Collection Access Policy

General Overview

Archival records must be used in the reading room of the Archives, except that the office of record may retrieve material from its files for reference. The office of record is the office responsible for the creation of the records or the appointment of the committee or other group that created them. 

When possible, Archives staff will allow full and unfettered access to its holdings. Some items, however, must be restricted for a variety of reasons including the Family Education Rights and Privacy Act of 1974/1976 (FERPA), and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The primary reason for restricting access to documents is to protect the privacy of individuals. Other materials might be restricted because of university records policies or stipulations by the donor. Below are descriptions of common categories of restricted materials in our collections. 

University administrative records

These include records of the officers of the University, as defined in the Bylaws, the deans of schools and colleges, and departments, institutes, and other offices as designated by the President. For a period of twenty-five years from the origin of the material, permission in writing from the director of the office of record and the University Archivist is required for use. After twenty-five years, records that have been processed may be consulted with the permission of the University Archivist (Issued by the Office of the Chancellor, December 1, 1975).

Records of the Board of Trustees

These include minutes and supporting documentation of the Board, its Executive Committee, and standing and ad hoc committees, and reports, studies, and the like presented solely to the Board. Records which have been existence for at least fifty years are available for scholarly research with the permission of the University Archivist. Access to records which have been in existence for less than fifty years shall be granted only by special permission, in writing, of the Board of Trustees (Duke University Board of Trustees, Minutes, February 24-25, 1989).

Student records

In accordance with the Family Education Rights and Privacy Act of 1974/1976 (FERPA), Duke University permits students to inspect their education records and limits the disclosure of personally identifiable information from education records. Education records include those records which contain information directly related to a student and which are maintained as official working files by the University. The web site of the Office of the Registrar has the official statement of the University's policy and procedures under FERPA.

Medical records

The Medical Center Archives is not the official repository for inactive medical records. All inquiries regarding such records should be directed to Health Information Management at 919-684-1700.

Access to records containing protected health information (PHI) held by the Duke University Medical Center Archives (Archives) is regulated by the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). 

The HIPAA Privacy Rule lists 18 identifiers that must be removed to de-identify data:

  • Names
  • All elements of a street address, city, county, precinct, zip code, & their equivalent geocodes, except for the initial three digits of a zip code for areas that contain over 20,000 people
  • All elements of dates (except year) for dates directly related to the individual, (e.g., birth date, admission/discharge dates, date of death); and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
  • Telephone numbers
  • Fax numbers
  • E-mail address(es)
  • Social security numbers
  • Medical record numbers
  • Health record numbers
  • Account numbers
  • Certificate/license numbers
  • License plate numbers, vehicle identifiers, and serial numbers
  • Device identifiers and serial numbers
  • URL addresses
  • Internet Protocol address numbers
  • Biometric identifiers, including finger, and voice prints
  • Full face photographic images and comparable images
  • Any other unique identifying number except as created by the Institute for Human Studies (HIS) to re-identify the information

If you are interested in accessing materials with PHI within our collections, there are a few options for access listed below. Please contact the Archives to discuss your specific requirements and options.

1) De-identification/Redaction - Records containing PHI are made accessible for researchers through the removal of the 18 identifiers.  

2) Limited Data Set (LDS) - PHI that excludes the following direct identifiers of the individual or of relatives, employers, or household members of the individual. This needs Institutional Review Board (IRB) review and requires a Data Use Agreement (DUA) - an agreement required by the Privacy Rule between a covered entity and a person or entity that receives a limited data set. The DUA must state that the recipient will use or disclose the information in the limited data set only for specific limited purposes.

3) Waiver of Authorization - When obtaining subject/participant authorization is "impracticable," the IRB may approve a waiver of authorization for a researcher to use and disclose PHI. The purposes of the research must be described in a waiver application and the IRB must determine that the researcher has satisfied all Privacy Rule requirements for the waiver.

Some other considerations

  • Advance notice is required to use records that are stored off site.
  • Individuals or organizations donating material to the Archives may set conditions on use.
  • Fragile or unprocessed materials may be closed at the discretion of the Medical Center Archivist.