Data Use Agreements

Definition and Purpose

A Data Use Agreement (DUA) is a contractual document used for the transfer of data that has been developed by nonprofit, government or private industry, where the data is nonpublic or is otherwise subject to some restrictions on its use.  Often, this data is a necessary component of a research project and it may or may not be human subject data from a clinical trial, or a Limited Data Set as defined in HIPAA.  Universities will want to ensure that DUA terms protect confidentiality when necessary, but permit appropriate publication and sharing of research results in accordance with University policies, applicable laws and regulations, and federal requirements.  DUAs are similar to confidentiality agreements in that they restrict the use and disclosure of the data set, and, in some cases, a CDA format may be used as a starting point to build a DUA appropriate for the transfer of data.

Our University is a state-related entity that receives a large proportion of its research funding from the U.S. federal government.  In order to ensure that DUAs meet University policies as well as the requirements of funding agencies, the University's Office of Research will review and institutionally endorse DUAs to ensure compliance with appropriate policies and regulations. 

 

Procedure to Initiate Office of Research (OR) Review:

  1. Principal Investigator (PI) creates and submits the request in the MyRA system.
  2. Upon electronic receipt of a new submission in MyRA, the Clinical & Corporate Contracts Coordinator will begin initial submission review and will contact the PI and the administrative contact listed in the MyRA submission if any of the required documentation is missing or incomplete. When all of the required documentation has been received, the submission will be assigned to a contracts officer for review and negotiation. Contracts officers are assigned to a constituency of University departments.  To find your Contracts Officer, view the staff Assignments.
  3. Once the terms have been finalized by the contracts officer, the agreement will be circulated for signature.
  4. Once the agreement has been fully executed (signed by all parties), a PDF copy will be provided to the PI and to the administrative contact listed in the MyRA submission.  The data set covered by this DUA may now be transferred.

 

DOCUMENTS REQUIRED FOR SUBMISSION*

  1. Completed submission in MyRA, created and submitted by PI
  2. Proposed DUA (as an editable Word document) or request to use Pitt DUA template (if Pitt is receiving data from another entity)
  3. IRB approval letter (for human data)

*Subject to sponsor requirements and/or OR procedure changes.

 

Resources:

HIPAA Privacy Rule Guidance for Researchers at the University of Pittsburgh and UPMC
 

Frequently Asked Questions