Glossary: a list of SPARCS terms and definitions. – SPARCS Support

Amendment Application: Required when making changes to a previously approved application, such as changing the Project Director, organization, data storage location, research scope, requested data files or elements.
Application Expiration: Approved applications expire 2 years after receiving the final calendar year of data. An extension of up to 1 year can be requested.
Abortion Data: Abortion-related data elements may only be released for research purposes with explicit patient consent.
Applicant: The individual or organization requesting SPARCS data.
Application Resubmission: During the review process, applicants may need to revise and resubmit parts of their application materials based on feedback from SPARCS.
ASPERA(IBM): Secure file transfer tool used to provide approved SPARCS data extracts.
Affidavit of Data Destruction: A document affirming that all SPARCS data has been properly destroyed after completing the approved research project. This is required when the data retention period expires.
Cell Size Policy: A rule prohibiting display of values <= 10 to prevent re-identification of individuals.
Completeness Review: Initial review to ensure all required application materials are fully completed.
Commissioner Approval: Final approval by the New York State Department of Health Commissioner or Commissioner's designee is required for all identifiable data requests after DGC review.
Data Extraction Criteria: Specific parameters like patient county, hospital county, age, gender etc. that SPARCS can use to extract a subset of the data to provide only the minimum necessary for the approved project.
Data Linkage: Combining SPARCS data with other data sources like vital records or cancer registries.
Data Delivery: SPARCS data files can be delivered annually or quarterly depending on approval. Initial files contain all approved years up to the latest complete calendar year.
Data Security Plan: Details on how data will be stored, accessed, and kept confidential.
Data Fees: SPARCS charges fees for data which are discounted or waived in certain circumstances.
Data Governance Committee (DGC): The committee that reviews and approves requests for identifiable SPARCS data files.
DGC Meetings: Regular meetings where the Data Governance Committee convenes to review and provide recommendations on identifiable data requests.
Data Linkage: Combining SPARCS data with other data sources.
Data Retention Period: The approved period an applicant can use the SPARCS data, initially set to 2 years after receiving the last calendar year of data.
De-identified Data: Data that does not contain identifiable patient information, also called public use data.
HIV/AIDS Data: HIV/AIDS records are redacted to HIPAA "Safe Harbor" standards and can only be released with patient consent or to authorized public health entities.
Health Data NY: The open data platform where deidentified SPARCS public use files are posted.
Indirect Identifiers: Data elements like zip codes or dates that are not direct personal identifiers but could potentially be used to re-identify individuals when combined.
IRB (Institutional Review Board): A committee that reviews research involving human subjects to ensure ethical practices.
Individual Data Use Agreement (DUA): A legally binding document that outlines rules for using and protecting data; completed by each individual data user on a project.
Identifiable Data: Data containing protected health information (PHI) or personally identifiable information (PII) that could identify patients like names, addresses, dates of birth, etc. Requires IRB approval.
Limited Data: Data containing some indirect identifiers requiring a data use agreement but redacted following HIPAA limited data standards. Does not require IRB approval.
Non-Proprietary Report Review: SPARCS reviews reports/publications prior to release to ensure adherence to approved use and small cell size policies.
Organizational Data Use Agreement (DUA): A legal agreement completed by an organization representative outlining data security and use requirements.
Personal Health Information (PHI): Health data that could potentially identify an individual patient.
Personally Identifiable Information (PII): Direct identifiers like names, addresses, dates of birth that could identify an individual.
Project Director: The person in charge of the study who will receive the data, sign data use agreements, and ensure proper data handling.
Publication Requirements: Requirement to provide SPARCS with drafts of any reports, articles or publications prior to submission that utilized SPARCS data.
Project Summary: A 1-page overview of the research goals, methodology, and use of SPARCS data.
Review and Recommendation (R&R): Document created by SPARCS staff to assist the DGC in reviewing and making recommendations on data requests.
Review Stages: The key stages in the review process include completeness review, soundness review, security review, and Data Governance Committee review (for identifiable requests).
Review Timeline: On average, review of an identifiable request takes around 5 months, while a limited request takes around 4 months, but timelines can vary from 2-18+ months depending on the complexity.
Relational Data Tables: The format in which limited and identifiable SPARCS data files are provided, consisting of 14 related data tables with a .dat file extension.
Redmine: Free and open source, web-based project management and issue tracking tool. It allows users to manage multiple projects and associated subprojects.
SPARCS: Statewide Planning and Research Cooperative System, New York's all-payer hospital discharge data system.
SPARCS Administrator: The individual responsible for overseeing the SPARCS data release process.
Security Guideline: A document outlining an organization's data security practices, completed by the IT security officer.
Security Review: Review of data security and linkage plans by a policy officer.
Soundness Review: Review by a research scientist to assess feasibility and compliance with SPARCS requirements.
NYS-S14-007 - Encryption Standard: This standard defines requirements for encryption that is used to enhance security and protect the State’s electronic data (“data”) by transforming readable information (“plaintext”) into unintelligible information (“ciphertext”).
NYS-S14-013 - Account Management Access Control Standard: This standard establishes the rules and processes for creating, maintaining and controlling the access of a digital identity to NYS applications and resources for means of protecting NYS systems and information.
NYS-S14-005 - Security Logging: This standard defines requirements for security log generation, management, storage, disposal, access, and use. Security logs are generated by many sources, including security software, such as antivirus software, firewalls, and intrusion detection and prevention systems, operating systems on servers, workstations, and networking equipment; databases and applications
NYS-S13-003 - Sanitization Secure Disposal Standard:
Information systems capture, process, and store information using a wide variety of media, including paper. This information is not only located on the intended storage media but also on devices used to create, process, or transmit this information. These media may require special disposition in order to mitigate the risk of unauthorized disclosure of information and to ensure its

confidentiality.
NYS-S14-010 - NYS Remote Access Standard: This standard establishes authorized methods for remotely accessing New York State (NYS) resources and services securely.

Access Standard

NYS-S14-007 - Encryption Standard	This standard defines requirements for encryption that is used to enhance security and protect the State’s electronic data (“data”) by transforming readable information (“plaintext”) into unintelligible information (“ciphertext”).
NYS-S14-013 - Account Management Access Control Standard	This standard establishes the rules and processes for creating, maintaining and controlling the access of a digital identity to NYS applications and resources for means of protecting NYS systems and information.
NYS-S14-005 - Security Logging	This standard defines requirements for security log generation, management, storage, disposal, access, and use. Security logs are generated by many sources, including security software, such as antivirus software, firewalls, and intrusion detection and prevention systems, operating systems on servers, workstations, and networking equipment; databases and applications
NYS-S13-003 - Sanitization Secure Disposal Standard	Information systems capture, process, and store information using a wide variety of media, including paper. This information is not only located on the intended storage media but also on devices used to create, process, or transmit this information. These media may require special disposition in order to mitigate the risk of unauthorized disclosure of information and to ensure its confidentiality.
NYS-S14-010 - NYS Remote Access Standard	This standard establishes authorized methods for remotely accessing New York State (NYS) resources and services securely.

Related articles