Third-Party Access to Existing Data Protocol

Use the "Third-Party Access to Existing Data Protocol" if you propose to access existing data about individual persons that have been collected by others and which contain personal identifiers, such as names or phone numbers. The protocol still applies even if you do not intend to use or report the personal identifiers.

The words "authorization" and "consent" are used as synonyms. The protocol outline is designed to elicit the information needed for the CSUB Institutional Review Board [IRB] to evaluate requests for waiver of authorization by individuals for use/disclosure of information about them for research purposes. The structure reflects the provisions of the federal Health Insurance Portability and Accountability Act [HIPAA] that regulates research access to protected health information. If the data requested contain protected health information, then the waiver documentation provided by the IRB will satisfy HIPAA requirements. However, at CSUB the same procedure is used to evaluate requests to waive authorization for use/disclosure of any information for research purposes, such as scores on standardized tests in the educational setting.

Note:

  1. Use of this procedure is limited to third-party access to data, that is, for a researcher to seek access to existing data collected by another entity, for example, a school or public agency providing services to the individuals whose data are requested.

  2. Waiver of authorization will be granted only if the research participants are placed at no greater that minimal risk.

  3. All protocols submitted will undergo either expedited or standard review by the IRB.

  4. If the individuals have consented that their data may be used for research purposes, then this request for waiver of authorization is not needed. However, if individuals have only consented that their data may used for purposes of program evaluation and/or providing of services, then this request for waiver of authorization is needed.


Complete a "Third-Party Access to Existing Data Protocol", describing your proposed activities. The steps are:

  1. Download the PDF form form and appended instructions to your computer,
  2. Provide the information requested in the text boxes on the cover page,
  3. Use the headings in the instructions as an outline and provide the information requested for each section of the rest of the form.
  4. Append any additional materials, such as written permission to access data, to the document.
  5. Save the document on your computer.

Submit the completed protocol to the IRB by clicking here. This protocol may be submitted at any time, although there are periodic deadlines for protocols requiring Standard Review.
Please note submissions must be through FIREFOX ONLY!

The IRB does not accept direct submissions from students. If you are a student, when your faculty research mentor is satisfied with your IRB submission materials, provide him/her with an electronic copy, completed as explained above. This document will be submitted by your faculty research mentor, using the above link. IRB reviewer feedback will be provided directly to the faculty research mentor, who will work with you on requested clarifications and revisions.

See the example protocols if needed: Third-Party Access to Existing Data Protocol: Examples

For your information, reviewers use this Third-Party Access Protocol Review Form when they review a Human Subjects Protocol.

IRB Home