The goal of the policies on administration of clinical records databases in the Department of Radiation Oncology is to facilitate an efficient access to accurate and up-to-date records for clinical research and for treatment process improvement; while ensuring integrity and security of data, protection of patient privacy in compliance with HIPAA, and scientific integrity of research.

The following policies should be implemented and observed:

1. The Department owns all clinical data that are generated in the Department.
2. Databases of clinical data are stored on Departmental servers maintained and administered by the Division of Biostatistics and Biomathematics.
3. Access to databases is password-protected.
4. Passwords are issued only to individual users and cannot be shared.
5. Users have different levels of access rights, depending on user, database, and time period. The different levels of access rights are: ability to read part of the data, read all data, approve records, add new records, modify data.
6. Adding new records to databases and modifications to the data is reserved for the staff of the Division of Biostatistics and Biomathematics.
7. Residents and fellows may be granted only read access to the part of the database.
8. Senior physicians responsible for studies will have the access right to review and approve the data pertaining to their studies.
9. Patient sensitive data, protected by HIPAA regulations, will be stored in separate tables. The access rights to these data will be limited to authorized personnel.
10. If the data are to be shared with other Departments or institutions, approval must be obtained from the Director of Biostatistics and Biomathematics. Data must be stripped of data elements proscribed by HIPAA regulations.