HIPAA Privacy Rule at USC - OPRS Office for the Protection of

advertisement
Material Transfer Agreements
(and a little about Data Sharing Agreements)
Some Basics
USC Stevens Center for Innovation
Judy Genovese, Sr. Transactions Officer
Sue Kim, Transactions Assistant
Agenda
• What is an MTA?
• Why is an MTA
important?
• Who are the Parties?
• Some critical terms in an
MTA
• What is being
transferred?
• USC’s process
• Our Forms
• Data Use Agreements
• Questions
What is an MTA?
• A Material Transfer Agreement (MTA) is a
contract between the USC and a third party.
• An MTA outlines the rights and responsibilities
of the parties that arise due to the transfer and
use of the materials.
•
Provider
Recipient
What is an MTA? Cont’d…
– An MTA is used for the transfer of material that will
be used for basic research purposes only; normally
no clinical uses are permitted
– An MTA should not have a transfer of funds.
Why is the MTA important?
• The MTA can affect ownership of the PI’s research
results and his/her ability to publish
• MTAs can protect proprietary material.
• Informs Recipient when Material being transferred may
be infectious or hazardous.
• Can resolves issues: liability, academic credit, loss of
control of the material, disagreements.
Why is the MTA important?
Cont’d…
• Without an MTA, the recipient of the material
has free rein over use and further distribution of
the materials. The provider is giving away the
materials if an MTA is not in place.
• For transfer of human samples, an MTA is
required to ensure compliance with law.
Who are the Parties?
• University of Southern California
– University policy dictates that research agreements must be
signed by an authorized university representative
– Researchers/faculty are not parties
• Third Party– Industry
– Government or other Non-profit
– Academic
• Two USC Faculty
Types
• University to University
– Uniform Biological Material Transfer Agreement
(UBMTA) can be used.
•
•
•
•
•
University to Industry
Industry to University
Non-Profit/Government to University
University to Non-Profit/Government
Intra-University
Some Critical Terms in MTAs
•
•
•
•
•
•
•
•
Definitions
Scope of research work
Research purposes only (non-commercial)
No in-vivo testing
Compliance with Federal rules and regulations
Confidentiality
Re-distribution of material
Disclaimers & warranties
Some Critical Terms cont’d
• No grant of license
• Acknowledgment in publications, possible coauthorship
• Ownership of Results
– “Results”:
• Encompasses a fairly broad range of items
–IP, discoveries, public disclosures, data
What is being transferred?
• Biological materials
– E.g. cell lines, mice, tissue samples, DNA, etc.
– Note: Generally, Material includes Progeny and
Unmodified Derivatives, but does not include
Modifications
• Chemical materials
– E.g. Salts, analogs, formulations, compounds, etc.
• Prototypes
• ???Software???
Inbound vs. Outbound
Inbound Material
Outbound Material
•
•
•
•
•
A USC PI is receiving material from
another party.
Other party provides their MTA
template for our review.
Our PI is restricted to the terms of the
MTA in order to protect other party’s
interests.
PI must have applicable approvals in
place before using material (IRB, IBC,
IACUC)
•
•
•
•
•
A USC PI is providing material to
another party.
We provide our MTA template for the
other party’s review.
We want to protect potentially
proprietary and valuable IP.
We want to protect university and PI
interests.
We must be sure we have the right to
provide the material.
PI must have applicable approvals in
place before sending material (IRB,
IBC, IACUC, shipping training)
Example (inbound material)
• Dr. Cardinal, A USC Principal Investigator (PI), is
studying effects of alcohol on the liver.
•He reads in a publication that
Dr. Blue, his colleague at UCLA
has created a unique mouse strain
that could aid in his research.
Example, cont’d…
• Dr. Cardinal emails Dr. Blue and asks for a
breeding pair of these new unique mice.
• Dr. Blue, wanting to protect his new invention,
responds, “Why certainly! Please sign this MTA
first.”
Example, cont’d…
• Dr. Cardinal, knowing the drill on MTAs,
forwards the agreement to us at USC Stevens
Center for Innovation so we can review and sign
the MTA on behalf of the USC.
• We will notify the PI if there are non-standard
terms in the MTA.
USC’s Process
•The completed MTA form and any questions
can be sent to mta@stevens.usc.edu
Data Sharing Agreements
• A Data Sharing Agreement* (DA) handled by
USC Stevens Center is a contract covering the
transfer of non-public or restricted data to or
from a nonprofit, government or private
industry for research use.
*
Data Agreements often have other names, including Data Use
Agreements, Letters or Memoranda of Understanding, Data
Consortium Agreements, etc.
Data Sharing Agreements
• For researchers at USC the same process is
followed for DAs as MTAs
• Exception – when information subject to
HIPAA or privacy laws is involved.
– Review by USC’s Office of Compliance in addition
to the other MTA steps.
– USC Stevens handles obtaining Compliance review
Data Sharing Agreements
• Identifiable Health Information questions/categories
are listed in the MTA Intake forms (See Appendix, #24
on incoming form and #19 on outgoing form)
• USC Stevens Center is working with compliance to
expand the list to be sure it includes all Identifiable
Health Information and non-health privacy related
information
• NOTE: Identifiable Health Information can sometimes be provided
(intentionally or not) with material transferred under an MTA. Care and
attention should be used to identify and deal with any such information as in
any other circumstance.
The “Limited Data Set”
from the HIPAA Privacy Rule
• Not to be confused with Data Agreements as
negotiated by USC Stevens Center /Compliance Office
• Covered entities may use or disclose health information
that is de-identified without restriction under the
Privacy Rule. Covered entities seeking to release this
health information must determine that the
information has been de-identified using either
statistical verification of de-identification or by
removing certain pieces of information from each
record as specified in the Rule.
The “Limited Data Set”
from the HIPAA Privacy Rule
• A covered entity may de-identify data by removing all
18 elements that could be used to identify the individual
or the individual's relatives, employers, or household
members; these elements are enumerated in the Privacy
Rule.
• The covered entity also must have no actual knowledge
that the remaining information could be used alone or
in combination with other information to identify the
individual who is the subject of the information.
The “Limited Data Set”
from the HIPAA Privacy Rule
• Under the de-identification method, the identifiers that must be
removed are the following:
– Names.
– All geographic subdivisions smaller than a state, including street address, city, county,
precinct, ZIP Code, and their equivalent geographical codes, except for the initial three digits
of a ZIP Code if, according to the current publicly available data from the Bureau of the
Census:
• The geographic unit formed by combining all ZIP Codes with the same three initial
digits contains more than 20,000 people.
• The initial three digits of a ZIP Code for all such geographic units containing 20,000 or
fewer people are changed to 000.
– All elements of dates (except year) for dates directly related to an individual, including birth
date, admission date, discharge date, date of death; and all ages over 89 and all elements of
dates (including year) indicative of such age, except that such ages and elements may be
aggregated into a single category of age 90 or older.
The “Limited Data Set”
from the HIPAA Privacy Rule
–
–
–
–
–
–
–
–
–
–
–
Telephone numbers.
Facsimile numbers.
Electronic mail addresses.
Social security numbers.
Medical record numbers.
Health plan beneficiary numbers.
Account numbers.
Certificate/license numbers.
Vehicle identifiers and serial numbers, including license plate numbers.
Device identifiers and serial numbers.
Web universal resource locators (URLs).
The “Limited Data Set”
from the HIPAA Privacy Rule
–
–
–
–
Internet protocol (IP) address numbers.
Biometric identifiers, including fingerprints and voiceprints.
Full-face photographic images and any comparable images.
Any other unique identifying number, characteristic, or code, unless
otherwise permitted by the Privacy Rule for re-identification.
Questions?
• Judy Genovese
– jgenoves@stevens.usc.edu
• Sue Kim
– suekkim@stevens.usc.edu
• MTA email address:
– mta@stevens.usc.edu
• MTA website
– http://stevens.usc.edu/mta.php
Appendix
Appendix cont’d
Appendix cont’d
• UBMTA
– http://www.autm.net/AM/Template.cfm?Section=
Technology_Transfer_Resources&Template=/CM/
ContentDisplay.cfm&ContentID=2810
• UBMTA Signatories
– http://www.autm.net/AM/Template.cfm?Section=
Technology_Transfer_Resources&Template=/CM/
ContentDisplay.cfm&ContentID=8374
Download