Data Use Agreement Request

A Data Use Agreement (DUA): is a contractual agreement used to define how access to and/or exchanged data may be used. The primary consideration is the protection of protected health data (PHI) in accordance with HIPAA Regulations (45 CFR Part 160-164). However, DUAs can be used in other situations where the exchange of data is necessary and the agreement should be modified accordingly.

The DUA details:

  1. Permitted use(s) and disclosure of the data, primarily thought publication of research results of the provided data and sets forth the data recipient’s responsibility’s with respect to them.
  2. Establishes a term for the use of the provided data and conditions which would be considered to breach the agreement.

A DUA should always be put in place when: the data to be transferred is from human subjects; and or The Data to be transferred is HIPAA protected. Please note that if the data to be provided is completely de-identified and there is no means to re-identify, a DUA is not needed. To meet this qualification the data must be stripped of the data elements cited above in personally identifiable information. If the data contains any of these identifiers then a DUA must be in place. DUA’s must also be in place if sponsored funding was involved and there are data ownership and/or dissemination requirements.

If you have questions about any of the terms use in a DUA click here to access our DUA Glossary of Terms Data Use Agreements are put in place by entities who wish to grant access to data and data sets for research.

* = Required fields

* I would like to put a Data Use Agreement [DUA] in place between UTHSC as:
Data Provider
Data Recipient


Provide the name and address of the contact person with whom we will negotiate the DUA:
* Name:
* Institution:
* Address:
* City:
* State:
* Zip Code:
* E-mail:
* Phone:

* The data will be used for a study entitled:

* A. Provide a brief description of the study and describe the nature of the Data & Data Request:

* B. Data Source (i.e.: dbGap, US Census, another research entity, a company, et cetera):
1. Will you be merging the data with any data provided by other sources? Yes     No
2. Will you make derivative of, or modify the data set you receive? Yes     No
* 3. Do you intend to publish journal articles based on the data? Yes     No
* 4. Will you be accepting or sending confidential information associated with the data set? Yes     No
5. Does the data provider require that those having access to the data sign a separate non-disclosure agreement? If so, please upload here:


6. The data is     is not derived from human subjects
7. The data is     is not de-identified
8. Does the data provider consider the data to be a limited data set under HIPAA? Yes     No
- IRB application number:
* 9. The project is funded by Institutional Resources     Sponsored Programs
C. Data Access
* Will anyone other than you have access to the data? Yes     No
D. Data Security
What provisions have been made for Data Security?
Detail the data security plan: (Where will the data be stored? How will access to the data be controlled?)

Data Attribution(s) Please check all that apply:
Classified
Criminal Justice Information
Export of ITAR Controlled
Export of EAR data (Department of Commerce) dual use
Human Subject Related
Public Health Information
Mental Health - Psychotherapy Notes
Data is encrypted
Document Upload
Data Use Agreement Data Management Plan Please let us know if you have any particular concerns you would like us to address (such as restricted use, publication, intellectual property, et cetera)

In seeking access to this data, as project lead, I certify the following:

Read and Understood:

To the best of my knowledge the answers to the questions are true, complete, and accurate. I have read the referenced Data Use Agreement and agree to handle the data as outlined therein, adhering to the applicable data security plan, IRB protocol, or other related agreements as well as any pertinent University policies and procedures and of Federal and State Laws.

Furthermore, I take responsibility for ensuring that this certification will be upheld by any of the individuals who will be provided access to the data.

*PI (print name and title here): Date: