Yes, you need both a DATA Use Agreement (DUA) and a Business Associate Agreement (BAA) because the covered entity (Stanford University Affiliated Covered Entity) provides the PHI recipient, which may contain direct or indirect identifiers. For this reason, a BAA may be required before disclosing direct identifiers to the recipient outside of Stanford. DUAs are often used when a researcher wishes to access limited archives or data sets that may contain identifiable information about individuals for the purpose of carrying out such projects. The IRB should be contacted when the use of archived protected health data falls within the definition of "research" in the IRB. Investigations directly related to personal identifier data may be permitted to use and/or disclose PPIs (for individual access rights to the PHI) or to discontinue hipa authorization (for large sample requests for which individual authorizations are not practical and where the requirement is in accordance with the specifications of the data protection policy). Application forms should look at the safeguards provided to protect the identity of individuals and assess the security of procedures for protecting these identities. Rutger`s PIs are often required to sign DUAs like Read and Understood. Rutgers urges his listeners to read the DUAs carefully before signing. Not all OAUs are equal, and it is very important that Rutger`s PIs and Key Staff understand and respect the terms of the agreement. Limited data sets may only contain the following identifiers: A data use contract (or provisions applicable in another agreement) is required, if Stanford is the provider of a limited data set, Stanford requires that an AEA be signed to ensure that the appropriate provisions for the protection of the limited data set are in place. Here are the contacts for different types of research: Whenever limited data is transmitted to a researcher at Rutgers University or by a researcher, a data use agreement and/or business associate agreement must be established between the parties involved. Defining authorized uses and disclosing the limited set of data; If a Stanford researcher is the recipient of a limited set of data from a non-Stanford source, the Stanford researcher may be asked to sign the other party`s AAU. In this case, the Stanford researcher should consult with the relevant contract office to determine whether, materially, he is in agreement with the Stanford AAU.
A Data Use Agreement (AEA) is a specific type of agreement that is required and must be entered into in accordance with the HIPAA data protection rule before using a restricted dataset (defined below) from a medical dataset to an external institution or to one of three purposes: (1) Research, (2) Public Health or (3) Public Health Operations.