Requesting Access to RGE Data

Application Information

Procedures which meet RGE requirements for use and protection of data in its oversight


  1. APPLICATION INFORMATION
    1. Access to RGE-controlled data:
      1. All access to RGE-controlled data is project specific.
      2. Access to data may be requested for any and/or all of the following purposes:
        • statistical analysis, no individual identifiers
        • data linkage, individual identifiers needed, no contact planned
        • subject identification and contact
      3. Continued access to RGE data requires annual review and approval. Major changes in access require amendment and re-review.
      4. Use of RGE data requires that any manuscript resulting from a project using the data be reviewed by RGE prior to publication.
    2. Levels of access within the Utah Population Database (UPDB):

      Within UPDB, three different levels of access are available:

      1. General Project Information. These data include the individual's UPDB identification number, demographic information and relationship information. Not all information is available on all individuals. All RGE-approved projects have access to all of General Project Information for the duration of the project.
      2. Dataset-Specific Information. These data are contributed to RGE by different data contributors and include information specific to each file (e.g., cause of death, cancer status, birth complications, etc.). Access to each must be justified through your proposal. (Please note that each file contains many variables. Your proposal should note which of those variables are necessary for your project.) In addition, the length of time the project needs access to the data must be specified. Access will be terminated at that time unless other arrangements have been made.
      3. Individually-Identifying Information. This the most restricted level of access within UPDB. These data include name, Social Security Number and address. Not all information is available on all individuals. Access to individually identifying information must be specifically justified in your proposal. Identifying information for any individual approved will be provided either in writing or on disk. As with dataset specific information, the length of time the project needs access to the data must be specified. Data must be returned at that time unless other arrangements have been made. {NOTE: If you are providing individually identified records to RGE for linkage to UPDB, those links are considered part of this category.}

        Decision Tree for Linking Project Records to the UPDB

    3. Access Procedures:
      1. The form, Request for Approval of a NEW Project, must be submitted to the RGE office, along with a description of the study.
      2. Your access request should include a general description of the study, with the balance describing your proposed use of UPDB. Access to either Dataset Specific Information or Individually Identifying Information must be specifically requested and justified. The request for access to either/both of these sets of information must include the time period for which access is requested. Very strong justification must be made for access to individual identifiers, such as names, SSNs, etc. Please indicate why your project could not reasonably be conducted without such access. The period of time for access must be tied to your project methodology. Keep it as short as is reasonably possible.
      3. Your description should answer the following questions:
        1. What are your procedures for data security? How do you ensure that UPDB data are not accessible by unauthorized users? If you plan to store any UPDB data on any computer other than that maintained by PPR, please list those computers and their operating systems (e.g. Windows 95, NT, UNIX etc. Please identify all individuals who have access to the computer(s) where UPDB data are stored.
        2. What are your procedures for contacting individuals (if applicable)?
        3. What data will you return to RGE (if applicable)?
        4. What is your plan for disposition of data at the end of the project? (RGE requires that all UPDB data be destroyed or reposited with RGE at the end of the project.)
        5. Does this project have commercial funding? If so, please describe the nature of the funding, what data you will be providing to the funder and how the confidentiality of UPDB data will be protected.
      4. The description should be five pages or less.
      5. Where applicable, a copy of the grant or contract application should be attached also.
  2. PROCEDURES WHICH MEET RGE REQUIREMENTS FOR USE AND PROTECTION OF DATA IN ITS OVERSIGHT

    (These are examples of the kind of information about your project that is required in your project description.)

    1. Procedures for database access
      1. Studies where some subjects are already known to the researcher and he/she wishes to know more about individuals or the family.
        1. UPDB is searched for names of subjects already in investigators research program. Searches (or linking) are done by PPR staff.
        2. PPR staff will provide the investigator with UPDB ID numbers for the subjects who linked to UPDB, and, where relevant to the project, pedigree (relationship) information for all identified relatives of those subjects. {NOTE: This information is considered level III information.}
        3. If the researcher has approval for access to names other than those already known to the researcher, PPR staff will use the UPDB ID numbers ascertained above to provide names for those individuals who link to the subjects provided by the researcher.
      2. Studies where investigators wish to identify people, or groups of people, who meet certain research criteria.
        1. PPR staff will identify potential subjects (by ID number) according to research criteria and provide a file to the investigator.
        2. ID numbers may be used to analyze level II data, without names.
        3. The investigator may determine that s/he wishes to contact certain individuals identified through the search. If so, names may be provided directly to the investigator, if approved. Or, a third party may contact potential subjects, determine those who wish to know more about the project, and release those names to the investigator. (In either case, the protocol must be described in the study description provided to RGE. See Section II. C. below.)
    2. Procedures for assurance of database security:
      1. All printouts of names are kept in locked filing cabinets when not in use. Access to those filing cabinets is limited to those individuals who are using them for research.
      2. Disks with names are also kept in locked filing cabinets when not in use. Alternately, disks of names from UPDB may be returned to RGE/PPR after the information has been analyzed and/or downloaded.
      3. Computer files should be accessible only by members of the research group involved with each specific project. (This can usually be done by your system administrator if you are working on a departmental server.) All such files should be password protected both at the system and the file level. Identifying information will be provided in writing, on disk, or by direct file transfer; please do not email identifying information.
    3. Procedures for contacting individuals:
      1. Studies where individuals to be contacted meet some research criteria but are not previously known to the investigator:
        1. Individuals identified through Utah Cancer Registry or the Central Data Registry of Idaho must be contacted through those agencies. Contact them directly for their contact protocols.
        2. Unless a specific research request to do otherwise is approved, all other individuals identified will be contacted by RGE. A letter will be sent explaining the reason for contact, identifying the study, and inviting the potential subject to return a form indicating her/his interest in knowing more about the study. Only names of individuals who return the form indicating an interest will be provided to the researcher.
      2. Studies where some members of the family are already participating in the research:
        1. Names of family members identified solely through family history records provided by the LDS Church may not be provided to the researcher by RGE. The relationship of those individuals to persons already participating may be provided. Contact may only be made through family members already consented into the research.
        2. Permission to contact family members must be obtained from subjects already participating in the research.
      3. Studies where patients meeting some research criteria are to be recruited into a study based on results of UPDB searches:
        1. Contact must be made by the potential subject's physician or by the medical institution where the potential subject was a patient.
    4. Data to be returned to RGE (if applicable)
      1. When incorrect (or missing) information is identified regarding an individual or family relationships, or demographic information such as birth or death date, and verifiable correct information is available to the researcher, it will be provided to PPR staff.
      2. Projects may make arrangements to provide individual datasets to RGE. These data may be maintained separately, or incorporated into existing datasets if subjects have given permission to do so.
    5. Disposition of data at the end of the project.
      1. All disks/printouts containing individually identifying information will be returned to RGE on an on-going basis throughout the project (for archive or destruction);

        or

      2. All disks/printouts containing individually identifying information will be maintained by the research project until the end of the project, at which time they will all be returned to RGE for archive. If archiving is not required, the data may be destroyed, either on site or by RGE.