Non-Government Agency MA APCD Requests

MA APCD Application resources


This webpage provides step-by-step instructions for non-government entities which would like to apply for MA APCD data. 


If, after reviewing the application information and resources in the blue box to the right and the instructions below, you need additional help with your application or if you have any other questions about the MA APCD, please email


APCD Gov Steps


Step 1: Formulate the Data Request; Review the Security Questions; Review the Template Data Use Agreement

Prior to submitting an APCD Data Request and Data Management Plan to CHIA, applicants are strongly encouraged to review all of the documents associated with data release (Data Request Form, Data Management Plan, template Data Use Agreement, Data Fee Schedule/Fee Waiver Criteria) and to identify any questions they have concerning the forms or requirements. Applicants should expect to be required to agree to the provisions contained in the template Data Use Agreement posted on the CHIA website.

CHIA staff are happy to answer your questions prior to the submission of application documents and can provide assistance with, among other things:

  • Identifying the best ways to tailor Data Requests to maximize the appropriate use of CHIA data;
  • Understanding CHIA’s data privacy and security requirements and how they affect access and use of protected health information and other types of sensitive data;
  • Understanding the potential uses – and limitations on uses – of CHIA’s data products;  
  • Calculating fees or, if seeking a waiver, providing background information required to support a fee waiver request; and,
  • Setting up an account with IRBNet, which is used for submitting Data Requests and Data Management plans.

For information about the APCD and the application process, email


Step 2: Submit a Data Request, Data Management Plan, Fee Remittance Form or Fee Waiver Request Form

In order to access CHIA data, applicants must submit a written Data Request Form, a Data Management Plan, and a Fee Remittance/Fee Waiver Request Form to CHIA using IRBNet.   An IRBNet account can be created through and affiliated with the Massachusetts Center for Health Information and Analysis once logged in. See "How to Submit an Application on IRBNET."

Applicants seeking a fee waiver should submit their waiver request with their initial application.  If the proposed project depends on waiver of the data fees, the application materials will not be reviewed until the fee waiver issue is resolved.

After an initial screening to ensure the Data Request and Data Management Plan forms are complete, and that the applicant is seeking to use the appropriate dataset(s) for the proposed project, the applications will be forwarded to CHIA Legal to review for compliance with regulatory and other legal requirements.   


Step 3: Consultations with Technical Specialists, as Needed, During Review of Data Request and Data Management Plan

CHIA Legal will assign Technical Specialists with expertise in data privacy and security to review the application materials.  The Technical Specialists will work with applicants to refine Data Requests and Data Management Plans to ensure they meet legal and regulatory requirements.  The length of this review period depends on the complexity of the request and the sensitivity of the data sought.

A Data Request will advance to CHIA’s Data Privacy Committee when the Technical Specialist has sufficient information to make a recommendation as to whether the data requested are the minimum necessary to achieve the proposed objectives and whether the risk of re-identification of individual patients has been minimized and appropriately balanced with project needs.  The information required to make such recommendations includes, among other things:  a description of the specific uses of the APCD data and of the proposed research methodology; specific justifications for the data elements requested; and detailed information regarding any proposed linkages. 

Similarly, the Data Management Plan is ready to advance for Data Privacy Committee review when the technical specialist has sufficient information to make a recommendation as to whether the applicant has submitted an adequate plan to safeguard any CHIA data that may be released. The information required to make such a recommendation is described in the Data Management Evaluation Guide.


Step 4: Committee Review

Pursuant to 957 CMR 5, CHIA’s Data Release Regulation, most non-governmental requests for data are required to be reviewed by an internal Data Privacy Committee and an external Data Release Committee.  The committees are charged with determining whether the proposed use of CHIA data meets the criteria described in 957 CMR 5.06(10).

The Executive Director considers the committees’ recommendations and approves or denies each request for data.

Applicants seeking Medicaid data also will be required to establish, to MassHealth’s satisfaction, that the proposed use of the data is directly connected to the administration of the Medicaid program.  CHIA works with MassHealth to coordinate MassHealth review of requests for Medicaid data.


Step 5: Execute a Data Use Agreement

Prior to release of the data, the applicant must execute CHIA’s data use agreement.  The data use agreement will include the approved application and data management plan.  CHIA does not accept comments or revisions to its data use agreement.  Data Applicants should consider consulting their legal or compliance office for DUA assessment before they submit an application for review. Please watch a short video, Data Use Obligations of Recipients of CHIA Data, intended for researchers holding and using CHIA confidential data.


Step 6: Data Released

IT processes the data extract.Once the extract is completed, CHIA ships the data extract with the final approval letter signed by the Executive Director to the data recipient.


Please Note:

The data contained in the APCD and Case Mix databases include highly sensitive personal information and Protected Health Information, the release of which is restricted by state and federal laws and regulations.  The application process has been designed to help applicants prepare applications that will allow for the release of data while protecting patient privacy.  For this reason, applicants should familiarize themselves with CHIA’s APCD and Case Mix Data Release Regulation (957 CMR 5.00) and the forms and other background information referenced above.  CHIA looks forward to working with you to ensure that your application receives a thorough and timely review.  Applicants should expect the application review and approval process to take several months, depending on the complexity or novelty of the request, and the amount of work required to ensure legal and regulatory requirements have been satisfied.