Guiding Legal Framework

Inter-Agency Memorandum of Understanding (IMOU)

Documents the vision, mission, and governance process. References the Data Sharing Agreement (DSA) and Data Use License (DUL). Executed by the Directors of all data contributors.

Data Sharing Agreement (DSA)

Includes the specific terms and conditions that govern how data are transferred, stored, and managed within the shared data infrastructure and for end users.  This technical agreement governs data brought INTO the system, including Personally Identifiable Information (PII) and Protected Health Information (PHI). Executed by the Directors of all data contributors AND the Ecosystem.

Data Use License (DUL)

Outlines the role and responsibilities of the end user--the licensee. Includes the project’s objectives, methodology, data fields, data security plan, dissemination plan, and timeline of project completion. Signed by the end user of each approved project prior to data access and includes a confidentiality agreement. The DUL stipulates the following:

  1. Data recipient will implement data security protocols specified in Data License Request (DLR)
  2. Data recipient cannot try to re-identify data by linking to other data sets, not expressly authorized in DLR
  3. Any data disclosure must conform to cell suppression rules (i.e., no cell based on fewer than 11 observations)
Diagram of Guiding Legal Framework for Data Use and Sharing