Add to collection(s) Add to saved
  1. Social Science
  2. Law
  3. Contract Law

RTI IRB Data Request Form

advertisement 
[QUERY HEALTH PARTICIPANT – DATA SOURCE]
MODEL LANGUAGE AS FOUNDATION FOR A DATA USE AGREEMENT
Notes:





This DUA is designed to be between a Data Source and Query Source
This DUA is meant to guide the development of a contract, but is not itself a final
or complete contract
This DUA is not meant to be a substitute for an agreement between a Covered
Entity and a Business Associate required under HIPAA
This DUA is not meant to be a substitute for the DURSA
This DUA is meant to be a template, customized by the parties and finalized
by the parties’ legal departments
***
The [Query Source] (Entity making queries) (“Query Source”), and [Data Source] enter
into this Data Use Agreement (the “Agreement”) effective ________ (“Effective Date”).
This agreement will remain effective for _______ or __________, whichever is earlier.
[Data Source] and [Query Source] shall be referred to individually as a “Party,” or
collectively as the “Parties.”
This Agreement establishes a formal data access and data use relationship between
[Data Source] and [Query Source]. This Agreement covers “Covered Data”. Covered
Data is defined as data currently in possession of the Data Source that [is/will be] [deidentified/in a limited data set as defined by the HIPAA Privacy Rule (42 C.F.R. §
164.514(b)-(e))] and then provided to [Query Source], specifically those Covered Data
listed in Exhibit A. [Note that in some cases, Covered Data may include the minimum
necessary amount of protected health information for certain public health purposes
explicitly authorized by law, which will be disclosed in a manner consistent with
applicable law. In such case, the Agreement will be worded to reflect this.] Exhibit A
represents the complete set of data items that [Query Source] will have access to as a
result of this Agreement.
Both Parties shall abide by all applicable Federal and State laws, rules and regulations
including, without limitation, all applicable patient confidentiality and medical record
requirements.
[Query Source] USES OF COVERED DATA
[Query Source] agrees to use and disclose the Covered Data for the purposes
expressly listed in Exhibit B and those purposes only. All other purposes are strictly
prohibited, except to the extent they are expressly required by law. Note that the
permissible uses set forth in Exhibit B should be commensurate with the potential
privacy risks posed by the particular data and its identifiability. For example, the
Data Use Agreement
[ORGANIZATION]
Rev. xxxx 2012
Page 1 of 1
permissible uses of “line-level” data shall be more limited than those of de-identified
data provided in summarized form.
Both Parties agree that access to Covered Data provided under the terms of the
Agreement will be limited solely to those who are explicitly authorized to use Covered
Data from Exhibit A, and only for the purposes set forth in Exhibit B. Both the Data
Source and the Query Source may only grant access to Covered Data from Exhibit A to
other parties when required by law or in accordance with Clauses D and/or E of this
agreement.
DATA PROTECTIONS
[Query Source] acknowledges that it will be the custodian of Covered Data stored in its
data files and, as such, will be responsible for establishing and maintaining appropriate
administrative, technical and physical safeguards, as described in the HIPAA Security
Rule, to prevent unauthorized access to, use or disclosure of these files unless required
by law. Any entity that receives data under this DUA that is not a covered entity or
Business Associate must be held to the same standards as a covered entity or
Business Associate as it relates to securing covered data
[Query Source] specifically agrees that, unless required by State and federal law, it will
not release Covered Data requested under open records laws; to media; or for litigation
purposes. Covered Data is not intended to be or to become part of an individual’s legal
Electronic Health Record.
POLICY REQUIREMENTS
[Query Source] and [Data Source] shall abide by the set of Query Health policy
requirements set forth and available at [xxxxxxxxxxx], as they may change from time to
time.
TERMS AND CONDITIONS
The Parties Agree to the following:
A. [Query Source] certifies that the statements made in this Agreement (above)
regarding the planned use and disclosure of the Covered Data are complete and
accurate.
B. The Parties agree that whether or not to run a particular query, and whether or not to
release any results, will be under the control of the disclosing entity/data holder
([Data source]).
C. [Query Source] understands all Covered Data will be provided [on a de-identified
basis/in a limited data set/minimum-necessary basis in the case of PHI]. [Query
Source] agrees that it will:
Data Use Agreement
[ORGANIZATION]
Rev. xxxx 2012
Page 2 of 2
1. Not make any attempt to re-identify the data;
2. Not make any attempt to contact any individuals whose personal
information is contained in the Covered Data; and
3. Notify the [Data Source] immediately if the identity of any individual is
inadvertently discovered.
D. [Data Source] and [Query Source] shall be permitted to hire and use third-party
intermediaries.
1. For the purposes of this Agreement, “intermediary” is defined as a party
either affiliated or unaffiliated with [Data Source] or [Query Source] who
provides services to [Data Source] or [Query Source] to assist it in
sending, receiving, deidentifying and/or aggregating Covered Data.
2. As part of this agreement, [Data Source] and [Query Source] agree that
they will not disclose Covered Data to an intermediary unless the
intermediary agrees to the same standards, terms and conditions
applicable to the [Data Source] or [Query Source] under this agreement.
The agreement between the [Data Source] or [Query Source] and any
intermediary must be documented and shall be subject to review.
3. [Data Source] or [Query Source] may, through an assigned intermediary of
the opposite party, send or respond to queries, provided that an
agreement as outlined above is in place between the intermediary and the
party that has assigned it to send or receive queries.
E. [Query Source] will not disclose the Covered Data to anyone (unless explicitly
permitted or required by law or this Agreement), outside [Query Source] without
appropriate agreements in place, all of which shall be subject to review by the [Data
Source]. All outside entities that may, through subsequent agreements, have
access to Covered Data, shall be held to the same standards, terms and conditions
contained within this Agreement. [Query Source] will only disclose the Covered
Data to those individuals or groups at [Query Source] specifically authorized to
receive it, unless otherwise required by law. Within the [Query Source], access to
the Covered Data shall be limited to the minimum number of individuals necessary
to achieve the purpose stated in the Agreement.
F. No findings or information derived from the Covered Data may be released if such
findings contain any combination of data elements that may reasonably allow for
identification or the deduction of an individual’s identity.
G. [Query Source] agrees to subject any findings or manuscripts proposed for public
release (e.g., abstracts, presentations, publications) to a stringent review to maintain
the confidentiality of data and to prevent individuals from being identified.
H. [Query Source] will maintain policies and procedures related to data confidentiality
and associated reviews and audits.
Data Use Agreement
[ORGANIZATION]
Rev. xxxx 2012
Page 3 of 3
I. [Data Source] will make reasonable efforts to main data quality and/or integrity and
to address related issues that arise under this Agreement.
J. [Query Source] understands that data is provided on an “as is” basis, without any
express or implied warranties, including but not limited to fitness for a particular
purpose.
K. [Query Source] will report immediately to the [Data Source] any use or disclosure of
the Covered Data other than as permitted by this Agreement, and will take all
reasonable and necessary steps to mitigate the effects of such improper use or
disclosure, cooperating with all reasonable requests by the [Data Source] toward
that end.
L. Either the [Data Source] or the [Query Source] may terminate this Agreement, in
writing, upon thirty days written notice, at: [address]
M. In the event that the [Data Source] determines or has a reasonable belief that [Query
Source] has violated any terms of this Agreement, the [Data Source] may take any
of the following actions:
1. Revoke the existing Agreement.
2. Deny [Query Source] future access to data from the [Data Source].
3. Report the violation to [Query Source] (if applicable) for action pursuant to
[Query Source] policies.
4. The [Data Source] may seek an injunction or damages against [Query
Source] in a court of competent jurisdiction.
N. [Query Source] agrees that upon termination of this Agreement for any reason, the
Query Source shall erase, destroy or render unrecoverable any data that relates to a
single patient, even if that data has been deidentified in accordance with 45 C.F.R. §
164.514(b) or consists of a limited data set described by 45 C.F.R. § 164.514(e).
For data that does not relate to a single patient, [Query Source] agrees that upon
termination the Query Source shall remain restricted to using the data for the
purposes listed in Exhibit B.
O. If using an intermediary, [Query Source] and [Data Source] must have the
intermediary destroy and render unrecoverable all Covered Data in
accordance with the same requirements listed for the [Query Source] in
Clause N upon termination of this Agreement.
P. This Agreement contains the entire agreement with the [Data Source] concerning
the subject matter hereof. No modifications of this Agreement or waiver of the terms
and conditions hereof will be binding upon, unless approved in writing by both
Parties. The [Query Source] may not assign this Agreement without the [Data
Data Use Agreement
[ORGANIZATION]
Rev. xxxx 2012
Page 4 of 4
Source’s] written consent. If any provision of this Agreement shall, for any reason,
be adjudged by any court of competent jurisdiction to be invalid or unenforceable,
such judgment shall not affect, impair or invalidate the remainder of this Agreement
but shall be confined in its operation to the provision of this Agreement directly
involved in the controversy in which such judgment shall have been rendered.
The undersigned individuals hereby attest that they authorized to legally bind the
[Data/Query Source] to the terms of this Agreement and agree to all the terms
specified herein.
Signature of [Data Source] Designated Official
Signature
Date
Name of Official from [Data Source]
[Data Source]
Telephone No.
E-mail Address
Signature of [Query Source] Designated Official:
Signature
Date
Name of Designated Recipient (printed or typed)
[Query Source]
Data Use Agreement
[ORGANIZATION]
Rev. xxxx 2012
Page 5 of 5
Related documents
Slides - Spatial Database Group
Slides - Spatial Database Group
assessmentfordatabasestestkey
assessmentfordatabasestestkey
Access Requests and Infrastructure Isolations / De
Access Requests and Infrastructure Isolations / De
There are six different types of objects in an Access Database
There are six different types of objects in an Access Database
Download
advertisement