Secondary Use of Existing Data
Frequently Asked Questions
What if I will be accessing non-UC Berkeley data?
Incoming Data to UC Berkeley
General Information
Whenever UC Berkeley (UCB) investigators plan to obtain non-UCB data for research, the investigators should contact the Office for Protection of Human Subjects (OPHS) prior to accessing the data in order to determine if the project meets the threshold definition of “human subjects research” (HSR).
If the project meets the definition of HSR, an application must be submitted to OPHS/CPHS for review and approval prior to the research taking place. Investigators should consult with an OPHS Analyst to determine which level of review is required before submitting an application.
Data Use Agreements and Data Access Agreements
A Data Use Agreement (DUA) covers transfer of data from a third party that includes restrictions on use and sharing, confidentiality, publication, or other terms and conditions.
A Data Access Agreement (DAA) allows an investigator to gain access to another party’s secure data site to use the data there; no data transfer takes place.Incoming Data
Sometimes, the dataholder requires a DUA before they will release data to investigators. For example, investigators must obtain a DUA in order to obtain a Limited Data Set (LDS) from a HIPAA-covered entity. Other times, a DAA is required by the dataholder for investigators to access data on a dataholder’s secure data site. Whenever a DUA or DAA is required, investigators should consult the Industry Alliances Office’s (IAO’s) Data and Software Agreements for Research page to have IAO review and sign the DUA or DAA on behalf of UC Berkeley. Investigators are not authorized to sign DUAs or DAAs on the University’s behalf.
UC Berkeley’s Committee for Protection of Human Subjects (CPHS) does not review DUAs or DAAs; therefore, investigators should not upload the DUA or DAA to their OPHS/CPHS eProtocol application. However, investigators must provide a statement in the Study Procedures section of their application confirming that they will contact/have contacted IAO regarding the DUA or DAA, if applicable. In addition, the Confidentiality section of their application, where data storage and security for the incoming data is described, should match what is written in the DUA.
If the data will come to UC Berkeley with a previously-negotiated DUA, UC Berkeley investigators must contact IAO to renegotiate the agreement. DUAs are binary agreements between institutions and are non-transferable.Accessing California State Data
UCB investigators may want to access personally identifiable data from a California (CA) State agency for use in research. Investigators should be aware that, pursuant to the California Information Practices Act (SB 13) (effective January 1, 2006), CA State agencies will only release personally identifiable data to UCB investigators when the request to access the data has been reviewed and approved by the state of California’s institutional review board (IRB).
Note that review by the CA State IRB does not replace/meet UC Berkeley’s IRB review requirement. And, in accordance with SB 13, the State IRB will not rely on another institution (i.e. UC Berkeley) for review of research involving personally identifiable state data. However, on a case-by-case basis and with the approval of the OPHS Director, UCB may be willing to rely on the State IRB for review. Investigators must contact OPHS regarding any requests for UCB to rely on the State IRB.
Can I collect/analyze existing data posted on the Internet without human subjects review/approval?
Use of public internet data such as the National Center for Health Statistics or National Center for Biotechnology Information data does not require IRB review. However, collecting or analyzing an individual’s identifiers or opinions from the Internet for research purposes may require IRB review if there is an expectation of privacy and/or if obtaining data requires special permission. Please review our Internet-Based Research guidance for more information.