Releasing Data to Other Parties
There are multiple federal regulations that impact your ability to release data outside your institution (to a sponsor, to another researcher, etc). There are a variety of factors that determine whether or not the release is permissible.
- Is there a consent/authorization? If so, what did the research subject consent to/authorize?
- Is the data that you wish to release unequivocally anonymous, or is it possible to trace the data back to the subject? HIPAA standards apply, so dates, diagnosis, location (e.g. Shands @ UF), etc may make the data identifiable.
- If data was obtained under an IRB approved waiver are you tracking disclosures of PHI per HIPAA regulations?
There are a variety of very serious factors that impact your ability to release data to outside parties. You should contact the IRB prior to proceeding with a release of data UNLESS (a) your subject signed an IRB approved consent document with HIPAA compliant authorization language that clearly details what information will be collected, used, and disclosed and (b) the outside party is specified in the document.