Background: Researchers are increasingly collecting large amounts of de-identified data about individuals to address important health-related challenges and answer fundamental questions. Current US federal regulations permit researchers to use already collected and stored de-identified health-related data from a variety of sources without seeking consent from patients. While multiple studies have explored patients’ views on the sharing of their health-related data, few have investigated their views on the policies and processes institutions have in place or should have in place for accessing, using, and sharing of data.Methods: We conducted 5 with individuals who live within a 20-mile radius of the local academic medical center. In addition, in order to increase the number of participants younger than 45 years of age, we held a focus group with undergraduates at a local university. Transcripts were analyzed using content analysis. The codebook was revised and refined, codes clarified, and disagreements resolved through discussion.Results: A total of 37 individuals participated, ages 18-76. Most participants were not surprised that researchers accessed and used de-identified personal information for research. For participants, transparency was key. They wanted to know when their data were accessed, for what purpose, and by whom. However, for some participants, just knowing their data had been accessed and used was not enough. Rather they wanted to have some control over the use of their data valuing the chance to opt-out. That said, wanting some control didn’t conflict with participants’ support of the use of their data for research. Most participants trusted their local academic medical institution, but were less trusting of other academic medical institutions and commercial entities. Finally, participants supported establishment of an advisory council or group with responsibility for deciding what data were used, who was accessing those data, and whether data could be shared. Conclusions: The trust people have in their local institutions should be considered fragile, and institutions should not take that trust for granted. How institutions choose to govern patients’ data and what voices they include in decisions about use and access are critical to maintaining the trust of the public.