Continuing the discussion from OHDSI Data Use Agreement? Discussion on necessity and possible structure:
One thing to be careful about. “Data use agreement” in the US specifically means limited data set and therefore implies PHI. For that reason, we have an “agreement to use de-identified data.” George
thanks @hripcsa - I’ve heard the phrase DUA used in a non-PHI way, but if you feel its specific to PHI then perhaps the title DUA could be revised and called ‘aggregate data - use agreement’ or some other verbage.
Having a formalized way of handling the exchange of data will allow data holders to fully understand what they are agreeing to, and will prevent any ambiguities down the line. @schuemie mentioned (on the researchers page where I also posted this question) that “As a data holder, you should always have the last word on what happens to your data, even if it is no longer physically under your control.” Not sure if everyone’s opinion is 100% the same on this issue, which is why I want to bring this subject up to the community for discussion. Obviously we would only be sharing aggregate data across institutions. But as a community, it would be good if everyone was on the same page about how data were to be used or not used. And also how long even aggregate data would be retained (e.g., 5 years like SEER-Medicare?).