Transfer of Materials, Confidential Information, and Data OFFICE OF RESEARCH PROJECT AND ADMINISTRATION Anthony Beckman Josef Mejido Lydia Moore Joynita Sur
Types of Agreements Negotiated by MTA Administrators MTAs (Material Transfer Agreements) CDAs / NDAs (Confidentiality / Non-Disclosure Agreements) DUAs and DTAs (Data Use/Transfer Agreements)
What types of entities do we negotiate with? Domestic Academic International Academic Domestic For-profits / Non-profits Incoming / outgoing to industry, academic institutions, non-profits (e.g. medical centers) – each has its own issues to be aware of…
Process for obtaining a fully - executed MTA, CDA, or DUA 1. Checklist Checklist MTA Admin 2. MTA Admin Draft/Review/Revise 3. Draft / Review / Revise 6. Transfer of info / material / data 5. Fully executed Agreement 4. Negotiate the Terms of Agreement
We are developing a new process… Centralized email: cda-dua-mta-help@rochester.edu New checklist form – one form for all agreement types
How do I get started? A request must be submitted by the Principal Investigator (PI) using one of the following checklists: Checklist for Sending / Receiving Materials De-identified material requires HIPAA form 25.5.1 Checklist for Sending / Receiving Confidential Information Checklist for Sending / Receiving Data De-identified: HIPAA form 25.5.1 Limited data set (LDS): HIPAA form 25.6.1 The checklist and Word version of the agreement are requirements for the MTA Administrator to handle a request.
Common Types of MTAs Simple Letter Agreement (SLA) Uniform Biological Material Transfer Agreement (UBMTA) Institutional based MTA (drafted by the providing institution)
Should there be an MTA when receiving materials? Sometimes materials are provided without an MTA Can be an issue if: PI wishes to share the same material with another internal OR external collaborator PI moves to another institution and wishes to take the material with them
MICE Think TWICE Before Sharing * Mice use and distribution may be restricted by an MTA (material transfer agreement) to a specific PI and/or research project. Contact ORPA with questions: cda-dua-mta-help@rochester.edu
De-identified, limited data set, or fully-identifiable data? De-identified Data Set a. Names; b. All geographic subdivisions smaller than a State, including: street address, city, county, precinct, zip codes and their equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly-available data from the Bureau of Census: Contains no HIPAA identifiers (1) the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000; and (2) the initial three digits of the zip code for all such geographic units containing 20,000 or fewer people is changed to 000. There may still be confidentiality, proprietary, or security concerns that require a data transfer agreement c. All elements of dates (except year) for dates directly related to an individual, including: birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older; d. Telephone numbers; e. Fax numbers; f. E-mail addresses; The De-Identified Data Set must EXCLUDE all of the following direct identifiers of the individual or of the individual’s relatives, employers or household members to be considered De-Identified Data: g. Social Security numbers; h. Medical record numbers; i. Health plan beneficiary numbers; j. Account numbers; k. Certificate/license numbers; l. Vehicle identifiers and serial numbers, including license plate numbers; m. Device identifiers and serial numbers; n. Web Universal Resource Locators (URLs); o. Internet Protocol (IP) address numbers; p. Biometric identifiers, including finger and voice prints; q. Full face photographic images and any comparable images; and r. Any other unique identifying numbers, characteristics or code
De-identified, limited data set, or fully-identifiable data? – cont’d Limited Data Set (LDS) Contains dates, city, state, or zip code information Requires a data use agreement for transfer Fully-Identifiable Data Set Contains HIPAA identifiers other than dates / zip codes RSRB verifies consent form matches party sending data to Security questionnaire Further Questions? Reach out to our Privacy Officer: Kathleen Tranelli Kathleen_Tranelli@URMC.Rochester.edu 585-784-6154
Transferring Materials or Data to Industry Transfer needs to be for a specific project / purpose Needs to retain right to publish Industry can often be over-reaching in their requests Takes longer to negotiate
Do we need a CDA / NDA? Generally requested by industry for discussions regarding a clinical trial or collaboration One-way vs. Two-way CDAs Two-way CDAs protect the PI disclosing confidential and/or proprietary information Master CDAs Helps streamline process for sharing clinical trial protocols with PIs We have over 10 and counting Reaching out to UR Ventures
What to do when a PI leaves the University of Rochester? When a principal investigator leaves the University of Rochester, it is suggested that the department administrator or PI contact our office to see whether or not there are any active MTAs/CDAs/DUAs involving the PI. The PI should notify us whether or not they plan to: 1) continue using materials/data they received from another institution at their new place of employment; 2) transfer material or data made/developed/obtained while at the University of Rochester to their new place of employment; 3) no longer use materials or data in existing agreement(s).
Thanks! Questions?
APPENDIX
Types of Agreements Negotiated by MTA Administrators MTAs (Material Transfer Agreements) CDAs/NDAs (Confidentiality / Non-Disclosure Agreements) DUAs and DTAs (Data Use/Transfer Agreements)
MTAs An material transfer agreement is a contract used to define the terms and conditions for the exchange of research materials. An MTA sets forth rights to use the materials and allocates the rights that result from their use.
Common Types of MTAs Simple Letter Agreement (SLA) Uniform Biological Material Transfer Agreement (UBMTA) Institutional based MTA (drafted by the providing institution)
Reasons Material Providers Put an MTA in Place Proprietary and/or Confidential Restrict Use Hazardous Material / Special Regulations Potential Liability Obtain rights to the results of the research for which the material or information is to be used Ensure correct and appropriate acknowledgement is included in any publication regarding the use of the material Material and/or information is proprietary and/or confidential Wants to restrict how the material is to be used Material is infectious, hazardous or subject to special regulations To protect against any potential liability To obtain rights to the results of the research for which the material or information is to be used. To ensure that correct and appropriate acknowledgement is included in any publication regarding the use of the material.
Common Restrictions: Publication University of Rochester requires that there is no restriction or unreasonable delay to publish Send Provider a copy of any proposed publication for: review of confidential information and/or filing of a patent application based on intellectual property of the Provider Acknowledge Provider in publications as scientifically and academically appropriate, based on their contribution
Common Restrictions: Intellectual Property MTA may contain overreaching IP language which may claim ownership rights to results of the research and any developed intellectual property ***Usually occurs with incoming MTAs from industry For complex intellectual property issues, we contact IP attorneys in UR Ventures
CDAs / NDAs A Confidential Disclosure Agreement / Non Disclosure Agreement is an agreement under which one or both parties agree to maintain confidentiality regarding proprietary information that one party receives from the other party.
Types of CDAs One-way CDA: Only one party is bound by obligations of confidentiality Two-way (Mutual): Both parties are bound by obligations of confidentiality
Reasons for a CDA Clinical Trial Research Collaboration: A company may wish to share information for the purpose of determining whether an academic institution might be interested in establishing a clinical trial to test the company’s drug / biologic / device. Research Collaboration: A company, academic institution or non-profit may wish to discuss a possible research collaboration.
DUA A data use agreement is a contract that is used to define the terms and conditions upon which data is transferred between organizations. Things to consider: HIPAA FERPA IP GDPR – EU countries
Reason for DUA Used when transferring proprietary or sensitive data, to control the use of the data Proprietary data: research results, intellectual property Sensitive data: protected health information (PHI) ***Required under HIPAA
Types of DUAs / DTAs Data Transfer Agreement Used when transferring de-identified data or non human subjects data Data Use Agreement Used when transferring a Limited Data Set (LDS) Research, public health, or healthcare purposes Information that may remain in the data: Dates City, state, zip code