DATA USE AGREEMENT
for the
American College of Surgeons
National Surgical Quality Improvement Program

 

This Data Use Agreement (“Agreement”) implements the data protections of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the American College of Surgeons National Surgical Quality Improvement Program’s (“ACS NSQIP”) Hospital Participation Agreement (“HPA”).  Any individual (“Data Recipient”) seeking to obtain or use the data in the ACS NSQIP Pediatric “PEDIATRIC” Participant Use Data File (“PUF”) must be representing a ACS NSQIP Pediatric Participating Hospital (“Hospital”), must agree to the terms in this Agreement, and must  submit this Agreement to the ACS NSQIP before the PEDIATRIC PUF may be released. 

                                                        

Consistent with the ACS NSQIP HPA and in accordance with HIPAA, any Protected Health Information (“PHI”), as defined by 45 CFR 164.501, submitted to the ACS NSQIP by the Hospital for inclusion in the ACS NSQIP may be used, disclosed, or combined with other such data from additional ACS NSQIP participating hospitals to create a de-identified data set as defined by 45 CFR 164.514(b), containing aggregate, patient-level data, as it is with the Pediatric PUF.  The ACS NSQIP also retains the right to release the PEDIATRIC PUF at its discretion to ACS NSQIP participating hospitals for the purpose of engaging in research activities, quality improvement analysis, and aggregate statistical reporting. 

 

No Identification of Person(s) – Any effort to determine the identity of any individual, (including but not limited to patient, surgeon, and other health care provider or hospital), or to use the information for any purpose other than for research, quality improvement, and aggregate statistical reporting, would violate the HPA, the conditions of this Agreement, and the HIPAA.  Data Recipients of the PEDIATRIC PUF are prohibited under HIPAA and the HPA, and this Agreement from releasing, disclosing, publishing or presenting any individually identifying information.  The ACS NSQIP omits from the PEDIATRIC PUF all identifiers required to be excluded from de-identified data sets as defined by the HIPAA.  It may be possible, in limited situations, through deliberate technical analysis, and with outside information, to ascertain from the de-identified data set the identity of particular persons.  Considerable harm could result if this were to occur.  Therefore, any attempts to identify individuals are prohibited and information that could identify individuals directly or by inference must not be released or published.  In addition, the users of the PEDIATRIC PUF must not attempt to contact any individuals for any purpose, including verifying information supplied in the PEDIATRIC PUF.  Any questions about the PEDIATRIC PUF must be referred exclusively to the ACS NSQIP.

No Identificaton of Hospital(s) – Section 924 (c) of the Public Health Service Act (42 U.S.C. 299c-3(c)) also restricts the use of information that permits the identification of establishments (hospitals) for purposes other than for which the information was originally supplied.  Commercial or competitive purposes involving participating hospitals is not an allowable use of this data, and the hospitals must not be identified directly or indirectly in distributed materials.  Any questions about the data should be forwarded to the ACS NSQIP.  Users of the PEDIATRIC PUF should not attempt to contact any individual or hospital in the data set for any purpose including data verification.

 

Permission to use and disclose the data – Permission to use and disclose the PEDIATRIC PUF is granted from the ACS NSQIP to each Data Recipient.  The Data Recipient must be an employee of the Hospital.  Intentional misrepresentation of employment at the Hospital by the Data Recipient will void this Agreement, prohibit use of the PEDIATRIC PUF by the Data Recipient, and result in legal action taken by the ACS NSQIP.  The ACS NSQIP also reserves the right to deny access to the PEDIATRIC PUF at its discretion.

 

By signing this Agreement, the Data Recipient warrants that it:

·         Will not use or disclose the PEDIATRIC PUF other than as permitted by this Agreement for research activities, quality improvement analysis, and aggregate statistical reporting for research purposes;

·         Will not use or further disclose the PEDIATRIC PUF in a manner that would violate the HIPAA regulations or applicable federal or state law;

·         Will use reasonable and appropriate safeguards to prevent use or disclosure of the PEDIATRIC PUF other than as provided for by this Agreement, including administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PEDIATRIC PUF, and including but not limited to, compliance with Subpart C of 45 CFR 164.314;

·         Will report to the ACS NSQIP, without unreasonable delay, promptly and within ten (10) days of its discovery, any use or disclosure of the PEDIATRIC PUF not provided for by this Agreement and any security incident involving the PEDIATRIC PUF of which it becomes aware;

·         Will not grant access to or share the PEDIATRIC PUF either in its entirety or as a subset to any party who is not an employee of the participating Hospital at which the Data Recipient is employed;

·         Will not sublease or permit other parties to use the PEDIATRIC PUF without advance written approval of the ACS NSQIP;

·         Will ensure that any agents including contractors and subcontracts and researchers to whom the PEDIATRIC PUF is provided contractually agree in writing to the same restrictions and conditions that apply to the Data Recipient with respect to such information;

·         Will comply with any applicable Hospital IRB requirements;

·         Will not use or disclose the Pediatric PUF to identify or contact the individuals who are the subject of the information;

·         Will not hold the ACS or the ACS NSQIP responsible for any claims arising from works based on the original data, text, tables, or figures;

 

·         Will acknowledge in all reports that the source of the data is the participating hospital(s) that submitted data to the ACS NSQIP and  will include the following disclosure on any presentation or published material:

The American College of Surgeons National Surgical Quality Improvement Program and the hospitals participating in the ACS NSQIP are the source of the data used herein; they have not verified and are not responsible for the statistical validity of the data analysis or the conclusions derived by the authors.

·         Will provide at a minimum an abstract and reference for any published materials resulting from the PEDIATRIC PUF to the ACS NSQIP; and

 

Will make available to ACS NSQIP its internal records related to the use and disclosure of PEDIATRIC PUF as requested;

Additional Terms:

·         The Data Recipient agrees to indemnify the ACS and its employees and agents from liability, claims, or expenses arising from use of the PEDIATRIC PUF by Data Recipients negligence in Data use of the PEDIATRIC PUF by the Data Recipient;

·         This Agreement will remain in effect as of the date of execution and terminate when all copies of the PUF are destroyed and the PEDIATRIC PUF is no longer in use;

·         Any noncompliance by the Data Recipient with the terms of this Agreement or failure on the part of the Data Recipient to correct any breach or violation of this Agreement to the satisfaction of the ACS NSQIP will be grounds for immediate termination of the Agreement by the ACS NSQIP and the American College of Surgeons will report the Data Recipient’s breach to the Secretary of the United States Department of Health and Human Services.   

 

As the undersigned, my signature confirms my employment at the participating Hospital and my intention to comply with the above stated requirements. Violators of this Agreement may also be subject to penalties under statutes that may apply to these data.