Data Use Agreement Sample
ADVERTISEMENT
1
2
3D
H
H
S
EPARTMENT OF
EALTH AND
UMAN
ERVICES
E
P
L
C
F
NTERPRISE
ERFORMANCE
IFE
YCLE
RAMEWORK
<OPDIV Logo>
P
G
P
G
P
G
R
A
C
T
I
C
E
S
U
I
D
E
R
A
C
T
I
C
E
S
U
I
D
E
R
A
C
T
I
C
E
S
U
I
D
E
D
U
A
ATA
SE
GREEMENT
Issue Date: <mm/dd/yyyy>
Revision Date: <mm/dd/yyyy>
Document Purpose
This Practices Guide is a brief document that provides an overview describing the best practices,
activities, attributes, and related templates, tools, information, and key terminology of industry-leading
project management practices and their accompanying project management templates.
Background
The Department of Health and Human Services (HHS) Enterprise Performance Life Cycle (EPLC) is a
framework to enhance Information Technology (IT) governance through rigorous application of sound
investment and project management principles, and industry best practices. The EPLC provides the
context for the governance process and describes interdependencies between its project management,
investment management, and capital planning components. The EPLC framework establishes an
environment in which HHS IT investments and projects consistently achieve successful outcomes that
align with Department and Operating Division (OPDIV) goals and objectives.
A Data Use Agreement (DUA) is a legal binding agreement between the OPDIV and an external entity
(e.g., contractor, private industry, academic institution, other Federal government agency, or state
agency), when an external entity requests the use of personal identifiable data that is covered by a legal
authority, such as the Privacy Act of 1974, Economy Act, Government-wide User Charge Authority,
Intergovernmental Cooperation Act, “Special Studies” statute, Joint Project Authority, and the Clinger-
Cohen Act. The agreement delineates the confidentiality requirements of the relevant legal authority,
security safeguards, and the OPDIV’s data use policies and procedures. The DUA serves as both a
means of informing data users of these requirements and a means of obtaining their agreement to abide
by these requirements. Additionally, the DUA serves as a control mechanism for tracking the location(s)
of the OPDIV’s data and the reason for the release of the data. A DUA requires that a System of Records
(SOR) be in effect, which allows for the disclosure of the data being used.
Practice Overview
The Department of Health and Human Services (HHS) defines a “record” as any item, collection, or
grouping of information about an individual that is maintained by an Agency. A System of Records (SOR)
is a grouping of any records under the control of any Agency from which information is retrieved by the
name of the individual or by some identifying number, symbol, or other identifying particular assigned to
the individual, including, but not limited to:
Name
Education
Criminal History
Medical History
Employment History
Financial Transactions
Any identifying number, symbol, or other identifier such as a finger print, voice print, or
photograph
Data use occurs when there is a legal authority for Federal and/or State Agencies to share information in
identifiable form (IIF). An agency may enter into a data use agreement with another entity if authorized
by law. The agreement must indicate the legal and statutory authority for use of data. There may be
multiple data use agreements in any given project. If there are separate promises between the various
entities involved, the agreement must be drafted to reflect the relationships.
<OPDIV> Data Use Agreement (v1.0)
Page 1 of 3
This document is 508 Compliant
[Insert additional appropriate disclaimer(s)]
ADVERTISEMENT
0 votes
Related Articles
Related forms
Form Cms-r-0235u - Data Use Agreement (dua)- Update To Existing Dua - Agreement For Use Of Centers For Medicare & Medicaid Services (cms) Data
Medical
Form Cms-r-0235a - Data Use Agreement (dua) Addendum For Data Acquired From The Centers For Medicare & Medicaid Services (cms) 2012
Legal
Related Categories
Parent category: Business