4
List the data recipients, individual names or class of individuals (e.g. study team
members for study listed above)
5. Secure methods for sharing data (page 2 – Section III-2.)
Provide specific method data will be shared with other institution (e.g. slashtmp,
encrypted email, encrypted file transfer)
Note electronic sharing of data must be encrypted.
6. Contact from each entity (page 2 – Section IV-1.)
In case there is a breach of other notification is required must list contact information
Contact at IU including contact information such as email address
Contact at data recipient including contact information
7. Termination Date (page 3 – Section VI-3.)
Specific Date or event agreement will terminate
This agreement must have some timeframe for termination, but can be renewed if
necessary (It is not like an authorization, so cannot be indefinite)
8. Signatures will be required from the University HIPAA Privacy Officer and the Recipient
or the authorized representative of the Recipient.
B. IU Data used within Indiana University: Group uses data in the form of a limited data set,
data is from own patients’, IU, IUHP or Practice Plan.
Data Use Agreement Template IU Internal Dec 2013
Complete the sections highlighted in yellow:
1. Enter the PI’s Name or other Recipient (if not for research), printed or typed, (page 1,
top)
2. Check how the limited data set will be used (research, public health or health care
operations)
3. Enter a meaningful description of the data to be shared. This information is used to
ensure the data are in the form of a limited data set. (page 1)
4. Enter how data will be shared and stored securely (page 1, middle)
5. Enter begin and end date for study or an event (page 2, top)
6. Enter IRB assigned number and Study Title if being used for research purposes or a
meaningful description of the use if not for research purposes (page 2, top)
7. Signatures will be required from a representative of the Department such as the HIPAA
Liaison/Privacy Officer, the Principal Investigator or other recipient as well as the
University HIPAA Privacy Officer.
C. IU is the data recipient receiving data in the form of a limited data set from an organization
outside Indiana University. If not provided a DUA use
Data Use Agreement Template IU Recipient Dec 2013
Complete the sections highlighted in yellow:
1. Date and Parties involved in the agreement (page 1 top section)
Enter the day of the month, month and year entered into the agreement
Enter the name of the Covered Entity sharing the information with IU, may also be
on behalf of a specific person within that organization.
The Trustees of Indiana University on behalf of the unit or department and the PI’s
name or other Recipient (the person or group who will be the actual recipient).
2. Definition/description of the limited data set (page 1 – Section I)