Data Use Agreements (DUA)

A Data Use Agreement (DUA) is a contractual document used to govern the transfer and use of nonpublic data or data that is otherwise subject to restrictions regarding its usage. An example of nonpublic or restricted data may include human subject data from a clinical trial or a Limited Data Set as defined in HIPAA. A DUA is sometimes also referred to as a Data Transfer and Use Agreement (DTUA).

A DUA may be required by a 3rd party when Vanderbilt is accessing or receiving their restricted data. Often the contractual terms included in a DUA require that certain IT security measures are in place in order to protect the data while it is in Vanderbilt’s possession. This VUIT Security service is to assist the Vanderbilt customer with implementing the necessary IT controls to comply with the terms of the Agreement, Vanderbilt policies, applicable laws, regulations, and statutory requirements. It is available to Vanderbilt University faculty and staff.

Support Contacts
Email: it.risk@vanderbilt.edu

Service Charges or Fees
There are currently no service charges or fees for this service.

Requesting Service
Vanderbilt University DUAs are managed by the Sponsored Programs and Administration (SPA) office. SPA is the primary facilitator. To initiate a DUA request, see the SPA website for instructions.

Once initiated with SPA, VUIT Security (specifically the Policy, Risk, & Compliance team) assists the customer with implementing the necessary IT security controls to protect the confidentiality, integrity, and availability of the restricted data.

To inquire about the DUA workflow or if you have general questions about the process, please contact SPA at SPA@vanderbilt.edu.

Explore Story Topics