Skip to main content

Resources for Further Exploration

Reading and Tutorials

Data Use Agreements (DUAs)

A Data Use Agreement (DUA) is a legal contract that outlines the terms and conditions for accessing, using, and sharing data. DUAs are particularly important when dealing with sensitive or confidential data, such as health data, as they establish clear guidelines for data usage, privacy protection, and compliance with relevant regulations. DUAs help ensure that data is used responsibly and ethically, safeguarding both the data providers' interests and the privacy of individuals whose data is being used.

Key Components of a Data Use Agreement

  1. Data Description: Clearly describe the type of data being shared, including its nature, scope, and format. Specify whether the data is identifiable or de-identified.

  2. Purpose of Use: Explain the purpose for which the data will be used. This could include research, analysis, or other specific objectives.

  3. Data Recipients: Identify who will have access to the data. This could be individuals, researchers, organizations, or institutions. Specify their roles and responsibilities.

  4. Data Security and Protection: Describe the measures that will be taken to protect the data's security, confidentiality, and integrity. Address issues such as encryption, access controls, and data storage.

  5. Data Handling and Access: Outline how the data will be handled, accessed, and used. Specify any restrictions on copying, sharing, or disseminating the data.

  6. Data Retention and Destruction: Define the timeline for retaining the data and the procedures for its secure destruction once the agreed-upon purpose is fulfilled.

  7. Legal Compliance: Ensure that the data usage complies with relevant laws and regulations, such as HIPAA, GDPR, and other privacy laws.

  8. Ethical Considerations: Address ethical concerns related to data usage, including obtaining informed consent, protecting individual privacy, and avoiding harm.

  9. Liabilities and Indemnification: Clarify the responsibilities and liabilities of both the data provider and the data recipients. Include provisions for indemnification in case of data breaches or misuse.

  10. Dispute Resolution: Establish procedures for resolving disputes that may arise during the data usage period.

  11. Termination: Outline the conditions under which the agreement can be terminated by either party.

Importance of Consultation

Creating an effective DUA requires collaboration between data providers, legal experts, researchers, and ethics committees. Different organizations may have specific templates or guidelines for DUAs, and it's important to tailor the agreement to the context of the data sharing arrangement. Consulting with an Institutional Review Board (IRB) or ethics committee can help ensure that the DUA aligns with ethical standards and legal requirements.

Case Study: NIH Data Sharing Agreements

The National Institutes of Health (NIH) provides a variety of data sharing agreements for research data. The NIH Data Sharing Agreement Template covers important aspects such as data ownership, intellectual property, publication rights, and data usage. Researchers seeking to share data collected from NIH-funded projects are required to adhere to these agreements to ensure responsible and ethical data sharing.

Remember that DUAs are legally binding agreements, and careful consideration of their terms is essential to protect the interests of all parties involved and to maintain data integrity and privacy.

Please visit the official NIH Institute of Center Data Sharing Policies for examples.