Sharing Information and Data
Specific agreements often need to be in place before sharing or receiving information or data.
Confidentiality, Non-Disclosure (CDA/NDA), or Data Use Agreements (DUA) might be necessary when:
- Exchanging information or data on a current project or in anticipation of a potential project.
- The UW is receiving a protocol to decide if we want to participate in a clinical trial.
- We need non-public data from a state or federal agency to use in a research project.
- Sharing information generated at the UW such as student information, human subjects information, personal health information, limited data sets, etc.
- The UW is a multi-site study and providing or receiving data with other sites or the coordinating center.
If materials or intellectual property terms appear in an agreement, this is probably not simply a CDA or a DUA.
These can also be referred to as Proprietary Information Agreements (PIA). CDAs and NDAs restrict disclosure & use of proprietary or protected information.
If you know you will be exchanging proprietary or protected information that is related to or might directly result in a sponsored program; you will need to prepare an eGC1 following the NAA eGC1 Instructions.
Using UW approved templates can speed up the review of your request.
When a mutual NDA is needed and the sponsor is willing to accept the UW Approved Mutual NDA Template AS IS:
- Follow the NAA eGC1 instructions,
- Include a note on the eGC1 for OSP to issue the UW approved NDA template to the sponsor.
Already have a Non-Disclosure Agreement from the sponsor?
Follow the NAA eGC1 instructions.
Is the CDA/NDA related to an innovation you have disclosed?
Data Use Agreements or Data Transfer & Use Agreements are used when there is a transfer of data collected or developed such as raw data, data sets, student info, personal health info, etc.
A DUA must be in place when:
- Data is from human subjects; and or is HIPAA protected, or
- If the data contains Personal Data, or
- Use of data is restricted or regulated by the data owner.
DUA’s are not necessary when the data is completely de-identified (stripped of all personal data and (for PHI) all HIPAA identifiers) there is no way to re-identify that data.
Need a DUA? Start with the Federal Demonstration Partnership (FDP) Templates
When a DUA is needed the UW recommends starting with the Federal Demonstration Partnership (FDP) DTUA Templates. Complete the Face page with attachment 1 & 3 and select relevant attachment 2.
If the Data Sharer has a non-FDP agreement, your reviewer may need more information to put the agreement into place. Review the FDP DUA templates to help understand the type of information needed.
- A DUA that is not related to an active or pending sponsored program does not route to the Office of Sponsored Programs.
- The recipient on the Face page should reflect the authorized signature.
- For example, if the School of Medicine (SOM) is signing a DUA (because it is a SOM DUA and it is not related to an active or pending sponsored program) then the Recipient will list the SOM and the Signature will be the SOM.
Who Reviews a DUA?
Is the data related to an active or pending sponsored project?
DUAs that are Not Related to an Active or Pending Sponsored Program
Your departmental authorized official signs.
Federal Demonstration Partnership (FDP) Data templates are available to use.
DUAs Related to an Active or Pending Sponsored Program
Prepare & route a non-award agreement (NAA) eGC1.
- Attach agreement:
- FDP Templates : attach completed DTUA Face Page with Attachments 1 and 3 and relevant DTUA attachment 2
- Indicate eGC1# of related sponsored program
- Route the eGC1 to OSP
- The eGC1 will default to an After-the-Fact (ATF) eGC1
- Approval of an ATF eGC1 by OSP does not imply approval or acceptance of the agreement.
DUA Agreement eGC1 Attachments
Completing and attaching FDP DTUA Data Stewardship templates facilitates OSP review and signature.
Complete the DTUA Face Page with Attachments 1 and 3 as well as the relevant attachment 2.
Upon receipt of the ATF eGC1 with completed FDP templates, OSP can review and sign.
Data Sharer Agreements
Using the data sharer’s non-FDP agreement means a less predictable timeline for signature. OSP reviews then negotiates terms with the data sharer, then may sign the agreement after negotiation.
When you are accessing or submitting data to a Federal Repository such as dbGap, NIAGADS, CMS, and are required to complete a Data Submission Agreement (DSA), Data Access Request (DAR) or Data Use Certification (DUC) you will need to submit an Award Modification Request in SAGE.
- Find the award that is associated with the project that generated the data being submitted, or the project that will use the data in the case of a data access request.
- If the data are not related to a current sponsored program and you do not have an Award number, route a Non-award Agreement (NAA) eGC1. Include a comment that this request is not related to a sponsored program.
- Create a modification associated with that award.
- Attach the completed Federal Repository form.
- Include a comment on the Modification that indicates what you are requesting.
NOTE: Before submitting human subjects datasets to repositories, consult with the Human Subjects Division email@example.com
Certificate of Confidentiality
If a Certificate of Confidentiality is in place review guidance for Sharing Information Protected under a CoC.
Forms, Tools, and Resources
- Data Management Resources at UW
- Human Subjects Division (HSD)
- Agreement Types
- NIH: What is FISMA?
- Office of Sponsored Programs
- CoC Decision Tree: Is my research subject to CoC?
- Privacy Office: European Union – General Data Protection Regulation (EU…
- Office for Human Research Protection (OHRP): EU General Data Protection…
- Non-Award Agreement eGC1 Instructions
- Subrecipient, Contractor/Vendor, Consultant?
- Mutual Non-Disclosure Agreement (NDA) SAMPLE
- UW: Foreign Interests in Sponsored Programs
Policy, Regulation, and Guidance
- Export Control Measures
- Executive Order 8: Classified, Proprietary, and Restricted Research
- Executive Order 36: Patent, Invention, and Copyright Policy
- Office of the Chief Information Security Officer: Laws
- Agreement Considerations
- APS 2.6 Information Security Controls and Operational Practices
- Federal Information Security Management (and Modernization) Act (FISMA)
- Export Control
- Guidance: Certificate of Confidentiality (CoC)
- NIH: Data Management and Sharing Policy