For HIPAA purposes, your dataset contains personal data that is covered by HIPAA if one or more of the eighteen HIPAA identifiers, direct or indirect, remain in the data set. These identifiers are: In practice, any transfer of data off campus to another person should be subject to a data exchange agreement. This could be done through an existing agreement, such as the funding agreement. B, or a separate DTUA. The need for an agreement on data access and use stems from the University of Wisconsin-Madison`s Law Directive, which is responsible, accessible and data-averse (section 4.3). Data Transfer and Use Agreements (DTUAs) are contracts established for the way data is transmitted. These agreements contain provisions to impose various legal requirements on HIPAA and also describe usage restrictions that protect the institutional data provider. A written agreement defines the purpose and parameters of data processing and clarifies the roles and responsibilities between the UW and a third party. Research at the University of Wisconsin-Madison generates considerable amounts of valuable data. The exchange of this data with other researchers is an important way to increase the ability of our researchers to analyze the data and translate it into meaningful reports and knowledge; Data sharing can also help avoid duplication or allow for greater collaborative comparisons between data. We support the exchange of data to advance research objectives – and we want to help facilitate data exchange in a way that is consistent with laws and guidelines that could limit the future use of data. These laws and guidelines include HIPAA (which applies to protected health information), FERPA (which applies to student data) and our UW-Madison Directive on Data Responsibility, Access and Retention.
A data transfer and use agreement (DTUA) is a kind of contract by which we can respect these laws and guidelines and also protect the rights of the people concerned and the interest of the university for the value of the data. The Access and Use Agreement provides clear, accurate and consistent information on access and rights of individuals, UW information systems and institutional UW information to be used. It is said that individuals are responsible for the protection of the privacy and security of all UW data that they use from information systems from which they have access, regardless of how or where the data is created, managed or stored. This agreement is used by various UW information systems. For the purposes of the common rule, your data set contains personal data if the applicant`s identity is established by the examiner or can be easily established or associated with other information. A DUA should not be used if there is a funding agreement between the UAB and the other entity for the same project. The project funding agreement should focus on data exchange.