Agreement Types
Data Use Agreement (DUA)
A written agreement that establishes how a limited dataset will be transferred from a HIPAA covered entity to an intended recipient and establishes the ways in which the information may be used and how it will be protected. A limited dataset excludes all Protected Health Information (PHI) except for the following: (1) elements of dates including age and (2) geographic information at the zip code, town or city level.
Business Associates Agreement (BAA)
A written agreement that establishes how a dataset with identifiable protected health information (PHI) will be transferred from a HIPAA covered entity to an intended recipient and establishes the ways in which the information may be used and how it will be protected.
Material Transfer Agreement
A written agreement that establishes how specimens will be transferred to an intended recipient.