The DURSA is a comprehensive, multi-party trust agreement that is entered into voluntarily by public and private organizations (eHealth Exchange Participants) that desire to engage in electronic health information exchange with each other as part of the eHealth Exchange.
The DURSA builds upon the various legal requirements that Participants are already subject to and describes the mutual responsibilities, obligations and expectations of all Participants under the Agreement. All of these responsibilities, obligations and expectations created a framework for safe and secure health information exchange, and are designed to promote trust among Participants and protect the privacy, confidentiality and security of the health data that is shared.
The DURSA is based upon the existing body of law (Federal, state, local) applicable to the privacy and security of health information and is supportive of the current policy framework for health information exchange. The DURSA is intended to be a legally enforceable contract that represents a framework for broad-based information exchange among a set of trusted entities. The Agreement reflects consensus among the state-level, federal and private entities who were involved in the development of the DURSA regarding the following issues:
- Multi-Party Agreement
- Participants Actively Engaged in Health Information Exchange
- Privacy and Security Obligations
- Requests for Information Based on a Permitted Purpose
- Duty to Respond
- Future Use of Data Received from Another Participant
- Respective Duties of Submitting and Receiving Participants
- Autonomy Principle for Access
- Use of Authorizations to Support Requests for Data
- Participant Breach Notification
- Mandatory Non-Binding Dispute Resolution
- Allocation of Liability Risk