The URL can be used to link to this page

Home My WebLink AboutAgreement A-24-516 Substitution of Data Use Agreement with MPHI.pdf Docusign Envelope ID:D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Agreement No. 24-516 SUBSTITUTION OF DATA USE AGREEMENT BETWEEN THE MICHIGAN PUBLIC HEALTH INSTITUTE AND THE COUNTY OF FRESNO, CALIFORNIA A Data Use Agreement(DUA) has been signed by the State of California Department of Public Health and Michigan Public Health Institute("MPHI"),which now covers your jurisdiction.This statewide DUA will replace the DUA with the County of Fresno, California,signed by Janice Kidd, Finance and Budget Man ager for MPHI, and Ernest Buddy Mendes,Chairman of the Board of Supervisors of the County of Fresno, California, on September 1, 2020. For your records, a copy of this statewide DUA is attached as Exhibit A. Please discard the previous DUA. IN WITNESS WHEREOF,the parties hereto execute this agreement as follows: Michigan Public Health Institute By:-1DocuSigned by; 781A7DDB91 C34D9... Dawn Raymond Finance & Budget Manager Date: 9/4/2024 County of Fresno, California BY ATTEST: BERNICE E.SEIDEL Clerk of the Board of Supervisors p County of Fresno,State of California Date: By�G%JAo: bk,.�'k"._ Deputy Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFD021CC3A2 EXHIBIT A SUBSTITUTED DATA USE AGREEMENT BETWEEN THE MICHIGAN PUBLIC HEALTH INSTITUTE AND CALIFORNIA DEPARTMENT OF PUBLIC HEALTH Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 FATALITY REVIEW CASE REPORTING SYSTEM DATA USE AGREEMENT BETWEEN THE MICHIGAN PUBLIC HEALTH INSTITUTE AND THE STATE OF CALIFORNIA This data use agreement is entered between the Michigan Public Health Institute (MPHI) (known hereafter as "Receiver") and the California Department of Public Health (known hereafter as "Holder"). The purpose of this agreement is to establish the terms and conditions for the collection, storage, and use of data obtained from the fatality case reviews submitted by Fatality Review(FR) teams in the State of California and entrusted to the Receiver as the National Fatality Review Case Reporting System (NFR-CRS). A. The Receiver 1. The Receiver is a non-profit private agency. It has a Cooperative Agreement with the Maternal and Child Health Bureau, Health Resources and Services Administration, U.S. Department of Health and Human Services, to manage the National Center for Fatality Review and Prevention (NCFRP). NCFRP is a program of the Center for National Prevention Initiatives (CNPI) at MPHI. As part of this agreement, the Receiver is to manage a standardized, web-based reporting system for state and local FR teams. 2. The Receiver is responsible for the development of the NFR-CRS, training and liaison to state and/or county agencies participating in NFR-CRS, technical assistance in using the NFR-CRS, and analysis and dissemination of national FR data generated by the NFR- CRS. The Receiver is responsible for the security, data storage, and data access by users of the NFR-CRS. 3. The Receiver holds a Federalwide Assurance (FWA),which is a written commitment to protect human research subjects by complying with federal regulations and maintaining adequate programs and procedures for the protection of human subjects. This FWA specifies adherence to the Code of Federal Regulations Title 45 Public Welfare Part 46 Protection of Human Subjects and the use of the Belmont Report as an ethics guideline. 4. The Receiver complies with the federal privacy requirements specified in the HIPAA Privacy and Security Rules (45 CFR Parts 160, 162, and 164, Standards for Privacy of Individually Identifiable Health Information). The Receiver has appointed a Privacy Officer and a Security Officer and developed and adopted HIPAA-compliant privacy and security policies and procedures. Receiver staff receive training in these policies and procedures. 5. The Receiver further acknowledges that CDPH is a"hybrid entity" for purposes of applicability of the federal regulations entitled "Standards for Privacy of Individually Identifiable Health Information" ("Privacy Rule") (45 C.F.R. Parts 160, 162, and 164) promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (42 U.S.C. §§ 1320d- 1320d-8) (as amended by Subtitle D Privacy, of the Health Information Technology for Economic and Clinical Health (HITECH)Act (Pub. L. 111-5, 123 Stat. 265-66)). The CDPH/MCAH Program has not been designated by CDPH as one of the HIPAA-covered"health care components" of CDPH. (45 C.F.R. § 164.105 (a)(2)(i)(B).) The legal basis for this determination is as 1 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 follows: a. CDPH/MCAH is not a component of CDPH that would meet the definition of a covered entity or business associate if it were a separate legal entity. (45 C.F.R. §§ 160.105(a)(2)(iii)(D); 160.103 (definition of"covered entity")); and b. The HIPAA Privacy Rule creates a special rule for a subset of public health activities whereby HIPAA cannot preempt state law if, "[t]he provision of state law, including state procedures established under such law, as applicable, provides for the reporting of disease or injury, child abuse,birth, or death, or for the conduct of public health surveillance, investigation, or intervention." (45 C.F.R. § 160.203(c) [HITECH Act, § 13421, sub. (a)].) B. The Holder 1. The California Department of Public Health (CDPH) is part of the California Health and Human Services Agency. The Vision of the CDPH is "Healthy communities with thriving families and individuals". As our Mission, the CDPH is dedicated to advancing the health and well-being of California's diverse people and communities. Today, with more than 39 million residents, California is the largest state to have its public health department nationally accredited. 2. As part of its mandates, the doctors, nurses, scientists, researchers, public health professionals, and staff of CDPH's more than 200 programs display their dedication to public service through our core values: collaboration, competence, equity, integrity, respect, responsibility, trust, and vision. Working with local health departments, state, federal, and private partners, the CDPH administers a broad range of public and clinical health programs that provide health care and preventative services to Californians, including those programs within the Injury and Violence Prevention Branch(IVPB) and the Maternal, Child and Adolescent Health(MCAH) Division. 3. Under a legislative mandate for CDPH, (Health and Safety Code (HSC) § 100325 — 100335), the department is required to perform special investigation studies of the sources of morbidity and mortality and the effects of localities, employments, conditions and circumstances on the public health and perform other duties as may be required in procuring information for state and federal agencies regarding the effects of these conditions on the public health. 4. Under a legislative mandate for CDPH (Penal Code 11174.34), IVPB is responsible for conducting surveillance for fatal child maltreatment in California using data from multiple sources, including state level data sources and local child death review teams (CDRTs). The Fatal Child Abuse and Neglect Surveillance (FLANS)Program, now called the California Child Fatality Surveillance System (CCFSS),was established in July 2000 to meet this mandate. 5. Under a legislative mandate for CDPH (Health and Safety Code (HSC) § 123650— 123655), the department is responsible for developing a plan to identify causes of infant mortality and morbidity in California and to study recommendations on the reduction of infant mortality and morbidity in California. The State and Local Fetal Infant Mortality Review (FIMR) Projects (s) in California have been established to comply with this mandate. 2 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 6. CDPH will administer the National Fatality Review Case Reporting System for California. Two State programs will primarily be involved with data access, and intend on assisting county and city health departments by providing them with direct access to this National Fatality Review Case Reporting System for analysis and reporting of California cases pertinent to their jurisdiction. The contact information for the two state programs is as follows: Injury&Violence Prevention Branch (IVPB) California Department of Public Health(CDPH) P.O. Box 997377, MS 7214 Sacramento, CA 95899-7377 Phone: (916) 552-9800 Fax: (916) 552-9810 ivpbkcdph.ca.gov Maternal, Child and Adolescent Health(MCAH) Division California Department of Public Health PO Box 997420, MS 8300 Sacramento, CA 95899-7420 Fax (916) 650-0305 mchinetkcdph.ca.gov C. Purpose of and Type of Data 1. The FR teams in California are supplying data to the Receiver to: a. Provide the state and local FR teams with a comprehensive FR case reporting system for collecting, analyzing, and reporting on their reviews of fetal, infant, and child deaths. b. Permit comparability of FR data within and between local FR teams and states. c. Use data collected to promote policy,programs, services, and laws to prevent fetal, infant, and child deaths at the local, state, and national levels. d. Use data collected to better identify and address health disparities. D. Data Entry and Transmittal 1. Data will be submitted by the Holder to the Receiver via point-to-point encryption. The Receiver will provide paper forms to the Holder upon request; however, all data is obtained by the Receiver using point-to-point encryption. 2. MPHI is SOC 2 Certified with NIST 800-53 Controls. 3. The Holder is complying with its applicable state laws and policies in determining the specific data to be entered into the NFR-CRS and of the persons it authorizes to enter and transmit the data. 4. Only persons selected by the Holder and provided a password by the Holder or the Receiver will have access to the NFR-CRS for data entry and submission as a data entry user. 3 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 5. The Receiver will create and administer data entry user accounts upon request of the Holder, or accounts can be created and maintained by the assigned administrators of the NFR-CRS upon request of the Holder. 6. Accounts are locked out when a user attempts but fails to log in successfully five times in 10 minutes; such accounts remain locked out until released by CNPI staff or assigned Holder administrators. 7. Accounts are automatically logged out after 60 minutes when there is no transmission to the server. The Holder can customize this setting, ranging from 5-60 minutes (in increments of 5 minutes), by contacting the Receiver. 8. The Receiver and/or the Holder's assigned administrator may terminate a user's access to the NFR-CRS at any time. E. Data Storage I. All data submitted via point-to-point encryption shall be stored using appropriate safeguards to prevent the use or disclosure of confidential information. 2. The Receiver ensures that administrative,physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of data it creates,receives, maintains, or transmits are implemented. 3. Data received by Receiver will be stored indefinitely unless either party terminates the data use agreement. 4 The Receiver will comply with all federal laws regarding the handling, use, storage, return, disposal, and any other action related to the data provided by the Holder. Data stored by the Receiver conforms with current NIST guidelines. The Receiver uses AES 256 for data in transit and at rest. 5. The Receiver is not responsible for any damage caused by viruses originating from places not attributable to the Receiver.However, if the virus originates from an outside source for which the Receiver did not provide adequate administrative,physical or technical safeguards to reasonably and appropriately protect the confidentiality, integrity and availability of the data, the Receiver will be held responsible. 6. It is strongly suggested that the Holder have consistent/comparable security practices in place for data downloaded from the servers back to the Holder or back to the Holder's identified users. F. Access to the FR Data 1. Receiver staff supporting the infrastructure of the NFR-CRS will only access the data submitted by the Holder in the event that there are unforeseen problems with the database that needs troubleshooting, correction, or upgrading or during the development of NFR- CRS releases or upgrades. Receiver staff will not amend, addend, alter or erase any information contained in data files without prior written authorization. 2. Identifiers will be removed from data downloads based on the permission levels for each of the Holder and Receiver. This removal of data elements is a software program feature of the NFR-CRS. 3. CNPI staff will have access only to data submitted by the Holder and its authorized data entry persons that have case identifiers removed using the HIPAA standards listed in 4 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Appendix A,unless in the event of unforeseen problems with the database that require troubleshooting or during the development of NFR-CRS releases or upgrades. CNPI will have access to the variable CaseTeam for the purposes of quality assurance and the development of data dashboards. CaseTeam is a data field that identifies the jurisdiction that reviewed the death or near death and, as such, is a HIPAA identifier. If a state-level jurisdiction reviews all deaths or near deaths for that state, CaseTeam only identifies that state. In states with more than one jurisdiction entering data into the NFR-CRS, CaseTeam identifies a subsection of the state, whether that's a county, a judicial district, or a region. 4. The Holder will identify the level of access to data of its authorized persons at both the state and local levels. Data will be accessible to the Holder via the NFR-CRS. 5. It is strongly suggested that the Holder have signed confidentiality statements from all of its authorized users (see Appendix B as an example statement). 6. The Holder will provide the Receiver with the written names and contact information for persons with permission to access data in the event the Receiver is asked by the Holder to create logins. 7. Any suspected breach of security or unintended disclosure known by the Receiver will be reported immediately to the appropriate Receiver/Holder supervisors, Privacy Officers, Security Officers, and Research Integrity Officers. Officer. Any identified active incident should be shared with the Holder, as soon as practicably possible, but within 24 hours, which will permit the Holder an opportunity to address potential harm even if the incident may not be cured immediately. The Holder mustbe notified of the event, and steps will be taken in coordination with the Receiver to mitigate harm and cure the breach of security within thirty days. 8. Any suspected breach of security or unintended disclosure known by the Holder will be reported as soon as practicably possible,but within twenty-four(24) hours, by telephone call, or email upon discovery of a breach that involves data provided to the Receiver's Privacy Officer and Security Officer, and steps will be taken in coordination with the Holder to mitigate harm. 9. All Receiver staff with access to the data submitted by the Holder will sign a confidentiality agreement(Appendix Q. G. Permitted Data Uses 1. Data submitted by the Holder through the County and City Health Departments, to the Receiver are not subject to the Freedom of Information Act(FOIA), and, as such, no data submitted by the Holder will be released by the Receiver in response to any FOIA request. The Holder will address any FOIA request made to the Holder. 2. All data accessed by and released to the Holder are the responsibility of the Holder. Any subsequent breaches of security or confidentiality once the Holder or authorized user of a County or City Health Department obtains the data are the responsibility of the Holder or County or City Health Department. Please note outside agreements may exist between Holder and County or City Health Departments. 3. The Holder will comply with its applicable state laws and policies in determining the specific data the Receiver is allowed to disclose and whether additional agreements need to be completed prior to disclosure. 5 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 4. The Receiver will not release any data that includes identifiable characteristics as defined by HIPAA (Appendix A), with the exception of CaseTeam, to any persons or organizations, except in circumstances provided in writing by the Holder. The Receiver will have access to the variable CaseTeam for the purposes of technical assistance, quality assurance, and development of data dashboards. 5. The Receiver may release de-identified data to researchers only in accordance with the MPHI IRB/Privacy approved data dissemination policy(Appendix D). 6. The Receiver may use de-identified Holder data to create public-facing resources (like infographics, guidances, graphics)without Holder permission. Only data with cell counts of six or more cases can be reported. Data with cell counts less than six will be suppressed. 7. The Receiver may report aggregated, de-identified data identified by state name to requesting parties, such as agencies or organizations, without Holder permission. 8. The Receiver may use Holder data for the creation of data dashboards. a. National-level dashboards (dashboards that display aggregated data for all states)will include de-identified data from all states from the researcher dataset described in Appendix D. National-level dashboards will be visible to parties other than the Holder and Receiver through a Uniform Resource Locator(URL) that is accessible to the general public. b. State-level dashboards (dashboards that display aggregated data for each state) will include de-identified data (with the exception of CaseTeam) from each state and will include all cases entered by the state via a lag of approximately 6-9 months from data entry. In order to view state-level dashboards, a login to the data visualization software will be required. Logins will be administered by CNPI in coordination with Holder. i. The Receiver will have access to the variable CaseTeam in order to report data on a substate basis in the dashboards. ii. If the Holder does not want data to be reported by CaseTeam in the state-level dashboards, the Holder must provide written notification to the Receiver. iii. Data with cell counts of less than six will be released in state-level dashboards. 9. If the Holder is funded by and a participant of the Centers for Disease Control and Prevention(CDC) Sudden Unexpected Infant Death Case Registry, the following will apply: a. The CDC will have access to de-identified data (with the exception of CaseTeam) of all infants whose death occurred during the period for which the Holder is funded by CDC for participation. b. The Receiver is not responsible for the CDC's use of data, including the CDC's release of descriptive reports of the Holder's data. c. Confidentiality agreements will be executed between the Receiver and CDC before any data is shared. 10. If the Holder is funded by and a participant of the Sudden Death in the Young(SDY) component of the CDC's Sudden Unexpected Infant Death and Sudden Death in the Young Case Registry, the following will apply: 6 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 a. Release of de-identified SDY Data to CDC,National Institute of Health (NIH), and NIH's research partners: i. The CDC,NIH, and NIH's approved research partners will have access to NFR-CRS data on those deaths identified as an SDY for deaths occurring during the period for which the Holder is funded by CDC for participation. State names may be identified in this data. ii. The CDC and NIH will have access to the variable CaseTeam for the purposes of technical assistance and quality assurance. iii. The Receiver is not responsible for the CDC's,NIH's, or NIH's approved research partners'use of the data, including the CDC's or NIH's or NIH's approved research partners' release of descriptive reports of the Holder's data. iv. Confidentiality agreements will be executed between the Receiver and CDC,NIH, and NIH's approved research partners before any data is shared. b. Data Linkage Necessary to Biorepository i. In order to link SDY samples stored at the Biorepository for research use only when family consent has been provided to NFR-CRS data, on a periodic basis, the Receiver will access a specialized SDY data download made available only to CNPI staff that contains the decedent's name, date of birth, and date of death. 11. The Receiver may release de-identified data to other parties to support other public health surveillance activities without Holder permission. Confidentiality agreements will be executed between the Receiver and other parties before any data is shared. 12. All reports released by the Receiver and the Holder shall be developed with adequate provision for the accuracy, reliability and integrity of the data. H. Ownership 1. The Receiver acknowledges that all FR data submitted by the Holder and by the Holder's designated data entry persons shall be and remain the sole property of the Holder. 2. The Holder acknowledges that the NFR-CRS and all of its software platform applications are the copyrighted property of the Receiver. I. Agreement Terms and Termination I. This agreement shall take effect on the date of the final signature and shall terminate pursuant to section 2 below. Upon execution, all provisions of any current or ongoing DUA between the parties directly related to this request to share data between the Holder and Receiver are hereby superseded and replaced. 2. This agreement may be terminated for any reason by either party with thirty-day written notice. 3. Upon termination of this agreement, the Receiver shall, upon written request of the Holder, remove all of the Holder's FR case data. FR data stored on backups cannot be removed in the event of the Holder's termination but will never be used, reported or 7 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFD021CC3A2 disseminated by the Receiver and will be destroyed in accordance with the Receiver's Records Archiving and Retention Policy, Procedure and Schedule. 4. Any subcontractors or other agents hired by the Receiver or Holder must agree to the same restrictions and conditions that apply through this agreement. IN WITNESS WHEREOF, the parties hereto execute this agreement as follows: Michigan Public Health Institute Data Receiver DocuSigned by: By 181AMD691C34D9... Dawn Raymond Finance and Budget Manager Date: 4/24/2024 State of California Data Holder DocuSigned by: By: 5&4 N(Ls C76E922E4BA94D8... Ashley Mills Assistant Deputy Director Center for Healthy Communities California Department of Public Health Date: 4/25/2024 8 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Appendix A HIPAA Required Elements to De-Identify Case Data* The NFR-CRS supports two types of data downloads: identified and de-identified. Researchers who have been approved by the NCFRP will receive only de-identified data. The NFR-CRS variables that will be removed in de-identified downloads are listed below. The NFR-CRS contains many free text fields (most often in the 'specify' or'describe'text fields). The NFR-CRS also provides users the opportunity to provide more detail surrounding the circumstances of the death in Section O: Narrative text field. When the Narrative, 'specify,' and/or 'describe' text fields are included in a de-identified download, the Narrative, 'describe,' and 'specify' text fields SHOULD NOT contain any HIPAA Identifiers. HIPAA Identifiers include names; all geographical subdivisions smaller than a state; all elements of dates (except year) for dates directly related to an individual; phone numbers; fax numbers; electronic mail addresses; social security numbers; medical record numbers; health plan beneficiary numbers; account numbers; certificate/license numbers; vehicle identifiers and serial numbers; device identifiers and serial numbers; web universal resource locators; internet protocol address numbers; biometric identifiers; full face photographic images; and any other unique identifying number, characteristic or code. Identifying information can be entered into the NFR-CRS element fields in the list below, including free text fields associated with the listed fields, because all the listed fields and their related text fields will be removed from every de-identified download. However, users should be instructed by the Holder not to enter any identifying information in other free text fields, including Section O: Narrative text field,because these text fields may be included in de-identified downloads. NCFRP cannot review free text fields in de-identified downloads to assure that they contain no HIPAA Identifiers. HIPAA Required Elements to De-Identify Case Data The NFR-CRS elements listed below will be removed for all persons accessing de-identified case data: Introduction: Case Definition Case number County of review Review team number Sequence of review Death certificate number Birth certificate number Medical examiner/Coroner number *Source: Code of Federal Regulations Section 164.514(b)(2)(i). 9 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Date FR team notified of death Section A: Child Information Child first name Child middle name Child last name Child name:unknown Date of birth: month,day,and year Date of birth:unknown Date of death: month and day Date of death:unknown Residential address:unknown Residential address: street Residential address:apartment Residential address: city Residential address:county Residential address: zip County of death Childbearing parent's first name(available for FIMR users only) Childbearing parent's middle name(available for FIMR users only) Childbearing parent's last name(available for FIMR users only) Childbearing parent's maiden name(available for FIMR users only) Childbearing parent's name:unknown(available for FIMR users only) Nonchildbearing parent's first name(available for FIMR users only) Nonchildbearing parent's middle name(available for FIMR users only) Nonchildbearing parent's last name(available for FIMR users only) Nonchildbearing parent's name:unknown(available for FIMR users only) Childbearing parent's residence address: same as child(available for FIMR users only) Childbearing parent's residence address:unknown(available for FIMR users only) Childbearing parent's residence address: street(available for FIMR users only) Childbearing parent's residence address: apartment(available for FIMR users only) Childbearing parent's residence address city(available for FIMR users only) Childbearing parent's residence address:zip(available for FIMR users only) Childbearing parent's residence address: county(available for FIMR users only) Childbearing parent's discharge date from hospital(available for FIMR users only) Date of infant's last discharge(available for FIMR users only) Section E:Incident Information Date of incident Date of incident: same Date of incident:unknown Incident county Section M.•Review Meeting Process Date of first FR meeting Section N.•SUID and SD Case Registry Date of first Advanced Review meeting(available for CDR users only) Date of SUID Case Registry data entry complete(available for CDR users only) Section P:Form Completed By Form completed by—Person's name Form completed by—Title Form completed by—Agency Form completed by—Phone Form completed by—Phone extension 10 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Form completed by—Email Form completed by-Date Date of quality assurance completed by State My FR Outcomes My FR Outcomes—Person's name My FR Outcomes- Team of review *Additional fields may be removed if it is found that they render persons identifiable. *Source: Code of Federal Regulation Section 164.514(b)(2)(i). 11 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Appendix B Sample Holder Confidentiality Agreement Sample Confidentiality Statement for State and Local Users of the National Fatality Review Case Reporting System By signing this Agreement, I agree to the following when I access any and all components of the National Fatality Review Case Reporting System (NFR-CRS): 1. I will comply with all laws, regulations,policies and procedures as set by the State of 2. I will safeguard the confidentiality of all confidential information to which I have access. I will not carelessly handle confidential information. I will not in any way divulge, copy, release, sell, loan, review, alter or destroy any confidential information except as within the scope of my duties. 3. I will only access confidential information for which I have a need to know, and I will use that information only as needed to perform my duties. 4. I will safeguard and will not disclose my username and password unless authorized by the State administrator of the NFR-CRS. I understand that my username and password allow me to access confidential information for my team in the NFR-CRS. I understand that the State administrator may revoke my access to the NFR-CRS if my responsibilities change.* 5. I will promptly report activities by any individual or entity that I suspect may compromise the availability, integrity, security, or privacy of confidential information. 6. I understand that the ownership in any confidential information referred to in this Agreement is defined by State statute. 7. I understand that violating applicable laws and regulations may lead to other legal penalties imposed by the judicial system. Signature: Date: Print Name: * If your state already has confidentiality statements in place, you might consider replacing this form with your own,but adding statement four from above. 12 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Appendix C MPHI Confidentiality Agreement Michigan Public Health Institute's Confidentiality, Conflict of Interest and Duty to Report Requirements As described in the Michigan Public Health Institute (MPHI) Employee Handbook, all MPHI employees have the responsibility to familiarize themselves with and adhere to MPHI's policies and procedures, and the contents of the Employee Handbook. It is especially vital to the interest and success of MPHI that you agree that during, and in the matter of confidentiality, after your employment, you have an obligation to comply with MPHI's Confidentiality and Privacy Policies, Conflicts of Interest Policy, and Duty to Report Criminal Activity. MPHI employees must annually sign this agreement to demonstrate that they are aware of their obligations to protect the confidentiality and security of the data to which they have access, and to conduct business within guidelines that prohibit actual or potential conflicts of interest, and compliance with contractual and regulatory requirements. By signing this agreement, I agree to the following: 1. I will comply with all laws, regulations, contractual agreements, MPHI policies and procedures, and project-specific protocols related to my assigned duties. I understand that I may be required to complete additional training related to these obligations. 2. I will review the employee handbook annually. 3. I will safeguard and will not disclose my work-related password(s), access code(s), or any other work-related authorization(s). I understand that MPHI may at any time revoke my password(s), access code(s), other authorization(s), or access. 4. At all times during my employment, I will safeguard the confidentiality of all information to which I have access. I will not carelessly handle information. I will not in any way divulge, copy, release, sell, loan, review, alter, or destroy any information except as properly authorized within the scope of my assigned duties at MPHI. 5. I will only access information for which I have a need to know and I will use that information only as needed to perform my legitimate duties as an employee of MPHI. 6. I will not misuse information. 7. I will promptly report activities by any individual or entity that I suspect may compromise the availability, integrity, security, or privacy of information held by MPHI. I understand that reports made in good faith about suspect activities will be held in confidence to the extent permitted. 8. 1 understand that for security reasons, program information that I have access to, should not be permanently stored on laptops, tablets, phones, or other devices. I have reviewed all of my devices and removed all program data and attest that there is no program or confidential information currently stored on my laptop, tablet,phone or other device. 9. 1 understand that I have no right or ownership interest referred to in this agreement. 10. I will not allow myself to be in a position to influence a decision that may result in a personal gain for me or my relative as a result of MPHI's business dealings. 13 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 11. Neither myself nor a relative has ownership in a firm or business that MPHI does business with or receives any kickback, bribe, substantial gift, or special consideration as a result of any transaction or business dealings involving MPHI. I have read and understand the Financial Conflict of Interest policy and understand the concepts covered in the Financial Conflict of Interest training (Okemos-based employees only, Affiliate employees follow the State of Michigan policy). 12. I understand and agree to immediately disclose to the chief executive officer any promotional plan, transaction, contracts, agreements, or leases that may be an actual or potential conflict of interest. 13. I understand that I have a duty to report, within 10 days, any pending felony charges, any convictions of misdemeanors or felonies, any placement on the Michigan Department of Health and Human Services Child Abuse and Neglect Central Registry as a perpetrator or any placement on the National and/or Michigan Sex Offender Registry as a perpetrator. 14. I understand that my failure to comply with this Agreement may result in disciplinary action up to and including termination of my employment. I understand that violating applicable laws and regulations may lead to other legal penalties imposed by the judicial system, such as fines and/or imprisonment. 15. I understand and accept that signing this agreement is a condition of my employment and those obligations under this Agreement will continue after termination of my employment. Employee Signature: Date: Print Employee Name: 1 1 understand that it is my responsibility to familiarize myself with and adhere to MPHI's policies and procedures, and the contents of the Employee Handbook and understand its terms. If I have any questions concerning information contained in this attestation or any MPHI policies, I will bring them to the attention of my supervisor, manager, Chief Administrative Officer or Privacy Officer. 14 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Appendix D NCFRP Data Dissemination Policy & Guidelines for Requesting De-identified Dataset DATA DISSEMINATION POLICY Background The purpose of the National Fatality Review Case Reporting System (NFR-CRS) housed by the National Center for Fatality Review and Prevention (NCFRP) is to systematically collect information on the circumstances surrounding the stillbirths and deaths of individual infants and children obtained during child death review and fetal infant mortality review programs in the US.' The information can then be analyzed at the local, state, or national levels and used to inform services, policy, and prevention initiatives focused on improving maternal and child health and safety and preventing additional deaths. The data collected include the following: • Demographic information about the child and family; details about the child's supervisor and perpetrator of violence (if applicable); • Information about the death investigation and the types of action taken during the investigation; • Circumstances surrounding the death, including information on risk and protective factors; cause and manner of death; • Services provided or needed as a result of the death; • The team's recommendations and other actions taken to prevent other fetal, infant, and child deaths; and • Factors affecting the quality of the death review meeting. The NFR-CRS is a web-based system first implemented in May 2004 in 14 pilot states as the Child Death Review Case Reporting System. Version 1 was made available for widespread use in January 2005. Since 2005, the software has been upgraded several times, including the addition of several new questions, most notably to support the Sudden Unexpected Infant Death Case Registry and the Sudden Death in the Young Case Registry. Effective with Version 5, the NFR-CRS collects detailed information about fetal and infant deaths. A print version showing the data elements and structure of NFR-CRS is available on the NCFRP website (https://www.ncfrp.org). Information on the number of participating states and number of deaths is available from NCFRP. Data Sources Data entered into NFR-CRS are the result of multi-disciplinary fatality review processes that bring together professionals from state and/or community agencies for the purpose of sharing ' The National Center is funded in part by Cooperative Agreement Number UG728482 from the U.S. Department of Health and Human Services(HHS),Health Resources and Services Administration(HRSA), Maternal and Child Health Bureau(MCHB)as part of an award totaling$5,149,996 annually with 0 percent financed with non-governmental sources.Its contents are solely the responsibility of the authors and should not be construed as the official position or policy of,nor should any endorsements be inferred by HRSA,HHS or the U.S. Government. 15 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 information on circumstances of maternal health, fetal, infant and child death events in an effort to identify risk factors and possible prevention strategies. Data entered into NFR-CRS may be obtained from the following data sources: birth certificates, death certificates, law enforcement records, medical records, autopsy reports, child protective services reports, and Emergency Medical Services/ambulance run reports. Fatality Review Programs in States Fatality review programs vary by jurisdiction and state with respect to the types of deaths reviewed(e.g., all deaths, non-natural deaths, all fatal injuries, abuse, and neglect deaths; the age of children whose deaths are reviewed(e.g., 0-14, 0-17, 0-25); and the average time between review and death (ranges 1 to 36 months). Due to this variability, the data are not universally consistent from site to site or state to state. Because most states do not review or enter every fetal, infant and child fatality,NFR-CRS cannot be directly compared with vital statistics data nor should it be used to compute mortality rates. All these distinctions among sites and states and limitations must be noted in any analysis of the data that is prepared for presentation or publication. More information about fatality review programs and their criteria for selection can be found at http://www.nfrp.org. Prior to the release of Version 5 of NFR-CRS, local FIMR programs had been using a variety of systems to collect and report their data. Typically, most FIMR information is collected from the following data sources: parental/family interviews, birth and death certificates, autopsy reports, hospital records including labor and delivery, newborn, neonatal, and pediatric care units, emergency department, outpatient records including prenatal care,pediatric well baby and sick baby visits, and other service providers such as WIC,public health, home visits, and department of human and social services records. FIMR data is meant to complement other population data. Collection of FIMR data in NFR-CRS did not begin until 2018. Data Ownership Fatality review data in NFR-CRS are owned by the individual program that reviewed the death and entered the data(per the data use agreement executed between each local program or state and MPHI/NCFRP). Requests for de-identified data on individual deaths must be submitted to the NCFRP Data Dissemination Committee,per guidelines and processed outlined in this document. For any research request that proposes to identify data by state or FIMR jurisdiction in any published or publicly released analysis or results, local programs and states will be provided an opportunity to have their state's data excluded from the study. Data Inclusion The de-identified dataset will include all cases that are at least 24 months from the end of the calendar year for the preceding January-December time frame. For example, deaths that occurred in calendar year 2020 (January 1- December 31, 2020) and earlier will be made available in a researcher de-identified dataset on January 1, 2023. Deaths occurring in calendar year 2021 and earlier will be made available in a researcher de-identified dataset on January 1, 2024. Cases migrated from previous fatality review reporting systems into the NFR-CRS will not be included in a standard dataset but may be provided upon further consultation between the researcher and NCFRP. 16 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFD021CC3A2 Removal of Identifiable Data Elements for Dataset Although teams often enter HIPAA-defined personally identifiable data elements (child's name, address, date of birth, date of death, date and time of incident, and incident county) into the NFR-CRS, no data file that includes HIPAA-defined personally identifiable elements will be made available to researchers. Prior to providing data for an approved research project, all personally identifiable data elements will be removed. HIPAA-defined personally identifiable elements are listed in Attachment 1 of the Application for Access to De-identified Data (Application for Data). The "Narrative" field contained in Section O of the NFR-CRS is typically not available to researchers. It can be released under special circumstances and after a lengthy review process in which personally identifiable elements have been redacted. Although no HIPAA-defined personally identifiable data elements should be included in the Narrative field of Section O, should there be ANY identifying elements contained in this section, it is to be considered an inadvertent disclosure and(1) shall not be used or disclosed by researchers, (2) shall be immediately deleted by researchers and(3)be immediately reported to MPHI/NCFRP with written confirmation by the researchers that the confidential information cannot be used. If any HIPAA personally identifying data elements are included in other free text fields in the researcher dataset, it is also considered to be an inadvertent disclosure, and the confidential information(1) shall not be used or disclosed by researchers, (2) shall be immediately deleted by researchers and(3)be immediately reported to MPHUNCFRP with written confirmation by the researchers that the confidential information cannot be used. To protect anonymity of data, individual states or FIMR jurisdictions are not identified in data provided for approved research. However,NCFRP will create and provide a unique code so that researchers can evaluate variation and control for potential bias in the dataset without identifying the individual states or jurisdictions. Required Fees A fee may be charged to each applicant for preparation of the requested dataset. The amount of the fee will be determined by NCFRP staff. An estimate of any fee will be provided to the applicant upon a preliminary review of the proposal by staff. Fees will be determined based on the number of staffing hours estimated to prepare the dataset using MPHI hourly rates. Fees must be paid in full prior to the release of the dataset to the applicant. NCFRP reserves the right to waive fees in certain situations. Data Quality In order to standardize the collection and interpretation of data elements,NFR-CRS contains a comprehensive Data Dictionary that is readily available online when entering data or as a standalone PDF document that can be used during fatality review team meetings. Additionally, NCFRP staff are readily available to provide technical assistance about the NFR-CRS and are in constant communication with teams about data and reporting questions. Since the data are owned by the participating states and FIMR jurisdictions, they are responsible for the quality of their data. States and FIMR jurisdictions vary in the degree to which they review data for 17 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 inconsistencies, incompleteness, or inaccuracies. The NCFRP has found that data quality appears to improve with training and increased time using the NFR-CRS. The NFR-CRS contains a number of subjective questions to engage team discussion (e.g., "Was the death preventable?" or "Did a person or persons other than the child do something that caused or contributed to the death?"). The subjective nature of these questions can, however, make data analysis more challenging. Finally, although teams record the agencies that participated in the fatality review, the primary data source for each data element is not documented in the NFR-CRS. If there is a discrepancy in information shared by the different agencies at the review meeting, it is up to the fatality review teams to determine the best answer; NCFRP has no set primacy rule for data sources. More information about NFR-CRS and limitations on the use of the data can be found in the February 2011 Supplement to Injury Prevention (Covington TM. The US national child death review case reporting system.Injury Prevention 2011; 17 Suppl 1:04-07) found at https://www.ncfrp.org/wp-content/uploads/NCRPCD-Docs/InjuryPreventionSupplement2011.pdf. 18 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 GUIDELINES AND PROCESSES FOR REQUESTING DE-IDENTIFIED DATA FOR RESEARCH PURPOSES Researchers affiliated with an eligible Receiving Institution may apply for access to a de- identified dataset. To be eligible, the Receiving Institution must be an institution of higher education, research organization, non-profit agency or government agency that either employs or contracts with the researcher. The Receiving Institution must be registered with the U.S. Office for Human Research Protections. Any release of data will be subject to a signed Contract for Access to and Use of Data(Contract for Data)between NCFRP, the principal investigator(PI) and an authorized representative of the Receiving Institution. The Contract for Data is set out after these Guidelines. An Application for De-identified Data (Application for Data)must identify a PI. The PI serves as the primary point of contact for all communications involving the Contract for Data. The PI must sign the Contract for Data, by which the PI assumes responsibility for compliance with all terms of the Contract for Data by employees of the Receiving Institution, including the day-to-day security of the electronic data and all printed output derived from the files. Each additional researcher who will have access to the NCFRP data must be identified on the Application for Data and must sign the Confidentiality Agreement attached (Attachment 3). The applicants may not release or permit others to release the dataset in whole or in part to any persons other than those identified in the Application for Data. Access to the dataset is also subject to the following requirements: 1. The researchers given access to NFR-CRS data may not conduct analyses of the data for purposes other than those described in the approved Application for Data. Applicants will not alter the approved research design unless they have notified and obtained written permission for the alteration from NCFRP. 2. The PI must obtain IRB approval for the proposed research. Letters of approval must be submitted to NCFRP prior to release of data for approved analyses. 3. All data shared are and shall at all times remain the sole property of the state and local jurisdictions that conducted the fatality reviews that are the source of the data. 4. No data will be released that identifies data by state or jurisdiction without the explicit approval of the state(s) or jurisdiction(s). States or jurisdictions have the right of first refusal to participate in this research project if the PI plans to publish or publicly release any analysis or results that identifies individual states or jurisdictions. It is permissible, however, to list the states or jurisdiction included in the dataset, as long as no data are attributed to specific states or jurisdiction, and the states or jurisdictions have authorized this acknowledgement. The PI will need to inform NCFRP of their desired intention to list participating states or jurisdictions in their research;NCFRP will contact states or jurisdictions for permission before public release of any results by PI. 5. The researchers must not attempt nor permit others to attempt to use the data to learn the identity of any decedent. If the identity of a decedent should be inadvertently discovered by the PI or any other individual, the PI must make no use of this knowledge,permit others to use the knowledge, or inform anyone else of this knowledge, and must inform NCFRP of the discovery so it can prevent future discoveries of this nature. 19 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 6. Although no HIPAA-defined personally identifiable data elements should be included in the free text fields or the Narrative field of Section O, should there be ANY identifying elements in these variables, it is considered to be an inadvertent disclosure and(1) shall not be used or disclosed by researchers, (2) shall be immediately deleted by researchers and(3)be immediately reported to MPHI/NCFRP with written confirmation by the researchers that the confidential information cannot be used. 7. Only aggregated data with cell counts of six or more cases will be released and reported in any analysis. Cells less than six will be omitted or combined with other like cells. 8. All oral and written presentations or other distribution of information resulting from the use of these data must be developed with adequate provision for the accuracy, reliability and integrity of the data. 9. All oral and written presentations or other distribution of information resulting from the use of the requested data must be submitted to NCFRP for review at least two weeks prior to presentation or submission to a journal or other source of publication. The purpose of this review is to determine whether the research was completed in the manner specified in the Application and whether the analysis is in the spirit of fatality review and the NCFRP mission, and to permit NCFRP to have advance notice of potential issues pertaining to the analysis and/or results. Any additional or other use of these data will be considered a breach of the Contract for Data,unless agreed upon in writing by both parties beforehand. 10. NCFRP may terminate its contract with the recipient if the recipient is in violation of any condition of the contract and such violation is not remedied within 30 days after the date of written notice of the violation. Furthermore, failure to comply with the contract terms will result in the disqualification of the PI, along with any collaborators implicated in the violation, from receiving additional NCFRP data. 11. All presentations and publications making use of these data must be provided to NCFRP in a timely manner so that it is a repository of the various uses of the data. 12. All presentations or other distributions resulting from use of the requested dataset must include an acknowledgment of the participating states and NCFRP. They must include the following language: "This dataset was provided by the NCFRP, which is funded in part by Cooperative Agreement Numbers UG728482 from the U.S. Department of Health and Human Services (HHS), Health Resources and Services Administration (HRSA) and in part by the U.S. Centers for Disease Control and Prevention Division of Reproductive Health. The contents are solely the responsibility of the authors and do not necessarily represent the official views of NCFRP, HHS or the participating states." 13. The PI will have three years from the time the data file has been provided by NCFRP to prepare a manuscript. If the manuscript has not been completed within three years of receipt of the data file, the PI agrees to destroy all hard copies of the dataset generated with a cross-cut shredder or return the dataset to NCFRP; all electronic data must be destroyed/deleted within the same time frame. The PI will provide written notification to NCFRP that they were unable to complete the research and will no longer be conducting any analysis on the research topic and will not be publishing any findings. 14. Within three years of completion of the project, all hard copies of the dataset generated by the researchers must be destroyed with a cross-cut shredder or returned to NCFRP, and all electronic data must be destroyed/deleted within the same time frame. Written confirmation that the dataset has been destroyed is required. 20 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 15. All installations of the data must have electronic security measures in place to prevent unauthorized access, by electronic or physical means, to the confidential data provided or to output from that data. Data Inclusion Cases included in the de-identified dataset will include all deaths that occur at least 24 months from the end of the calendar year for the preceding January-December time frame. For example, deaths from calendar year 2020 (January 1 - December 31, 2020) and earlier will be made available in a researcher de-identified dataset on January 1, 2023. Similarly, deaths from calendar year 2021 and earlier will be made available in a researcher de-identified dataset on January 1, 2024. Cases migrated from previous fatality review reporting systems into NFR-CRS will not be included in a standard dataset but may be provided upon further consultation between the researcher and NCFRP. Application Process To request de-identified data from the NCFRP,the researcher must complete an Application for Data, which includes a detailed proposal describing the purpose of the data research,proposed study methods, and mechanisms that will be used to keep the data secure (see Application form). Upon receipt, the application will be reviewed by the NCFRP Data Dissemination Committee which is composed of representatives of participating states, scientists, and other relevant individuals. The Data Dissemination Committee will evaluate the application on the basis of the following criteria: • Quality of the research question(s) and aims for use of the dataset; • Whether the requested data elements are clearly described and whether access to those elements is necessary for the research questions; • Applicant's understanding of the strengths and limitations of the database and analysis plan that is appropriate for this type of dataset; • Qualifications of researchers who will have access to the dataset; • Sufficiency of safeguards in place to maintain the data security, confidentiality, and prevent unauthorized access to data and evidence that the institution is registered with the U.S. Office for Human Research Protections; • Extent to which the proposal is in accordance with the mission of fatality review, which is to better understand how and why fetuses, infants, and children die and use the findings to take action that can prevent other deaths and improve the health and safety of children; • Whether NCFRP is conducting similar research or has plans to do so; and • Whether anticipated presentations,publications, or other dissemination of results from the research are consistent with the NCFRP mission. At a minimum, the Committee will review applications on a quarterly basis. All applicants will be notified in writing by NCFRP of the Committee's decision. Proposals will be evaluated using the above criteria with one of three outcomes: 1. Approved 2. Revisions requested 3. Rejected for not meeting the criteria 21 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 For any research request that proposes to identify data by state or jurisdiction in any published or publicly released analysis or results, states or jurisdictions will be given the opportunity to have their data excluded from the study(Attachment 2). Requests for more information about the data and the process for obtaining permission to access the data should be directed to: National Center for Fatality Review and Prevention 2395 Jolly Road, Suite 120 Okemos, MI 48864 Phone : (800) 656-2434 Email : info@ncfrp.org 22 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 NATIONAL CENTER FOR FATALITY REVIEW & PREVENTION National Fatality Review Case Reporting System (NFR-CRS) Application for De-identified Data for Research IMPORTANT: Please read "Data Dissemination Policies and Guidelines for Requesting Access to De-identified Data from the National Fatality Review Case Reporting System(NFR-CRS) for Research Purposes" prior to completing your application. Please submit the completed application via e-mail to infoi,a'-,ncfrp.org. Data requested (check one): CDR FIMR A. Proposed Study 1. Project Title: 2. Principal Investigator Name: 3. Date: 4. Description of proposed research. In no more than 5 pages (excluding listing of variables), provide a detailed description of the study. This description should include: • Clear statement of the research question(s) and/or specific study aim(s) • A brief summary of relevant literature that provides a rationale for and documents the significance the proposed research and culminates in a succinct statement of the purpose of the research • Detailed description of the study design and methods. Include: o A description of the study design; o Definition of your study population (e.g., infants only, children ages 10-17 with motor vehicle crash as mechanism of injury) and years of data you are requesting (e.g., 2015-2020). If you plan a comparison group, define this population also; o List of the variables needed to carry out the study, using the NFR-CRS as a guide. Clearly identify and define your main independent(exposure, risk factor, confounding) and dependent(outcome)variables. For example, if your main exposure is premature birth, state how you will define premature birth using these NFR-CRS data. (See Data Dissemination Policy and Guidelines -- Attachment 1 identifies the variables in the NFR-CRS that are removed in de-identified datasets. These variables cannot be requested for research purposes. Attachment 2 is the 23 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFD021CC3A2 template used by NCFRP to request permission from states or FIMR jurisdictions if researchers intends to publish data by state name.); ■ NOTE: (Applicable to CDR data requests only) Sections I1 and N of the NFR-CRS were added for use by the Centers for Disease Control and Prevention's Sudden Unexpected Infant Death and Sudden Death in the Young Case Registry. As such, these data elements are not available across all years, and completion may be limited among jurisdictions that were not funded for participation in the Registry. o A detailed analysis plan. Include the software that will be used for analysis and statistical tests (if any)planned. It is extremely helpful to include proposed tables; o A description of how you will handle small numbers and missing/incomplete data; and o A description of how the limitations of the NFR-CRS might affect your study and how these limitations will be addressed/mitigated. 5. A timeline for completion of your study: 6. Anticipated presentations,publications, or other dissemination of results, be specific: B. Investigator/researchers 1. Identify the Principal Investigator(PI)who will carry out the duties described in the Guidelines. Provide name, title, institution, department, address, contact telephone and e-mail address. Provide curriculum vitae as an attachment. 2. Identify each additional researcher/collaborator/co-investigator that will have access to the data. Include name, title, institution, department, address, contact telephone and e-mail address. Provide a curriculum vitae for each. 3. Describe the specific responsibilities that the PI and each of the other investigator(s)will have in conducting and completing the proposed research. The PI and all other investigators will each need to complete a confidentiality agreement(Attachment 3). C. Data Security All users of the NFR-CRS data must have electronic security measures in place to prevent access to the data from unauthorized individuals. 1. Describe where the data will reside and how the data will be shared among researchers. Describe the physical transmission. 2. Security details: In the table below, provide a comprehensive list of all devices on which the data will be installed and indicate the electronic security measures that will be applied to 24 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 each device. For those devices that have access to the Internet, all four of the electronic security measures must be in place for this data request to be approved. For non-Internet devices, firewall protection is not required. If co-investigators at different institutions from the PI will also have physical control of the data, complete a table for each such co-investigator's institution. Device type Internet Indicate Does the ID workstation, device have Electronic security measures laptop, server, access to the portable media, or Internet?(Y/N) other device Password Restricted Virus Firewall login? (Y/N) directory protection? protection? The device access? (Y/N?) (Y/N) requires a (Y/N) Anti-virus Firewall login ID and The software is technology password at directories installed on is in place startup and containing the device. for devices after a period the data are that are of inactivity. restricted to connected to authorized the Internet. users who have logged in to the device. 1 2 3 4 3. Physical security: In addition to electronic security, the devices on which the data have been copied must be physically secured to prevent theft of the device. Describe below the physical security measure in place for each device. If co-investigators at different institutions from the PI will also have physical control of the data, complete the table for each such co-investigator's institution and describe how data will be securely transferred between institutions. Note: The same physical security standards apply to remote offices. 25 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Location of Device Description of physical security ID Indicate the building name and office number or Examples are offices are locked when unoccupied; storage remote office address. in secure cabinets when the device is not in use; and monitored access to the building where the data are stored. 1 2 3 4 D. Receiving Institution 1. Identify the Receiving Institution. 2. Describe your Institution in detail. What kind of work does it do? Include the type of organization, its profit/non-profit status, and primary sources of revenue. 3. Provide evidence in an attachment that your institution is registered with the U.S. Office for Human Research Protections. 4. Describe your plans to obtain Institutional Review Board(IRB) approval for this study using the NFR-CRS data. 5. Provide the IRB assurance number. 6. Describe your Institution's experience in overseeing the use of sensitive research data by its staff. Please give specific examples. 7. Describe any known breaches of sensitive research data by your organization and the steps taken to remedy the breach. Application signatures: Signature of Principal Investigator Date Signature of Representative of Receiving Institution Date Title 26 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 TEMPLATE ONLY: CONTRACT NEED NOT BE COMPLETED OR SIGNED AT TIME OF APPLICATION MICHIGAN PUBLIC HEALTH INSTITUTE National Center for Fatality Review and Prevention SAMPLE Contract for Access to and Use of Data This contract specifies the conditions for release of National Center for Fatality Review and Prevention(NCFRP) Fatality Reporting System data, research, and reports for legitimate public health or related research. The intent of this contract is to foster such research and to prevent misrepresentation of the data. This Contract for Access to and Use of Data(Contract for Data) is between [ ] (Investigators), and Michigan Public Health Institute/National Center for Fatality Review and Prevention(NCFRP). This Contract for Data is for the study entitled [ ], as described in the Application for De- identified Data, dated [ ], which is attached hereto and made part of this contract as Appendix A. The Investigators are responsible for ensuring that all work under this study including the work of additional researchers, collaborators, and co-investigators complies with all applicable federal, state, local and international laws and regulations; and that the work is performed in a professional manner to the highest academic standards. Investigators agree to the following requirements for the use of the data and assure compliance with the requirements. 1. This agreement applies to all activities occurring between the date of signing and 24 months after that date. 2. No one will be permitted to use this dataset to conduct analyses other than those described in the Application for Access to and Use of Data that accompanies this statement. 3. IRB approval of the Receiving Institution will be obtained, and documentation of that approval will be provided to NCFRP prior to release of any dataset. 4. Investigators understand that all data shared are and shall at all times remain the sole property of the state and local teams that conducted the fatality reviews that are the source of the data. 5. NCFRP will seek permission from the participating states or FIMR jurisdictions for release of the data for the project described in the Application for Data if said states or jurisdictions are to be named in the 27 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 TEMPLATE ONLY: CONTRACT NEED NOT BE COMP TIME OF,"=CATION analysis or results. States or FIMR jurisdictions have the right of first refusal to participate in this research project if applicant intends to identify state or jurisdiction in any published or publicly released analysis or results. 6. Neither the dataset nor any part of it will be released to any persons other than those identified in the approved Application for Data. 7. Investigators and all other researchers with access to the data will not attempt nor permit others to attempt to use the data to learn the identity of any decedent. If the identity of a decedent should be inadvertently discovered, Investigators will make no use of this knowledge, nor will they permit others to use the knowledge. Investigators will inform NCFRP of the discovery so it can prevent future discoveries. Investigators will not inform anyone else of the discovery of identity. 8. Investigators understand that not all deaths of children have been reviewed by fatality review teams and that not every fatality review team in the country participates in the NFR-CRS. 9. Investigators understand that data will only be reported at an aggregated level and no data will be released that identifies data by state or FIMR jurisdiction without explicit permission from the state or jurisdiction(s)to be identified. Aggregated data must have cell counts of six or more in order to be reported. 10. Investigators will not alter the approved research design without written permission from NCFRP. 11. All oral and written presentations or other distribution of information resulting from the use of this dataset shall be developed with adequate provision for the accuracy, reliability and integrity of the data. 12. All oral and written presentations or other distribution of information resulting from the use of the requested dataset will be submitted to the NCFRP for review at least two weeks prior to presentation or submission to a journal or other source of publication. 13. All oral and written presentations or other distribution of information resulting from use of the requested dataset will include an acknowledgement of the participating states or FIMR jurisdictions and NCFRP. 14. All presentations and publications will include the following language: "This dataset was provided by the NCFRP, which is funded in part by the U.S. Department of Health and Human Services (HHS), Health Resources and 28 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 TEMPLATE ONLY: CONTRACT NEED NOT BE COMP TIME OF e►pAuCe►rrTON Services Administration(HRSA) and in part by the U.S. Centers for Disease Control and Prevention Division of Reproductive Health. The contents are solely the responsibility of the authors and do not necessarily represent the official views of NCFRP, HHS or the participating states." 15. All presentations and publications making use of these data shall be provided to NCFRP in a timely manner so that it is a repository of the various uses of the data. 16. Investigators understand that once a proposal for use of the data is approved,NCFRP may acknowledge publicly the investigators'names, institution, and name of the study as partners working with the NFR-CRS data. 17. The sharing of these data for the purposes stated in the approved project does not imply, in whole or in part, that the topic of the approved project has not been investigated before or will not be investigated now or in the future, by other investigators interested in this topic. 18. Any additional or other use of these data except as described in Investigators'Application for Data will be considered a breach of this contract,unless agreed upon in writing by both parties beforehand. 19. Investigators will ensure compliance with the security measures described in the Application for Data. 20. Investigators will have three years from the time the data file has been provided by NCFRP to prepare a manuscript. If the manuscript has not been completed within three years of receipt of the data file, the Investigators agree to destroy all hard copies of the dataset generated with a cross-cut shredder or return the dataset to NCFRP; all electronic data must be destroyed/deleted within the same time frame. The Investigators will provide written notification to NCFRP that they were unable to complete the research and will no longer be conducting any analysis on the research topic and will not be publishing any findings. 21. When the proposed analyses are completed, all copies of the dataset will be destroyed with a cross-cut shredder or returned to the NCFRP upon completion of project plus three years. All electronic versions of the dataset will be deleted. Written confirmation that the dataset has been destroyed or deleted is required. 22. By signing this document, Investigators agree to be responsible for compliance with the conditions of this agreement and agree to these conditions by their signatures below. 29 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 23. Cost-reimbursement for the time and expenses spent by MPHI staff to compile the data file requested by Investigators may be invoiced to Investigators after the work is complete. The invoice must be paid in full to Michigan Public Health Institute prior to release of the data file. 24. NCFRP may terminate the Contract for Data if the Investigator is in violation of any condition of the agreement and such violation is not remedied within 30 days after the date of written notice of the violation. TEMPLATE ONLY: CONTRACT NEED NOT BE COMPLETED OR SIGNED Al TIME OF APPLICATION Principal Investigator: Name: Title: Organization: Address: Email address: Phone: Signature: Date: For Receiving Institution: Name: Title: Organization: Address: Email address: Phone: Signature: Date: For MPHI: Name: Title: Organization: Michigan Public Health Institute Address: 2395 Jolly Road, Suite 120, Okemos MI 48864 30 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Email address: Phone: Signature: Date: 31 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Attachment 1 HIPAA Required Elements to De-Identify Case Data* The NFR-CRS supports two types of data downloads: identified and de-identified. Researchers who have been approved by the NCFRP will receive only de-identified data. The NFR-CRS variables that will be removed in de-identified downloads are listed below. The NFR-CRS contains many free text fields (most often in the 'specify' or'describe'text fields). The NFR-CRS also provides users the opportunity to provide more detail surrounding the circumstances of the death in Section O: Narrative text field. When the Narrative, 'specify,' and/or 'describe' text fields are included in a de-identified download, the Narrative, 'describe,' and 'specify' text fields SHOULD NOT contain any HIPAA Identifiers. HIPAA Identifiers include names; all geographical subdivisions smaller than a state; all elements of dates (except year) for dates directly related to an individual; phone numbers; fax numbers; electronic mail addresses; social security numbers; medical record numbers; health plan beneficiary numbers; account numbers; certificate/license numbers; vehicle identifiers and serial numbers; device identifiers and serial numbers; web universal resource locators; internet protocol address numbers; biometric identifiers; full face photographic images; and any other unique identifying number, characteristic or code. Identifying information can be entered into the NFR-CRS element fields in the list below, including free text fields associated with the listed fields, because all the listed fields and their related text fields will be removed from every de-identified download. However, users should be instructed by the Holder not to enter any identifying information in other free text fields, including Section O: Narrative text field,because these text fields may be included in de-identified downloads.NCFRP cannot review free text fields in de-identified downloads to assure that they contain no HIPAA Identifiers. HIPAA Required Elements to De-Identify Case Data The NFR-CRS elements listed below will be removed for all persons accessing de-identified case data: Introduction: Case Definition Case number County of review Review team number Sequence of review Death certificate number Birth certificate number Medical examiner/Coroner number Date fatality review team notified of death *Source: Code of Federal Regulations Section 164.514(b)(2)(i). Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Section A: Child Information Child first name Child middle name Child last name Child name:unknown Date of birth: month,day,and year Date of birth:unknown Date of death: month and day Date of death:unknown Residential address:unknown Residential address: street Residential address:apartment Residential address: city Residential address:county Residential address: zip County of death Childbearing parent's first name(available to FIMR users only) Childbearing parent's middle name(available to FIMR users only) Childbearing parent's last name(available to FIMR users only) Childbearing parent's maiden name(available to FIMR users only) Childbearing parent's name:unknown(available to FIMR users only) Nonchildbearing parent's first name(available to FIMR users only) Nonchildbearing parent's middle name(available to FIMR users only) Nonchildbearing parent's last name(available to FIMR users only) Nonchildbearing parent's name:unknown(available to FIMR users only) Childbearing parent's residence address: same as child(available to FIMR users only) Childbearing parent's residence address:unknown(available to FIMR users only) Childbearing parent's residence address: street(available to FIMR users only) Childbearing parent's residence address: apartment(available to FIMR users only) Childbearing parent's residence address city(available to FIMR users only) Childbearing parent's residence address:zip(available to FIMR users only) Childbearing parent's residence address: county(available to FIMR users only) Childbearing parent's discharge date from hospital(available to FIMR users only) Date of infant's last discharge(available to FIMR users only) Section E:Incident Information Date of incident Date of incident: same Date of incident:unknown Incident county Section M.•Review Meeting Process Date of first review meeting Section N.•SUID and SDY Case Registry Date of first Advanced Review meeting(available to CDR users only) Date of SUID Case Registry data entry complete(available to CDR users only) Section P:Form Completed By Form completed by—Person's name Form completed by—Title Form completed by—Agency Form completed by—Phone Form completed by—Phone extension Form completed by—Email Form completed by-Date Date of quality assurance completed by State 33 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Prevention Outcomes Prevention Outcomes—Person's name Prevention Outcomes- Team of review *Additional fields may be removed if it is found that they render persons identifiable. * Source: Code of Federal Regulation Section 164.514(b)(2)(i). 34 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Attachment 2 A Request for the Release of Fatality Review Case Report Data when Research Applicant Intends to Identify State(s) in Proposed Published Analysis or Results The following template will be used by NCFRP to request written authorization from states or FIMR jurisdictions participating with the National Fatality Review Case Reporting System for permission to release individual case report data to research applicants that intend to identify state or jurisdiction in published analysis or results. Permission will be sought once the Data Dissemination Committee has approved the project. Dear(insert state or jurisdiction) Data Holder: This letter is to inform you that the National Center for Fatality Review and Prevention (NCFRP) has received a request to release de-identified individual case report data. The request was submitted by(insert name of requestor and organization) on(insert date). The requester will be using the data for the purpose of(insert purpose). If the requester intends to use the data for a purpose other than what is stated here, they must submit a new request. Per the National Center for Fatality Review and Prevention's Guidelines for Requesting De-identified Data,written permission is necessary from each state or FIMR jurisdiction where the research applicant intends to identify state or jurisdiction(s) in published or publicly released analysis or results of fatality review data. As a reminder, de-identified individual case report data released by the NCFRP will not include the list of data elements found in Appendix 1 of the NCFRP Data Dissemination Policy and Guidelines. Please verify that your state or FIMR jurisdiction is not precluded from releasing this data by any rules or statutes before signing this agreement. Please provide written confirmation to the NCFRP that you authorize your state or jurisdiction name to be publicly identified in the above requestor's research, including detailed analysis. 35 Docusign Envelope ID: D4453EC3-67A6-49A9-AOF5-OBFDO21CC3A2 Attachment 3 Confidentiality Agreement to be Signed by All Researchers with Access to NFR-CRS Data By signing this Agreement, I agree to the following: 1. I will safeguard the confidentiality of all confidential information contained in the NFR-CRS data to which I have been given access. I will not carelessly handle confidential information. I will not in any way divulge copy, release, sell, loan, review, or alter any confidential information except as within the scope of my duties. 2. I will only access confidential information for which I have a need to know and I will use that information only as needed to perform my duties. 3. I will not attempt nor permit others to attempt to use the data to learn the identity of any decedent. If I inadvertently discover the identity of a decedent, I will make no use of this knowledge, will not permit others to use the knowledge, will not inform anyone else of this knowledge, and will inform NCFRP of the discovery so it can prevent future discoveries. 4. I will transmit and store all electronic and hard copy data in a secure and confidential manner and location at all times. 5. Upon completion of the performance of my duties, the identifiable data will be destroyed and no opportunities will be available to access that data on the network or computer systems. 6. I will promptly report activities by any individual or entity that I suspect may compromise the availability, integrity, security, or privacy of confidential information. 7. I understand that the ownership of any confidential information referred to in this Agreement is defined by State statutes. 8. I understand that violating applicable laws and regulations may lead to other legal penalties imposed by the judicial system. Signature: Date: Print Name: 36