Publication Guidelines

TriNetX is compliant with the Health Insurance Portability and Accountability Act (HIPAA), the US federal law which protects the privacy and security of healthcare data. TriNetX is certified to the ISO 27001:2013 standard and maintains an Information Security Management System (ISMS) to ensure the protection of the healthcare data it has access to and to meet the requirements of the HIPAA Security Rule.

Any data displayed on the TriNetX Platform in aggregate form, or any patient level data provided in a data set generated by the TriNetX Platform, only contains de-identified data as per the de-identification standard defined in Section §164.514(a) of the HIPAA Privacy Rule. The process by which the data is de-identified is attested to through a formal determination by a qualified expert as defined in Section §164.514(b)(1) of the HIPAA Privacy Rule. This formal determination by a qualified expert, refreshed in December 2020, supersedes the need for TriNetX’s previous waiver from the Western Institutional Review Board (IRB).

The TriNetX network contains data provided by participating Healthcare Organizations (HCOs), each of which represents and warrants that it has all necessary rights, consents, approvals and authority to provide the data to TriNetX under a Business Associate Agreement (BAA), so long as their name remains anonymous as a data source and their data are utilized for research purposes. The data shared through the TriNetX Platform are attenuated to ensure that they do not include sufficient information to facilitate the determination of which HCO contributed which specific information about a patient.

When publishing using data from the TriNetX network or TriNetX as a method, the following guidelines must be adhered to:

Network to be used
The TriNetX data networks for scientific use and publications include Dataworks, Diamond, TriNetX Research, COVID-19 Rapid Response, and COVID-19 Research Network. In reasonable exceptional cases (e.g., if the topic of the project is related to clinical trials or validation of the network for use in clinical trials), other regional networks can be used. The specific network(s) used in the analysis should be disclosed in the methods section of the publication.

Use of the appropriate network
Contracts with TriNetX member HCOs do not always allow the use of their data for publications. Therefore, during review of the manuscript and discussion with the author, clarification should be sought whether the appropriate network was used for the scientific project to be published. 

Information not to disclose
HCO names or HCO-specific data

Unless the publication is initiated and authored by a HCO, no HCO-specific data should be shown in any publication, not even in an anonymized way (e.g., “site 1, site 2, site 3, etc.”). All results must be shown as aggregated statistics only.

Platform Screenshots

Screenshots of the platform are confidential and should not be used in any publication without express consent from the TriNetX Legal Department. If permission is granted, the TriNetX Legal Department shall provide the appropriate language relating to said screenshot(s). 

Citing TriNetX
TriNetX, LLC should be mentioned in the methods section. A suggested adequate general description would read:

“The data used in this study was collected on [INSERT DATE OF ANALYSIS OR DATE OF DATA DOWNLOAD] from the TriNetX [INSERT NETWORK NAME] Network, which provided access to electronic medical records (diagnoses, procedures, medications, laboratory values, genomic information) from approximately [##] million patients from [##] healthcare organizations. TriNetX, LLC is compliant with the Health Insurance Portability and Accountability Act (HIPAA), the US federal law which protects the privacy and security of healthcare data, and any additional data privacy regulations applicable to the contributing HCO. TriNetX is certified to the ISO 27001:2013 standard and maintains an Information Security Management System (ISMS) to ensure the protection of the healthcare data it has access to and to meet the requirements of the HIPAA Security Rule. Any data displayed on the TriNetX Platform in aggregate form, or any patient level data provided in a data set generated by the TriNetX Platform, only contains de-identified data as per the de-identification standard defined in Section §164.514(a) of the HIPAA Privacy Rule. The process by which the data is de-identified is attested to through a formal determination by a qualified expert as defined in Section §164.514(b)(1) of the HIPAA Privacy Rule. Because this study used only de-identified patient records and did not involve the collection, use, or transmittal of individually identifiable data, this study was exempted from Institutional Review Board approval”

 

Please direct any additional questions related to publishing with TriNetX to your institution’s account manager or healthcare partnership manager.