Download:
pdf |
pdfOMB No. XXXX-XXXX
Expiration Date: XX/XX/XXXX
Data Use Agreement
Conditions of Access to Confidential Data
National Center for Health Statistics
Research Data Center
RDC ID:
I (print name)
am aware that the confidential data I will access in the
Research Data Center (RDC) has been provided to NCHS in accordance with the provisions of Section
308(d) of the Public Health Service Act (42 U.S.C. 242m) and the Confidential Information Protection and
Statistical Efficiency Act of 2018 (44 U.S.C. 3561 – 3583). These data were collected with the assurance
that they will be used only for health statistical reporting and analysis and must not be published or
released in a manner where an individual respondent or establishment could be identified. I am also
aware that I may be held legally liable for any harm to individuals or establishments contained in the data
resulting from my inappropriate actions when accessing or using the confidential data.
I have read and am familiar with Section 308(d) of the Public Health Service Act (42 U.S.C. 242m) and the
Confidential Information Protection and Statistical Efficiency Act of 2018 (44 U.S.C. 3561 – 3583), I agree:
1. To only conduct analyses related to the research question(s) for which I have received approval. I will
2.
3.
4.
5.
6.
7.
8.
9.
not use any technique or other means to learn the identity of any individual person, establishment, or
sampling unit contained in the confidential data.
That I will not attempt to remove any restricted data using any means from the RDC. Similarly, I
will not copy any files, output, orprograms to transportable electronic media for exfiltration of
the data out of the RDC.
That I will not photograph or transcribe any data that are displayed on the computer screen that I use
to access the confidential data.
That RDC staff must review my notes before I leave the RDC and that RDC staff will return any
programs oroutput to me via email after a disclosure review.
That I will observe and abide by the rules of behavior posted in the RDC and provided to me by RDC staff.
That I will not use any technique to learn what items were suppressed during output review. If I
discover or can inadvertently deduce any individual-level information, I will not share or publish that
information and will immediately bring it to the attention of RDC staff.
To hold in strictest confidence the identity of any establishment or individual that may be inadvertently
revealed in any documents, discussion, or analysis I may have access too. If I discover or inadvertently
identify an establishment or individual, I will immediately bring it to the attention of RDC staff.
To follow the principles, standards, and rules outlined in the RDC Disclosure Manual, Confidentiality
Training, and those in the scientific research community.
To consult RDC staff anytime I have questions or concerns about my access to confidential data and
my role to ensure that the confidential data are protected from unauthorized disclosures.
Page 1 of 2
2.2022
�Data Use Agreement
Conditions of Access to Confidential Data
National Center for Health Statistics
Research Data Center
RDC ID:
If I knowingly violate of any of these conditions, this action may result in cancellation of this Data Use
Agreement and my access to the confidential data terminated. I may also be barred from any future use of
the confidential data uponreview and determination by the NCHS Director.
I sign this document under penalty of perjury, and I attest to uphold the conditions listed above. If I fail to
abide by these listed conditions, I may be in violation of 18 U.S.C. 1001 where making a knowing and willful
false statement to any Department or Agency of the Federal Government violates 18 U.S.C. 1001 and is
punishable by a fine or up to 5 years in prison or both.
Researcher Signature:
Subscribed and sworn
or affirmed before me on:
At (city, state):
Notary Public Signature:
[SEAL]
My commission expires:
Title (Officer/Notary Public):
NCHS RDC employee supervising the Designated Agent:
NCHS RDC Employee name
NCHS RDC employee signature
Date
Notice – CDC estimates the average public reporting burden for this collection of information as 30 minutes per response, including the time for
reviewing instructions, searching existing data/information sources, gathering and maintaining the data/information needed, and completing and
reviewing the collection of information. An agency may not conduct or sponsor, and a person is not required to respond to a collection of
information unless it displays a currently valid OMB control number. Send comments regarding this burden estimate or any other aspect of this
collection of information, including suggestions for reducing this burden to CDC/ATSDR Information Collection Review Office, 1600 Clifton Road, MS
D-74, Atlanta, GA 30333; ATTN: PRA (0920-XXXX).
The information you provide will be used by staff at the National Center for Health Statistics (NCHS) Research Data Center (RDC) to determine your eligibility for access to
restricted-use NCHS data and for other administrative purposes. Your information will be protected in accordance with the Privacy Act of 1974 as amended (5 U.S.C.
552a); details about routine uses can be found in the system of records notice, CDC/NCHS – 09-20-0169, Users of Health Statistics; HHS/CDC/NCHS (51 FR 42371).
Providing the information on this form is voluntary; however, the NCHS RDC will not be able to grant access to restricted-use NCHS data without this information. The
information provided will be used to determine whether access can be granted to restricted-use data, which upon full execution may become public records (see 44
U.S.C. 3583). The NCHS RDC is authorized to request the information contained in this form under Title 42, United States Code, Section 242k(b)(4).
Page 2 of 2
2.2022
�OMB No. XXXX-XXXX
Expiration Date: XX/XX/XXXX
RDC ID: ______________
Designated Agent Agreement – NCHS Research Data Center (RDC)
Affidavit of Non-Disclosure
I, (name)
, do solemnly swear (or affirm) I will observe all
policies and procedures that protect the confidential data I access from unauthorized
disclosures. The data that I will access in the RDC is described in my RDC proposal. I will not
disclose this confidential data, either while as an agent or after project conclusion, whether in
data files, lists, or reports created using the confidential data, as specified under section 308 (d)
of the Public Health Service Act and under penalties* set forth in §3572(f) of the Confidential
Information Protection and Statistical Efficiency Act of 2018 (44 USC 3561 – 3583).
I agree that the output will be reviewed by an RDC staff member for disclosure of confidential data
and that it is my responsibility to use the output in a way that does not pose additional risk to the
respondents. If I discover or can inadvertently deduce individual level-information, I agree that I
will not share this information with anyone or in any publication and will immediately bring it to
the attention of RDC staff. If I have questions about confidentiality policies or procedures or any
other concerns, it is my responsibility to ask an RDC staff member.
Signature of Designated Agent:
Subscribed and sworn
or affirmed before me on:
At (city, state):
Notary Public Signature:
[SEAL]
My commission expires:
Title (Officer/Notary Public):
NCHS RDC employee supervising the Designated Agent:
NCHS RDC Employee name
NCHS RDC employee signature
Date
Note: The oath of non-disclosure must be administered by a person specified in 5 U.S.C. §2903.
The word “swear,” wherever it appears above, should be stricken out when the appointee elects
to affirm rather than swear to the affidavit; only these words may be stricken, and only when the
appointee elects to affirm the affidavit.
*Whoever, being an officer, employee, or agent of an agency acquiring information for exclusively statistical purposes, having taken
and subscribed the oath of office, or having sworn to observe the limitations imposed by section 3572, comes into possession of
such information by reason of his or her being an officer, employee, or agent and, knowing that the disclosure of the specific
information is prohibited under the provisions of this subchapter, willfully discloses the information in any manner to a person or
agency not entitled to receive it, shall be guilty of a class E felony and imprisoned for not more than 5 years, or fined not more
than $250,000, or both.
Page 1 of 2
�Notice – CDC estimates the average public reporting burden for this collection of information as 30 minutes per
response, including the time for reviewing instructions, searching existing data/information sources, gathering and
maintaining the data/information needed, and completing and reviewing the collection of information. An agency
may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a
currently valid OMB control number. Send comments regarding this burden estimate or any other aspect of this
collection of information, including suggestions for reducing this burden to CDC/ATSDR Information Collection
Review Office, 1600 Clifton Road, MS D-74, Atlanta, GA 30333; ATTN: PRA (0920-XXXX).
The information you provide will be used by staff at the National Center for Health Statistics (NCHS) Research Data Center (RDC) to
determine your eligibility for access to restricted-use NCHS data and for other administrative purposes. Your information will be protected
in accordance with the Privacy Act of 1974 as amended (5 U.S.C. 552a); details about routine uses can be found in the system of records
notice, CDC/NCHS – 09-20-0169, Users of Health Statistics; HHS/CDC/NCHS (51 FR 42371). Providing the information on this form is
voluntary; however, the NCHS RDC will not be able to grant access to restricted-use NCHS data without this information. The information
provided will be used to determine whether access can be granted to restricted-use data, which upon full execution may become public
records (see 44 U.S.C. 3583). The NCHS RDC is authorized to request the information contained in this form under Title 42, United States
Code, Section 242k(b)(4).
Page 2 of 2
�OMB No. XXXX-XXXX
Expiration Date: XX/XX/XXXX
DATA USE AGREEMENT
FOR
ACCESSING CONFIDENTIAL
NATIONAL CENTER FOR HEALTH STATISTICS DATA
VIA
VIRTUAL DATA ENCLAVE
The National Center for Health Statistics (NCHS) conducts statistical and epidemiological
activities under authority granted by the Public Health Service Act (42 U.S.C. 242k). The
confidentiality of NCHS data is protected under Section 308(d) of the Public Health Service Act
(42 U.S.C. 242m(d)) and the Confidential Information Protection and Statistical Efficiency Act
(CIPSEA; 44 U.S.C. 3561-3583). Pursuant to CIPSEA, NCHS is allowed to provide access to
confidential data for use by designated agents for statistical purposes.
NCHS may make these confidential data available for statistical, research, or evaluation
purposes to requesters qualified and capable of research and analysis consistent with the
statistical, research, or evaluation purposes for which the data were collected. However,
these data will only be provided to researchers if the data are used and protected in
accordance with applicable law as reflected in the terms and conditions stated in this Data
Use Agreement (DUA).
This DUA is a binding agreement between NCHS and the agency or organization that
executes this agreement and after both parties sign the agreement.
This DUA is executed between
_________________________________________
___ [insert name of the agency or organization]
and NCHS. The agency or organization named herein, is hereafter referred to as the “Data
Recipient" or “DR”. The Data Recipient (DR) and NCHS agree to the following:
I. INFORMATION SUBJECT TO THIS AGREEMENT
A. All confidential, identifiable NCHS data as described in the approval
proposal (see Attachment 1) and all output derived from confidential,
identifiable NCHS data that have not undergone and cleared a
disclosure review are subject to this agreement and are referred to in
this agreement as “subject data”.
B. Subject data under this agreement will be provided to the DR and its
authorized employees through the NCHS Virtual Data Enclave (VDE).
The NCHS VDE is a computer system that allows approved researchers
to remotely access and use subject data for research and statistical
purposes.
1
�C. The subject data must only be used in a manner and purpose consistent
with:
1. Section 308(d) of the Public Health Service Act and CIPSEA, which
provide that the subject data may be used only for statistical,
research, or evaluation purposes consistent with purposes for
which the data were collected and the research and analysis
described in the approved proposal that DR employees
submitted to NCHS (attached and made as part of this
agreement; see Attachment 1);
2. The limitations imposed under the provisions of this agreement;
3. Relevant sections of Section 308(d) of the Public Health Service
Act (42 U.S.C. 242m(d)) and the Confidential Information
Protection and Statistical Efficiency Act (CIPSEA; 44 U.S.C.
3572(f)) as attached and made as part of this agreement (see
Attachment 2); and
4. Title to and ownership of all subject data accessed under this
agreement will reside with NCHS. Subject data are owned by
NCHS.
II. INDIVIDUALS WHO MAY HAVE ACCESS TO SUBJECT DATA
A. There are two categories of persons affiliated with or employed by the
DR that NCHS authorizes to have access to the subject data. The two
categories of persons are:
1. The named Principal Investigator (PI) who serves as the research
team lead and oversees the day-to-day research involving the
use of subject data and is also responsible for primary
communication with NCHS and with implementation and
compliance with the terms and conditions of this agreement for the
research team. The PI is listed in the approved proposal.
2. Professional/Technical individuals (P/T) who are on the research
team and who conduct the research for which this agreement
was issued. All P/Ts must adhere to the terms and conditions in
this agreement. P/Ts are listed in the approved proposal.
B. The PI and all P/Ts must comply with all requirements in this
agreement. Any PI or P/T who fails to comply with all requirements in
this agreement may be subject to administrative penalties, fines,
termination of this agreement, and/or imprisonment as outlined in this
agreement (see section VI).
2
�C. The DR must identify a Senior Official (SO) who has the legal authority
to sign this agreement on behalf of the DR (see section VII.D). The
SO, in most cases, would not have access to the subject data.
III. LIMITATIONS ON DISCLOSURE
A. The DR and its employees (authorized users: PI and P/Ts) shall not use
or disclose subject data for any administrative or judicial purpose, nor
may the subject data be applied in any manner to change the status or
condition of any individual regarding whom subject data is maintained.
B. The DR and its employees shall not disclose subject data to
unauthorized persons.
C. The DR and its employees shall not make any publication or other
release of subject data listing information that may identify specific
individuals or specific establishments.
D. The research conducted under this agreement and the disclosure of
subject data needed for that research must be consistent with the
statistical, research, or evaluation purpose for which the data were
supplied. The subject data may not be used to identify individuals or
specific establishments.
E. The DR and its employees may publish output only if it clears an NCHS
disclosure review and the output matches the description of output in the
approved proposal as submitted by PI. Output will not be approved for
release if it cannot clear a disclosure review, or it does not match the
output described in the approved proposal.
IV. ADMINISTRATIVE REQUIREMENTS
A. The research team will not be granted access to any subject data until
sections IV.B, IV.C and IV.E are completed to the satisfaction of NCHS.
B. Confidentiality training
1. The DR will ensure that the PI and all P/Ts completes items 2
through 4 below.
2. The PI and all P/Ts will take and complete NCHS confidentiality
training (see Attachment 3).
3. The PI and all P/Ts will take and complete a NCHS confidential
training test and obtain a confidentiality training completion
certificate.
3
�4. The PI and all P/Ts will provide the confidentiality training
completion certificate to NCHS and keep a copy.
C. Execute Designated Agent Form
1. The DR will ensure that the PI and all P/Ts undertakes and
completes items 2 through 4 below.
2. The PI and each P/T is required to complete, sign and have
notarized a Designated Agent form (Attachment 3). Federal
employees may sign the Designated Agent form using their
government issued identification card (i.e., PIV card).
3. Each person who executes a Designated Agent form must
read and acknowledge the contents of this agreement, the
Designated Agent form, and complete the confidentiality
training.
4. The PI must promptly, after the execution of all Designated Agent
forms, submit the original or electronic version of the form(s) to
NCHS and the PI shall maintain a copy.
D. Notification regarding authorized persons
1. The DR will ensure that the PI undertakes and completes items 2
and 4 below.
2. The PI shall promptly notify NCHS if the PI plans to leave the
employment of the DR. Before employment separation from the
DR, the PI must notify NCHS whether the project covered by this
agreement will be terminated or a replacement PI will be installed.
If a new PI is installed to manage the project, this agreement will
have to be resigned with the new PI signing the new agreement.
If the PI wants to move the project to a new DR (employer), then
the new DR and the PI must sign a new agreement.
3. The PI shall promptly notify NCHS when any P/T who has been
authorized to access the subject data, is no longer accessing
the data (e.g., leaves the research team).
4. The PI shall promptly notify NCHS when any new P/T needs to
be authorized to access the subject data. The PI will execute a
Designed Agent form and complete the require confidentiality
training for any new P/Ts as per section IV.A and IV.B.
E. Location of access
1. The DR will work with the PI to establish a secure room where the PI
and P/T(s) may access the confidential NCHS data via the NCHS
VDE.
4
�2. The secure room must be located within a building and room
controlled by the DR.
3. The location of the secure room will be listed and identified in the
form “Authorized Secure Room Location Information For Accessing
the Virtual Data Enclave (VDE)”. See Attachment 4 of this
agreement.
4. DR security personnel, the PI and P/Ts are the only authorized
persons to have access to and be inside the secure room when the
subject data are actively being accessed and used within the VDE.
The secure room door must be locked when authorized person(s)
are actively using the VDE (i.e., an active VDE session is operating).
This prevents unauthorized intrusions into the secure space which
could compromise the confidentiality of the subject data.
5. The PI and all P/Ts can only access the VDE system from within
this identified secure room. Accessing the VDE from any other
unauthorized location will constitute a violation of the security
requirements of this agreement and will immediately subject the
person(s) involved to the penalties outlined in this agreement.
6. The secure room will be inspected to ensure that the data are secure
from unauthorized access. This inspection may be conducted inperson or virtually by NCHS personnel.
7. The DR agrees that NCHS will conduct unannounced and
announced inspections of the secure room to ensure the room meets
NCHS’s requirements to limit access to authorized persons as
designated by this agreement. These inspections evaluate
compliance with the terms of this agreement.
8. If the secure room must change locations during the life of this
agreement, that PI must notify NCHS before changing the location of
the secure room. NCHS must inspect and approve the new secure
room before subject data is accessed in the VDE.
F. Publications made available to NCHS
1. The PI shall provide NCHS a near final copy of each publication
(e.g., all forms of disseminated information products including,
but not limited to: papers, journal articles and presentation slides)
containing information based on subject data or other data
product based on subject data before they are disseminated to
any person who is not the PI or a P/T.
2. Because the publication or other release of research results
could raise reasonable questions regarding disclosure of
individually identifiable information contained in subject data,
copies of the proposed publication or release must be provided
5
�to NCHS before that disclosure is made so that NCHS may
advise whether the disclosure is authorized under this agreement
and the provisions of section 308(d) of the Public Health Service
Act (42 U.S.C. 242m(d)) and CIPSEA (44 U.S.C. 3561-3583).
3. The DR agrees not to publish or otherwise release research
results to unauthorized persons if NCHS advises that such
disclosure is not authorized under applicable federal law or per
the terms and conditions of this agreement.
4. NCHS reviews these publications for disclosure risk and whether
the output used matches the description of output provided in the
approved proposal. NCHS does not review these publications
for scientific merit.
G. The DR or PI will notify NCHS immediately upon receipt of any legal,
investigatory, or other demands for release or disclosure of subject data
(e.g., a Freedom of Information Act request). The DR or PI must provide
NCHS the name of the requester, requester contact information and the
nature of the request. The DR shall not, under any circumstances,
release, give or disclose subject data to any unauthorized entity making
the demand for the subject data.
H. If the DR, PI and/or and P/T suspects or discovers any breach or
suspected breach of the security requirements or terms and conditions
of this agreement, then the DR or PI must notify the NCHS Research
Data Center (RDC) Director within 24 hours of discovery and provide
written details of incident or suspected incident.
I. The DR and PI agree to report any confirmed or suspected loss,
including theft and unauthorized disclosure or access of subject data to
the CDC Computer Security Incident Response Team’s (CSIRT) 24 x 7
Emergency Number (1-866-655-2245) within one hour of discovery.
Additionally, the DR and PI agree to prepare a list of all subject data
involved in the incident. Lastly, after notifying CSIRT, the DR and PI
will notify NCHS with the incident number issued by CDC CSIRT and
provide the list of all NCHS subject data involved in the incident. The
DR and PI will not communicate specific details of subject data
involved (e.g., geographical identifiers, detailed race, and income) via
unencrypted email.
V. SECURITY REQUIREMENTS
A. Accessing and using subject data within the VDE
1. The DR will ensure that the PI and P/T adheres and follows all
security requirements in items 2 through 14 below.
6
�2. The PI and P/T will only access the subject data on the VDE
within the approved secure room designated in this agreement
(Attachment 4).
3. No unauthorized person will have access to the secure room or
be present within the secure room while the subject data is being
used or accessed on the VDE.
4. The PI and all P/Ts will not attempt to circumvent any of the
security controls in place within the VDE system to exfiltrate the
subject data or allow unauthorized person access to the subject
data.
5. The PI and all P/Ts must never share their personally assigned
VDE login credentials (e.g., user ID or password) with any other
person. Sharing login credentials with other persons will
constitute a severe violation of the security requirements of this
agreement and will immediately subject the person(s) involved to
the penalties outlined in this agreement.
6. The PI and all P/Ts will make no attempt to extract, cut and paste
or copy any subject data or output based on the subject data from
or out of the VDE system. Extracting any subject data outside of
the VDE system will constitute a violation of the security
requirements of this agreement and will immediately subject the
person(s) involved to the penalties outlined in this agreement.
7. The PI and all P/Ts will not photograph, transcribe, or take
computer screenshots of any subject data or output (based on
subject data) as displayed during a VDE session. Photographing,
transcribing or taking screenshots of any subject data or output as
displayed in a VDE session will constitute a violation of the
security requirements of this agreement and will immediately
subject the person(s) involved to the penalties outlined in this
agreement.
8. The PI and all P/Ts will not attempt to print any subject data or
output (based on subject data) displayed during a VDE session.
Printing any subject data or output as displayed in a VDE session
will constitute a violation of the security requirements of this
agreement and will immediately subject the person(s) involved to
the penalties outlined in this agreement.
9. The PI and all P/Ts will not attempt to add any external data to the
provided subject data by inputting the external data into the
provided subject data as provided in their VDE account.
7
�10. The PI and all P/Ts will only access their assigned VDE account
and folders and will make no attempt to access accounts and
folders not assigned to the PI and any P/T.
11. The PI and all P/Ts, when logged onto the VDE, must logoff of the
VDE when leaving the secure room. The PI and all P/Ts must
never leave the secure room when an active VDE session is
running.
12. The computer that will be used to access the VDE must have a
password-protected screensaver set to lock the screen and
computer after 5 minutes of inactivity. Locking the computer
during a period of inactivity will prevent unauthorized access to
the computer and VDE.
13. The PI and all P/Ts understand and consent to NCHS using a
variety of technology to monitor PI and P/T activity on the VDE
(including which IP address the PI or P/T is using for VDE
access). The PI and all P/Ts have no right to privacy when using
the VDE.
14. The PI and all P/Ts will ensure output based on the subject
data are edited for any possible disclosures of individually
identifiable data prior to requesting their release.
VI. PENALTIES
A. Any violation or suspected violation of the terms and conditions of
this agreement or unauthorized disclosure of the subject data will
subject the DR to possible revocation of this agreement and
immediate termination of access to the subject data and the VDE.
1. When deemed appropriate, NCHS staff responsible for liaison
with the PI shall initiate revocation of this agreement by written
notice to DR and PI indicating the factual basis and grounds for
revocation.
2. When deemed appropriate, NCHS staff responsible for liaison
with the PI shall initiate immediate termination of access to the
subject data and shut down the VDE account. In doing so,
NCHS staff will indicate the factual basis and grounds for
termination of access. Under this circumstance, any unused paid fees
will not be refunded to the PI.
3. Upon receipt of the notice specified in paragraph VI.A.1 of this
agreement, the PI has thirty (30) days to submit written argument
and evidence to the NCHS Director or designee indicating why
the agreement should not be revoked and access to the subject
data be restored.
8
�4. The NCHS Director or designee shall decide whether to revoke
the agreement based solely on the information contained in the
notice to the PI and the PI's response and shall provide written
notice of the decision to the DR and PI within forty-five (45) days
after receipt of PI's response.
5. If the agreement is revoked, the PI and P/Ts will not have access
to the subject data restored. The PI and/or P/Ts that violate the
terms of this agreement or responsible for an unauthorized
disclosure will be barred from future access to NCHS subject
data for life.
6. NCHS will notify the DR of any agreement violation and whether
the agreement has been revoked. Details of agreement
violations will be shared with DR legal counsel and the DR’s
governing Institutional Review Board. NCHS may bar the DR
and all future DR affiliated researchers from accessing NCHS
subject data.
B. Any violation of this agreement may also be a violation of Federal
criminal law under the Privacy Act of 1974 (5 U.S.C. section 552a(i)(l))
and/or CIPSEA (see 42 U.S.C. 3572(f)). Alleged violations under
CIPSEA are subject to prosecution by the Offices of the United States
Attorney.
VII. PROCESSING OF THIS AGREEMENT
A. This agreement shall last for 3 years unless section VII.B is initiated.
B. This agreement may be extended an additional 3 years if the PI
renews the approved proposal and pays the renewal fee.
C. This agreement may be terminated by either party when either party
provides notice in writing. Such termination notice may establish the
effective date of the termination.
D. The Senior Official (SO) of the DR cannot be the same individual
designated as the PI under most circumstances. The SO must have the
legal authority to bind the DR to the terms of this agreement and shall
sign on behalf of the DR below. The SO certifies by signature that 1. The DR has the authority to undertake the commitments in this
agreement;
2. The SO has the legal authority to bind the DR to the
terms and conditions of this agreement; and
3. The PI is the research team lead that oversees the day-to-day
research involving the use of subject data and will take
9
�responsibility to manage the day-to-day statistical, research, or
evaluation operations in using the subject data and will strictly
adhere to all terms and conditions of this agreement.
Signature of the Senior Official
Date
Type/Print Name of Senior Official
Title:
Email Address: ______________________
Telephone Number: (____)______________
E. The individual described in section II.A.1 as the PI shall sign this
agreement. By way of signing this agreement, the PI stipulates strict
adherence to all terms and conditions of this agreement and will ensure
all P/Ts adhere to all terms and conditions of this agreement.
Signature of the Principal Investigator
Date
Type/Print Principal Investigator Name
Title:
Email Address: ______________________
Telephone Number: (
)
10
�F. The National Center for Health Statistics Director or Designee issues
this agreement as effective of the date of the NCHS Director or
Designee's signature below.
Signature of NCHS Director or Designee
Type/Print Name of NCHS Director or Designee
Date
Notice – CDC estimates the average public reporting burden for this collection of information as 30 minutes per response,
including the time for reviewing instructions, searching existing data/information sources, gathering and maintaining the data/
information needed, and completing and reviewing the collection of information. An agency may not conduct or sponsor, and a
person is not required to respond to a collection of information unless it displays a currently valid OMB control number. Send
comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for
reducing this burden to CDC/ATSDR Information Collection Review Office, 1600 Clifton Road, MS D-74, Atlanta, GA 30333;
ATTN: PRA (0920-XXXX).
The information you provide will be used by staff at the National Center for Health Statistics (NCHS) Research Data Center (RDC) to
determine your eligibility for access to restricted-use NCHS data and for other administrative purposes. Your information will be protected in
accordance with the Privacy Act of 1974 as amended (5 U.S.C. 552a); details about routine uses can be found in the system of records
notice, CDC/NCHS – 09-20-0169, Users of Health Statistics; HHS/CDC/NCHS (51 FR 42371). Providing the information on this form is
voluntary; however, the NCHS RDC will not be able to grant access to restricted-use NCHS data without this information. The information
provided will be used to determine whether access can be granted to restricted-use data, which upon full execution may become public
records (see 44 U.S.C. 3583). The NCHS RDC is authorized to request the information contained in this form under Title 42, United States
Code, Section 242k(b)(4).
RDC Project Number: _________
11
�Attachment 1
[insert approved proposal here]
12
�Attachment 2
Public Health Service Act Section 308(d); 42 U.S.C. 242m(d))
‘‘No information, if an establishment or person supplying the information or described in it is
identifiable, obtained in the course of activities undertaken or supported under section 242b,
242k,or 242l of this title may be used for any purpose other than the purpose for which it was
supplied unless such establishment or person has consented (as determined under regulations of
the Secretary) to its use for such other purpose; and in the case of information obtained in the
course of health statistical or epidemiological activities under section 242b or 242k of this title,
such information may not be published or released in other form if the particular establishment
or person supplying the information or described in it is identifiable unless such establishment or
person has consented (as determined under regulations of the Secretary) to its publication or
release in other form.’’
Confidential Information Protection and Statistical Efficiency Act (CIPSEA; 44 U.S.C.
3561-3583)
§ 3572. Confidential information protection
(c) DISCLOSURE OF STATISTICAL DATA OR INFORMATION
“(1) Data or information acquired by an agency under a pledge of confidentiality for exclusively
statistical purposes shall not be disclosed by an agency in identifiable form, for any use other
than an exclusively statistical purpose, except with the informed consent of the respondent.”
§ 3572. Confidential information protection
“(f) FINES AND PENALTIES - “Whoever, being an officer, employee, or agent of an agency
acquiring information for exclusively statistical purposes, having taken and subscribed the oath
of office, or having sworn to observe the limitations imposed by this section, comes into
possession of such information by reason of his or her being an officer, employee, or agent and,
knowing that the disclosure of the specific information is prohibited under the provisions of this
subchapter, willfully discloses the information in any manner to a person or agency not entitled
to receive it, shall be guilty of a class E felony and imprisoned for not more than 5 years, or fined
not more than $250,000, or both.”
13
�Attachment 3
The confidentiality training and training test can be accessed at:
https://www.train.org/cdctrain/course/1088489/
The Designated Agent form can be accessed at:
https://www.cdc.gov/rdc/data/b4/DesignatedAgent-321.pdf
14
�Attachment 4
Authorized Secure Room Location Information
For
Accessing the Virtual Data Enclave (VDE)
Please fill-out all information below to specify the exact location of the secure room*
where the VDE will be accessed:
Agency/Organization Name: __________________________________________
Building Name: _________________________
Building Address (include street number, street name, city, state and zip code):
_________________________________
_________________________________
Floor Number: _________
Corridor (if any): ________
Room Number: ________
_______________________
* This secure room will be subject to a security inspection by NCHS personnel as per section IV.D.6 of
this agreement.
15
�
| File Type | application/pdf |
| File Title | Data Use Agreement |
| Subject | Data Use Agreement |
| Author | National Center for Health Statistics |
| File Modified | 2022-11-21 |
| File Created | 2022-03-17 |