A Data Use Agreement (DUA) is a legally binding agreement between the University of Nevada, Reno (University) and an external entity (e.g., another academic institution, private company, federal or state agency) which governs the terms by which data derived from research is shared with that external entity, especially where personal identifiable data is subject to legal privacy laws and regulations. The agreement delineates the confidentiality requirements of the legal authority governing the privacy of the data, security safeguards, and the University's data use policies and procedures. The DUA serves as both a means of informing data users of these requirements and a means of obtaining their agreement to abide by these requirements. Additionally, the DUA serves as a control mechanism for tracking the location of the University's data and the reason for the release of the data.
Note: The term "data" is used in the widest sense and includes numeric data files and qualitative materials such as interview transcripts, diaries,and field notes. Research data may include audio and video formats, geospatial information, biometrics, web sites and data archives (including those available online).
For simplification, the entity requesting the data is referred to as the Data Recipient, and the entity providing the data is referred to as the Data Provider. DUAs specify the conditions for use and disclosure of records by Data Providers and Data Recipients.
Data Use Agreement template
DUAs for human research activities
A Data Use (or Materials Transfer) Agreement is required when University or Affiliate investigators are planning research that involves sharing data/specimens with an external entity (whether as Provider or Recipient) when the data/specimens will contain Protected Personally Identifiable Information (Protected PII) or Protected Health Information. Regulations regarding the privacy of health information ( HIPAA Privacy Rule) allow limited data sets for use and disclosure of Protected Health Information for research, public health or health care operations. Principal investigators who wish to share data/specimens containing Protected PII or Protected HI must adhere to the following:
- The PI must work with the Office of Sponsored Projects to prepare and execute the required research agreement (Agreement).
- The PI must include the fully executed Agreement when submitting her/his project for IRB review or exempt determination.
- The PI must confirm, via the Agreement, that the data/specimen Provider (whether University or external PI) complied with federal requirements for informed consent and HIPAA for the use of the data/specimens as described in the Agreement.
- The PI must confirm, via the Agreement, that the data/specimens will not be shared until IRB approval or exempt determination is finalized.
- The PI must ensure that the individuals receiving the data/specimens are trained on the terms of the Agreement regarding use of the data/specimens, limitations for disclosure, safeguards for confidentiality, reporting requirements and requirements for subcontractor agreements.
The Data Recipient is responsible ensuring requirements for IRB approval are met for the proposed uses of the data set. The Data Provider may request documentation of IRB approval before finalizing the agreement.
Requirements for informed consent
The Data Provider is responsible for ensuring requirements for informed consent for the proposed uses of the data set are met or waived as follows:
- For active studies, if the proposed uses of the data were addressed in the consent process for research participation, further action is not necessary.
- For active studies, if the proposed uses of the data were not addressed in the consent process for research participation, an amendment to describe the consent process or request a waiver of the consent process for the new uses may be required.
- For studies that have closed, contact Research Integrity to discuss options.