Is SPARC HIPAA compliant?

Can I share patient information on the SPARC portal?

❗️
No

SPARC is not HIPAA compliant and does not support the storage, processing, or sharing of Protected Health Information (PHI). While SPARC follows security and compliance best practices for HIPAA, the platform has not been audited for HIPAA attestation and does not claim HIPAA compliance from a technical or regulatory standpoint.

Investigators may need to collect human data that includes PHI for their own internal research. However, this PHI must NOT be shared on SPARC, since SPARC is for publicly accessible data and cannot take on the role of policing or managing PHI data.

It is the responsibility of investigators submitting data to SPARC to:

Determine what data can be shared
Ensure all data is De-identified before submission
Confirm that data sharing is in compliance with their Institutional Review Board (IRB) regulations

Investigators should review the data dictionaries and metadata schemas to identify any fields that may contain PHI. These fields must either be excluded or properly de-identified before submission to SPARC.

Further guidance on handling sensitive data can be found at:

HEAL: https://www.healdatafair.org/resources/sensitive-data
HHS HIPAA De-Identification Guidance: https://www.hhs.gov/hipaa/for-professionals/special-topics/de-identification/index.html#protected
NIH Genomic data sharing policy: https://sharing.nih.gov/genomic-data-sharing-policy

Updated 4 days ago

Is SPARC HIPAA compliant?

❗️
No

Further guidance on handling sensitive data can be found at:

Learn More

Policies

Help Us Improve

Stay Up-to-Date

❗️No

Further guidance on handling sensitive data can be found at:

❗️
No