Data Use Agreement Sample Page 2
ADVERTISEMENT
1
2
3HHS EPLC Practices Guide - <OPDIV> Data Use Agreement (v1.0)
<
/
/
>
MM
DD
YYYY
Practice Best Practices
When a DUA is Required
Agencies establish data use agreements to conduct many government functions, including developing or
modernizing systems, expanded collaboration across agencies or populating databases for operational
use. A DUA is a legal document that establishes the legal and program authority that governs the
conditions, safeguards, and procedures under which Federal Agencies agree to use data that has been
previously established through a SOR. Consideration of Title V of the E-Government Act, Confidential
Information Protection and Statistical Efficiency Act of 2002 (CIPSEA), the Family Educational Rights and
Privacy Act (FERPRA), or the Privacy Act require Agencies to establish the DUA such that legal context is
established and demonstrates entities have a full understanding of applicable statutes, regulations and
traditional practices. The DUA may require:
Institutional Review Board (IRB) to oversee data use activities, particularly if the data involves
personally identifiable information
Informed consent documents for potential research participants
Members of joint projects to be trained on safeguards to protect confidential information
The DUA encompasses all IT projects. DUAs must be developed when any data covered by SOR will be
exchanged or used across agencies.
In addition, DUAs must be developed when matches involve
Federal personnel or payroll records. In concurrence with a DUA, a project must also prepare an
Inter/Intra-Agency Agreement (IA) when the SOR(s) involved in the comparison are the responsibility of
another Federal Agency.
An IA, also known as a reimbursable agreement, is a written compact in which a Federal agency agrees
to provide to, purchase from, or exchange with another Federal agency services, supplies or equipment.
An IA is the document with which the receiving agency agrees to reimburse the providing agency for the
cost of the services, supplies, or equipment. In certain cases, two or more agencies may agree to
exchange services, supplies, or equipment without a transfer of funds. Although an IA is usually between
two agencies, on occasion, an IA may involve more than two agencies.
All funded IT projects must prepare an IA in order to provide to, purchase from, or exchange with another
Federal agency services, supplies, or equipment.
Elements of a DUA
Name
Legal Authority for Data Use
Program Authority for Data Use
Purpose
Background
Mutual Interest of Entities
Responsibilities of Entities
Funding Information
Costs and Reimbursement
Custodian of Data
Agency Point of Contact (Project Officer)
Data Security Procedures
Inspecting Security Arrangements
Data Transfer, Media and Methods for the Exchange of Data
Reporting Requirements
Records Usage, Duplication, Re-disclosure Restrictions
Record Keeping, Retention and Disposition of Records
Potential Work Constraints
Ownership
Conditions for Reporting Results and Public Release of Data
Policy and procedures for releasing data to researchers
Penalties for Unauthorized Disclosure of Information
Term of the Agreement
Constraints, including Performance standards, DUA Review Procedures, Audit Clause, Liability
Issues, Definition of a Breach
<OPDIV> Data Use Agreement (v1.0)
Page 2 of 3
This document is 508 Compliant
[Insert additional appropriate disclaimer(s)]
ADVERTISEMENT
0 votes
Related Articles
Related forms
Form Cms-r-0235u - Data Use Agreement (dua)- Update To Existing Dua - Agreement For Use Of Centers For Medicare & Medicaid Services (cms) Data
Medical
Form Cms-r-0235a - Data Use Agreement (dua) Addendum For Data Acquired From The Centers For Medicare & Medicaid Services (cms) 2012
Legal
Related Categories
Parent category: Business