When using any EPIC tools or data for research purposes, you are responsible for ensuring all compliance regulations are met. An active, approved IRB protocol outlining research activities is required. Protocol requirements include, but are not limited to, mention of EMR/EHR use, specific data being collected/used, and individuals who will be working with the research data. In addition, HIPAA provisions must be included in the protocol (see https://o2.ohsu.edu/information-technology-group/information-privacy-security-ips/privacy/hipaa-and-research.cfm#_waiver). Use of Epic tools and data for research will be audited and misuse will result in disciplinary action. If there are questions about the use of EPIC tools or data for research, contact the Research Data Concierge for reporting or the Epic for Research team for all other uses. Research use of data from non-OHSU service areas (e.g. HMC, MCMC, Adventist) is restricted. Care should be taken to exclude data from non-OHSU service areas. Data from those service areas cannot be used for research without an agreement from those service areas. The main site for OHSU Health Partner Research can be found here: https://www.ohsu.edu/research-innovation/research-ohsu-health-affiliates