The URL can be used to link to this page

Home My WebLink AboutAgreement A-23-321 CDC Data Use Agreement.pdf v7iio AN Agreement No. 23-321 Ils/�iI/_ CENTERS FOR DISEASE' CONTROL AND PREVENTION CENTERS FOR DISEASE CONTROL AND PREVENTION(CDC)/AGENCY FOR TOXIC SUBSTANCES AND DISEASE REGISTRY(ATSDR) DATA USE AGREEMENT This data use agreement("Agreement")is between the following parties: Data Provider("Provider"): County of Fresno Data Recipient("Recipient"): NCHHSTP-NATL CTR FOR HIV,VIRAL HEPATITIS, STD,&TB PREVENTION These parties will collectively be considered the"Parties,"or individually,a'Party". This Agreement will be effective as of the latest date signed below ('Effective Date")by the Provider and Recipient. PURPOSE AND BACKGROUND This Agreement establishes the terms and conditions under which the Provider will provide,and Recipient will receive and use,the data covered under this Agreement. This Agreement ensures adherence to guiding principles of accountability,privacy and confidentiality,stewardship,scientific practice,efficiency, and equity.Use and disclosure of the data must be consistent with this Agreement and with applicable law. The Parties agree that the Recipient will use the data being shared for the purpose(s)of- School-aged children have been significantly affected by the COVID-19 pandemic,not only because school closures led to loss of in-person learning,but due to secondary effects of the pandemic including economic and social consequences.While most children who have tested positive for COVID-19 have experienced mild symptoms,illnesses and sequelae can occur,including the rare but serious multisystem inflammatory syndrome in children(MIS-C)and increasing evidence that children are at risk of long-term effects of COVID-19 [1,2]. In addition,even if experiencing no symptoms or mild symptoms, children who test positive for COVID-19 are required to isolate at home for at least 5 days,while for much of the pandemic they were required to isolate at home for 10 or 14 days. Greater than 12 million children have tested positive for COVID-19 since the start of the pandemic,which has led to unprecedented numbers of school absences. Syndromic surveillance collects information on symptoms and clinical signs of disease in a population rather than data on laboratory or clinically confirmed cases [3,4]. It has long been used to monitor influenza and other communicable diseases and health conditions as a form of early detection for how severe or widespread a condition may become. Syndromic surveillance uses signs, symptoms,and clinical first impressions,often from emergency department reports, allowing for real-time detection of an illness or condition impacting a community,which in turn allows for a timelier public 1 CENTERS FOR DISEASE' CONTROL AND PREVENTION health response. Syndromic surveillance data has traditionally originated in healthcare settings,which presents challenges when tracking COVID-19 because of changes in healthcare-seeking behavior caused by public health recommendations for those with mild illness to avoid emergency departments and urgent cares during periods of stress on the healthcare system[5]. In addition,respiratory diseases such as influenza and COVID-19 often cause mild disease in children, preventing them from seeking healthcare services and resulting in underrepresentation in syndromic surveillance systems [6]. Illness among children in the community may also indicate disease spreading among more vulnerable community members who may experience severe disease outcomes. While syndromic surveillance systems are traditionally based on emergency department data,other data sources such as pharmacy purchases and internet search terms have recently been used as a potentially more accurate way of tracking health conditions in a community[7].Absenteeism data in schools has also been studied as a form of syndromic surveillance for respiratory diseases including influenza and COVID-19,and the accuracy depends on the quality of the data [8,9]. There is no common system for kindergarten through grade 12(K-12)schools to report absenteeism data in the United States; definitions of"absent"can vary based on whether a student attends school for one hour versus a full day, and absence details collected can range from"excused"versus"unexcused"to a much more detailed reason for absence,including type of symptom reported.There is a need to describe the type and ability of absenteeism data to predict and monitor respiratory disease in K-12 schools. COVERED DATA This section will provide information about the data being shared per this Agreement. The Parties acknowledge that Covered Data are limited to those data specified in this Agreement,which identifies the complete set of data items that the Recipient will have access to under this Agreement. The Parties are permitted to transmit,access,receive, share and/or use any part of the Covered Data listed below as specified in the agreed purpose and uses, as set out herein: 1. Fresno County Influenza Incidence Data Where CDC/ATSDR is the Recipient,the Parties acknowledge that in a public health emergency(PHE)or if an event is significantly likely to become a PHE, as provided in 42 U.S.C. §247b,certain data in the custody and control of CDC/ATSDR may be necessary to respond to the PHE. In that event,CDC/ATSDR may use the Covered Data,consistent with CDC/ATSDR's authorities under applicable federal law. CDC agrees that any such use will be on a need-to-know basis,will be a minimum amount necessary to support a coordinated federal response,and will protect individual privacy and confidential business or financial information to the fullest extent allowed by federal law. CDC further agrees that it will notify Provider of the need to use the Covered Data as soon as practicable prior to use of the data for this purpose and,where practicable and appropriate,will work collaboratively with Provider throughout the response to ensure appropriate coordination and access to developed analyses and reports. AGREEMENT ADMINISTRATION 2 CENTERS FOR DISEASE' CONTROL AND PREVENTION Unless otherwise designated and agreed upon by Parties,the Recipient will act as the "Data Custodian" of the Covered Data once the data are transmitted.As Data Custodian,the Recipient is responsible for ensuring that the Covered Data are kept secured and that access to and use of the Covered Data is consistent with this Agreement and applicable law. Where required by law,Recipient will ensure that the authorized users within Recipient's organization are deemed authorized to access the Covered Data will receive appropriate security training and be aware of the terms of this Agreement. The Recipient designates the following individual(s)as the primary Data Custodian(s)point of contact: Lillian Fineman 1600 Clifton Rd NE Atlanta, Georgia, United States, 30329 770-488-6941 rva6@cdc.gov Unless otherwise designated and agreed upon by Parties,the Provider will act as the "Data Administrator" of the Covered Data being transmitted.As Data Administrator,the Provider is responsible for the Covered Data being transmitted to the Recipient and/or granting appropriate access to authorized users for the Recipient. To the extent allowed by law,the Provider will ensure that the Covered Data may be transmitted to Recipient's organization consistent with the purposes set forth under this Agreement. The Provider designates the following individual(s)as the primary Data Administrator(s)point of contact: Processes for Communication All notices or any other communication provided for herein shall be provided in writing through the following means: • To the above identified Data Administrator/Custodian by registered or certified mail,return receipt requested;by receipted hand delivery;by courier or other similar and reliable carrier. • To the above identified Data Administrator/Custodian by email. Effective Date, Term of Data Use, and Termination Date 3 CENTERS FOR DISEASE' CONTROL AND PREVENTION The term of this Agreement shall be 1 years,commencing from the date of the final signature. The Agreement may be renewed upon mutual written consent of the Parties. Except as otherwise expressly provided herein,this Agreement may be amended only by the mutual written consent of the signatory as the authorized representatives of each Party.Amendments to this Agreement must be requested in writing through the means above and must be signed by all Parties to be effective. Either Party may terminate this Agreement at any time by giving thirty(30)days'advance written notice. CONFIDENTIALITY, SECURITY, AND LEGAL REQUIREMENTS The Parties will establish appropriate administrative,technical,procedural,and physical safeguards to assure the confidentiality and security of Covered Data. The safeguards shall provide a level and scope of security that is not less than the level and scope of security established by applicable law for the type of data provided under this Agreement. Recipient agrees to the following: Confidentiality:Where Covered Data provided pursuant to this Agreement are identifiable or potentially identifiable,Recipient agrees to maintain the confidentiality of the Covered Data to the fullest extent required by applicable law. Recipient further agrees to not disclose such Covered Data,including but not limited to names and other identifying information of persons who are the subject of such Covered Data, either during the term of this Agreement or longer,except as consistent with this Agreement or as may be allowed or required by applicable law.Where CDC/ATSDR is the Recipient,CDC/ATSDR will protect the privacy and confidentiality of the Covered Data consistent,where applicable,with the following federal laws:the Privacy Act of 1974;to the extent applicable, standards promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996(HIPAA),and the Freedom of Information Act(FOIA).Where other more specific federal laws apply to the Covered Data; CDC/ATSDR as Recipient will comply with those laws,as well. CDC/ATSDR will seek to assert relevant exemptions to disclosure available under federal law,most critically,where applicable, for personal and/or private information,the disclosure of which would constitute an invasion of privacy;trade secret and commercial or financial information that is private and confidential; or information exempted from release by federal statute. Except as may be provided for in this Agreement,Recipient shall not use the information from Covered Data to link to other data nor establish contact with any potentially identified person or his/her family nor establish contact with the persons represented in the data without prior written approval from the Provider.Where required by law and/or where practicable,Recipient agrees to notify Provider before releasing Covered Data to a third party pursuant to a judicial,governmental,or other request under law,to allow Provider the opportunity to state any objection to the disclosure of the Covered Data. Security: Recipient will use all reasonable administrative,technical, and physical measures to safeguard Covered Data once transmitted,and to protect Covered Data from unauthorized access,disclosure,use,or modification. This includes setting permissions to access or edit data 4 CENTERS FOR DISEASE' CONTROL AND PREVENTION commensurate with the level of sensitivity of the data. Should there be a data breach and unauthorized disclosure of Covered Data,consistent with applicable legal requirements,Recipient notify appropriate response teams and Provider of the incident Transfer: Where Covered Data provided pursuant to this Agreement are identifiable or potentially identifiable or are privileged, sensitive, or confidential,transmission of the Covered Data from the Provider to Recipient shall be done in accordance with acceptable practices for ensuring the protection,confidentiality,and integrity of the contents. The Parties may coordinate to implement methods to achieve these outcomes consistent with procedures already in place for similar data exchanges. If encrypted identifiable information is transferred electronically through means such as the Internet,then said transmissions will be consistent with the rules and standards promulgated by applicable legal requirements regarding the electronic transmission of identifiable information. Storage: Covered Data will be maintained and stored in compliance with the Recipient's security policies and procedures and consistent with applicable law.Where Covered Data are identifiable or potentially identifiable or are privileged, sensitive or confidential, such records and data shall be secured in an encrypted,password-protected electronic folder with access restricted to project personnel for purposes as set forth in this Agreement Access: Where Covered Data provided pursuant to this Agreement are identifiable or potentially identifiable or are privileged, sensitive,or confidential,Recipient and its authorized users shall access Covered Data on secured devices only.Recipient may provide Covered Data access to appropriate employees,contractors,and other authorized users.Recipient agrees to establish appropriate administrative,technical, and physical safeguards to prevent unauthorized access to the Covered Data. Data Maintenance, Deletion or Storage Requirements after Termination Unless explicitly stated otherwise in the Agreement,ownership of Covered Data shall remain with the Provider. However,the Parties agree that the Covered Data provided under this Agreement and in the custody and control of the Recipient is subject to the laws applicable to the Recipient. Accordingly,the Recipient agrees to maintain,store,protect,archive and/or dispose of Covered Data in accordance with applicable law. Obligations under law to maintain and secure Covered Data will survive termination of this Agreement.At a minimum,the Provider agrees that an archival copy of the Covered Data may be retained by Recipient to comply with relevant records retention requirements and/or for the purposes of research integrity and verification. When CDC and/or ATSDR act as Recipient,as federal agencies,the disposition of records in their custody and control is governed by the Federal Records Act and may only be accomplished in accordance with schedules for destruction as provided under law. APPLICABLE LEGAL AUTHORITIES 5 CENTERS FOR DISEASE' CONTROL AND PREVENTION Applicable federal and/or state/jurisdiction or local laws that govern the collection,use,disclosure,and maintenance of the Covered Data may be cited as standard authorities related to the Covered Data,which includes project-specific authorities and regulations.Parties acknowledge that CDC and ATSDR,as federal agencies, are not subject to the application of state or local laws or regulations or the internal policies and/or procedures of the other party, except where consistent with federal law. This Agreement is governed by applicable federal law. Applicability of HIPAA As applicable to the Covered Data and the Provider,CDC/ATSDR,as Recipient,is a"public health authority" as defined at 45 C.F.R. §164.501 and as used in 45 C.F.R. §164.512(b), Standards for Privacy of Individually Identifiable Health Information,promulgated under the Health Insurance Portability and Accountability Act of 1996("HIPAA"). CDC/ATSDR,as a public health authority,is authorized by 45 CFR 164.512(b)to receive Protected Health Information("PHI"). REPORTING OF DATA USED IN PUBLICATIONS AND PRESENTATIONS Notification Recipient agrees to allow Provider no more than thirty(30)days to review and provide comments for consideration on papers,reports,publications,or presentations that Recipient plans to submit for publication or presentation.If publication needs to occur sooner than 30 days,Recipient agrees to notify Provider,who will expedite review consistent with the need to publish.However,notification shall not act to prevent the publication of information if there is an emergency need to publish meaningful,real-time information for a public health response.Appropriate privacy protections will be considered prior to any such emergency need to publish. Attribution Recipient agrees to factually acknowledge Provider in any paper,publication or presentation using the covered data. Where CDC/ATSDR is the Provider,the citation must read as follows: "Centers for Disease Control and Prevention/Agency for Toxic Substances and Drug Registry, [Name of data file,year(s)],as compiled from data provided through [Program/Study Name] " Representation Recipient agrees to assume full responsibility for the analysis, interpretation of the data,and provide a copy of the report,publication or presentation to Provider. Use 6 CENTERS FOR DISEASE' CONTROL AND PREVENTION Where CDC/ATSDR is the Provider,per mutual agreement between Provider and Recipient grants full permission and a royalty-free,non-exclusive, irrevocable license to HHS,CDC/ATSDR to use,reproduce,publish,distribute,and exhibit materials arising from this Agreement for use in education, training, and other purposes consistent with CDC/ATSDRs mission. ADDITIONAL TERMS AND CONDITIONS • Entire Agreement: This Agreement,including any appendices related to data, specifications,or operations incorporating this Agreement by reference, and as amended from time to time,constitutes the entire agreement and understanding between the Parties and supersedes all prior oral or written agreements and understandings between them with respect to the Covered Data. • Assignment:No Party may assign or transfer any or all of its rights and/or obligations under this Agreement or any part of it,nor any benefit or interest in or under it,to any third party without the prior written consent of all Parties,which shall not be unreasonably withheld. • Mutual Representations: Each party to this Agreement represents to the other Party that,at all times during the term and at such other times as may be indicated,it shall comply with,and as applicable, shall require its directors,officers and employees to comply with its duties and obligations pursuant to applicable law and this Agreement,including but not limited to duties and obligations which survive the termination of this Agreement • Use of Electronic Signatures and Electronic Records: The Parties may elect to establish processes for the use of Electronic Records in the management of and compliance with this Agreement. This may include for the addition of published policies,procedural information, notices,and any other documents arising from or pertaining to this Agreement,including this Agreement itself.Any such process must include the establishment of a mutually acceptable Electronic Signature process,which complies with federal and state laws • Disagreements: Disagreements between the Parties arising under or relating to this Agreement will be resolved by consultation between the Parties and referral of the dispute to appropriate management officials of the Parties whenever possible. • Public Document: This Agreement may be made publicly available. • Funding: This Agreement is not an obligation or a commitment of funds,or a basis for the transfer of funds,and does not create an obligation or commitment to transfer data,but rather is a statement of understanding between the parties concerning the sharing and use of covered data. Expenditures by each party are subject to its budgetary processes and to the availability of funds and resources pursuant to applicable laws,regulations,and policies. • Partner Specific Requirements:No Partner Specific Requirements Entered DISCLAIMERS Disclaimers for Entity Providing the Data 7 CENTERS FOR DISEASE' CONTROL AND PREVENTION It should be noted that as a Federal agency, CDC/ATSDR cannot agree to indemnification provisions. However, representations or disclaimers on the accuracy of the data may be appropriate. • Intellectual property rights on material arising from the use of the data will be determined by applicable federal law. • Interpretations,conclusions, and/or opinions that are reached as a result of analyses of the data are the Recipient's interpretations, conclusions, and/or opinions,and do not constitute the findings,policies,or recommendations of the Provider. The data provided and covered under this Agreement are provided on an'as is'basis.Except as expressly set forth herein,the data provider makes no representations,of any kind, either express or implied,with respect to the data set and expressly disclaims any and all representations of any kind with respect thereto,including any representations of data quality or fitness for a particular purpose.Metadata documents have been reviewed for accuracy and completeness.Unless otherwise stated,all data and related materials are considered to satisfy the quality standards relative to the purpose for which the data were collected. However,neither the author nor any part of the federal government can assure the reliability or suitability of the data for a particular purpose. The act of distribution shall not constitute any such warranty,and no responsibility is assumed for a user's application of the data or related materials. 8 FOX Y,AW GENT!'RM1 /OF OIIE ASE GONT NOL ANY PRl VC NTIOu SIGNATORIES The undersigned individuals represent that they have competent authority on behalf of their respective agencies to enter into the obligations set out in this Agreement. Signature indicates that there is an understanding of the ternis of this Agreement and an agreement to comply with its terms,to the extent allowed by law. Provider Recipient Digitally signed by Lisa Barrios Lisa Barrios -S Date:2023.06.22 09:27:43 -04'00' Signature: Signature: Printed Name: Sal Quintero Printed Name: Lisa Barrios Title: Chairman of the Board Title: Unit Lead Organization: County of Fresno Organization: NCHHSTP- NATL CTR FOR HIV, VIRAL Date:6/20/23 HEPATITIS, STD, & TB PREVENTION Date: ATTEST: BERNI EIDEL Clerk o E E. Board Clerk of the Board of Supervisors �- Cou ty of Fresno,State of California Signature.- By- Deputy Printed Name: Zachary Oberholtzer Title: Project Lead Organization: NCHHSTP - NATL CTR FOR HIV, VIRAL HEPATITIS, STD, &TB PREVENTION Date: 9 CENTERS FOR DISEASE' CONTROL AND PREVENTION APPENDIX A: DATA USE AGREEMENT DEFINITIONS • Terms used,but not otherwise defined,in this agreement shall have the same meaning as those terms in applicable laws and regulations, unless specifically stated otherwise. • "Agreement"means this data use agreement,as amended from time to time in accordance with the terms and conditions set forth below. • "Authorized User" for purposes of this agreement,means and individual who,as part of directly supporting the Recipient activities has a need for access to data provided under this Agreement and has been granted appropriate access,which may include executing necessary documentation for such access Generally,authorized users will be employees,contractors,and/or other agents of the Recipient. • "Effective date" is the date this agreement becomes valid,either on the date specified or the last date of signature. • "Data Provider" or"Provider"refers to the party providing the data outlined in this Agreement. • "Data Recipient" or"Recipient"refers to the party receiving the data outlined in this Agreement. • "Data Administrator" is the data provider's individual who is responsible for the data and granting appropriate access to agreement parties. • "Data Custodian"is the individual from a recipient agreement party responsible for the maintenance and protection of the data for their party. • "Covered Data" shall mean the data provided to the Recipient by the Provider and any associated records,reports,copies,or databases. • "Limited data set(LDS)",to the extent the term is used to define data elements being shared,is consistent with the term as defined in the Privacy Rule at 45 CFR Section 164.514(e). • "Applicable law"means all laws, statutes and regulations promulgated by all regulatory authorities and all governmental authorities. • "Project"refers to the specific research or analysis outlined in the purpose section of this Agreement. • "Results"means all normalized data and results generated in the performance of the Project. • "Required by law"means as applicable federal laws require. • "Protected health information(PHI)" is information that is considered to be individually identifiable information relating to the past,present, or future health status of an individual that is created,collected,or transmitted,or maintained by a HIPAA-covered entity in relation to the provision of healthcare,payment for healthcare services,or use in healthcare operations. • "Personally identifiable information(PII)" is any information about an individual maintained by an agency,including(1)any information that can be used to distinguish or trace an individual's identity, such as name, social security number,date and place of birth,mother's maiden 10 CENTERS FOR DISEASE CONTROL AND PREVENTION name, or biometric records; and(2)any other information that is linked or linkable to an individual,such as medical,educational,financial, and employment information. • "Agreement party"/"parties" or"signatory"refers to the representative for both the Data Provider and Data Recipient with the authority to sign this Agreement into place. • "Completed work"refers to any draft or final product of analysis,research,or project findings gleaned from the covered data set. 11