Requirements for Sharing Data Externally

Supporting Secure Data-Sharing Partnerships 

UCSF is committed to ensuring that data is shared in a secure and compliant manner to protect the data of our patients, employees, students, trainees, study participants, volunteers, and affiliates. A comprehensive set of processes and procedures have been implemented at UCSF that strive to ensure that the requirements of UCSF and UC policies and state and federal laws governing the use and sharing of Personally Identifiable Information (PII), Protected Health Information (PHI), and PII-Derived data are met.  

 

Data Sharing Policies 

 

Requirements for Sharing Data Externally 

The methods primarily utilized at UCSF to share data externally are: 

Named External Third Party

UCSF data can be shared with a named third party entity during the data sharing engagement, resulting in UCSF data being shared with the third parties named in the contract established for the data sharing engagement. 

Learn more about the requirements

Find an authorized contracting unit to establish the contract for the data sharing engagement: Data-Sharing Contracting Units

Repository

UCSF data can be shared through open and controlled access repositories to meet funder and publisher data sharing requirements, resulting in UCSF data being shared with third parties who have access to the open and controlled access repositories. 

Learn more about the requirements

External Registry

UCSF data can be shared through external registries for clinical/quality, business, operations, and research purposes, resulting in UCSF data being released to third parties who have access to the external registry through the data sharing model utilized by the external registry. 

Learn more about the requirements 

Public Publication of a Dashboard

UCSF data can be shared through Tableau dashboards that are published to the General Public. 

Learn more about the requirements

 

 

Data Sharing Governance

The IT Governance Committee on Enterprise Information & Analytics (EIA) is the primary governance board for data sharing at UCSF. The Committee is charged with developing and implementing UCSF’s data sharing and management policies and communicating with UCSF stakeholders about data-related resources, services, and policies.

A sub-group of the Committee meets weekly to review data sharing agreements that have been “escalated,” i.e., deemed high-risk by a UCSF contracting unit. The Chancellor’s Executive Team (CET) has authorized the Committee sub-group to make decisions regarding which contracts are allowed to move forward. The Committee has created standardized procedures and criteria for the review of higher risk data sharing agreements to ensure that an engagement meets the requirements of UCSF and UC policies and state and federal laws.

Data Sharing Reviews 

UCSF strives to proactively identify and address risks associated with higher-risk external data sharing engagements. New contracts that propose data sharing with external entities require review by UCSF's authorized contracting units. Contracting Units are business units with authority to execute legally binding contracts and other agreements on behalf of the University of California (UC). Data sharing agreements that meet any of the escalation criteria will be escalated by the contracting unit to the EIA Committee sub-group for review.

Sharing data with Countries of Concern 

Additional Information

Data Sharing and Access Policies Versa Assistant

The Data Sharing and Access Policies Assistant enables you to ask questions about data access, data compliance, and data sharing topics in an interactive manner through Versa. The information available through this Assistant includes data access requirements and processes, data sharing requirements and processes, data compliance policies, and other data compliance related topics. Learn More: Data Sharing and Access Policies - UCSF Versa Knowledge Base - Wiki@UCSF

Questions & Feedback 

We want to hear from you and welcome your questions. 

  • General project questions: Email [email protected]
  • In-process contract questions: Email your specific contract specialist
  • If you might enter into a data sharing agreement but do not have a formal contract in place, contact an UCSF authorized contracting units. (Identify the most appropriate Data Sharing Contracting Unit.) 
  • General International Research questions: [email protected]