What key concerns do data sharing agreements address?
Good agreements address the distinct concerns of each side, although a primary concern for all partners is access to data. While the existence of a written agreement does not signify trust per se, the process of developing a data-sharing agreement presents a trust-building opportunity for both partners. Use the data agreement to outline non-negotiables and good faith commitments.
Partners on the practice side need to set parameters on who has access to data and how data will be handled. In some contexts, there are rules and limitations around data-sharing dictated by statutory, legal or administrative constraints. Additionally, agency partners often want a guarantee of “no surprises” on results released.
Researchers may express concerns about maintaining their independence from the district in the use and interpretation of data, managing the transfer of data across systems, and aligning their data management practices with their host institutions. Common elements in data-sharing agreements include:
- Authorizations and protocols for those handling data
- Limitations on the use of data
- “No surprises” clauses that ensure the agency’s right to review findings before they go public
- A plan for data security
- Ownership of data
- Conflict resolution procedures
- Modification and termination of services
What are some common data sharing challenges and how have others addressed them?
Across partnership contexts, RPPs demonstrate notable variation in terms of data management capacity. Sometimes data systems between partners are incompatible. Other times they are set up for administrative purposes like billing, but are not easily manipulated for research purposes.
An early survey of the existing data infrastructure and data needs of the partners can help uncover challenges within emerging partnerships. Partnerships may also go the route of creating supplemental data systems to make data more robust.
The sensitive nature of some data makes can require additional protocols. In other cases, data sharing agreements are brokered among multiple partners, creating the need for multiple agreements. In some contexts, data sharing agreements must be negotiated between several entities, involving legal departments that may offer differing interpretations around data sharing. Long-term relationships, of course, help to smooth these processes.
Another important consideration is ensuring that data are managed and shared effectively and efficiently between partners. For this, a “data liaison,” or someone on the practice side that understands and has the appropriate authority to handle data and provide it in appropriate parcels to the research partner, can be an essential role to fill.
When university-based researchers lack administrative permissions to directly access data, some partnerships have gotten creative, embedding the researchers at the partner agency site. Sometimes, the researcher is even employed by the partnering agency. This arrangement removes access constraints that might otherwise inhibit the research partner’s direct access, while also supporting communication between partners by having a researcher on site who is familiar with the partner’s environment, protocols, and professional culture.
How long are data sharing agreements in effect?
The timeframe for data sharing agreements typically ranges from two to five years, sometimes more. A shorter time frame may be necessary when a partnership is newer, or when the process involves a unit of government that must seek annual approval as part of a legislative process. For those who can negotiate agreements over longer timeframes, the data sharing agreement allows the work to keep moving forward; such timeframes are often preferable for more mature partnerships.
What protocols and training are needed to keep data secure?
Data management and data security are critical. While research and practice partners are used to thinking about data management and security practices within their own organizations, the transfer and sharing of data is more complicated when working across entities, especially those with different levels of store, organize, transfer and secure data.
In general, RPPs often address data security through protocols that limit access to certain individuals and for specific purposes. Mature partnerships report that FERPA and HIPPA guidelines should be the floor, not the ceiling, for protecting privacy.