General DUA Questions
Who will receive the data sets?
Every county (including SF and LA) having a DUA on file with OA.
What is the release schedule?
First quarter: available the second week of April with cumulative data through March.
Second quarter: available the second week of July with cumulative data through June.
Third quarter: available the second week of October with cumulative data through September.
Fourth quarter: available the second week of January with cumulative data through December.
In what format will the data be sent?
All information will be sent in Excel 2007. Those counties who work in SAS can convert the information for their use.
What if I need my data between quarterly releases?
Counties who need data runs outside of this schedule can place the request with their assigned Surveillance Coordinator.
Who should sign the DUA?
The signature is up to the county. Having read the DUA, the county should determine for itself who is authorized to enter into the Agreement and who agrees to abide by and enforce all terms therein.
Who can request data from OA?
Each county must send a list of authorized staff that can request data. It is up to the counties to maintain this list. The list should be sent to Gary Horpedahl so it can be maintained with your executed DUA.
(top of Page)
Will the data be released using FIPS 140-2 or will we be using Seal? (p. 14, 2.e)
PGP will be used to encrypt the data. OA will supply instructions for its use.
Regarding the data recovery plan (p 15, 4. a):
Who writes the disaster recovery plan?
Is it OK to use a thumb drive to put the data on as back up?
The county should have an overall recovery plan and this data would be included in that plan.
As long as the data is encrypted, it can go stored on any type of media.
Can the state be the back-up off-site storage? (p 15, 4. b)
Yes, consider the State as back up for the county.
Will the State be providing additional money to the counties so they can implement the requirements of the DUA?
No. Financial assistance is available from the State.
The DUA requires a “thorough” background check to “assure that there is no indication that the worker may present a risk for theft of confidential data” – what does this mean (p 13, 1. b)?
Please use your judgment for the level of background check that you believe is appropriate.
Should the data only be placed on a stand alone computer and not placed on the county network?
The data must be encrypted with a password or with a public/private key, and accessible only to those authorized users who have a current, signed Security and Confidentiality Agreement on file with OA.
Regarding the audit trail requirement (p. 14, 2.c): if a county does not have this capability, is this mandatory prior to getting the data?
This question is being researched.
(top of page)
(General DUA Questions link)
(DUA Questions from counties link)
- Send e-mail request to Chris.Unzueta@cdph.ca.gov. In your request, indicate the name of the person authorized to sign the DUA for your county and a list of staff you authorize to receive your data.
- The DUA will be created and sent to you for signature. Return the signed DUA to OA through the U.S. mail, and include a copy of your security policy as well as the name of your Security Officer (see Section IX, DUA).
- The DUA will be signed by OA and a copy returned to you.
- As the DUA states, you are required to train your staff who will be receiving the data on the requirements and conditions outlined in the DUA, and each individual must sign a county developed certification stating the employee’s name and the date on which training was completed. Theses certificates must be maintained by the counties and available for inspection as required (see Section X, DUA).
Mail signed DUA to:
California Department of Public Health
ATTN: Chris Unzueta
P.O. Box 997426
Sacramento, CA 95899-7426
For additional information about the DUA, please use the OA Web site:
(General DUA Questions)
(DUA Questions from Counties)
Were you looking for?...