Publication Guidelines

TriNetX is compliant with the Health Insurance Portability and Accountability Act (HIPAA), the US federal law which protects the privacy and security of healthcare data. TriNetX is certified to the ISO 27001:2013 standard and maintains an Information Security Management System (ISMS) to ensure the protection of the healthcare data it has access to and to meet the requirements of the HIPAA Security Rule.

Any data displayed on the TriNetX Platform in aggregate form, or any patient level data provided in a data set generated by the TriNetX Platform, only contains de-identified data as per the de-identification standard defined in Section §164.514(a) of the HIPAA Privacy Rule. The process by which the data is de-identified is attested to through a formal determination by a qualified expert as defined in Section §164.514(b)(1) of the HIPAA Privacy Rule. This formal determination by a qualified expert, refreshed in December 2020, supersedes the need for TriNetX’s previous waiver from the Western Institutional Review Board (IRB).

The TriNetX network contains data provided by participating Healthcare Organizations (HCOs), each of which represents and warrants that it has all necessary rights, consents, approvals and authority to provide the data to TriNetX under a Business Associate Agreement (BAA), so long as their name remains anonymous as a data source and their data are utilized for research purposes. The data shared through the TriNetX Platform are attenuated to ensure that they do not include sufficient information to facilitate the determination of which HCO contributed which specific information about a patient.

When publishing using data from the TriNetX network or TriNetX as a method, the following guidelines must be adhered to:

Network to be used
The TriNetX data networks for scientific use and publications include Dataworks, Diamond, TriNetX Research, COVID-19 Rapid Response, and COVID-19 Research Network. In reasonable exceptional cases (e.g., if the topic of the project is related to clinical trials or validation of the network for use in clinical trials), other regional networks can be used.

Use of the appropriate network
Contracts with TriNetX member HCOs do not always allow the use of their data for publications. Therefore, during review of the manuscript and discussion with the author, clarification should be sought whether the appropriate network was used for the scientific project to be published.

Information not to disclose
Unless the publication is initiated and authored by a HCO, no HCO-specific data should be shown in any publication, not even in an anonymized way (e.g., “site 1, site 2, site 3, etc.”). All results must be shown as aggregated statistics only.

Citing TriNetX
TriNetX should be mentioned in the methods section. A suggested adequate general description would read:

“TriNetX, a global health research network provided access to electronic medical records (diagnoses, procedures, medications, laboratory values, genomic information) from approximately [##] million patients from [##] healthcare organizations with [INSERT COHORT DEFINITION]. TriNetX is compliant with the Health Insurance Portability and Accountability Act (HIPAA), the US federal law which protects the privacy and security of healthcare data. TriNetX is certified to the ISO 27001:2013 standard and maintains an Information Security Management System (ISMS) to ensure the protection of the healthcare data it has access to and to meet the requirements of the HIPAA Security Rule. Any data displayed on the TriNetX Platform in aggregate form, or any patient level data provided in a data set generated by the TriNetX Platform, only contains de-identified data as per the de-identification standard defined in Section §164.514(a) of the HIPAA Privacy Rule. The process by which the data is de-identified is attested to through a formal determination by a qualified expert as defined in Section §164.514(b)(1) of the HIPAA Privacy Rule.”