COVID Screening | Upload Vaccine Card | Submit Exemption | COVID-19

Third-Party Access to Existing Data Protocol

Use the "Third-Party Access to Existing Data Protocol" [3PA] if you propose to access existing data about individual persons that have been collected by others and which contain personal identifiers, such as names or phone numbers. The protocol still applies even if you do not intend to use or report the personal identifiers.

The words "authorization" and "consent" are used as synonyms. The protocol outline is designed to elicit the information needed for the CSUB Institutional Review Board [IRB] to evaluate requests for waiver of authorization by individuals for use/disclosure of information about them for research purposes. The structure reflects the provisions of the federal Health Insurance Portability and Accountability Act [HIPAA] that regulates research access to protected health information. If the data requested contain protected health information, then the waiver documentation provided by the IRB will satisfy HIPAA requirements. However, at CSUB the same procedure is used to evaluate requests to waive authorization for use/disclosure of any information for research purposes, such as scores on standardized tests in the educational setting.


  1. Use of this procedure is limited to third-party access to data, that is, for a researcher to seek access to existing data collected by another entity, for example, a school or public agency providing services to the individuals whose data are requested.
  2. Waiver of authorization will be granted only if the research participants are placed at no greater than minimal risk.
  3. All protocols submitted will undergo either expedited or standard review by the IRB.
  4. If the individuals have consented that their data may be used for research purposes, then this request for waiver of authorization is not needed. However, if individuals have only consented that their data may be used for purposes of program evaluation and/or providing of services, then this request for waiver of authorization is needed.

The Third-Party Access to Existing Data request is submitted through the Cayuse IRB Initial form and is processed by the GRaSP Office.  If you are a student, you will be asked in the form to identify your faculty research supervisor who will automatically receive an e-mail to review and certify the content of the form. 

Third-Party Access to Existing Data Protocol:  Sample Form


For your information, reviewers use this Checklist when they review a Human Subjects Protocol.

Please contact us if it is inconvenient for you to use these online materials or you have questions:

Isabel Sumaya (Research Ethics Review Coordinator) 654-2381 or

Gwen Parnell (Research Compliance Analyst)  654-6712 or

Marianne Wilson (Research Ethics Reviewer)

New IRB Protocol Submission Platform