These agreements can be concluded between academic institutions, government agencies and/or businesses. DUAs can be categorized into two categories depending on the nature of the data transferred: a covered company (such as Stanford) can use a member of its own staff to create a “limited data set.” On the other hand, the recipient can also establish a “limited data set” as long as the person or entity acts as a counterparty to the company concerned. A counterparty agreement is a contract whose use is mandatory in accordance with the HIPAA data protection rule. The text of the HIPAA data protection rule applies only to covered businesses – health organizations and health plans. A covered company may only use or disclose a limited set of data if the company concerned receives satisfactory assurance, in the form of a data usage agreement, that the recipient of a limited data set will only use or disclose protected health information for limited purposes. The minimum requirements recommended for a data use agreement include the following conditions for the disclosure of data for research purposes: it is important for researchers to read the terms of an ASA before forwarding the draft contract to the OFFICE UMBC of Sponsored Programs (OSP). It is the researcher`s responsibility to understand and monitor the conditions of the AEA and to use the data only for specific purposes. The PSO believes that a researcher who transmits an ASA to PSO has read these terms and agrees to abide by them, whether or not the researcher`s signature is required on the AEA itself. If a researcher signs such an agreement, they could be exposed to legal and financial risks. A researcher must not sign an ASA until the PSO is approved. A restricted data set excludes certain direct identifiers (identifiers that constitute protected health information, or PHI directly identifying research subjects) from the person or parents, employers or members of the person`s household. The process of developing, verifying and negotiating data use agreements depends on the data, the data source, the expected use and compliance with the Rutgers guidelines. Rutgers investigators cannot sign DUAs on behalf of the university.

The agreement must be concluded in the form of a contract between institutions and signed by an agent who is able to hire the university on conditions. Limited records can only contain the following identifiers: Rutger`s PIs are often required to sign DESAS as Read and Understood. Rutgers urges his listeners to read the DUAs carefully before signing. Not all OAUs are equal, and it is very important that Rutger`s PIs and Key Staff understand and respect the terms of the agreement. A data use agreement (ACA) is set up between a provider institution and a recipient institution to document the transferred data. These include conditions relating to issues such as ownership, authorized use of data, publication of results, development of inventions, data disposal and liability. Establishing preconditions for data transmission avoids problems and misunderstandings after the research begins. In addition, covered companies such as Stanford must take all reasonable steps to remedy a beneficiary`s violation of the AEA. For example, if Stanford learns that the data it has provided to a recipient is being used in a way that is not authorized by the AEC, Stanford should work with the recipient to resolve this issue.

If these efforts were not successful, Stanford would be required to terminate any further disclosure of PHI to the recipient, in accordance with the AEA, and to notify the Federal Office of Health and Human Services for Civil Rights. 1. When the AU transmits or transmits a limited set of data to another institution, organization or entity, UA requires that a DUA be signed to ensure that appropriate provisions are in place to protect the limited data set in accordance with the HIPAA privacy rule.