A Data Sharing Agreement is a contract that documents what data will be shared, who it is being shared with, and the ways that the data can be used. It is intended to protect the person sharing the data and to ensure the data is not misused, e.g., all privacy policies and laws are followed by the data recipient.
A Data Sharing Agreement can also be referred to as a Data Transfer Agreement or a Data Use Agreement.
A Data Sharing Agreement should include:
A Data Sharing Agreement is not required to share data with another NYU Langone Health researcher.
However, outlining the terms of sharing (i.e. acknowledgement vs. co-authorship) is good practice for research collaborations even if a Data Sharing Agreement is not required by NYU Langone Health. The National Cancer Institute (NCI) provides templates for Collaborative Agreements (available in the appendix of the Collaboration and Team Science Field Guide).
A Data Sharing Agreement is not required to share data with your students.
However, you may want to consider how long your students will be with you and how long their project will take. If the student leaves the institution, it may become necessary to implement a Data Sharing Agreement
Ownership of research data should be spelled out in any collaboration before the start of data collection, and the templates for Collaborative Agreements (available in the appendix of the Collaboration and Team Science Field Guide) from NCI can help establish the terms for a collaborations.
If you have documentation that indicates your ownership of the data, best practices still dictate that you inform collaborators that you are sharing the data.
If your data is from human subjects based research and your data contains identifying information, you will need to contact the IRB before sharing your data.
If your data is from human subjects based research and your data is de-identified, it may still be prudent to contact the IRB to ensure that you have properly de-identified your data before sharing it.
Both the IRB at NYU Langone Health and the IRB at the other institution should be contacted about sharing the data.
HIPAA provides guidance on two methods of de-identification: the Safe Harbor Method and Expert Determination Method. The Expert Determination Method requires that a person with knowledge of statistical scientific principle for rendering information not individually identifiable use and document those principles so that the dataset cannot be re-identified. The Safe Harbor method requires that researchers remove the following data points from a dataset: