Data Use Agreement for the Nationwide Inpatient Sample from the Healthcare Cost and Utilization Project Agency for Healthcare Research and Quality |
This Data Use Agreement ("Agreement") implements the data protections of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (Public Law 104-191) and the Agency for Healthcare Research and Quality (AHRQ) confidentiality statute. Any individual ( "data recipient") seeking to obtain or use data in the Nationwide Inpatient Sample (NIS) from the Healthcare Cost and Utilization Project (HCUP) maintained by the Center for Delivery, Organization, and Markets (CDOM) within AHRQ, must sign and submit this Agreement to AHRQ or its agent before access to the NIS may be granted. |
In accordance with HIPAA, the NIS may only be used or disclosed in the form of a limited data set, as defined by the HIPAA Privacy Rule (45 CFR § 164.514(e)) |
The AHRQ confidentiality statute, Section 924(c) of the Public Health Service Act (42 U.S.C. 299c-3(c)), requires that data collected by AHRQ that identify individuals or establishments be used only for the purpose for which they were supplied. Data supplied to AHRQ for HCUP and disclosed in limited data set form are identifiable under the HIPAA Privacy Rule and are provided by the data sources only for research, analysis, and aggregate statistical reporting. Therefore, data recipients may use HCUP data only for these purposes. |
No Identification of Persons-Any effort to determine the identity of any person contained in HCUP databases (including but not limited to patients, physicians, and other health care providers), or to use the information for any purpose other than for research, analysis, and aggregate statistical reporting, would violate the AHRQ confidentiality statute, the conditions of this Agreement, and the HIPAA Privacy Rule. Recipients of the data set are prohibited under the AHRQ confidentiality statute and the terms of this Agreement from releasing, disclosing, publishing, or presenting any individually identifying information obtained under this Agreement. AHRQ omits from the data set all direct identifiers that are required to be excluded from limited data sets as defined by the HIPAA Privacy Rule. It may be possible in limited situations, through deliberate technical analysis, and with outside information, to ascertain from the limited data sets the identity of particular persons. Considerable harm could ensue if this were to occur. Therefore, any attempts to identify individuals are prohibited and information that could identify individuals directly or by inference must not be released or published. In addition, users of the data must not attempt to contact individuals for any purpose, including verifying information supplied in the data set. Any questions about the data must be referred exclusively to AHRQ. |
Use of Establishment Identifiers-Section 924(c) of the Public Health Service Act (42 U.S.C. 299c-3(c)) also restricts the use of any information that permits the identification of establishments for purposes other than those for which the information was originally supplied. Permission is obtained from the HCUP data sources (state data organizations, hospital associations, and data consortia) to use the identification of hospitals (when such identification appears in the data sets) for research, analysis, and aggregate statistical reporting. This may include linking institutional information from outside data sets for these purposes. Such purpose does not include the use of information in the data sets concerning individual establishments for commercial or competitive purposes involving those individual establishments, or to determine the rights, benefits, or privileges of establishments. Users of the data must not identify establishments directly or by inference in disseminated material. In addition, users of the data must not contact establishments for the purpose of verifying information supplied in the data set. Any questions about the data must be referred exclusively to AHRQ. Misuse of identifiable HCUP data about hospitals would violate the AHRQ confidentiality statute and trigger its penalty provisions. |
The undersigned gives the following assurances with respect to the NIS data set: |
|
Safeguards. I agree to use appropriate safeguards to prevent use or disclosure of the data set other than as permitted by this Agreement. |
Permitted Access to Limited Data Set. I shall limit the use or receipt of the data set to the individuals who require access in order to perform activities permitted by this Agreement. This Agreement must be signed by all such individuals and submitted to AHRQ or its agent before access to the data set may be granted. |
Re-disclosure. I will not re-disclose (i.e., share) the data set (or any part), unless the individual who will receive the data has agreed in writing to be bound by the same restrictions and conditions that apply to me under this Agreement. |
The HIPAA Privacy Rule. I agree not to use or disclose the data set in any manner that would violate the HIPAA Privacy Rule if I were a covered entity under the Privacy Rule. |
Agents and Contractors. I shall ensure that any agents, including contractors and subcontractors to whom I provide the data set, agree in writing to be bound by the same restrictions and conditions that apply to me with respect to the limited data set. |
Reporting Violations of this Agreement. I agree to report any violations to AHRQ within twenty-four (24) hours of becoming aware of any use or disclosure of the limited data set in violation of this Agreement or applicable law. |
Term, Breach, and Termination of this Agreement. This Agreement shall continue in full effect until the data recipient has returned all copies of the data set to AHRQ. Any noncompliance by the data recipient with the terms of this Agreement will be grounds for immediate termination of the Agreement if, at the sole determination of AHRQ, the data recipient knew or should have known of such noncompliance and failed to immediately take reasonable steps to remedy the noncompliance. |
Reporting to the United States Department of Health and Human Services. If the data recipient fails to remedy any breach or violation of this Agreement to the satisfaction of AHRQ, and if termination of the Agreement is not feasible, AHRQ shall report the recipient's breach or violation to the Secretary of the United States Department of Health and Human Services, and the recipient agrees that he or she shall not have or make any claims against AHRQ with respect to such report(s). |
I understand that this Agreement is requested by the United States Agency for Healthcare Research and Quality to ensure compliance with its statutory confidentiality requirement. My signature indicates my Agreement to comply with the above-stated requirements with the knowledge that any violation of the AHRQ confidentiality statute is subject to a civil penalty of up to $10,000 under 42 U.S.C. 299c-3(d), and that deliberately making a false statement about this or any matter within the jurisdiction of any department or agency of the Federal Government violates 18 U.S.C. 1001 and is punishable by a fine of up to $10,000 or up to five years in prison. Violators of this Agreement may also be subject to penalties under state confidentiality statutes that apply to these data for particular states. |
|
Signed:__________________________________________________________________ Date:_________________________ |
Print or Type Name of Data Recipient:_______________________________________________________________________ |
Title:__________________________________________________________________________________________________ |
Organization:____________________________________________________________________________________________ |
Address:________________________________________________________________________________________________ |
City:______________________________________________________ State:__________ ZIP Code:____________________ |
Phone Number:______________________________________________ Fax: ________________________________________ |
E-mail:________________________________________________________________________________________________ |
|
The information above is maintained by AHRQ for the purpose of enforcement of this Agreement. This information may also be used by AHRQ to create an HCUP mailing list. The mailing list allows AHRQ to send users information such as notices about the release of new databases and errata when data errors are discovered. |
Note to Purchaser: Shipment of the requested data product will only be made to the person who signs this Agreement, unless special arrangements that safeguard the data are made with AHRQ or its agent.
|
|
Revised 11-7-11 |
|
Internet Citation: NIS Data Use Agreement. Healthcare Cost and Utilization Project (HCUP). November 2011. Agency for Healthcare Research and Quality, Rockville, MD. www.hcup-us.ahrq.gov/team/NISDUA.jsp. |
Are you having problems viewing or printing pages on this Website? |
If you have comments, suggestions, and/or questions, please contact [email protected]. |
Last modified 11/8/11 |
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | DHHS |
File Modified | 0000-00-00 |
File Created | 2021-01-30 |