DPE are often used when a researcher wishes to access restricted archives or records that may contain identifiable information about individuals to carry out such projects. The BRI should be contacted if the use of archived protected health data falls within the IRB`s definition of “research”. Searches that directly process data with personal identifiers may require HIPAA authorization for the use and/or disclosure of PHI (for individual IHP access permissions) or a waiver of HIPAA authorization (for large sample size requests for which individual permissions are not practical and the request complies with privacy rules). Application forms should address the safeguards in place to protect the identity of individuals and assess the security of procedures for protecting those identities. A Data Use Agreement (DUA) is a contractual document used for the transfer of non-public or restricted usage data. Universities want to ensure that the terms of the DUA protect confidentiality where necessary, but allow for the proper publication and dissemination of research results, in accordance with academic guidelines, applicable laws and regulations, and federal requirements. It is important that researchers read the terms of a DUA before forwarding the draft contract to the UMBC Office of Sponsored Programs (OSP) for review. It is the responsibility of the researcher to understand and follow the conditions of the DUA and to use the data only for the purposes indicated. The PSO considers that a researcher who transmits a DUA to OSP has read these conditions and agrees to comply with these conditions, whether or not the researcher`s signature on the DUA itself is necessary. If a researcher signs such an agreement, he or she could be exposed to legal and financial risks. A researcher does not have to sign a DUA before the OSP authorization of the DUA. Rutgers investigators cannot sign D.A.
on behalf of the university.