It is important that researchers read the terms of a DUA before forwarding the draft contract to the UMBC Office of Sponsored Programs (OSP) for review. It is the responsibility of the researcher to understand and follow the conditions of the DUA and to use the data only for the purposes indicated. The PSO considers that a researcher who transmits a DUA to OSP has read these conditions and agrees to comply with these conditions, whether or not the researcher`s signature on the DUA itself is necessary. If a researcher signs such an agreement, he or she could be exposed to legal and financial risks. A researcher does not have to sign a DUA before the OSP authorization of the DUA. A Data Use Agreement (DUA) is an agreement that is necessary and must be entered into in accordance with the data protection rule before a limited data set (defined below) is used or disclosed to an external institution or party. A limited set of data is always Protected Health Information (PHI), and that`s why covered companies like Stanford have to enter into a data usage agreement with each recipient of a limited set of Stanford data. Yes, you need both a Data Use Agreement (DUA) and a Counterparty Agreement (BAA), as the relevant entity (Stanford University Affiliated Covered Entity) provides PHI, which may contain direct or indirect identifiers. For this reason, a BAA may be required before passing the direct identifiers to the recipient outside of Stanford. require the recipient to use appropriate security measures to prevent any unauthorized use or disclosure that is not provided for in the agreement; Sometimes the transfer of data from one entity to another is dealt with as part of a larger agreement between the parties, for example. B a sub-agreement or contractual agreement on the services. The transfer of data as part of such a collaborative research project is often addressed in the study protocol or in the terms of the grant contract. In these cases, a separate DUA is usually not required.
However, the transmission of data between the supplier and the beneficiary in the absence of a financing agreement (grant, contract, subcontracting, contractual service agreement, etc.) requires a DAL. A Data Use Agreement (DUA) is a contractual document used for the transfer of data developed by non-profit organizations, public administrations or the private sector when the data is not public or is subject to certain restrictions on its use. Often, this data is a necessary part of a research project and it may or may not be data from people from a clinical trial or a limited set of data according to HIPAA. . . .