DHA DSA Application Aug 2022. To request a DSAA, a PRC, a DSA Renewal, or a DSAA Modification, DHA Data Sharing Agreement. Submit completed templates to DSA Mail.
Data Sharing Agreement Application (DSAA). Submit a DSAA in order to request a DSA for systems managed by the Defense Health Agency. The DSAA is submitted for all research requests and TRICARE contractors who follow the TRICARE Systems Manual (TSM).
Prerequisite Checklist (PRC). Submit a PRC for a compliance review of a DSA submission for systems management by the DHA. The PRC is submitted for any non-research request.
Data Request Templates (DRTs) are provided to specify the data a project seeks for the project specified in the DSAA a specific use. Attach a DRT for each system listed in the “Source and Type of Data” Section of the DSAA. Choose from the DRTs listed below. Each DRT includes instructions and a sample.
Note: The DRT is required unless otherwise determined by the DHA PCLO.DRT Quick Reference Guide
- Extraction:
- Login Access:
De-Identification Plan (DE-ID) Template. Completion of a DE-ID Plan is required to support "Data De-identification, publishing, and reporting" Section of DSAA when de-identifying PHI in accordance to HIPAA regulations. The plan should show how MHS sensitive data elements will be de-identified, as well as, how the HIPAA 18 identifiers will be handled.
HIPAA Safeguard Review of Non-Federal Systems (HSR): Submit an HSR when data will be stored, transmitted, processed, or otherwise maintained on a non-federal information system. Part of the HSR, in order to be compliant with NIST 800-171, is to complete a System Security Plan (SSP) and Plan of Action and Milestones (POA&M) based on the NIST 800-171 controls. The SSP and POA&M templates can be found on the NIST Website at: https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final.
Change of Government Sponsor. Submit a Change of Government Sponsor to document a new Sponsor for the DSA.
Change of Applicant/Recipient. Submit a Change of Applicant/Recipient to document a new Applicant/Recipient for the DSA.
Modification Request. Submit a Modification Request to document any changes to the information provided in the DSAA of an existing DSA. If the DSA expires within 30 days, then submit a Renewal Request in lieu of Modification Request.
Extension Request. Submit an Extension Request to request a 30 day extension of an existing DSA that will expire and a renewal is not needed.
Renewal Request. Submit a Renewal Request to renew an existing DSA.
Certification of Data Disposition (CDD). Submit a CDD within 30 days of the expiration of a DSA or the end of the project, whichever comes first, to certify that the data used in connection with the DSA was appropriately disposed.