Skip Navigation

Data Transfer Agreements

Data Transfer Agreements (DTAs) are used to transfer human subject data from one institution to another for research purposes.  A DTA is a contract between the providing and recipient institutions that governs the legal obligations and restrictions, as well as compliance with applicable laws and regulations, related to the transfer of such data between the parties.

Outgoing DTA

For the provision of human subject data by Emory investigators to a researcher at another not-for-profit institution for research purposes, Emory has developed outgoing DTA templates to govern such transfers, depending on the level of identity of the data (de-identified, limited data-set, or full PHI). The Emory unit (SOM or EHC) from which the data is sourced must approve the transfer.  To initiate routing and initiation of the appropriate DTA, Emory investigators should complete an Outgoing DTA Questionnaire (see “Outgoing DTA Questionnaire” on the OTT website at and email the questionnaire to

Incoming DTA

OTT manages all DTAs covering receipt by an Emory investigator of human subject data to be used for research purposes not involving a clinical trial or human subject interaction/intervention by the Emory investigator.   All OTT-managed incoming DTAs should be forwarded to OTT for approval, along with a completed Incoming DTA Questionnaire (see “Incoming DTA Questionnaire” on the OTT website at  Faculty members should forward these documents via email to

Other Information

OSP manages DTA terms that are part of an Emory clinical trial agreement, sponsored research agreement, or contract specifically governing human subject interaction/intervention by the Emory investigator.  Such requests should be sent to OSP for review at

The requirement to complete an appropriate DTA for a transfer of human subject data is in addition to, and not a substitute for, obtaining appropriate applicable informed consent, HIPAA authorization, or IRB approval for any research activity.

Only those individuals authorized to sign on behalf of Emory University may sign agreements that legally bind the University.  Anyone else who does so, whether inadvertently or not, is subjecting themselves to substantial personal legal liability.  Since most, if not all, DTAs contain terms obligating Emory University, as a matter of policy, all DTAs must be forwarded to the appropriate department for review and approval.

HIPAA Privacy Rule De-Identification Standard