Skip to main content
v2026.1714 entries · CC-BY 4.0
CiteLicenceEN-GB
CASRAI
Dictionary termTrack DStablev2026.2

Data Use Agreement (DUA)

A contractual instrument required before a recipient may access an identifiable, restricted, or limited dataset that defines permitted uses, security obligations, re-disclosure prohibitions, destruction requirements, and breach-notification duties.

ByCASRAI Editorial Board
· Last updated 21 May 2026

Examples

Worked examples

  • Is an instance

    A health-services researcher requesting Medicare claims data from CMS executes a DUA committing to a defined cell-suppression threshold and approved secure-enclave use.

  • Is an instance

    A genomics laboratory accessing controlled-access cases from dbGaP signs a Data Use Certification through the institutional signing official before download is permitted.

Counter-examples

Looks similar, but isn't

  • Not an instance

    Access to a fully public, de-identified, freely downloadable dataset under an open licence does not require a DUA.

  • Not an instance

    Use of internally generated data that never leaves the originating institution is governed by internal data-governance policy rather than an inter-institutional DUA.

Editorial commentary

DUAs are most commonly used for HIPAA limited datasets (where the agreement is mandatory under 45 CFR §164.514(e)), for restricted-use data from federal statistical agencies, and for controlled-access datasets from repositories such as dbGaP and the UK Data Service. The agreement is signed by institutionally authorised officials on both sides and binds the recipient institution, not the individual researcher. Standard provisions include a defined research purpose, listed authorised users, no-attempt-to-re-identify language, prohibition on onward transfer, secure-storage and access-control requirements, and an obligation to destroy or return data on study completion.

References

  • HIPAA Privacy Rule 45 CFR §164.514(e) limited data set and data use agreement
  • NIH Genomic Data Sharing Policy and dbGaP Data Use Certification
  • ICPSR Restricted Data Use Agreement template

Also known as

DUA · data access agreement · restricted-use data agreement

Machine-readable encodings

Use in your systems

JATS XML <role> element
xml
<role vocab="credit"
      vocab-identifier="https://casrai.org/dictionary/"
      vocab-term="Data Use Agreement (DUA)"
      vocab-term-identifier="https://casrai.org/dictionary/term/data-use-agreement" />
Schema.org DefinedTerm (JSON-LD)
json
{
  "@context": "https://schema.org",
  "@type": "DefinedTerm",
  "name": "Data Use Agreement (DUA)",
  "identifier": "https://casrai.org/dictionary/term/data-use-agreement",
  "description": "A contractual instrument required before a recipient may access an identifiable, restricted, or limited dataset that defines permitted uses, security obligations, re-disclosure prohibitions, destruction requirements, and breach-notification duties.",
  "inDefinedTermSet": "https://casrai.org/dictionary/domain/compliance-and-regulatory/",
  "url": "https://casrai.org/dictionary/term/data-use-agreement",
  "sameAs": [
    "DUA",
    "data access agreement",
    "restricted-use data agreement"
  ],
  "license": "https://creativecommons.org/licenses/by/4.0/"
}

Adopted by research universities worldwide

University of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoMassachusetts Institute of Technology logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logoUniversity of Cambridge logoColumbia University logoUniversity of Edinburgh logoHarvard University logoMassachusetts Institute of Technology logoUniversity of Oxford logoPrinceton University logoStanford School of Medicine logoUniversity College London logo
  • University of Cambridge logo
  • Columbia University logo
  • University of Edinburgh logo
  • Harvard University logo
  • Massachusetts Institute of Technology logo
  • University of Oxford logo
  • Princeton University logo
  • Stanford School of Medicine logo
  • University College London logo

View CASRAI adoption →