Skip to main content Skip to secondary navigation
Peter Wegner, ''Monument to Change as It Changes"

If your question is not addressed here, please request a consultation.

FAQ

Main content start

What are the common research regulations?

For typical research, the one stop shop is often the Research Compliance Office (RCO). Researchers must first submit an eProtocol. Depending on the nature of the protocol, the IRB will request the researcher to follow specific steps. Once all IRB required steps are completed, you can request access to data. If you are sharing data with non-Stanford researchers, there are other procedures. 

Learn more about Stanford guidelines and procedures

What if the data I need is not easily available through University tools?

If you are requesting access to specific Hospital applications, including EPIC, for the purpose of research,  first follow IRB requirements and sign the Data Privacy Attestation.  In your IRB Protocol, navigate to the “Confidentiality Protections” section and click the link marked “Data Privacy Attestation” that appears in the question description.  If you have a Chart Review protocol, this will be section 3a.  If Expedited Medical, it will be section 11b.  Please take a copy of your IRB approval, any additional IRB required attestations, Data Privacy Attestation, and if applicable, the EHR access privilege memo that indicates the data you need is not readily available through University tools and reach out to the SHC/SCH Compliance and Privacy Office at PrivacyOfficer@stanfordhealthcare.org and provide them with a copy of these documents so that they can assist you in obtaining the data requested in a compliant manner. 

Do I need a Data Risk Assessment (DRA)?

STARR data is patient data. Patient data is sensitive data. It is either High Risk PHI or High Risk (not PHI) and is a few cases Moderate Risk. If you are receiving data from Research IT or Research Informatics Center and your workflow is strictly limited to Nero computing, SoM Box, REDCap and Stanford encrypted laptops, you do not need a DRA. These workflows are pre-approved. If the STARR data in de-identified, it can be Moderate Risk or High Risk. It is High Risk when the de-identified data contains clinical notes or DICOM images. If your data is a Limited Data Set, it is High Risk PHI. To learn more about risk classifications, please visit Risk Classification website.

The Data Risk Assessment is per dataset and research access workflow.  If you are not sure or you have any doubts, submit a DRA application. In most cases, the DRA review results in a recommendation that the underlying systems and workflows need to meet minimum privacy requirements and minimum security requirements. You are responsible for meeting these requirements.

Is there a shared computation environment that I can use?

Patient data, even when de-identified, is highly sensitive. When combined with public data, de-identified data can be re-identified. Loss of patient data can lead to privacy breach. Stanford Privacy Office determines that certain types of patient data are Moderate Risk and others are High Risk or PHI. Stanford Research Computing supports shared computing resources for Stanford researchers. These resources are suited to different data risk classifications.

  • Nero: This is the preferred environment when working with patient data. Nero is a High Risk and PHI compliant shared computing infrastructure with on-premise and Cloud computing systems. Nero platform is geared for team science with its Jupyter Notebook environment. This environment is suitable for researchers using PHI or de-identified unstructured data such as clinical notes or DICOM images.
  • Sherlock: This is a Moderate Risk compliant shared computing infrastructure with on-premise High Performance Computing system. This environment is suitable for researchers using structured and de-identified EHR data and de-identified genomics data. Please make sure your STARR dataset is classified Moderate Risk before using Sherlock. If you are not sure, consult with University Privacy Office or Information Security Office or Stanford Research Computing team before using Sherlock.

Is there a cost of getting access to STARR data?

Where self-service tools are insufficient, researchers can request appropriate data via a consultation service. Research IT and Research Informatics Center collaborate to help researchers acquire patient data that are not available in STARR self service tools or in STARR. The first hour of consultation service is subsidized by SoM Dean's office. Some of the subsequent services continue to be subsidized. The researcher will be advised of the costs during the consultation process.

Request a consultation

How do I acknowledge STARR in publications?

Office of the Senior Associate Dean for Research (SADR) would like the research community to use the following acknowledgement.

“This research used data or services provided by STARR, “STAnford medicine Research data Repository,” a clinical data warehouse containing live Epic data from Stanford Health Care, the Stanford Children’s Hospital, the University Healthcare Alliance and Packard Children's Health Alliance clinics and other auxiliary data from Hospital applications such as radiology PACS. STARR platform is developed and operated by Stanford Medicine Research IT team and is made possible by Stanford School of Medicine Research Office.”