Document is current

Article History

Received: 4 August 2022

Accepted: 27 February 2023

First Online: 10 March 2023

Declarations

:

: TriNetX is compliant with the Health Insurance Portability and Accountability Act (HIPAA), the U.S. federal law that protects the privacy and security of health care data. TriNetX is certified according to the ISO 27001:2013 standard and maintains an Information Security Management System (ISMS) to ensure the protection of the health care data it has access to and to meet the HIPAA requirements. Any data displayed on the TriNetX platform in aggregate form or any patient-level data provided in a data set generated by the TriNetX platform only contains de-identified data as per the de-identification standard defined in Section 164.514(a) of the HIPAA Privacy Rule. The process by which the data are de-identified is attested to through a formal determination by a qualified expert as defined in Section 164.514(b) (1) of the HIPAA Privacy Rule. This formal determination by a qualified expert, refreshed in December 2020, supersedes the need for TriNetX’s previous waiver from the Western Institutional Review Board (IRB). The TriNetX network contains data provided by participating HCOs, each of which represents and warrants that it has all necessary rights, consents, approvals, and authority to provide the data to TriNetX under a business associate agreement (BAA), so long as their name remains anonymous as a data source and their data are utilized for research purposes. The data shared through the TriNetX platform are attenuated to ensure that they do not include sufficient information to facilitate the determination of which HCO contributed which specific information about a patient [].

: Not applicable.

: The authors declare that they have no competing interests.