Supporting Secure Data-Sharing Partnerships
UCSF is committed to ensuring that data is shared in a secure and compliant manner to protect the data of our patients, employees, students, trainees, study participants, volunteers, and affiliates. A comprehensive set of processes and procedures have been implemented at UCSF that strive to ensure that the requirements of UCSF and UC policies and state and federal laws governing the use and sharing of Personally Identifiable Information (PII), Protected Health Information (PHI), and PII-Derived data are met.
Data Sharing Policies
- UCSF Policy 650-20 External Sharing of Personally Identifiable Information and PII-Derived Data provides the foundation for these processes and procedures and outlines the requirements for sharing UCSF Personally Identifiable Information, Protected Health Information, and PII-Derived data externally and for Researchers: UCSF Policy 650-20 | Campus Administrative Policies
- The NIH Data Management and Sharing Policy requires all NIH Researchers to prospectively plan how their scientific data will be preserved and shared: NIH 2023 Data Management and Sharing Policy | UCSF Library Help Center
Requirements for Sharing Data Externally
The methods primarily utilized at UCSF to share data externally are:
|
Named External Third Party |
UCSF data can be shared with a named third party entity during the data sharing engagement, resulting in UCSF data being shared with the third parties named in the contract established for the data sharing engagement. |
Learn more about the requirements Find an authorized contracting unit to establish the contract for the data sharing engagement: Data-Sharing Contracting Units |
|
Repository |
UCSF data can be shared through open and controlled access repositories to meet funder and publisher data sharing requirements, resulting in UCSF data being shared with third parties who have access to the open and controlled access repositories. |
|
|
External Registry |
UCSF data can be shared through external registries for clinical/quality, business, operations, and research purposes, resulting in UCSF data being released to third parties who have access to the external registry through the data sharing model utilized by the external registry. |
|
|
Public Publication of a Dashboard |
UCSF data can be shared through Tableau dashboards that are published to the General Public. |
Data Sharing Governance
The IT Governance Committee on Enterprise Information & Analytics (EIA) is the primary governance board for data sharing at UCSF. The Committee is charged with developing and implementing UCSF’s data sharing and management policies and communicating with UCSF stakeholders about data-related resources, services, and policies.
A sub-group of the Committee meets weekly to review data sharing agreements that have been “escalated,” i.e., deemed high-risk by a UCSF contracting unit. The Chancellor’s Executive Team (CET) has authorized the Committee sub-group to make decisions regarding which contracts are allowed to move forward. The Committee has created standardized procedures and criteria for the review of higher risk data sharing agreements to ensure that an engagement meets the requirements of UCSF and UC policies and state and federal laws.
Data Sharing Reviews
UCSF strives to proactively identify and address risks associated with higher-risk external data sharing engagements. New contracts that propose data sharing with external entities require review by UCSF's authorized contracting units. Contracting Units are business units with authority to execute legally binding contracts and other agreements on behalf of the University of California (UC). Data sharing agreements that meet any of the escalation criteria will be escalated by the contracting unit to the EIA Committee sub-group for review.
Sharing data with Countries of Concern
- For Export Control guidance, please refer to: Office of Ethics and Compliance | Understanding Export Controls
- For International Research guidance, please refer to: International Research Support Operations
Additional Information
- View the Data and Code Sharing Knowledge Base: Scuba | Data and Code Sharing
Questions & Feedback
We want to hear from you and welcome your questions.
- General project questions: Email [email protected]
- In-process contract questions: Email your specific contract specialist
- If you might enter into a data sharing agreement but do not have a formal contract in place, contact an UCSF authorized contracting units. (Identify the most appropriate Data Sharing Contracting Unit.)
- General International Research questions: [email protected]