IRB Approval & HIPAA Regulations

Researchers who wish to use the SEER-Medicare data are required to obtain IRB approval prior to SEER-Medicare data being released to them. A full IRB review is not required. Many IRBs, including NIH's Office of Human Subjects Research, have determined that the SEER-Medicare data are exempt (45 cfr 46.101(b)(4)).

Researchers who wish to use the SEER-Medicare data may have concerns about complying with the Health Insurance Portability and Accountability Act (HIPAA) regulations. The SEER-Medicare data contain information about geographic location at the county level as well as dates of receiving health care services. Because of these variables, the SEER-Medicare data are considered by HIPAA requirements as a limited data set, which requires that investigators sign a Data Use Agreement prior to receiving the data. This exception allows for the release of the SEER-Medicare data without obtaining authorization from individual patients (see Federal Register, August 14, 2002, pg 53235). However, because the SEER-Medicare data are a limited data set, investigators who have the data may not share these files with other investigators. Investigators who are contacted by colleagues who wish to use their data should ask their colleagues to contact SEER-Medicare.