The Data Privacy Committee (DPC) reviews, provides guidance, and approves use of PHI, PII, and other forms of sensitive data. Uses of data include but are not limited to clinical, research, educational, and administrative purposes. DPC can help with:
- De-identification
- Honest brokering of electronic patient data
- Business associate agreements
- Data use agreements
- Multi-institutional data sharing
- IRB reliance agreements
- Moving data from one institution to another
- Storing data in public repositories (e.g., dbGap)
- Secure file storage
- HIPAA Privacy and Security Rules
- FERPA
- HITECH
- GDPR
- Common Rule
- Conflicts of interest
- IRB submission guidance
- Sharing of data with a commercial entity
To request a DPC review, please email dataprivacy@med.cornell.edu and include the following: type of data, purpose of use, sharing with internal/external entities (with contact information).