Health care leaders and clinical researchers are often frustrated by the process of getting from point A - having a great idea for innovation that involves data - and Point B - the moment they can confidently release or receive data with people or organizations outside their own.[1]
Most would prefer to make decisions about data without involving legal counsel. Attorneys are often regarded as barriers instead of resources and facilitators.
However, the axe to grind is not the need for privacy or security – all agree to the importance of these protections. Nor is it necessarily risk mitigation – nobody wants to run afoul of their organization’s policies and procedures or receive a dreaded call from the Compliance Office. Instead, misunderstanding the nuances of data use, data sharing, and data transfer, or failing to appreciate that any noteworthy differences in these activities exist, ultimately may be the cause of delays in initiating or continuing projects that involve data when the plan is under legal review.
This quick guide is intended to help Athene clients design projects with a better understanding of how data should be evaluated, applicable options, and where a written agreement that complies with organization policies is prudent or required.
Data Use
Data Sharing
Data Transfer
As should be apparent, data use, sharing and transfer is not just semantics. So many organizations take on the additional obligations of a HIPAA DUA when it is not applicable or necessary.
It is also worth noting that standard Material Transfer Agreement terms can be incorporated easily by experienced counsel to any of the above agreements. With the nitty gritty differences down, it should be smoother sailing the next time you need to send or receive data outside your organization.
___________ [1] This post does not apply to use, sharing, and transfer for patient treatment purposes and/or within the same corporate entity. #HIPAA #healthlaw #healthcarelaw #athenelaw #californiahealthcarelaw #datasharing #datatransfer #datause