Third-Party Access to Existing Data Protocol

Use the "Third-Party Access to Existing Data Protocol" [3PA] if you propose to access existing data about individual persons that have been collected by others and which contain personal identifiers, such as names or phone numbers. The protocol still applies even if you do not intend to use or report the personal identifiers.

The words "authorization" and "consent" are used as synonyms. The protocol outline is designed to elicit the information needed for the CSUB Institutional Review Board [IRB] to evaluate requests for waiver of authorization by individuals for use/disclosure of information about them for research purposes. The structure reflects the provisions of the federal Health Insurance Portability and Accountability Act [HIPAA] that regulates research access to protected health information. If the data requested contain protected health information, then the waiver documentation provided by the IRB will satisfy HIPAA requirements. However, at CSUB the same procedure is used to evaluate requests to waive authorization for use/disclosure of any information for research purposes, such as scores on standardized tests in the educational setting.


  1. Use of this procedure is limited to third-party access to data, that is, for a researcher to seek access to existing data collected by another entity, for example, a school or public agency providing services to the individuals whose data are requested.
  2. Waiver of authorization will be granted only if the research participants are placed at no greater that minimal risk.
  3. All protocols submitted will undergo either expedited or standard review by the IRB.
  4. If the individuals have consented that their data may be used for research purposes, then this request for waiver of authorization is not needed. However, if individuals have only consented that their data may used for purposes of program evaluation and/or providing of services, then this request for waiver of authorization is needed.

The 3PA form contains instructions and a link at the end that you can use to submit the completed form to the GRaSP Office.  If you are a student, you will be asked in the form to verify that your faculty research supervisor has approved the content of the form.  We suggest that you use the MS-Word version of the protocol instructions as a working document, which can be used like any MS Word document.  When all the sections of the protocol are in final form, follow the link to the actual Third Party Access to Existing Data Online Submission form, paste in all of the sections, and then submit.

See the example protocols if needed: Third-Party Access to Existing Data Protocol:  Examples

For your information, reviewers use this Third-Party Access Protocol Review Form when they review a Human Subjects Protocol.

Please contact us if it is inconvenient for you to use these online materials or you have questions:

Isabel Sumaya (Research Ethics Review Coordinator) 654-2381 or
Gwen Parnell (Research Compliance Analyst)  654-6712 or

Important Announcement

Cayuse IRB Coming this Fall 2018 - New IRB Protocol Submission Platform

cayuse horse logo