Download:
pdf |
pdfTRICARE Management Activity
Renewal Request - Data Sharing Agreement
Seal of Department
of Defense
~
T RIC A R EO
TRICARE Logo
This template shall be used to renew an executed Data Sharing Agreement (DSA) that incorporates an approved Data
Sharing Agreement Application (DSAA). Questions about completing this template can be directed to the TMA Privacy
and Civil Liberties Office (Privacy Office) at [email protected].
I. BIHR, II. MILCO, III. DHR
DSA #: 09-5958
DSATltle:
D c ib ny h n to th
A
m nt ( RADA), tc)
ontract (or r nt, Coop at v R earch
d O l pm nt
Contract Number: W911QY-11-D-0053-0001
Option Perloc;l of Performance Dates: 02-Apr-2012 to 01-Apr-2014
Changes (explain): No changes
Apph
nt / R ipi n Con a t In
rm
r
n
Chris Phillips, MD, MPH
Name & Title I Rank: Senior Epidemiologist
[email protected]
.E-Mail Address:
Henry M. Jackson Foundation
Phone Number: 619-553-7729
Company I Organization: Naval Health Research Center
Deployment Health Research Department
Gov rnment Spon
I e I Ran:
k
Name &Titl
r Con a tin orm tI n
Martin R. White, BA, MPH
Department Head
[email protected]
E-Mail Address:
Company I Organization: Naval Health Research Center
Deployment Health Research Department
Renewal Request. Last Update 121512012
TMA Privacy and Civil Liberties Office •
www.tricare.Q~d.mil/tmaprivacy
Phone Number: 619-553-9292
Confirm tion
Check as applicable to this renewal request:
o
There are no changes to the executed DSA or the approved, incorporated DSAA. Applicant
renewal.
I Recipient request
o The information approved In the executed DSA has changed. All changes are documented in the space provided
or as an attachment.
R
r h R que ts Only
o The research protocol (If applicable) for the project described in the executed DSA has changed. All changes
have been reviewed and approved by:
01RB
o
o
o
t
TMA, Human Research Subjects Official, COO #
OMB/V'IHS licensing (survey), # OMS Control #0720-0029, expiration
crib ny eh n
mi lon, tor
s t th proJ t In Iud'
or r 0 fng.
h
to
d t r
3/31/2014, for MILCO
u
II
This submission updates the document from May 2013.
New Government Sponsor, Martin R. White (GS) replaces Nancy F. Crum-Cianflone (GS)
Otherwise, no changes to data request. data use, transmission, storage or reporting.
Three IRB Continuing Review Approval Letters were included with previous submission.
All TMA secondary reviews have been completed and all are currently valid.
Renewal Request. Lost Update 121512012
TMA Privacy and Civil Liberties Office ..
www.tricare.osd.mil/tmanriV!!cy
,
By signing below, ApplicantlRecipient and Government Sponsor acknowledge that the information above Is truthful
and accurate, ApplicantlRecipient and Government Sponsor further attest that they are authorized to sign this request
on behalfoftheir respective organizations.
nt R Clplent
Appli
Gov
~~
Government Sponsor Signature
nment 5 onsor
Submit the completed template to DS~.mail(ti)tma.osd.mil
09-595C
10/1/2013
✔
DESHIELDS.RITA.S
CHINE.1229361798
Digitally signed by
DESHIELDS.RITA.SCHINE.1229361798
DN: c=US, o=U.S. Government, ou=DoD, ou=PKI,
ou=TMA, cn=DESHIELDS.RITA.SCHINE.1229361798
Date: 2013.10.01 09:31:21 -04'00'
Renewal Request. Last Update 121512012
TMA Privacy and Civil Liberties Office •
www.tricare.osd.milltmaprivacy
TRICARE Management Activity
Data Sharing Agreement - Addendum for Services
~
T R I eAR E'
IlIt(lrJI,nlllse Only
DSAA II:
C8-S3fQ.
This template is for the sole purpose of documenting approval from a respective Service's data sharing point
of contact ("POC") when a contract, grant, Cooperative Research and Development Agreement ("CRADA"),
or other project that is the subj ect of a Data Sharing Agreement Application ("DSAA") is sponsored by a
Unifonned Service. This Addendum for Services will be used to supplement a DSAA submitted to the TMA
Privacy and Civil Liberties Office ("Privacy Office") requesting data owned and/or managed by TMA.
By signing below, I certify that I have reviewed the request to renew DSA 09~59S as submitted to the
Privacy Office and agree that the data requested that is owned and/or managed by TMA, is appropriate
in connection with tbe contract, grant, CRADA, or other project referenced in Section 2 of the DSAA,
which is sponsored by my respective Unifonned Service.
I attest that I am autborized to sign tbis addendum as the data sharing POC for my respective Service.
Print: Amit Adbya
Title:
Navy Medicine Alternate DSA Representative
Slgnature~~~
nato:
M0!-f 15"~,
2-0i:i
Tbis AddcndulU has been rC\'icwedand made part of the nSAA tile.
DateProcesse4: .10/1/2013
..
--~--~~~
--~~~------------------------------
DESHIELDS.RITA.SCH
INE.1229361798
Digitally signed by DESHIELDS.RITA.SCHINE.1229361798
DN: c=US, o=U.S. Government, ou=DoD, ou=PKI, ou=TMA,
cn=DESHIELDS.RITA.SCHINE.1229361798
Date: 2013.10.01 09:34:15 -04'00'
Signature: ---'-__~-------::"__-......-:='~~~~'::"'"':'---:-~~':'7:"-:---=-=:::------'
.. • Dat~l Shari]J~ Compliance Officer.lMAprinu;y and Civil Liberties Office
Data Sharing Agreement AddendumforServices, Last Updated 6/]/li
TMA Privacy and Civil Liberties Office '" 5111 Leesburg Pike '" Suite 810 '" Falls Church, VA '" 22041
www.tricare.osd.milltmaprivacy
T RIC ARE'"
TRICARE Management Activity
Data Sharing Agreement Application
Internal Use Only
DSAA #:
09-595.18, .28, .38
The TRlCARE Management Activity ("TMA") Privacy and Civil Liberties Office ("Privacy
Office") conducts compliance reviews of requests for data owned and/or managed by TMA.
This Data Sharing Agreement Application ("DSAA") is designed to assist in reviewing data
requests for compliance with regulatory requirements, including Department of Defense
("DoD") Health Information Privacy Regulation (DoD 6025.l8-R), which implements the Health
Insurance Portability and Accountability Act ("HIPAN') Privacy Rule, and DoD Privacy
Program (DoD 5400.11-R), which implements the Privacy Act of 1974, as amended. Data
access and extractions are handled through separate offices within the Military Health
System ("MHS"), but prior approval of the data request is required by the Privacy Office.
This application to request data must be completed by both the Applicant and the Government
Sponsor, as defined below. Each will be asked to provide initials in order to certify the accuracy
of a completed DSAA. Upon approval, this application will be incorporated into a Data Sharing
Agreement ("DSA") that the Applicant, Government Sponsor, and Privacy Office Director must
execute. Questions can be directed to [email protected].
Phillips, MD. MPH I Senior Epidimiologist
Company I Organization
Henry M. Jackson Foundation
[email protected]
Phone Number
619-553-7729
Mailing Address (Street, City, State, and Zip Code)
140 Sylvester Road, San Diego, CA 92106-3521
F. Crum, MD, MPH I Director
Company I Organization
DOD Center for Deployment Health Research. NHRC
[email protected]
Phone Number
619-553-7335
Mailing Address (Street, City, State, and Zip Code)
40 Sylvester Road, San Diego, CA 92106-3521
Data Sharing Agreement Application. Last Update 611111
TMA Privacy and Civil Liberties Office ... 5111 Leesburg Pike ... Suite 810 ... Falls Church, VA ... 22041
http://www.tricare.milltma/privacy/
Prime Contracting Organization(s) [including the Applicant, if applicable]:
Henry M. Jackson Foundation
Subcontracting Organization(s):
None
Select the one below that forms the source of your data request:
[i] Contract
D
D
D
Grant
CRADA
List Other Project Type: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __
Contract / Grant / CRADA / Other Project
Number or Tracking Number (as applicable)
Contract / Grant / CRADA / Other Project Name
Current Option Year Period of Performance Dates
N66001-04-0-2506/009
I. BIHR, II. MILCO, III. OHR
9/26/11 - 3/25/12
Expiration Date of Contract / Grant / CRADA /
3/25/12
Other Project
Has standard Business Associate Agreement ("BAA") language been incorporated into the above
referenced contract, grant, CRADA, or other project documentation?
Standard BAA language is setforth at
http://www.tricare.mil/tma/privacY/downloads/20J0630/Protected%20Business%20Associate%20Agreement.doc
[i] Yes
D
No
If your response is ''No'' to the question above and the Privacy Office determines that this application is
requesting or will provide access to data elements containing protected health information ("PHI"), you may be
contacted and required to modify your contract, grant, CRADA, or other project documentation to incorporate
BAA language before the application can be approved. PHI is defined in Appendix B.
Data Sharing Agreement Application. Last Update 6///1 I
TMA Privacy and Civil Liberties Office ... 5 III Leesburg Pike ... Suite 810 ... Falls Church, VA ... 22041
htij)://www.tricare.miVtmaiprivacy/
2
3. PURPOSE OF THE DATA REQUEST
I. National Surveillance for Birth Defects Among Department of Defense (DoD) Health Care Beneficiaries - The
Birth and Infant Health Registry (BIHR) = To establish a surveillance program for birth defects among Department
of Defense Health Care Beneficiaries. Such a registry will provide baseline data, assist with medical surveillance,
and gather statistics about reproductive outcomes. The primary objective establishes surveillance for major birth
defects among DoD beneficiary infants and provide annual prevalence data on birth defects diagnosed in infancy,
beginning with all military infants born in 1998.
In support of the recommendations of the United States Senate Committee on Veterans' Affairs. the Institute of
Medicine's Committee to Review the Health Consequences of Service During the Persian Gulf War. and the
Presidential Advisory; Committee on Gulf War Veterans' Illnesses. This DoD registry concept has been endorse
by the Surgeons General of the US Army, Navy and Air Force. and by DoD/HA. (See attachment, Statement of
DoD-HA Policy from Dr. Sue Bailey for BIHR.)
II. Prospective Study of U.S. Military Forces: The Millennium Cohort Study (MILCO) = To determine how the
health of US military veterans change over time. and to determine the health impact of military deployments upon
the adjusted incidence of chronic disease and serve as the foundation for a portfolio of future studies of the
impact of military service. Including anthrax vaccination, on the health of members of the armed forces.
See also http://www.millenniumcohort.org.
This study was designed in response to the Institute of Medicine's report "Measuring Health" and funded by
DoD/HA. The study designed has been favorably reviewed by the American Institute of Biological Sciences
(AIBS). (See attachment, 10M Report Executive Summary. Measuring Health.pdf)
III. Deployment Health Research (DHR) =To conduct epidemiological studies investigating the health experience
of military personnel and their families. Studies focus on frequency of symptoms, hospitalizations, reproductive
outcomes, risks for autoimmune disorders, cancer risk factors and surveillance, mental health outcomes, mortality
and other health outcomes among DoD beneficiary populations, both military and civilian.
Section 743 of the Strom Thurmond National Defense Authorization Act for Fiscal Year 1999 authorized the
Secretary of Defense to establish a center devoted to " ... Iongitudinal study to evaluate data on the health
conditions of members of the Armed Forces upon their return from deployment ... II On September 30, 1999, the
Assistant Secretary of Defense for Health Affairs executed Section 743 to establish the DoD Center for
Deployment Health Research, designated to have remote access to personnel and health data maintained by all
DoD organizations.
For all three protocols above, SSN, EDIPN, Date of Birth, and Gender codes are required to link data from key
tables in the MDR (SADR, SIDR, HCSR-I, HCSR-NI. TED, DEERS, Pharmacy, Laboratory. Radiology). The DDS,
FMP and other Family Relationship codes to confirm familial relationships for the BIHR and MILCO.
Studies include investigations of personnel who remain on active duty and personnel who have left military
service, as well as their families. Records are collected and assembled to permit investigative examination and
analysis of reports of possible exposure to biological, chemical, radiological, disease, or environmental agents
incident to service in military deployments or related operations, exercises, or tests, to conduct scientific or related
studies or medical follow-up programs, and to assist in the resolution of deployment related issues. All studies
conducted at the DoD. Center for Deployment Health Research are conducted using protocols that are
approved by the Naval Health Research Center, and other appropriate Institution Review Boards.
3
Data Sharing Agreement Application, Last Update 611111
TMA Privacy and Civil Liberties Office * 5111 Leesburg Pike * Suite 810
http://www.tricare.mil/tmalprivacy/
*
Falls Church, VA
*
22041
Ii]
Yes
D
No
If "Yes,"
Set forth the precise type of data that will be published, reported, or otherwise released:
address the
following
two items:
If your response exceeds the space available, please attach additional pages.
Identifiable data will not be disclosed or reused, and will only be used to meet the stated study
objectives.
Describe the method that will be used to ensure that there is minimal risk of identifying or
re-identifying individuals:
If your response exceeds the space available, please attach additional pages.
Only the minimal amount of data needed to accurately identify an individual will be used, this is
usually the EDIPN or the combination of gender, ssn, and dob. Aggregate data and post
analysis results for publication will NEVER include any PHI. Results which have the potential to
identify any individual by identifiers other than EDIPN, gender, ssn, or dob will be not be
reported in aggregate tables.
Requirement: For research requests that undergo review by an Institutional Review
Board ("IRB"), any intent to publish, report, or otherwise release data, results, or findings
must be included in materials submitted to that respective IRB for approval. The
Government Sponsor is responsible for ensuring DoD requirements are met for
publication/release.
Data Sharing Agreement Application, Last Update 6/1/11
TMA Privacy and Civil Liberties Office • 5111 Leesburg Pike • Suite 810 • Falls Church, VA • 22041
htql://www.tricare .miVtmalprivacy/
4
PHI data, to include SSN, ED lPN, Date of Birth, Gender, FMP, DDS, Family Relationship codes are required to
link data from core MDR tables, aka the "pub" tables (SADR, SIDR, HCSR-I, HCSR-NI, TED, DEERS, Pharmacy,
Laboratory, Radiology). In addition, the personal identifiers are required to link MDR data with MILCO survey
data and declassified deployment history data.
For BIHR, a birth defect case will be defined as a DoD beneficiary birth with a date of birth, on or after January 1,
1998, and a congenital anomaly diagnosis that is classified as a birth defect by the CDC. This selection of birth
defects is a standard for US state birth defects registries. It includes diagnoses (ICD-9 codes) that are defined as
structural, or adversely affecting an individual's health functioning or social acceptability; and diagnosed before a
child's first birthday.
For MILCO, the prospective methodology will permit the accurate description of the incidence and natural history
of medical conditions in this population. Most importantly, the impact of future deployments will be captured and
addressed by determining whether conditions brought to medical attention post-deployment represent new
occurrences or pre-deployment health states. The data from the survey will not be weighted, and findings from all
subgroups will be reported. Baseline healthcare data and exposure history obtained from the survey will be
joined to deployment history data and DoD healthcare utilization data ( using ICD-9, CPT codes) to study any
associations and/or interactions from baseline health status, exposure history, deployment history and health
outcomes.
For DHR, personal identifiers are required to link data with recruit assessments, deployment history data and
medical outcomes, with emphasis on mental health to include PTSD, TBI, and for cancer surveillance and risk
factors.
Data Sharing Agreement Application, Last Update 6/1/11
TMA Privacy and Civil Liberties Office • 5111 Leesburg Pike • Suite 810 • Falls Church, VA • 22041
http://www.tricare.mil/tmalprivacy/
5
Name of Research Project
I. BIHR, II. MILCO, III. DHR
if other than the name stated
in section 1 above
IN~mc~(
Principal Investigator
Clrum, MD, MPH
ter Road, San Diego, CA 92106-3521
Complete Mailing Address
E-Mail
Address
Telephone Number
[email protected]
[!] Yes
Has this project been reviewed by an IRB?
D
Has this research been reviewed by TMA's Exemption Determination and
Secondary Review Officer?
~ Yes
D
(Contact [email protected] any questions)
provide the associated number and expiration date:
[j] Report Control Symbol ("RCS")
D
= MILCO
Office of Management and Budget ("OMB")
D
No
Res 10MB Number:
DD-HA(AR)2106
Expiration Date:
1/31/13
Data Sharing Agreement Application, Last Update 611111
* 5111 Leesburg Pike * Suite 810 * Falls Church, VA
http://www.tricare.mil/tma/privacy!
TMA Privacy and Civil Liberties Office
No
~] Yes
Does this research involve a surveyor information collection from ten (10) or
more individuals?
If "Yes" to the previous question, indicate the type of approval below and
No
6
*
22041
D
D
D
D
D
D
AHLTA
D
CDM (from the MDR)
~ MDR
CHCS
D
D
D
DMHRSi
EAS
M2
0
0
TMDS
TOL
MHS Learn
PDTS
[space reserved]
PEPR
Other systems (please specify):
Requirement: Except for requests made by a health care provider for treatment purposes,
all data requests must be limited to data elements that are minimally necessary to
accomplish the intended purpose of the request.
To request specific data elements within a system:
o
Go to Data Request Templates at http://www.tricare.mil/tmalprivacyffemplates.aspx to create a data
element list specific to your contract, grant, CRADA, or other project. The most frequently used
systems owned and/or managed by TMA will have a corresponding template. Use the default
template entitled "General Data Request Template" for any system not otherwise listed. You must
complete a template for each separate system indicated above from which you are requesting data.
Within the template, you can select the data elements available for that system. After completing
each applicable template, press the button to print out your data element list and attach it to this
DSAA for submission.
This DSAA will not be considered complete until you submit all applicable Data Request Templates.
To request all data elements within a system:
List each system below from which you are requesting "all data elements" and provide a detailed
justification for this request. Note: Requests for "all data elements within a system" should be
avoided, whenever possible, and will be carefully scrutinized.
If your response exceeds the space available, please attach additional pages.
Core files in "pubs" (All fields/All years) - SIDR, SADR, Ancillary HCSRN. HCSRI, DEERS, TEDN.
TEDNI, Death, PDTS, NMOP. Login via non OOB account to: program in SAS. start jobs, monitor job
completion status.
Data Sharing Agreement Application, Last Update 611111
TMA Privacy and Civil Liberties Office'" 5111 Leesburg Pike '" Suite 810 '" Falls Church, VA '" 22041
http://www.tricare.miVtrnaiprivacy/
7
Receive as an extraction (i.e., data will be physically removed from a system owned and/or
managed by TMA and provided to the data requestors)
D
Indicate the name of the MHS Office and/or its appointed designee that will prepare the
extraction:
Directly lli£!! via login (i.e., data requestors will directly log in to a system owned and/or
managed by TMA)
Notice: Based on the specific data elements that you request and any access you may
have to systems owned and/or managed by TMA, as indicated by your responses to the
above questions, the Privacy Office will determine the type/category of your data
request under applicable privacy regulations. You are not asked to decide if your
request meets the regulatory definitions of a limited data set, PHI, de-identified data
and/or personally identifiable information ("PH") that excludes PHI. The Privacy Office
will make this determination for you and will then review your request under the
applicable privacy regulations. The Privacy Office will contact you if there are questions
or issues that arise in making this determination.
D
One-time only
D
Weekly
D
Bi-weekly
D
Monthly
D
Quarterly
D
Annually
[I]
Other (please specify):
Continuous "ad hoc" access via SAS Sessions as needed, approximately twelve sessions per
month.
Data Sharing Agreement Application, Last Update 611111
TMA Privacy and Civil Liberties Office '" 5111 Leesburg Pike '" Suite 810 '" Falls Church, VA '" 22041
http://www.tricare.milltmalprivacyl
8
I!] Yes
o
No
If "Yes," explain why and how you will associate the requested data with data from non-TMA Systems:
If your response exceeds the space available, please attach additional pages.
For DMDC active duty rosters are used to create accurate denominators for deployment health research and to
verify, by month, active duty status. Database joins to these DMDC files by either EDIPN or the combination of
gender, ssn and dob.
For JTTR, PDHA, PHDRA; these databases are also important data sources for deployment health research.
Database joins to these files are by EDIPN (if populated) or the combination of gender, ssn and dob.
[!] DMDC
[!] PDHRA
[!] JTTR
o
[!] PDHA
[space reserved]
o
Other (please list):
TRAC2ES
Requirement: Be advised that you are required to obtain separate permission to use or
disclose data from each of the respective non-TMA system owners and/or managers. The
Privacy Office cannot approve data requests from these systems.
Are you electronically collecting, maintaining, using, or disseminating PH?
(PH is defined in Appendix B.)
Are you creating an item, collection, or grouping of information, in any
media (e.g., paper and/or electronic), from which you will have the ability to
retrieve the data by the name of an individual or some other personal
identifier?
til
Yes
til
Yes
o No
o No
Data Sharing Agreement Application, Last Update 6/1/11
TMA Privacy and Civil Liberties Office ... 5111 Leesburg Pike ... Suite 810 ... Falls Church, V A ... 22041
http://www.tricare.milltmalprivacy/
9
9. INFORMATION SYSTEM PROTECTION
Organization Name
Henry Jackson Foundation
System Name(s)
ATO orIATO
Expiration Date
Naval Medical Center San
Diego (NMCSD) Local Area
Network (LAN)
ATO
2/28/2014
None
Requirement: A System Security Verification ("SSV") template must be completed by
each organization indicated in section 9b above with respect to any information system on
which it intends to store. transmit. process. or otherwise maintain the requested data that
has not been granted an ATO or IATO.
The SSV template is available on the Privacy Office website link below. Please provide the
completed SSV template(s). as required. with this DSAA.
http://www.tricare.mil/tma/privacvldownloads/FINAL APPROVED SSV Lockeddoc
10
Data Sharing Agreement Application, Last Update 611111
TMA Privacy and Civil Liberties Office * 5111 Leesburg Pike * Suite 810
hltp:llwww.tricare.milllmp/privacy/
*
Falls Church, VA
*
22041
10. APPLICABLE SUPPORTING DOCUMENTATION
Check all documents noted below that will be submitted in support of this DSAA:
D
D
D
D
Data Flow, Use and Management Diagram/Illustration (see section 4)
Data Request Template(s) for each system from which you are requesting data (see section 6b)
SSV Template(s) (see section 9b)
Other (briefly describe): _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __
Requirement: You must submit all necessary and supporting documents before your
DSAA is considered complete for processing.
11. CERTIFICATIONS
By electronically typing our initials in the respective boxes below, we certify that the information provided
in this DSAA and all supporting documents is truthful and accurate. We understand that we are required to
promptly notify the Privacy Office of any change(s) to this DSAA.
Applicant
Chris Phillips, MD, MPH I Senior Epidemiologist, Henry M. Jackson Foundation, NHRC
Printed Name and RanklTitle
March 12,2012
Date
ICJP
By initialing here, I further certify that this application is submitted by me personally.
Government Sponsor
Martin R. White for Nancy Crum, MD, MPH I Director DoD Center for Deployment Health Research, NHRC
Printed Name and RanklTitle
March 12, 2012
Date
IMRW
&
By initialing here, I further certify that this application is submitted by me personally.
Notice: The names and electronic initials above will be associated with the respective
contact Information provided in section 1 above and will be used for all communications by
the Privacy Office related to this DSAA.
Data Sharing Agreement Application, Last Update 6/1111
TMA Privacy and Civil Liberties Office'" 5111 Leesburg Pike'" Suite 810 ... Falls Church, VA ... 22041
htlp:llwww.tricare.mil/tma/privacY/
11
Internal Use Only
Other Related DSA Numben: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __
Type of data request:
Based on data elements requested and level of access, if applicable. (see section 6)
D
De-Identified pursuant to 000 6025.1S-R, CS.1
Indicate method of de-identification:
o Statistical Method; or
o Safe Harbor Method
D Limited Data Set ("LOS") for the purpose of research, public health, or health care operations, pursuant
)D 000 6025.1S-R, CS.3
[J1'PHI pursuant to DoD 6025.1S-R, DL1.1.28
D PIT pursuant to DoD 5400.l1-R, DL1.14, exc/udingPHI
For P~equests, purpose of the data request pursuant to DoD 602S.18·R (check all that apply):
Ef Res,arch (C7.9), and confirm the following prerequisite approvals:
~fixemption Determination and Secondary Review Officer approval received
D
D
D
D
D
D
D
~ TMA Privacy Board approval received, if applicable
Treatment (C4.2)
D Judicial and Administrative Proceedings (C7.5)
Healthcare Operations (C4.2)
Payment (C4.2)
Required by Law (C7.l)
Public Health Activities (C7.2)
Health Oversight Activities (C7.4)
Law Enforcement (C7.6)
D
D
D
D
D
D
Avert a Serious Threat to Health or Safety (7.10)
Cadaveric Organ, Eye or Tissue Donation (C7.S)
About Decedents (C7.7)
Workers' Compensation (C7.12)
Specialized Government Functions (C7.11)
Victims of Abuse, Neglect, or Dom~c Violence (C7.3)
Uas required BAA language been incorporated? (see sections 2 and 3a)
Are required SSV templates approved? (see section 9)
Is there intent to publish, report, or otherwise release data? (see section 3b)
Uas a Privacy Impact Assessment been reviewed? (see section 8)
Is a System of Records (SOR) Notice needed for a new SOR? (see section 8)
Uas a Privacy Act Statement been reviewed? (see section 8)
Does the data request invoke the need for a Computer Matching
Agreement? (see sections 2 and 7)
Does the data request invoke the need for an agreement with DoD Quality
Management Programs? (see section 3)
~Yes D No D ~.
D ~
[3Y'Yes
DYes
DYes
DYes
D Yes
D
D
D
D
D
No
No
No
No
No
~o
[3"N/A
D N/A
~A
ff~-
0'"N/A
Applicable SORN NUmber(S): _ _ _lmA-1.L..J...J..--L.......:oO""--ct-1-_ _ _ _ _ _ _ _...,..-_ _ _ __
ThisDSAAis
~~:Jtj~w:
Signature:_+-_~_;:;;...;:;._ _ _ _ _....;;.c0_._
_ _ _ _ __
Dam Sharing Compliance Officer, TMA Privacy and Civil Liberties Office
Data Sharing Agreement Application, Last Update 6/1/11
TMA Privacy and Civil Liberties Office'" 5111 Leesburg Pike ... Suite 810 ... Falls Church, VA ... 22041
http://www.tricare.milltmalprivacyl
12
APPENDIX A
Responsibilities
Applicant I Recipient responsibilities are as follows:
• Agree to and execute a DSA after the DSAA is reviewed by the Privacy Office
• Provide and maintain accurate and complete responses to the DSAA and promptly notifY the
Privacy Office of any change(s)
• Maintain current information with the Privacy Office and, if necessary, complete a DSA
Change of Applicant I Recipient template to reflect any transition within fifteen (15) days
• When a change is required to an executed DSA (which incorporates an approved DSAA),
promptly submit to the Privacy Office the appropriate template(s): DSA - Renewal Request,
DSA - Modification Request, or DSA - Extension Request
• Safeguard the integrity of the data received and comply with all applicable standards for
protecting its privacy and security
• Ensure that TMA breach notification and response procedures are followed in the event of
potential or actual loss, theft, or compromise of data as outlined on the Privacy Office website at
http://www.tricare.mil/tma/privacvlbreach. aspx
• Adhere to BAA requirements, if applicable
• Submit a completed and signed DSA - Certification of Data Disposition to the Privacy Office
within thirty (30) days of the expiration of the DSA or the date of notification that the data are
no longer necessary, whichever comes first
Government Sponsor responsibilities are as follows:
• Agree to and execute a DSA once the DSAA is reviewed by the Privacy Office
• Confirm and/or provide accurate and complete responses to the DSAA and promptly notifY the
Privacy Office of any change( s)
• Maintain current information with the Privacy Office and, if necessary, complete a DSA
Change of Government Sponsor template to reflect any transition within fifteen (15) days
• When a change is required to an executed DSA (which incorporates an approved DSAA),
ensure the appropriate template(s) is promptly submitted to the Privacy Office: DSA - Renewal
Request, DSA - Modification Request, or DSA - Extension Request
• Ensure compliance with applicable standards for protecting the privacy and security of the data
received
• Ensure that TMA breach notification and response procedures are followed in the event of
potential or actual loss, theft, or compromise of data as outlined on the Privacy Office website at
http://www.tricare.mil/tma/privac;y/breach. aspx
• Ensure adherence to BAA requirements, if applicable
• Ensure that a completed and signed DSA - Certification of Data Disposition is submitted to the
Privacy Office within thirty (30) days of the expiration of the DSA or the date of notification
that the data are no longer necessary, whichever comes first
• Oversee the work performed by the Applicant I Recipient for the duration of the DSA
• Ensure that the publication or release of any data, results, or findings adheres to applicable DoD
requirements
Data Sharing Agreement Application, Last Update 6/1/11
TMA Privacy and Civil Liberties Office .. 5111 Leesburg Pike .. Suite 810 .. Falls Church, VA .. 22041
http://www.tricare.mil/lma/privacy!
13
APPENDIXB
Definitions
Accreditation Decision: A fonnal statement by a Designated Accrediting Authority ("DAN')
regarding acceptance of the risk associated with operating a DoD infonnation system ("IS") and
expressed as an Authorization to Operate ("ATO"), Interim Authorization to Operate ("IATO"),
Interim Authorization to Test ("IATT"), or Denial of an Authorization to Operate ("DATO"). The
accreditation decision may be issued in hard copy with a traditional signature or issued
electronically signed with a DoD Public Key Infrastructure-certified digital signature. [DoDI
8500.1, DoD Infonnation Assurance Certification and Accreditation Process ("DIACAP"), E2.2.]
Personally Identifiable Information ("PH"): Infonnation that can be used to distinguish or trace
an individual's identity, such as his or her name, social security number, date and place of birth,
mother's maiden name, biometric records, including any other personal infonnation that is linked
or linkable to a specified individual.
Protected Health Information ("PHI"): Individually identifiable health infonnation that is
transmitted or maintained by electronic or any other fonn or medium, except as otherwise
contained in employment records held by TMA in its role as an employer.
Data Sharing Agreement Application, Last Update 6/1111
TMA Privacy and Civil Liberties Office * 5111 Leesburg Pike * Suite 810
http://www.tricare.mil/tma/privacY/
*
Falls Church, VA
14
*
22041
APPENDIXC
Acronyms for Systems Owned and/or Managed by TMA
CDM
Clinical Data Mart
CHCS
Composite Health Care System
DMHRSi
Defense Medical Human Resources System - internet
EAS
Expense Assignment System
M2
Management Analysis and Reporting Tool
MDR
MHS Data Repository
MHS Insight
Military Health System Insight
MHS Learn
Military Health System Learn
PDTS
Pharmacy Data Transaction Service
PEPR
Patient Encounter Processing & Reporting
TOL
TRICARE Online
TMDS
Theater Medical Data Store
15
Data Sharing Agreement Application, Last Update 611/11
TMA Privacy and Civil Liberties Office * 5111 Leesburg Pike * Suite 810
httll:I/www.trjcare.mi/ltmalprivac.y/
*
Falls Church, VA
*
22041
APPENDIXD
Acronyms for Non-TMA Systems
DMDC
Defense Manpower Data Center
JTTR
Joint Theater Trauma Registry
PDHA
Post Deployment Health Assessment
PDHRA
TRAC2ES
Post Deployment Health Reassessment
Transportation Command ("TRANSCOM") Regulating and Command
& Control Evacuation System
16
Data Sharing Agreement Application, Last Update 611111
TMA Privacy and Civil Liberties Office * 5111 Leesburg Pike * Suite 810
http://www.tricare.milltmalprivacY/
*
Falls Church, VA
*
22041
File Type | application/pdf |
File Modified | 2013-10-01 |
File Created | 2013-10-01 |