Data Use Agreement
Definition
A Data Use Agreement (DUA) is a legally binding, contractual document used for the transfer of data that has been developed by nonprofit, government or private industry to an outside agency, where the data is nonpublic or is otherwise subject to some restrictions on its use [1]. This is often employed when the data contains patient identifiable information whose release would violate Health Insurance Portability and Accountability Act (HIPAA) regulations.
Example
For example, researchers must sign a data use agreement before accessing the Surveillance, Epidemiology, and End Results Program database, thus agreeing to comply with HIPPA regulations (see SEER Data Use Agreement). Researchers agree not to: 1) Attempt to identify individual patients, 2) Publish data that could be linked to individual patients, and 3) Link the data to another database.
Elements [2]
- Name
- Legal Authority for Data Use
- Program Authority for Data Use
- Purpose
- Background
- Mutual Interest of Entities
- Responsibilities of Entities
- Funding Information
- Costs and Reimbursement
- Custodian of Data
- Agency Point of Contact (Project Officer)
- Data Security Procedures
- Inspecting Security Arrangements
- Data Transfer, Media and Methods for the Exchange of Data
- Reporting Requirements
- Records Usage, Duplication, Re-disclosure Restrictions
- Record Keeping, Retention and Disposition of Records
- Potential Work Constraints
- Ownership
- Conditions for Reporting Results and Public Release of Data
- Policy and procedures for releasing data to researchers
- Penalties for Unauthorized Disclosure of Information
- Term of the Agreement
- Constraints, including Performance standards, DUA Review Procedures, Audit Clause, Liability
- Issues, Definition of a Breach
- Resolution of Conflicts
- Concurrences, including Third Party Concurrence
