Data Use Agreement (DUA)

From GM-RKB
Jump to navigation Jump to search

A Data Use Agreement (DUA) is a confidentiality agreement that outlines the terms and conditions under which data items can be shared and used between organizations or individuals.

  • Context:
    • It can specify the permissible uses and disclosures of data, often focusing on protecting sensitive information or personally identifiable information (PII).
    • It can include limitations on who can access the data, how the data can be used, and requirements for safeguarding the data.
    • It can (often) require the data recipient to agree not to attempt to re-identify de-identified data.
    • It can serve as a tool for ensuring compliance with applicable privacy laws and regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States.
    • It can be particularly important in research contexts, where sharing data among researchers or institutions is necessary for the advancement of knowledge, but must be balanced with the protection of research participants' privacy.
    • ...
  • Example(s):
    • One between a university and a pharmaceutical company that allows the company to use the university's research data for drug development, while ensuring the data is used in accordance with ethical standards and legal requirements.
    • One between two healthcare providers that enables the sharing of patient health information for the purpose of improving patient care, while maintaining the confidentiality and security of the data.
    • ...
  • Counter-Example(s):
    • A Confidentiality Agreement that does not address the specific use, sharing, and protection of data.
    • An open access data repository agreement that allows unrestricted access to data without any specific terms related to data use or protection.
  • See: Privacy Law, Sensitive Information, Personally Identifiable Information, HIPAA.


References

2023

  • [Use Agreement (DUA) Information]
    • A Data Use Agreement (DUA) is a contractual document used for the transfer of data developed by nonprofit, government, or private industry, where the data is nonpublic or is subject to restrictions on its use. This data is often a necessary component of a research project and may include human subject data from a clinical trial, or a Limited Data Set as defined in HIPAA. Universities aim to ensure that DUA terms protect confidentiality when necessary but permit appropriate publication and sharing of research results in accordance with university policies, applicable laws and regulations, and federal requirements. DUAs are similar to confidentiality agreements in that they restrict the use and disclosure of the data set, and in some cases, a CDA format may be used as a starting point to build a DUA suitable for data transfer. Our University, a state-related entity receiving significant research funding from the U.S. federal government, requires that DUAs meet university policies and the requirements of funding agencies. The University's Office of Sponsored Programs reviews and institutionally endorses DUAs to ensure compliance with appropriate policies and regulations.