HARVARD CATALYST DATA USE AGREEMENT FOR LIMITED DATA SETS

Similar documents
UCLA Health System Data Use Agreement

Human Research Protection Program (HRPP) HIPAA and Research at Brown

Limited Data Set Data Use Agreement For Research

UNIVERSITY OF TENNESSEE HEALTH SCIENCE CENTER INSTITUTIONAL REVIEW BOARD USE OF PROTECTED HEALTH INFORMATION WITHOUT SUBJECT AUTHORIZATION

University of Mississippi Medical Center Data Use Agreement Protected Health Information

SUNY DOWNSTATE MEDICAL CENTER UNIVERSITY HOSPITAL OF BROOKLYN POLICY AND PROCEDURE

UAMS ADMINISTRATIVE GUIDE NUMBER: 2.1

EVMS Medical Group A. RESEARCH USE AND OR DISCLOSURE WITHOUT AUTHORIZATION:

7 ATLzr UNIVERSITY OF CALIFORNIA. January 30, 2014

ACGME BUSINESS ASSOCIATE AGREEMENT

HIPAA: What Researchers Need to Know

COLUMBIA UNIVERSITY MEDICAL CENTER INSTITUTIONAL REVIEW BOARD (IRB)

Title: HP-53 Use and Disclosure of Protected Health Information for Purposes of Research. Department: Research

UBMD Policy for HIPAA Compliant Subject Recruitment

HIPAA Privacy Compliance Plan for Research. University of South Alabama IRB Guidance and Procedures

ARTICLE 1 DEFINITIONS

COLUMBIA UNIVERSITY INSTITUTIONAL REVIEW BOARD POLICY ON THE PRIVACY RULE AND THE USE OF HEALTH INFORMATION IN RESEARCH

RELEASE OF PROTECTED HEALTH INFORMATION ( PHI ) FOR RESEARCH PURPOSES

HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES

City and County of San Francisco Department of Public Health DPH Health Information Data Use Agreement

COLUMBIA UNIVERSITY DATA CLASSIFICATION POLICY

* Corporation General Partnership Limited Partnership LLC Sole Proprietorship Non Profit Other Accounts Payable: Name

HIPAA Insurance Portability Act HIPAA. HIPAA Privacy Rule - Education Module for Institutional Review Boards

THE CITY AND COUNTY OF SAN FRANCISCO SECTION 125 CAFETERIA PLAN HIPAA PRIVACY POLICIES & PROCEDURES

UPMC POLICY AND PROCEDURE MANUAL

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

Interpreters Associates Inc. Division of Intérpretes Brasil

AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015)

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

Business Associate Agreement

Standards for Privacy of Individually Identifiable Health Information

ARTICLE 1. Terms { ;1}

HIPAA Information. Who does HIPAA apply to? What are Sync.com s responsibilities? What is a Business Associate?

Palliative Care Quality Network Membership Agreement

Cover option 2. The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability. Subtitle or Company Name

North Shore LIJ Health System, Inc. Facility Name. CATEGORY: Effective Date: 8/15/13

University of California Group Health and Welfare Benefit Plans HIPAA Privacy Rule Policies and Procedures (Interim)

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

BUSINESS ASSOCIATE AGREEMENT

HIPAA Business Associate Agreement Passport to Languages

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Microsoft Online Subscription Agreement/Open Program License Agreement Amendment for HIPAA and HITECH Act Amendment ID MOS13

SCHEDULE D HIPPA BUSINESS PARTNER AGREEMENT

Business Associate Agreement

FACT Business Associate Agreement

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

Effective Date: 08/2013

ChoiceNet/InterCare Health Plans Getting Your Arms Around HIPAA Compliance

BUSINESS ASSOCIATE AGREEMENT

Texas Tech University Health Sciences Center HIPAA Privacy Policies

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM

HIPAA and Research at UB

HIPAA BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

104 Delaware Health Care Claims Database Data Access Regulation

BUSINESS ASSOCIATE AGREEMENT

Privacy Regulations HIPAA-Administrative Simplification Internal Assessment

HIPAA Compliance Guide

TEXAS SOUTHERN UNIVERSITY HIPAA BUSINESS ASSOCIATE AGREEMENT

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

HIPAA Business Associate Agreement

Project Number Application D-2 Page 1 of 8

POLESTAR BENEFITS, INC. ADMINISTRATION AGREEMENT

BUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:

BUSINESS ASSOCIATE AGREEMENT

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) BUSINESS ASSOCIATE AGREEMENT

University of Wisconsin Milwaukee

RECIPROCAL BUSINESS ASSOCIATE AND DATA USE AGREEMENT BETWEEN THE PARTICIPATING PHYSICIAN ORGANIZATION AND MILLIMAN, INC.

This form cannot act as an authorization to assign commissions. Appointment Form Only. Steps to obtain an Appointment:

HILLSBOROUGH COUNTY HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) PROCEDURES

~Cityof. ~~Corpu~ ~.--=.;: ChnstI City Policies HR29.0 NO.

Executive Policy, EP HIPAA. Page 1 of 25

DUA Toolkit. A guide to Data Use Agreements in the HMO Research Network

BUSINESS ASSOCIATE AGREEMENT

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

Emma Eccles Jones College of Education & Human Services. Title: Business Associate Agreements

CROOK COUNTY POLICY AND PROCEDURES FOR COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF

Data and Specimen Repositories

COMPLIANCE TRAINING 2015 C O M P L I A N C E P R O G R A M - F W A - H I P A A - C O D E O F C O N D U C T

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

HIPAA PRIVACY POLICY AND PROCEDURES FOR PROTECTED HEALTH INFORMATION THE APPLICABLE WELFARE BENEFITS PLANS OF MICHIGAN CATHOLIC CONFERENCE

National Water Company 2730 W Marina Dr. Moses Lake, WA AGENCY AGREEMENT

SDM Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

Business Associate Agreement For Protected Healthcare Information

Central Fabrication Accreditation Application

HIPAA BUSINESS ASSOCIATE ADDENDUM

Texas Tech University Health Sciences Center El Paso HIPAA Privacy Policies

HIPAA and ProAssurance

MASTER COMMON RECIPROCAL INSTITUTIONAL REVIEW BOARD AUTHORIZATION AGREEMENT

1. Does the plan exist for purposes of providing or paying for the cost of medical care?

Washington Producer Application

HIPAA BUSINESS ASSOCIATE AGREEMENT

CHRONIC CARE MANAGEMENT SERVICES AGREEMENT

Application for Approval of Projects Which Use Human Subjects

AMWELL GROUP PRACTICE AGREEMENT

Business Associate Agreement RECITALS AGREEMENT

Health Insurance Portability and Accountability Act Category: Administration 04/30/2015 Vice President for Legal Prior Effective Date:

Transcription:

HARVARD CATALYST DATA USE AGREEMENT FOR LIMITED DATA SETS This template agreement is available for use by Harvard Catalyst institutions where there is not an Institution specific Data Use Agreement required. Researchers: please consult your home institution before using this agreement to determine if local approvals or forms are required. Background A data use agreement allows a researcher to share a limited data set with a colleague or another person or entity not associated with the study or the researcher s institution. An Institutional Review Board (IRB) must be notified if a researcher or institution plans to share a limited data set with a recipient (person or entity) not named in the original IRB application. That recipient must sign a data use agreement before the limited data set is shared. A data use agreement is not required if the recipient is part of the trial and is included in the IRB Authorization or waiver of Authorization approval for the trial. Of note: (a) Limited data sets are not subject to the HIPAA Accounting for Disclosures provisions. (b) Under 2013 revisions to HIPAA, unauthorized uses or disclosures of a limited data set may constitute a breach for breach notification rule purposes. If you have questions about the information above or the need for a data use agreement, please consult your institutional compliance or counsel s office. Q. What is a Limited Data Set? A. A limited data set is defined as health information that excludes certain direct identifiers (listed below) but that may include city; state; zip code; elements of date; and other numbers, characteristics, or codes not listed as direct identifiers (below). The Privacy Rule's limited data set provisions requiring the removal of direct identifiers apply both to information about the individual and to information about the individual's relatives, employers, or household members. The following identifiers must be removed to qualify as a limited data set: 1. Names 2. Postal address information (other than town or city, state, and zip code) 3. Telephone numbers 4. Fax numbers 5. Electronic mail addresses 6. Social security numbers 7. Medical record numbers 8. Health plan beneficiary numbers 9. Account numbers 10. Certificate/license numbers 11. Vehicle identifiers and serial numbers (including license plate numbers) 1

12. Device identifiers and serial numbers 13. Web universal resource locators (URLs) 14. Internet protocol (IP) address numbers 15. Biometric identifiers, including fingerprints and voiceprints 16. Full-face photographic images and any comparable images Q. What is a Data Use Agreement? A. A data use agreement is the means by which covered entities obtain satisfactory assurances that the recipient of the limited data set will use or disclose the PHI in the data set only for specified purposes. Even if the person requesting a limited data set from a covered entity is an employee or otherwise a member of the covered entity's workforce, a written data use agreement meeting the Privacy Rule's requirements must be in place between the covered entity and the limited data set recipient. Attribution, Sharing and Adapting the Data Use Agreement We encourage you: to request to email us and request the materials to share to copy, distribute, and transmit the work to adapt to adapt the work to suit your needs Under the following conditions: Attribution: In freely using the materials, we require that you acknowledge Harvard Catalyst as the publisher and that you give appropriate credit to the individual authors. Suggested citation: This material is the work the Harvard Catalyst Data Protection subcommittee. The Data Protection subcommittee is a subcommittee of the Regulatory Knowledge & Support Program and affiliated with Harvard Catalyst The Harvard Clinical and Translational Science Center. This work was conducted with support from Harvard Catalyst The Harvard Clinical and Translational Science Center (National Center for Research Resources and the National Center for Advancing Translational Sciences, National Institutes of Health Award 8UL1TR000170-05 and financial contributions from Harvard University and its affiliated academic health care centers). The content is solely the responsibility of the authors and does not necessarily represent the official views of Harvard Catalyst, Harvard University and its affiliated academic health care centers, or the National Institutes of Health. With the understanding that: We might contact you: We are interested in gathering information regarding those who are using the material and how they are using it. We may contact you by email to solicit information on how you have used the materials or to request collaboration or input on future activities. We ask that you share your adaptation: If you adapt the tool, please share them with us so that we may to support and improved version of the checklist. All contributors will be appropriately acknowledged. Please send your requests, questions and comments to regulatory@catalyst.harvard.edu and visit the Harvard Catalyst Regulatory Knowledge and Support web page. You respect the rights of others: In writing this material, Harvard Catalyst is indebted to the work of others. In no way are any of the rights of others in the work itself or in how the work is used affected by our adaptation. When reusing or distributing, make clear the above terms: For any reuse or distribution, you must make clear to others the terms of this work. The best way to do this is with a link to the web page containing this guide. 2

DATA USE AGREEMENT FOR LIMITED DATA SETS This Data Use Agreement ( Agreement ), effective as of, 20 ( Effective Date ), is entered into by and between ( Recipient ) and ( Covered Entity ). The purpose of this Agreement is to provide Recipient with access to a Limited Data Set ( LDS ) for use in the following titled research project: (Project Name) under the direct supervision of (Principal Investigator) in accord with the HIPAA Regulations. 1. Definitions. Unless otherwise specified in this Agreement, all capitalized terms used in this Agreement not otherwise defined have the meaning established for purposes of the HIPAA Regulations codified at Title 45 parts 160 through 164 of the United States Code of Federal Regulations, as amended from time to time. 2. Preparation of the LDS. Covered Entity shall prepare and furnish to Recipient a LDS in accord with the HIPAA Regulations or Covered Entity shall retain Recipient as a Business Associate (pursuant to an appropriate Business Associate Agreement) and direct recipient, as its Business Associate, to prepare such LDS. NOTICE: This agreement is valid only if the Data do not include any of the following Prohibited Identifiers : Names; postal address information other than town, cities, states and zip codes; telephone and fax numbers; email addresses, URLs and IP addresses; social security numbers; certificate and license numbers; vehicle identification numbers; device identifiers and serial numbers; biometric identifiers (such as voice and fingerprints); and full face photographs or comparable images. 3. Minimum Necessary Data Fields in the LDS. In preparing the LDS, Covered Entity or its Business Associate shall include the data fields specified by the parties from time to time, which are the minimum necessary to accomplish the purposes set forth in Section 5 of this Agreement. 4. Responsibilities of Recipient. Recipient agrees to: a. Use or disclose the LDS only as permitted by this Agreement or as required by law; b. Use appropriate safeguards to prevent use or disclosure of the LDS other than as permitted by this Agreement or required by law; c. Report to Covered Entity any use or disclosure of the LDS of which it becomes aware that is not permitted by this Agreement or required by law, including the presence of prohibited identifiers in the LDS; 3

d. Require any of its subcontractors or agents that receive or have access to the LDS to agree to the same restrictions and conditions on the use and/or disclosure of the LDS that apply to Recipient under this Agreement; and e. Not use the information in the LDS, alone or in combination to identify or contact the individuals who are data subjects. 5. Permitted Uses and Disclosures of the LDS. Recipient may use and/or disclose the LDS only for the Research described in this Agreement or as required by law. 6. Term and Termination. a. Term. The term of this Agreement shall commence as of the Effective Date and terminate 5 years from Effective Date. Should the Recipient desire to keep the LDS for a longer period, a justification in writing should be made to the Covered Entity. b. Termination by Recipient. Recipient may terminate this agreement at any time by notifying the Covered Entity and returning or destroying the LDS. c. Termination by Covered Entity. Covered Entity may terminate this agreement at any time by providing thirty (30) days prior written notice to Recipient. d. For Breach. Covered Entity shall provide written notice to Recipient within ten (10) days of any determination that Recipient has breached a material term of this Agreement. Covered Entity shall afford Recipient an opportunity to cure said alleged material breach upon mutually agreeable terms. Failure to agree on mutually agreeable terms for cure within thirty (30) days shall be grounds for the immediate termination of this Agreement by Covered Entity. e. Effect of Termination. Sections 1, 4, 5, 6(e) and 7 of this Agreement shall survive any termination of this Agreement under subsections c or d. 7. Miscellaneous. a. Change in Law. The parties agree to negotiate in good faith to amend this Agreement to comport with changes in federal law that materially alter either or both parties obligations under this Agreement. Provided however, that if the parties are unable to agree to mutually acceptable amendment(s) by the compliance date of the change in applicable law or regulations, either Party may terminate this Agreement as provided in section 6. 4

b. Construction of Terms. The terms of this Agreement shall be construed to give effect to applicable federal interpretative guidance regarding the HIPAA Regulations. c. No Third Party Beneficiaries. Nothing in this Agreement shall confer upon any person other than the parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever. d. Counterparts. This Agreement may be executed in one or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. IN WITNESS WHEREOF, each of the undersigned has caused this Agreement to be duly executed in its name and on its behalf. COVERED ENTITY RECIPIENT By: Print Name: Print Title: By: Print Name: Print Title: 5

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback