Data Use Agreement for Nationwide Inpatient Sample

This Data Use Agreement ("Agreement") implements the data protections of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (Public Law 104-191) and the Agency for Healthcare Research and Quality (AHRQ) confidentiality statute. Any individual ("data recipient") seeking to obtain or use data in the Nationwide Inpatient Sample (NIS) from the Healthcare Cost and Utilization Project (HCUP) maintained by the Center for Delivery, Organization, and Markets (CDOM) within AHRQ, must sign and submit this Agreement to AHRQ or its agent before access to the NIS may be granted.

In accordance with HIPAA, the NIS may only be used or disclosed in the form of a limited data set, as defined by the HIPAA Privacy Rule (45 CFR § 164.514(e)).

The AHRQ confidentiality statute, Section 924(c) of the Public Health Service Act (42 U.S.C. 299c-3(c)), requires that data collected by AHRQ that identify individuals or establishments be used only for the purpose for which they were supplied. Data supplied to AHRQ for HCUP and disclosed in limited data set form are identifiable under the HIPAA Privacy Rule and are provided by the data sources only for research, analysis, and aggregate statistical reporting. Therefore, data recipients may use HCUP data only for these purposes.

No Identification of Persons—Any effort to determine the identity of any person contained in HCUP databases (including but not limited to patients, physicians, and other health care providers), or to use the information for any purpose other than for research, analysis, and aggregate statistical reporting, would violate the AHRQ confidentiality statute, the conditions of this Agreement, and the HIPAA Privacy Rule. Recipients of the data set are prohibited under the AHRQ confidentiality statute and the terms of this Agreement from releasing, disclosing, publishing, or presenting any individually identifying information obtained under this Agreement. AHRQ omits from the data set all direct identifiers that are required to be excluded from limited data sets as defined by the HIPAA Privacy Rule. It may be possible in limited situations, through deliberate technical analysis, and with outside information, to ascertain from the limited data sets the identity of particular persons. Considerable harm could ensue if this were to occur. Therefore, any attempts to identify individuals are prohibited and information that could identify individuals directly or by inference must not be released or published. In addition, users of the data must not attempt to contact individuals for any purpose, including verifying information supplied in the data set. Any questions about the data must be referred exclusively to AHRQ.

Use of Establishment Identifiers—Section 924(c) of the Public Health Service Act (42 U.S.C. 299c-3(c)) also restricts the use of any information that permits the identification of establishments for purposes other than those for which the information was originally supplied. Permission is obtained from the HCUP data sources (state data organizations, hospital associations, and data consortia) to use the identification of hospitals (when such identification appears in the data sets) for research, analysis, and aggregate statistical reporting. This may include linking institutional information from outside data sets for these purposes. Such purpose does not include the use of information in the data sets concerning individual establishments for commercial or competitive purposes involving those individual establishments, or to determine the rights, benefits, or privileges of establishments. Users of the data must not identify establishments directly or by inference in disseminated material. In addition, users of the data must not contact establishments for the purpose of verifying information supplied in the data set. Any questions about the data must be referred exclusively to AHRQ. Misuse of identifiable HCUP data about hospitals would violate the AHRQ confidentiality statute and trigger its penalty provisions.

The undersigned gives the following assurances with respect to the AHRQ data sets:

• I will not use and will prohibit others from using or disclosing the data set (or any part), except for research, analysis, and aggregate statistical reporting, and only as permitted by this Agreement.
• I will ensure that the data are kept in a secured environment and that only authorized users will have access to the data.
• I will not release or disclose, and will prohibit others from releasing or disclosing, any data that are individually identifiable under the HIPAA Privacy Rule, or any information that identifies persons, directly or indirectly, except as permitted under this Agreement and in accordance with the above-mentioned AHRQ confidentiality statute.
• I will not release or disclose information where the number of observations (i.e., individual discharge records) in any given cell of tabulated data is less than or equal to 10.
• I will not release or disclose, and will prohibit others from releasing or disclosing, the data set (or any part) to any person who is not a member, agent, or contractor of the organization (specified below), except with the approval of AHRQ.
• I will require others employed in my organization (specified below), and any agents or contractors of my organization, who will use or will have access to the data set, to sign a copy of this Agreement (specifically acknowledging their agreement to abide by its terms) and I will submit those signed Agreements to AHRQ or its agent before granting access.
• I will not attempt to link, and will prohibit others from attempting to link, the discharge records of persons in the data set with individually identifiable records from any other source.
• I will not attempt to use and will prohibit others from using the data set to learn the identity of any person included in the data set or to contact any such person for any purpose.
• In accordance with the AHRQ confidentiality statute, I will not use and will prohibit others from using the data set concerning individual establishments (1) for commercial or competitive purposes involving those individual establishments; (2) to determine the rights, benefits, or privileges of individual establishments; or (3) to report, through any medium, data that could identify, directly or by inference, individual establishments.
• When the identities of establishments are not provided in the data sets, I will not attempt to use and will prohibit others from using the data set to learn the identity of any establishment.
• I will not contact and will prohibit others from contacting establishments or persons in the data set to question, verify, or discuss data in the HCUP databases.
• I acknowledge that the NIS contains data elements from proprietary restricted computer software (3M APR-DRGs, HSS APS-DRGs, and Medstat Disease Staging) supplied by private vendors to AHRQ for the sole purpose of supporting research and analysis with the NIS. While I may freely use these data elements in my research work using the NIS, I agree that I will not use and will prohibit others from using these proprietary data elements for any commercial purpose. In addition, I will enter into a separate agreement with the appropriate organization or firm for the right to use such proprietary data elements for commercial purposes. In particular, I agree not to disassemble, decompile, or otherwise reverse-engineer the proprietary software, and I will prohibit others from doing so.
• I will indemnify, defend, and hold harmless AHRQ and the data organizations that provide data to AHRQ for HCUP from any or all claims and losses accruing to any person, organization, or other legal entity as a result of violation of this Agreement. This provision applies only to the extent permitted by Federal and State law.
• I will make no statement and will prohibit others from making statements indicating or suggesting that interpretations drawn are those of the data sources or AHRQ.
• I will acknowledge in all reports based on these data that the source of the data is the "Nationwide Inpatient Sample, Healthcare Cost and Utilization Project (HCUP), Agency for Healthcare Research and Quality."

Safeguards. I agree to use appropriate safeguards to prevent use or disclosure of the data set other than as permitted by this Agreement.

Permitted Access to Limited Data Set. I shall limit the use or receipt of the data set to the individuals who require access in order to perform activities permitted by this Agreement. This Agreement must be signed by all such individuals and submitted to AHRQ or its agent before access to the data set may be granted.

Re-disclosure. I will not re-disclose (i.e., share) the data set (or any part), unless the individual who will receive the data has agreed in writing to be bound by the same restrictions and conditions that apply to me under this Agreement.

The HIPAA Privacy Rule. I agree not to use or disclose the data set in any manner that would violate the HIPAA Privacy Rule if I were a covered entity under the Privacy Rule.

Agents and Contractors. I shall ensure that any agents, including contractors and subcontractors to whom I provide the data set, agree in writing to be bound by the same restrictions and conditions that apply to me with respect to the limited data set.

Reporting Violations of this Agreement. I agree to report any violations to AHRQ within 24 hours of becoming aware of any use or disclosure of the limited data set in violation of this Agreement or applicable law.

Term, Breach, and Termination of this Agreement. This Agreement shall continue in full effect until the data recipient has returned all copies of the data set to AHRQ. Any noncompliance by the data recipient with the terms of this Agreement will be grounds for immediate termination of the Agreement if, at the sole determination of AHRQ, the data recipient knew or should have known of such noncompliance and failed to immediately take reasonable steps to remedy the noncompliance.

Reporting to the United States Department of Health and Human Services. If the data recipient fails to remedy any breach or violation of this Agreement to the satisfaction of AHRQ, and if termination of the Agreement is not feasible, AHRQ shall report the recipient's breach or violation to the Secretary of the United States Department of Health and Human Services, and the recipient agrees that he or she shall not have or make any claims against AHRQ with respect to such report(s).

I understand that this Agreement is requested by the United States Agency for Healthcare Research and Quality to ensure compliance with its statutory confidentiality requirement. My signature indicates my Agreement to comply with the above-stated requirements with the knowledge that any violation of the AHRQ confidentiality statute is subject to a civil penalty of up to $10,000 under 42 U.S.C. 299c-3(d), and that deliberately making a false statement about this or any matter within the jurisdiction of any department or agency of the Federal Government violates 18 U.S.C. 1001 and is punishable by a fine of up to $10,000 or up to five years in prison. Violators of this Agreement may also be subject to penalties under state confidentiality statutes that apply to these data for particular states.

Signed: _________________________________________________________  Date: _____________________ 

Print or Type Name of Data Recipient: ________________________________________________________ 

Title: _______________________________________________________________________________________

Organization: ________________________________________________________________________________

Address: _____________________________________________________________________________________

City: ______________________________________________ State: ____________ ZIP Code: ___________ 

Phone Number: __________________________ Fax: ____________________ E-mail: ___________________

The information above is maintained by AHRQ for the purpose of enforcement of this Agreement. This information may also be used by AHRQ to create an HCUP mailing list. The mailing list allows AHRQ to send users information such as notices about the release of new databases and errata when data errors are discovered.

___ I do not wish to be included on the HCUP mailing list.

Note to Purchaser: Shipment of the requested data product will only be made to the person who signs this Agreement, unless special arrangements that safeguard the data are made with AHRQ or its agent.

Agency for Healthcare Research and Quality
Rockville, Maryland
www.hcup-us.ahrq.gov/home.jsp

Send Questions & Comments to: hcup@ahrq.gov

Current as of June 30, 2004

Internet Citation:

Data Use Agreement for Nationwide Inpatient Sample. June 2004. Agency for Healthcare Research and Quality, Rockville, MD. http://www.ahrq.gov/data/hcup/datause.htm

Return to Nationwide Inpatient Sample
Return to NIS Overview
HCUP Overview
AHRQ Home Page