MIT-LCP / license-and-dua

The PhysioNet Data Use Agreement and License
MIT License
6 stars 12 forks source link

Datathon DUA version #9

Open jraffa opened 6 years ago

jraffa commented 6 years ago

I am trying to solidify a version of the DUA which could be used at datathons. Please see below and let me know if you see any issue with it.

PhysioNet Clinical Database Restricted Data Use Agreement

2018 Sydney Datathon

The contents of restricted-access clinical databases maintained by PhysioNet were derived from original data that contained protected health information (PHI), as defined by HIPAA. The providers of the data have given scrupulous attention to the task of locating and removing all PHI, so that the remaining data can be considered de-identified and therefore not subject to the HIPAA Privacy Rule restrictions on sharing PHI. Nevertheless, because of the richness and detail of the databases, they will be released only to legitimate researchers under the terms and conditions described on this page.

If you agree to all of these terms and conditions, access to restricted information within the PhysioNet Clinical Databases (e.g., MIMIC and eICU-CRD) may be granted to you as an individual. Your colleagues may obtain access to these data as individuals via the same procedure you are following.

If I am granted access to the PhysioNet Clinical Databases, I agree to the terms and conditions below:

  1. I will not attempt to identify any individual or institution referenced in PhysioNet restricted data.
  2. I will exercise all reasonable and prudent care to avoid disclosure of the identity of any individual or institution referenced in PhysioNet restricted data in any publication or other communication.
  3. I will not share access to PhysioNet restricted data with anyone else.
  4. I will exercise all reasonable and prudent care to maintain the physical and electronic security of PhysioNet restricted data.
  5. If I find information within PhysioNet restricted data that I believe might permit identification of any individual or institution, I will report the location of this information promptly by email to PHI-report@physionet.org, citing the location of the specific information in question so that it can be investigated and removed if necessary.
  6. I have requested access to PhysioNet restricted data for the sole purpose of lawful use in scientific research, and I will use my privilege of access, if it is granted, for this purpose and no other.
  7. I will indicate the general purpose for which I intend to use the database in my application.
  8. If I openly disseminate my results, I will also contribute the code used to produce those results to a repository that is open to the research community.
  9. This agreement will terminate at the end of the datathon. If I choose to continue to work with the PhysioNet Clinical Databases, I understand that I must register on PhysioNet and agree to a data use agreement which includes completing a training program in human research subject protections and HIPAA regulations, and submitting proof of having done so.

My name:
Telephone number, including country/area code (required):
E-mail: Institution:
Title or position:

Signature:

Date:

rgmark commented 6 years ago

I think this agreement should include something about not copying the data onto personal laptops, otherwise para 9 has no meaning --- unless the datathon database will auto destruct at the end of the datathon! Roger

On 4/5/2018 3:38 PM, Jesse Raffa wrote:

I am trying to solidify a version of the DUA which could be used at datathons. Please see below and let me know if you see any issue with it.

PhysioNet Clinical Database Restricted Data Use Agreement

2018 Sydney Datathon

The contents of restricted-access clinical databases maintained by PhysioNet were derived from original data that contained protected health information (PHI), as defined by HIPAA. The providers of the data have given scrupulous attention to the task of locating and removing all PHI, so that the remaining data can be considered de-identified and therefore not subject to the HIPAA Privacy Rule restrictions on sharing PHI. Nevertheless, because of the richness and detail of the databases, they will be released only to legitimate researchers under the terms and conditions described on this page.

If you agree to all of these terms and conditions, access to restricted information within the PhysioNet Clinical Databases (e.g., MIMIC and eICU-CRD) may be granted to you as an individual. Your colleagues may obtain access to these data as individuals via the same procedure you are following.

If I am granted access to the PhysioNet Clinical Databases, I agree to the terms and conditions below:

  1. I will not attempt to identify any individual or institution referenced in PhysioNet restricted data.
  2. I will exercise all reasonable and prudent care to avoid disclosure of the identity of any individual or institution referenced in PhysioNet restricted data in any publication or other communication.
  3. I will not share access to PhysioNet restricted data with anyone else.
  4. I will exercise all reasonable and prudent care to maintain the physical and electronic security of PhysioNet restricted data.
  5. If I find information within PhysioNet restricted data that I believe might permit identification of any individual or institution, I will report the location of this information promptly by email to PHI-report@physionet.org mailto:PHI-report@physionet.org, citing the location of the specific information in question so that it can be investigated and removed if necessary.
  6. I have requested access to PhysioNet restricted data for the sole purpose of lawful use in scientific research, and I will use my privilege of access, if it is granted, for this purpose and no other.
  7. I will indicate the general purpose for which I intend to use the database in my application.
  8. If I openly disseminate my results, I will also contribute the code used to produce those results to a repository that is open to the research community.
  9. This agreement will terminate at the end of the datathon. If I choose to continue to work with the PhysioNet Clinical Databases, I understand that I must register on PhysioNet and agree to a data use agreement which includes completing a training program in human research subject protections and HIPAA regulations, and submitting proof of having done so.

My name: Telephone number, including country/area code (required): E-mail: Institution: Title or position:

Signature:

Date:

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/MIT-LCP/license-and-dua/issues/9, or mute the thread https://github.com/notifications/unsubscribe-auth/AHDnSlcp0f97I4B6fGdj2StuIwWbhK-jks5tlnLDgaJpZM4TJCm-.

-- Roger G. Mark, M.D., Ph.D. Professor of Health Sciences and Technology and of Electrical Engineering Room E25-505 MIT Cambridge, MA 02139 Tel 617-253-7818 Fax 617-258-7859

jraffa commented 6 years ago

Does the bolded change work?

PhysioNet Clinical Database Restricted Data Use Agreement

2018 Sydney Datathon

The contents of restricted-access clinical databases maintained by PhysioNet were derived from original data that contained protected health information (PHI), as defined by HIPAA. The providers of the data have given scrupulous attention to the task of locating and removing all PHI, so that the remaining data can be considered de-identified and therefore not subject to the HIPAA Privacy Rule restrictions on sharing PHI. Nevertheless, because of the richness and detail of the databases, they will be released only to legitimate researchers under the terms and conditions described on this page.

If you agree to all of these terms and conditions, access to restricted information within the PhysioNet Clinical Databases (e.g., MIMIC and eICU-CRD) may be granted to you as an individual. Your colleagues may obtain access to these data as individuals via the same procedure you are following.

If I am granted access to the PhysioNet Clinical Databases, I agree to the terms and conditions below:

  1. I will not attempt to identify any individual or institution referenced in PhysioNet restricted data.
  2. I will exercise all reasonable and prudent care to avoid disclosure of the identity of any individual or institution referenced in PhysioNet restricted data in any publication or other communication.
  3. I will not share access to PhysioNet restricted data with anyone else.
  4. I will exercise all reasonable and prudent care to maintain the physical and electronic security of PhysioNet restricted data.
  5. If I find information within PhysioNet restricted data that I believe might permit identification of any individual or institution, I will report the location of this information promptly by email to PHI-report@physionet.org, citing the location of the specific information in question so that it can be investigated and removed if necessary.
  6. I have requested access to PhysioNet restricted data for the sole purpose of lawful use in scientific research, and I will use my privilege of access, if it is granted, for this purpose and no other.
  7. I will indicate the general purpose for which I intend to use the database in my application.
  8. If I openly disseminate my results, I will also contribute the code used to produce those results to a repository that is open to the research community.
  9. This agreement will terminate and I must delete all PhysioNet restricted data from my devices or accounts at the end of the datathon. If I choose to continue to work with the PhysioNet Clinical Databases, I understand that I must register on PhysioNet and agree to a data use agreement which includes completing a training program in human research subject protections and HIPAA regulations, and submitting proof of having done so.

My name:
Telephone number, including country/area code (required):
E-mail: Institution:
Title or position:

Signature:

Date:

rgmark commented 6 years ago

Yes, that is good! Roger

On 4/5/2018 5:20 PM, Jesse Raffa wrote:

Does the bolded change work?

PhysioNet Clinical Database Restricted Data Use Agreement

2018 Sydney Datathon

The contents of restricted-access clinical databases maintained by PhysioNet were derived from original data that contained protected health information (PHI), as defined by HIPAA. The providers of the data have given scrupulous attention to the task of locating and removing all PHI, so that the remaining data can be considered de-identified and therefore not subject to the HIPAA Privacy Rule restrictions on sharing PHI. Nevertheless, because of the richness and detail of the databases, they will be released only to legitimate researchers under the terms and conditions described on this page.

If you agree to all of these terms and conditions, access to restricted information within the PhysioNet Clinical Databases (e.g., MIMIC and eICU-CRD) may be granted to you as an individual. Your colleagues may obtain access to these data as individuals via the same procedure you are following.

If I am granted access to the PhysioNet Clinical Databases, I agree to the terms and conditions below:

  1. I will not attempt to identify any individual or institution referenced in PhysioNet restricted data.
  2. I will exercise all reasonable and prudent care to avoid disclosure of the identity of any individual or institution referenced in PhysioNet restricted data in any publication or other communication.
  3. I will not share access to PhysioNet restricted data with anyone else.
  4. I will exercise all reasonable and prudent care to maintain the physical and electronic security of PhysioNet restricted data.
  5. If I find information within PhysioNet restricted data that I believe might permit identification of any individual or institution, I will report the location of this information promptly by email to PHI-report@physionet.org mailto:PHI-report@physionet.org, citing the location of the specific information in question so that it can be investigated and removed if necessary.
  6. I have requested access to PhysioNet restricted data for the sole purpose of lawful use in scientific research, and I will use my privilege of access, if it is granted, for this purpose and no other.
  7. I will indicate the general purpose for which I intend to use the database in my application.
  8. If I openly disseminate my results, I will also contribute the code used to produce those results to a repository that is open to the research community.
  9. This agreement will terminate and I must delete all PhysioNet restricted data from my devices or accounts at the end of the datathon. If I choose to continue to work with the PhysioNet Clinical Databases, I understand that I must register on PhysioNet and agree to a data use agreement which includes completing a training program in human research subject protections and HIPAA regulations, and submitting proof of having done so.

My name: Telephone number, including country/area code (required): E-mail: Institution: Title or position:

Signature:

Date:

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/MIT-LCP/license-and-dua/issues/9#issuecomment-379080408, or mute the thread https://github.com/notifications/unsubscribe-auth/AHDnSsL-qqswB9d3C9h8yRTZPKU9VInzks5tloqNgaJpZM4TJCm-.

-- Roger G. Mark, M.D., Ph.D. Professor of Health Sciences and Technology and of Electrical Engineering Room E25-505 MIT Cambridge, MA 02139 Tel 617-253-7818 Fax 617-258-7859

jraffa commented 5 years ago

This year, the Australians would like to use a common DUA for ANZICS (their database), and the Physionet databases. I am meeting with them next week, and they have proposed for the datathon in June:

To me it looks like all the clauses are covered when compared to what we used last year. Please let me know if something is amiss.

Also, is the correct PHI reporting e-mail address report@physionet.org or PHI-report@physionet.org

=====

This NDA has been developed specifically for the ANZICS Critical Care Datathon held on 22nd and 23rd June 2019 in Brisbane, Australia. The contents of the clinical databases to be made available at the ANZICS Critical Care Datathon have been derived from original data that contained protected health information. The providers of the data have given scrupulous attention to the removal all public health information, so that the remaining data can be considered de-identified. Nevertheless, because of the richness and detail of the databases, they will be released only to legitimate researchers under the terms and conditions described on this page.

The term ‘datasets’ below refers to all data provided at the 2019 ANZICS Critical Care Datathon by the following data custodians:

If I am granted access to the datasets provided at The ANZICS Critical Care Datathon, I agree to the following terms:

  1. I have requested access to the datasets for the sole purpose of lawful use in scientific research.
  2. I will use my privilege of access, if it is granted, for this purpose and no other.
  3. I will not attempt to identify any individual or institution referenced in the datasets.
  4. I will exercise all reasonable and prudent care to avoid disclosure of the identity of any individual or institution referenced in the datasets in any publication or other communication.
  5. I will not share access to the datasets with anyone else.
  6. I will exercise all reasonable and prudent care to maintain the physical and electronic security of the datasets.
  7. If I find information within the datasets that I believe might permit identification of any individual or institution, I will report the location of this information promptly to the relevant data custodian, citing the location of the specific information.
  8. If I openly disseminate my results, I will also contribute the code used to produce those results to a repository that is open to the research community.
  9. At the end of the Datathon, I will delete the datasets from my devices or accounts unless prior agreement has been reached with the relevant data custodian.
  10. If I continue to work with any of the datasets after the Datathon, I will comply with the relevant policies regarding data access, data use, publication procedures and research training as specified by each data custodian.

Name:
Telephone number, incl. country/area code:
E-mail: Institution:
Date:

====

tompollard commented 5 years ago

the correct email is phi-report@physionet.org