If Stanford is the provider of a limited data set, Stanford requires that an AEA be signed to ensure that the appropriate provisions to protect the limited data set are in place. Here are the contacts for different types of research: in addition, covered companies like Stanford must take all reasonable steps to cure the violation of the DUA by a beneficiary. For example, if Stanford learns that the data it has provided to a recipient is being used in a way that is not authorized by the AEC, Stanford should work with the recipient to resolve this issue. If these efforts were not successful, Stanford would be required to terminate any further disclosure of PHI to the recipient, in accordance with the AEA, and to notify the Federal Office of Health and Human Services for Civil Rights. Note: This is an example of AEA for data records that have data from human subjects de-identificationd A data usage agreement (DUA) is a particular type of agreement that is required by the HIPAA privacy rule and must be concluded before there is any use or disclosure of a limited data set (defined below) from a medical data set to an external institution or party to one of three purposes: (1) Research, (2) Public Health. A limited dataset remains Protected Health Information (PHI) and, for this reason, entities covered by HIPAA or covered hybrid entities, such as the University of Arizona (AU), must enter into an AEA with an institution, organization or organization, to which the AU devisions or transfers a limited data set. This agreement represents the entire agreement between the downloader and the user regarding the download and use of the material and replaces all prior or simultaneous communications and suggestions (oral, written or electronic) between the downloader and the user with regard to the download or use of the material. If a provision of this agreement proves unenforceable or invalidated, that provision is limited or removed to the minimum necessary to ensure that, if not, the agreement remains fully in force and remains effective and enforceable. “A “limited data set” is a limited set of information about identifiable patients within the meaning of the Health Insurance Portability and Accountability Act, better known as the HIPAA. A “limited set of data” of information may be transmitted to an external office without the patient`s permission if certain conditions are met. First, the purpose of disclosure should only be for research, public health or health care. Second, the person receiving the information must sign a data usage agreement with Hopkins. This agreement contains specific requirements that are discussed below.
Defining authorized uses and disclosing the limited set of data; Limited records may contain only the following identifiers: An AED must be entered before a restricted record is used or disclosed to an external institution or an external party. Disclosure of a “limited set of data” is not subject to HIPAA`s tracking/accounting requirements. The rationale appears to be that the minor increase in privacy that such an accounting would provide is offset by its expenses. DHHS considered that the privacy of individuals with respect to PHIs, which are disclosed in a “limited set of data,” can be properly protected by a signed data usage agreement. prohibit the recipient from using or disclosing the information unless the agreement permits or otherwise allows it; Hopkins has created a form for the data usage agreement, which will be used by those who wish to disclose to recipients a “limited dataset.” This model can be viewed on HIPAA IRB Form 9. If Johns Hopkins provides the limited data set, if significant changes are required to this Johns Hopkins form, or if the version of a data use agreement is to be used by another party, the Johns Hopkins Office of Research Administration must review and approve the terms of the agreement.