go through the California Department of Public Health (CDPH) approval process. The Vital Statistics Advisory Committee (VSAC) will review the request. OSHPD will forward the following forms to VSAC directly:

  • Signed California Department of Public Health’s (CDPH) Information, Security, and Privacy Requirements (IPSR) Form.
  • CV/Resume.

Note: The OSHPD analyst will forward all signed documents directly to VSAC on the requestor’s behalf but cannot be an intermediary for questions VSAC has for the requester. The requestor will be Cc’d when the initial request packet is sent to VSAC and OSHPD will be Cc’d on communications between the VSAC and the requestor. Once VSAC has approved the request, OSHPD is notified and will arrange to SFTP the data from OSHPD to the named recipient. VSAC determines approval for use of the birth certificate and death certificate data that comprise part of the PDD/Linked Birth and PDD/Linked Death data.  The requester must forward all questions related to that process to HIRS@CDPH.CA.GOV .  Please be aware there may be charges for data usage.

Step 7 – Data Delivery

Data is sent via OSHPD’s internal Secure File Transfer system. Find instructions here. All data is prepared upon notice of approval so please allow at least 2 weeks for data delivery after your request is approved.

Supplemental Research Request

Before you submit

Before you can submit a Supplemental Request with OSHPD, you must submit an amendment to your CPHS protocol to request additional data and have it approved. You must submit the approved amendment and the CPHS approval letter with your Supplemental application.

Step 1 – Original Data Request

If your original request was submitted outside of OSHPD’s Data Request Portal, your request will need to be digitized by OSHPD staff. Please email with your original request number, the name of the PI, the sponsoring university and your CPHS protocol number. If your original request was submitted via the OSHPD portal, skip to step two.

Step 2 – Selecting a Supplemental Request

When you access the Research Data Request Form in the portal, you will be given the option to select whether or not you would like to submit a New data request or a Supplemental data request. Once you select Supplemental, a drop down menu will appear. You will need to select your original request from the drop down menu. The full request form will now load. 

Step 3 – Types of Supplemental

Once you have selected your original request from the drop down menu, the full request form will load. Your original request form and all prior information will load, but you will not be able to edit the fields. This is for your reference and is not meant to be altered. If you scroll down, you will find the Supplemental Request Information section where you can address any changes to your project.

You will need to indicate which type of supplemental you are submitting. The options are:

Data Year/ Data File Update: If you would like the same data sets you received in your original request but updated to the most recent years of data available or need to add a new data set to your project.

Variable Update: Adding additional variables you have not previously requested.

You can select either or both. Making a selection will unlock fields farther down the request form that will allow you to elaborate on the data you are requesting.

Step 4 – Supplemental Questions

You will need to answer a series of questions regarding any changes to your study. Changes to personnel, changes in security, or any other significant changes should be explained in this section. Answering ‘Yes’ to a question will trigger a text box for you to outline the changes and may trigger additional questions.

Step 5 – Additional Documents

You will need to submit a similar set of documents with your Supplemental Request as you did with your original request. Once you meet the required number of documents, you will be able to submit your request. The documents you will need to upload are:

  • Approved CPHS Amendment for Addition of Data
  • CPHS Approval Letter
  • Updated Justification Grids for each dataset
  • Sponsorship Letter from the Deputy Director of Chair, current within one year
  • Data Security Letter from sponsoring university IT department Chief Information Officer or equivalent, current within one year

Note: You must submit the most recent version of the Justification Grids from the OSHPD website. Variables and other information in the Justification Grids are updated often. Using outdated grids can cause a delay in data delivery and you may be asked to fill out new grids. The latest grids can be found here.

Step 6 – Additional Linked Data – VSAC

If you are requesting additional data that includes the Linked Birth or Linked Death files, additional review will be required. After receiving approval from OSHPD your request will need to be reviewed by VSAC for approval.

This does not apply to requests whose original request included Linked Birth or Linked Death, but are not requesting additional linked data in the Supplemental Request.

Step 7 – Data Delivery

Data is sent via OSHPD’s internal Secure File Transfer system. Find instructions here. All data is prepared upon notice of approval so please allow at least 2 weeks for data delivery after your request is approved.