Data requests can provide record-level data not usually available through public records requests, and may be confidential or protected, subject to usage agreements.
A data request involves any application for agency-held data not sought through the public records request process. Unlike public records requests, data requests can provide access to record-level data that is confidential or protected under federal and/or state law subject to the requestor abiding by set conditions. These conditions depend on the type of data requested, the amount of data requested, the organization making the request, and the purpose for which the data is to be used.
Birth and death certificates and other vital records are not available through data requests. These can be obtained through our Vital Records Office. Find out more
Personal medical records from visits to MSDH county clinics must be obtained through our Epic service: call 601‑576‑7267.
Make a Data Request
Request data through our online form:
Some data requests may incur a fee, require additional documentation from the requestor, or mandate signing of a data use agreement (DUA) or similar agreement.
Costs
In some cases, you will be required to pay for costs of retrieval, depending factors such as time to gather the data and the type of data requested. Cost is determined by the agency on a case-by-case basis. In addition, all costs must be paid and/or agreements signed before the agency will commence with gathering the requested data.
Agreements We May Require
If the data you request is public
You may be asked to sign a Memorandum of Understanding (MOU). This is normally a brief document (2-3 pages) setting forth any basic responsibilities of the agency and the requestor for the provision and use of the data shared. MSDH will seek to institute an MOU for the request of public data only in certain situations.
If the data you request is confidential or protected
You may be required to sign one or more of the following:
Memorandum of Understanding (MOU): As with a request for publicly-available data, this is normally a brief agreement (2-3 pages) setting forth any basic responsibilities of the agency and the requestor in terms of the provision and use of the data provided.
Business Associate Agreement (BAA): A "business associate" is a person or entity that performs certain functions or activities on behalf of, or provides services to, MSDH that involve the use or disclosure of protected health information (PHI). Under this type of agreement, a business associate is essentially an extension of the agency and working on its behalf. As such, the business associate must adhere to certain requirements required by the agency to maintain the security and privacy of PHI.
Limited Data Set Data Use Agreement (LDS DUA): Under HIPAA, an LDS DUA must be signed when certain types of PHI are shared with the requestor by the agency. A limited data set is a set of identifiable healthcare information that HIPAA permits the agency to share with certain entities for certain purposes. Unless you are able to obtain prior authorization from a patient to access their PHI, a requestor may only use the limited data set for one of the following:
- research purposes,
- public health activities, or
- healthcare operations
Non-Disclosure Agreement (NDA)/Confidentiality Agreement: In certain cases, an NDA or other form of confidentiality agreement may be more appropriate to ensure the privacy and security of shared confidential data.
General Data Use Agreement (DUA): In some cases, where more than a limited data set is requested, a general DUA may be required to obtain PHI for a purpose allowed under HIPAA.
If the data is requested for research
In accordance with federal research regulations, in order to obtain data protected under HIPAA or other privacy laws for research purposes, the requestor must provide documentation of review of their research by an authorized Institutional Review Board (IRB). To obtain HIPAA-covered data, unless granted an exemption by federal regulations, the requestor must include with this documentation the requisite HIPAA authorizations (using authorization forms approved by the IRB) or a waiver of HIPAA authorization. In nearly all cases, MSDH will also require the requestor to sign a limited data set or general DUA before sharing HIPAA-covered data.
All requests for confidential data require legal approval before release, and some requests may be denied in whole or in part if MSDH is legally prohibited from releasing the requested data.
For questions about data requests, contact David Trewolla, Director of Data Governance: David.Trewolla@msdh.ms.gov