Skip to main content

Data Use Agreements (DUA)

Service Description

A Data Use Agreement (DUA) is a contractual document used to govern the transfer and use of nonpublic data or data that is otherwise subject to restrictions regarding its usage. An example of nonpublic or restricted data may include human subject data from a clinical trial or a Limited Data Set as defined in HIPAA. A DUA is sometimes also referred to as a Data Transfer and Use Agreement (DTUA).

A DUA may be required by a 3rd party when Vanderbilt is accessing or receiving their restricted data. Often the contractual terms included in a DUA require that certain IT security measures are in place in order to protect the data while it is in Vanderbilt’s possession. This VUIT Security service is to assist the Vanderbilt customer with implementing the necessary IT controls to comply with the terms of the Agreement, Vanderbilt policies, applicable laws, regulations, and statutory requirements. It is available to Vanderbilt University faculty and staff.

 

Support Contacts

vuit.prc@vanderbilt.edu

 

Service Charges or Fees

There are currently no service charges or fees for this service.

 

Requesting Service

Vanderbilt University DUAs are managed by the Sponsored Programs and Administration (SPA) office. SPA is the primary facilitator. To initiate a DUA request, contact SPA @ 615.322.2631 or andrew.m.budell@vanderbilt.edu

Once initiated with SPA, VUIT Security (specifically the Policy, Risk, & Compliance team) assists the customer with implementing the necessary IT security controls to protect the confidentiality, integrity, and availability of the restricted data.

To inquire about the DUA workflow or if you have general questions about the process, please contact SPA @ 615.322.2631 or andrew.m.budell@vanderbilt.edu .

 

What You Can Request

Data Use Agreement (DUA) Request

Service

Consulting and Advising

 

Service Category

Security