Signature Authority

Individual employees are generally not authorized to sign agreements on behalf of the University.

Contact: If you have not been specifically authorized to sign an agreement, please check with the Office of Legal Counsel before proceeding.

Additional resources: Delegation of Signature Authority

Memorandum of Understanding

A Memorandum of Understanding is a contract used to formalize relationships and set forth broad expectations between UK and other parties for intended actions. MOUs can be used to formalize a relationship in anticipation of a more detailed contract to be entered at a later date.

Contact: Office of Legal Counsel

Handling Confidential Information 

Confidential Information is any information that the holder or discloser of information does not want made freely available to other people. The nature and content of the information that is confidential may be specifically stated in a confidentiality agreement, sometimes called a confidential disclosure agreement (CDA) or a non-disclosure agreement (NDA), or some other form of agreement that contains confidentiality terms. Also, it may not be defined by an agreement but by law or by some other accepted standard, and further, it may solely be considered confidential in the mind of the holder or discloser of the information. 

Contact: CDAs/NDAs for research purposes are drafted, negotiated, and signed by UK Innovate/Office of Technology Commercialization for all confidential information coming in and out of the University of Kentucky.

Types of Confidential Information

Protected Health Information (PHI). Protected Health Information (PHI) is health data (including demographic data) created or received by employers, HIPAA-covered entities (entities directly regulated by HIPAA — which includes health care providers that conduct electronic transactions under HIPAA, including UK HealthCare, and certain other entities), and Business Associates (a person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a covered entity), that relates to the past, present or future health condition of or provision of health care to an individual and that either identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

Personal Identifiable Information (PII). Personally Identifiable Information (PII) is any information about an individual that either (a) can be used to distinguish or trace their identity, such as name, social security number, date and place of birth, mother’s maiden name, biometric records, etc., or (b) is linked or linkable to an individual, such as medical, educational, financial, and employment information. See National Institute of Standards and Technology (NIST). NOTE: The U.S. government has stated that “the definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified.” See Government Services Administration (GSA). Please also note that the Commonwealth of Kentucky has a law governing data breach notification requirements applicable to public agencies, which includes public universities such as the University of Kentucky and certain other parties, and that law includes a separate definition for “Personal information” that is different than PII and PHI (defined below). See (review section 6) for that definition.

Limited Data Sets (LDS). A Limited Data Set (LDS) for HIPAA purposes is a subset of PHI (not all PHI) that HIPAA permits to be shared with certain entities for research purposes, public health activities, and healthcare operations without obtaining prior authorization from the individual, if certain conditions are met. In contrast to de-identified PHI (which is no longer classified as PHI under HIPAA once de-identified), a limited data set under HIPAA is still identifiable protected information and subject to HIPAA requirements. However, a HIPAA limited data set can only be shared with entities that have signed a data use agreement with the entity providing that limited data set. For more information on LDS, see 45 CFR Part 164 Subpart E — Privacy of Individually Identifiable Health Information (review section E).

De-identified data. “De-identified” for HIPAA purposes means there is no reasonable basis to believe that the PHI can be used to identify an individual. The ONLY two ways to de-identify PHI are where (a) eighteen (18) different identifiers of the individual and/or of relatives, employers or household members of the individual are completely removed from the data (these include not just name but also any dates, excepting year, associated with them [including without limitation: birth date; admission date; discharge date; date of death; dates of other health events or services, etc.]) AND UK does not have actual knowledge that the purported de-identified information could be used, alone or in combination with other information, to identify the individual; or (b) a person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable, using those principles and methods, determines that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify the individual who is the subject of the information, and that experienced person documents the methods and results of the analysis that justify such determination. For (b), it takes extraordinary circumstances to achieve this form of de-identification (to the point that only two statisticians in the U.S. are consistently asked to do this work), and if the PHI that has been purportedly de-identified originated at the University of Kentucky, verification of this de-identification would likely require separate confirmation. For more information on de-identification in the HIPAA context, see CFR 45 CFR Part 164 Subpart E -- Privacy of Individually Identifiable Health Information (review sections a-c) and Guidance on De-identification of Protected Health Information (

Intellectual Property

As stated in the University’s Administrative Regulation 7:6, all intellectual property conceived, first reduced to practice, written, or otherwise produced by faculty, staff or students of the University of Kentucky using University funds, facilities or other resources shall be owned and controlled by the University. When a University faculty member, staff member or student develops or originates an item of intellectual property which, under the terms of this policy is to be owned and controlled by the University, the individual shall report the intellectual property to the Intellectual Property Committee (IPC). Traditional products of scholarly activity which have customarily been considered to be the unrestricted property of the author or originator are excepted from the general policy.

Contact: For general questions, please contact the Office of Legal Counsel. Questions regarding license agreements and other intellectual property questions should be directed to Office of Technology Commercialization. For reporting new intellectual property to the IPC, use the link on the UK Innovators page or contact Office of Technology Commercialization.

Additional resources: AR 7:6 Intellectual Property Disposition and Administrative Regulation

Research Data Retention & Ownership

As stated in the University’s Research Data Retention and Ownership Policy, the University owns research data resulting from sponsored and non-sponsored research. Principal Investigators (PIs) are responsible for the stewardship of the research data on behalf of the University. Research Data must be retained by the PI for a period of the longer of five years after publication of the results or submission of the final report on the project for which the data were collected. If the retention requirements specified in other statutes or external agency regulations are longer, those requirements will apply.

Contact: The Office of Legal Counsel can answer questions regarding ownership of research data.

Additional resources: Data Retention and Ownership Policy, Research Data Services at UK: Plan, Laboratory Data and Material Management and Processes



Consulting Agreements & Other External Activities

Faculty researchers should follow the approval process set for in AR 3:9 for outside consulting ( The Provost’s office will then forward anything that requires review to the Office of Legal Counsel.

In addition to AR 3.9 being applicable, if you have any sponsored research, you need to make sure you report the relationship to OSPA (once the agreement is in place) as may be required by AR 7:2, and, you may have an obligation for disclosure of the relationship directly to current sponsors or in disclosures to a prospective sponsor for which you are planning, or have already, submitted a proposal. Refer to AR 7:6 for governance of intellectual property developed under a consulting agreement. Staff should also follow any applicable Human Resources policies and procedures on outside employment, including its policy 18.

Contact: The Office of Legal Counsel reviews external consulting agreements to make sure that there are not terms adverse to UK’s interests, but do not provide legal advice to you individually. The Office of Faculty Advancement can assist with external activities that are not specifically consulting.

Additional resources:  Form F overload documentation, AR 7:6, Provost’s Memorandum Regarding Consulting and Employment Outside the University, Outside Employment

Research Consortium Agreements

A consortium agreement is a contract that enables multiple research institutions and/or sponsors to participate in research together, equally sharing the outcomes of the research. Consortium members share obligations, rights and benefits under the agreement.

Contact: The Office of Legal Counsel reviews research consortium agreements.


The University’s Risk Management Committee (RMC) administers a self-insurance program to protect its physicians from medical malpractice claims, which may result from their participation in the conduct of clinical trials. This is necessary for both internally funded trials and externally funded trials for which the sponsor does not provide indemnification.

Contact: Please refer to the general instructions at the link provided in the additional resources below, or contact Ella Dunbar in the Office of Legal Counsel with any specific questions.

Additional resources: Non-indemnified Clinical Study Approval Process

Research Business Associate Agreements

A Business Associate Agreement (BAA) is an agreement between a Covered Entity and its Business Associate under HIPAA. BAAs are required when UK HealthCare (UKHC), or another covered component of UK, is having someone not a member of its workforce perform services for UKHC where Protected Health Information (PHI) is required to perform the services. For example, if the Sponsor/Contract Research Organization (CRO) or a non-UK employed party is providing services to UK/the PI to help de-identify PHI or create a Limited Data Set for the research, then a BAA would be needed. The UKHC Privacy Office makes the ultimate decision as to whether a BAA is needed in any instance, and the EVPHA or one of their delegates signs the BAA. Because certain parts of UK are not subject to HIPAA under our Hybrid Entity Policy and because an entity cannot have a BAA with itself, transfers of PHI outside the covered components of UK’s Hybrid Entity (even to another UK department) will likely require a HIPAA authorization (see UKHC’s Hybrid Entity Policy, A06-195).  

Contact: The Office of Legal Counsel can answer questions regarding BAAs. BAAs related to a sponsored project are handled by OSPA.

Emergency Use Investigational New Drugs (INDs) and Investigational Device Exceptions (IDEs)

For emergency use Investigational New Drugs (INDs) and Investigational Device Exceptions (IDEs), the FDA may authorize use of an experimental drug or device in an emergency situation where submission of an IND/IDE application would take too long. These INDs/IDEs are used for patients with serious diseases outside of clinical trials when no comparable or satisfactory alternative therapy options are available and are requested by the treating licensed physician who determines whether the benefit outweighs the probable risk.

Contact: CRSO and CCTS can assist with INDs and IDE applications. The Office of Legal Counsel does NOT work on these applications, but it can provide support on related matters, including letter agreements with the drug or device provider. For emergency use INDs and IDEs, please contact Margaret Pisacano and Paula Holbrook in Medical Risk Management and Kyle Wiggins in the Office of Legal Counsel. For funded emergency use and expanded access, OSPA works in consultation with Medical Risk Management. ORI can assist with institutional review board consideration, and its policy on emergency use should be adhered to.

Home Health Exemptions

Does a research study involve going into a patient/participant's home? If so, you may need a home health exemption.

Contact: Please contact Ella Dunbar in the Office of Legal Counsel to see whether your study requires such an exemption.

Interdepartmental Agreements

An interdepartmental agreement is an agreement between two campus departments or programs where one department/program is providing services to the other. The agreement memorializes the terms, responsibilities, and expectations of the departments working together.

Contact: Please contact the Office of Legal Counsel.

Unfunded Collaboration Research Agreements

An unfunded collaboration research agreement is a contract establishing the rights and responsibilities of research collaborators working together on a collaborative research project where no funds are exchanged between the collaborators. These agreements may include the exchange of in-kind support such as tangible research materials, supplies, software, or may involve a no-cost loan of equipment or lab space.

Many federal agencies require the disclosure of other support.

Contact: Please contact the Office of Legal Counsel. Disclosure of other support under a federal grant or contract should proceed through OSPA.

Chat GPT/Use of Generative AI for Research Purposes

Generative AI tools have the potential to enhance research outputs and contribute to knowledge but should be used cautiously and a human should verify or validate all generated content using additional factors and reliable resources.

The use of generative AI in research will differ by discipline in what is considered appropriate. Check with your disciplinary authorities, organizations, funding agencies, and publications for a more context-specific understanding of how generative AI may be used in research and scholarly activity in your area.

Confidential information, data owned by the University, and intellectual property owned by the University should not be inserted into any generative AI tool.

Contact: Ellen Gish & Katie Haagen, Office of Legal Counsel

Additional resources: UK ADVANCE Committee Recommendations on the Use of Generative AI in Research and Scholarly Activity

Software Licensing for Research & In-Licensing of Software

If you are using third-party software to conduct your research, each copy of that software used at the University must be covered by a license agreement. If you purchase packaged software, the license agreement is included. Software obtained in other ways must be covered by a license agreement or it is illegal to use the software. Exceptions include shareware, public domain software, and software developed by the University.

Contact: The Office of Legal Counsel and Office of Procurement Services (Purchasing)

Agreeing to Terms & Conditions of Software, Websites, etc.

Many websites require acceptance of click-through terms and conditions in order to create an account or make a purchase. These terms and conditions constitute a contract and should be reviewed by the Office of Legal Counsel or Purchasing prior to acceptance.

Contact: The Office of Legal Counsel and Office of Procurement Services (Purchasing)

Interacting and Engaging with Certain Foreign Entities/Persons/Countries

There are strict rules and regulations set by the U.S. Federal Government that the University must comply with regarding research or other types of interaction or collaboration with, the sharing of information with, or otherwise engaging with individuals or entities in specific countries. This list changes frequently; please refer to the additional resources below for the most up to date list.

After consulting the Additional Resources link below, you MUST contact the Office of Legal Counsel or OSPA’s Export Control and Research Security Office prior to engaging for research purposes with any individuals or entities, or in countries, on the U.S. Federal government restricted, sanctioned or embargoed lists.

Contact: The Office of Legal Counsel and OSPA, Export Control and Research Security Office

Additional Resources: Office of Foreign Assets Control (OFAC) Sanctions Programs and Country Information

Controlled Substances Research

Controlled substances are any drugs or chemicals whose possession and use are regulated under the U.S. Controlled Substances Act (CSA). The U.S. Drug Enforcement Administration (DEA) administers the federal law. Controlled substances include anabolic steroids, chemicals used in the production or synthesis of controlled substances, and those with stimulant, depressant or hallucinogenic effects on the central nervous system that can promote abuse or physiological/psychological dependence. Because of their potential for abuse, controlled substances have specific regulatory requirements for their acquisition, storage, use and disposal. Please refer to the UK Researcher Guide for the Use of DEA Controlled Substances for more information.

Contact: The Office of Legal Counsel

Additional Resources: UK Researcher Guide for the Use of DEA Controlled Substances



Material Transfer Agreements

A Material Transfer Agreement (MTA) is an agreement that governs the transfer of tangible research materials between two organizations. The materials could include specimens, cell lines, mice, plants, equipment, testing supplies, etc. MTAs describe the terms for exchanging the material and how the material can be used by the receiving party.

Contact: MTAs are drafted, negotiated and signed by UK Innovate/Office of Technology Commercialization for all material coming in and out of the University of Kentucky.

Research Related Non-Disclosure Agreements

A Non-Disclosure Agreement (NDA) is an agreement that governs the sharing of information between UK and an external entity. This sharing can be to UK, from UK, or a mutual exchange. NDAs set forth mechanisms for such sharing and limitations on the manner in which the shared information may be used.

Contact: NDAs are drafted, negotiated and signed by UK Innovate/Office of Technology Commercialization. NDAs related to clinical trials are reviewed by Clinical Research Support Office.

Research Data Use/Transfer Agreements

A Data Use Agreement (DUA) or Data Transfer Agreement (DTA) allows for data to be transferred from one person or entity to another person or entity. A DUA provides assurances from the receiver of the data to the discloser that the receiver will only use the data for specific purposes and will not be disclosed by the receiver beyond the allowances stated in the DUA. DUAs can also be used to share de-identified data, a HIPAA LDS, or non-human related data, and they identify who owns the data and the limited use the receiver can make of the data. If a HIPAA LDS is being shared via the DUA, the DUA also contains provisions that require HIPAA to be followed. The DUA, which must be accepted and signed by authorized representatives of the parties prior to the data being shared, should outline the following: (a) allowable uses and disclosures; (b) approved recipients and users of the data; (c) an agreement that the data will not be used to contact individuals or re-identify them; (d) require safeguards to be implemented to ensure the confidentiality of data and prevent prohibited uses and disclosures; (d) state the discovery of improper uses and disclosures must be reported back to the entity that is providing the data; (e) state that any subcontractors who are required to access or use the data also enter into a data use agreement and agree to comply with its requirements, (f) only convey the minimum necessary amount of data for the purpose for which it is disclosed.

Contact: Research-related DUAs are drafted, negotiated and signed by UK Innovate/Office of Technology Commercialization for all data coming in and out of the University of Kentucky.

Inter-Institutional Agreements

An Inter-Institutional Agreement (IIA) is a contract establishing roles and responsibilities for the joint management of jointly owned intellectual property. These contracts set forth which party will take the lead on registering the copyright or patenting and commercializing the intellectual property as well as how the expenses and revenue will be shared among the parties.

Contact: IIAs are drafted and negotiated by UK Innovate/Office of Technology Commercialization. IIAs that involve animals are reviewed and processed by the Office of the Attending Veterinarian.

Licensing Agreements (or options to license)

A license agreement contains a grant of intellectual property rights from the owner to another party for a designated amount of time.

Contact: License agreements or options for licensing are drafted and negotiated by UK Innovate/Office of Technology Commercialization.

Invention Disclosures

University employees and researchers have a duty to disclose new innovations to the University. Submit inventions to OTC via their webpage, where more information and answers to frequently asked questions can be found.

Contact: The Office of Technology Commercialization handles invention disclosures and reports and interacts with the University Intellectual Property Committee.

Additional resources: UK Innovators Page



Clinical Trial Agreements

Clinical trial agreements (CTAs) or clinical study agreements (CSAs) are contracts that manage the relationship and obligations between an external sponsor providing funding, the study drug/device, and/or proprietary information, and the University providing results and/or data. These agreements are important as they allocate risk, responsibility, use of funds, and the protection of intellectual property.

Contact: For all clinical trial agreements, please contact the Office of Sponsored Projects Administration (OSPA)

Additional resources: OSPA Clinical Trial Agreements Webpage

Human Subjects Research with External Funding

Externally funded human subjects research grants and contracts will proceed through OSPA in conjunction with the IRB. According to federal regulations, a human subject is: “a living individual about whom an investigator conducting research (a) obtains information or biospecimens through intervention or interaction with the individual, and uses, studies, or analyzes the information or biospecimens; or (b) obtains, uses, studies, analyzes, or generates identifiable private information or identifiable biospecimens.” Federal agencies have different considerations for human subject research conducted with federal funding. If you are unsure if your research meets the above definition for human subjects research, contact the IRB.

Contact: Find your Collaborative Grant Specialist, Find your Research Administrator, ORI staff, Office of Sponsored Projects Administration, IRB protocol questions.

Additional resources: Office of Research Integrity’s Human Research/Institutional Review Board

Animal Research with External Funding

All animal research falls under the jurisdiction of a number of regulatory agencies whose purpose is to see that researchers and institutions adhere to the guidelines for the humane care and use of laboratory animals and the practice procedures that keep in mind the welfare and safety of the personnel working with them. Externally funded animal research grants and contracts will proceed through OSPA in conjunction with the UK Institutional Animal Care and Use Committee (IACUC).

Contact: Find your Collaborative Grant SpecialistFind your Research Administrator, Office of Sponsored Projects Administration

Intergovernmental Personnel Act (IPA) Agreements

Agreements with government agencies for a partial appointment under that agency.

Contact: Office of Sponsored Projects Administration



Pre- and Post-Award Grants Administration Support

The mission of Collaborative Grants Services (CGS) is to provide a universal service for all units we serve. Our staff members provide support to individual principal investigators (PIs), departments, institutes and colleges.

Contact: Collaborative Grant Services


Certificates of Confidentiality

All NIH sponsored clinical trials automatically fall under a certificate of confidentiality if needed per the study protocol. Studies not sponsored by the NIH must request a certificate of confidentiality if needed.

Contact: Joe Brown, Office of Research Integrity

Additional Resources: UK Frequently Asked Questions for Certificates of Confidentiality

Submitting Your Study to the Institutional Review Board (IRB)

Any activity (regardless of funding source) that meets either (a) the Department of Health and Human Services definition of both “research” and “human subjects” or (b) the Food and Drug Administration definitions of both “clinical investigation” and “human subjects” requires review and approval by the University of Kentucky IRB. A comprehensive guide for submitting your study to the IRB can be found on the Office of Research Integrity’s website.

Contact: IRB Submissions

Additional Resources: UK ORI Getting Started with the IRB Guide



Purchase Agreements and Vendor Relationships

Procurement Services (also referred to as “Purchasing”) obtains goods or services for the University from external sources at the best value. Purchasing also manages relationships with certain vendors who provide goods and/or services to the University.

Contact: Office of Procurement Services (Purchasing)