According to both CO APCD statute and HCPF rules, all data release applications must be submitted in writing and describe in detail:
- The purpose of the project and intended use of the data.
- Methodologies to be employed.
- Type of data and specific data elements requested along with justification.
- Qualifications of the research entity requesting the data.
- The specific Privacy and Security measures that will be employed to protect the data.
- Description of how the results will be used, disseminated or published.
The DRRC reviews the data release applications and recommends whether the Administrator should release the data.