What Is a Dua Agreement

Require the recipient to take appropriate security measures to prevent unauthorized use or disclosure not provided for in the Agreement; A Data Use Agreement (DUA) is an agreement required under the confidentiality rule and must be entered into before a limited record (defined below) is used or shared with an external institution or party. A limited record is always protected by Health Information (PHI), and for this reason, covered companies like Stanford must enter into a data use agreement with each recipient of a limited Stanford record. Yes, you will need both a Data Use Agreement (DUA) and a Business Partnership Agreement (BAA) because the covered entity (covered entity affiliated with Stanford University) provides the recipient with PSRs, which may contain direct or indirect identifiers. For this reason, a BAA may be required before we transmit the direct identifiers to the recipient outside of Stanford. prohibit the recipient from further using or disclosing the information, except to the extent permitted by contract or otherwise permitted by law; Since these agreements are not directly related to funding, we call them “unfunded agreements” or UFAs. A data use agreement specifies who can use and receive LDS, as well as the uses and disclosures authorized of that information by the recipient, and provides that the recipient: require recipients to ensure that all agents (including subcontractors) to whom they disclose the information accept the same restrictions as those set out in the agreement; and a Data Use Agreement (DUA) is a contractual document used for the transfer of data developed by non-profit, governmental or private companies when the data is not public or otherwise subject to certain restrictions on its use. Often, this data is a necessary part of a research project and may or may not be human data from a clinical trial or a limited dataset according to HIPAA. Universities will want to ensure that the terms of the DUA protect confidentiality as necessary, but allow for the appropriate publication and dissemination of research results in accordance with university guidelines, applicable laws and regulations, and federal requirements. DUAs are similar to confidentiality agreements in that they restrict the use and disclosure of the record and, in some cases, a CDA format can be used as a starting point to create a DUA suitable for data transfer. Many sponsored research projects require that project data be made available to the public.

Data Use Agreements (DUAs) can be transmitted to the ORSP for processing via the Unfunded Agreement (UFA) Online Research Proposal Management System (eRPM). A limited record is a record that is exempt from certain direct identifiers specified in the privacy policy. A limited data set may only be shared with an external party without a patient`s permission if the purpose of the disclosure is for research, health or health purposes and the person or company receiving the information signs a Data Use Agreement (DUA) with the collected company or its business partner. The following page provides useful information about the people who internally manage different types of DUAs and other agreements at Stanford: ico.sites.stanford.edu/who-will-handle-my-agreement No, disclosure of “limited records” is not subject to HIPAA accounting for disclosure requirements. DHHS has taken the position that the privacy of individuals with respect to PSR disclosed in a “limited record” can be adequately protected by a single DUA. Each DUA should include at least provisions that address the following: Here are some quick links to eRPM Job AIDS to help you. If you have any further questions, please contact your project staff (PR). ORSP data search specialists can help U-M professors, units, and administrators to: When you`re ready, transfer your DUA to ORSP using the Electronic Search Proposal Management System (eRPM or eResearch) for URKA.

If Stanford is the provider of a limited dataset, Stanford requires a DUA to be signed to ensure that the appropriate provisions to protect the limited dataset are in place. Here are the contacts for different types of research: In addition, affected companies like Stanford must take all reasonable steps to remedy a recipient`s violation of the DUA. For example, if Stanford learns that the data it has provided to a recipient is being used in a way that is not authorized under the DUA, Stanford must work with the recipient to resolve that issue. If these efforts fail, Stanford would be required to cease all further disclosure of PHI to the recipient under the DUA and report the matter to the Office of Civil Rights of the federal Department of Health and Human Services. It is useful to clarify whether the data that needs to be shared goes to U-M or to an external entity. Require the recipient to notify the covered entity of any use or disclosure of which it is aware; *Subject to the sponsor`s requirements and/or changes to the PSO procedure. A Data Use Agreement (DUA) is a contractual document used for the transfer of non-public or restricted data. Examples include datasets from government agencies, institutions, or companies, information about student records, and existing data from human research objects.

ORSP supports U-M researchers and research administrators with questions about data sharing. ORSP DUA specialists can help you in the following areas: If a Stanford researcher is the recipient of a limited dataset from a source other than Stanford, the Stanford researcher may be asked to sign the other party`s DUA. In such a case, the Stanford researcher should consult with the relevant outsourcing office to determine whether it is substantially equivalent to the Stanford DUA. An affected company (such as Stanford) can use a member of its own workforce to create the “limited data set.” On the other hand, the recipient can also create the “limited registration” as long as the person or entity acts as a business partner of the covered entity. determine the permitted uses and disclosures of the limited data set; This means that for a dataset to be considered a limited dataset, all of the following direct identifiers relating to the individual or their relatives, employers, or household members must be removed: The source material for these guidelines was provided by the University of Wisconsin-Madison Education and Social/Behavioral Science IRB. IRB UMass would like to thank you for this support. The company concerned can provide the information reasonably necessary! A DUA must be completed before a limited file is used or shared with an institution or external party. Our university is a government institution that receives much of its research funding from the U.S.

federal government. To ensure that DUAs meet university guidelines as well as the requirements of funding agencies, the University`s Sponsored Programs Office will review and institutionally support DUAs to ensure compliance with relevant policies and regulations. .