INSTRUCTIONS FOR COMPLETING THE DATA USE AGREEMENT (DUA) FORM (csrc.nist/publications/fips/fips200/FIPS-200-final-march.pdf); and,
170 KB – 6 Pages
PAGE – 1 ============
Form CMS- R-0235 ( 06/10) DEPARTMENT OF HEALTH AND HUMAN SERVICES CENTERS FOR MEDICARE & MEDICAID SERVICES INSTRUCTIONS FOR COMPLETING THE DATA USE AGREEMENT (DUA) FORM CMS-R-0235˜ (AGREEMENT FOR USE OF CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS) DATA CONTAINING INDIVIDUAL IDENTIFIERS) This agreement must be executed prior to the disclosure of data from CMS™ Systems of Records to ensure that the disclosure will comply with the requirements of the Privacy Act, the Privacy Rule and CMS data release policies. It must be completed prior to the release of, or access to, specified data files containing protected health information and individual identifiers. Directions for the completion of the agreement follow: Before completing the DUA, please note the language contained in this agreement cannot be altered in any form. file(s) will be used. completed. If these are unknown, you may contact a CMS representative to obtain the correct names the source system the data came from. code), and E-Mail Address (if applicable). The Custodian of files is defined as that person who will have actual possession of and responsibility for the data files. This section should be completed even if the Custodian and Requestor are the same. This section will be completed by Custodian. should complete and sign the remaining portions of this section. If this does not apply, leave blank. 1
PAGE – 2 ============
Form CMS- R-0235 ( 06/10) 2 DEPARTMENT OF HEALTH AND HUMAN SERVICES CENTERS FOR MEDICARE & MEDICAID SERVICES Form Approved OMB No. 0938-0734 DATA USE AGREEMENT DUA # (AGREEMENT FOR USE OF CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS) DATA CONTAINING INDIVIDUAL IDENTIFIERS) provide assistance to CMS in monitoring, managing and improving the Medicare and Medicaid programs or the services with the terms of this Agreement and applicable law, including the Privacy Act and the Health Insurance Portability and of such data as permitted by law, CMS and _________________________________________________ enter into this (Requestor)agreement to comply with the following specific paragraphs . (Requestor) individual identifiers or elements that can be used in concert with other information to identify individuals. This Agreement supersedes any and all agreements between the parties with respect to the use of data from the files specified pertaining to any grant award or other prior communication from the Department of Health and Human Services changed only by a written modification to this Agreement or by the parties adopting a new agreement. The parties herein, shall not be valid unless issued in writing by the CMS point-of-contact or the CMS signatory to this The parties mutually agree that CMS retains all ownership rights to the data file(s) referred to in this Agreement, and that representation, that such data file(s) will be used solely for the following purpose(s). Name of Study/Project CMS Contract No. (If applicable) plan shall be limited to the minimum amount of data and minimum number of individuals necessary to achieve the purpose stated in this section (i.e., individual™s access to the data will be on a need-to-know basis).
PAGE – 3 ============
Form CMS- R-0235 ( 06/10) 3 File Years(s) System of Record or specific bidding information, and those files that can be used in concert with other information to identify after the aforementioned file(s) are destroyed unless the appropriate Systems Manager or the person designated in upon action by CMS. termination of this Agreement. Information Systems (http://www.whitehouse.gov/omb/circulars/a130/a130.html) (http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf); and, Special (http://csrc.nist.gov/ publications/nistpubs/800-53-Rev2/sp800-53-rev2-final.pdf) telecommunications, including the Internet, to transmit individually identifiable, bidder identifiable or deducible written approval from CMS unless such movement, transmission or disclosure is required by a law. the terms of this agreement.
PAGE – 4 ============
Form CMS- R-0235 ( 06/10) 4 ____________________________________________________________________________________ with or without direct identifiers, if such findings, listings, or information can, by themselves or in combination with other da ta, be used to deduce an individual™s identity. Examples of such data elements include, but are not limited to This policy stipulates that no cell (e.g. admittances, discharges, patients, services) 10 or less may be displayed. Also, no use of percentages or other mathematical to abide by these rules and, therefore, will not be required to submit any written documents for CMS review. If you are unsure if you meet the above criteria, you may submit your written products for CMS review. CMS agrees may withhold approval for publication only if it determines that the format in which data are presented may result in identification of individual beneficiaries. link the data to other CMS data file(s). A protocol that includes the linkage of specific files that has been approved (b) promptly resolve any problems 58 by e-mail notification at cms_it_service_desk@cms.hhs.gov within one hour and to cooperate fully in the federal
PAGE – 5 ============
Form CMS- R-0235 ( 06/10) 5 it is determined that the Requestor or Custodian, or any individual employed or affiliated therewith, knowingly and affiliated therewith, has taken or converted to his own use data file(s), or received the file(s) knowing that they having received notice of potential criminal or administrative penalties for violation of the terms of the Agreement. to the terms this Agreement and agrees to all the terms specified herein. Name and Title of User (typed or printed) Company/Organization Street Address City State ZIP Code Office Telephone (Include Area Code) E-Mail Address (If applicable) Signature Date maintenance of security arrangements as specified in this Agreement to prevent The parties mutually agree that CMS may disapprove the appointment of a custodian or may require the appointment of a new custodian at any time. Name of Custodian (typed or printed) Company/Organization Street Address City State ZIP Code Office Telephone (Include Area Code) E-Mail Address (If applicable) Signature Date
PAGE – 6 ============
Form CMS- R-0235 ( 06/10) follow(s). (To be completed by CMS staff.) _________________________________________ the terms of this of the terms of this Agreement and to refer all questions of such interpretation or compliance with the terms of this Agreement to the Typed or Printed Name Title of Federal Representative Signature Date Office Telephone (Include Area Code) E-Mail Address (If applicable) Agreement on behalf of CMS. Agreement and agrees to all the terms specified herein. Name of CMS Representative (typed or printed) Title/Component Street Address Mail Stop City State ZIP Code Office Telephone (Include Area Code) E-Mail Address (If applicable) A. Signature of CMS Representative Date B. Concur/Nonconcur Š Signature of CMS System Manager or Business Owner Date Concur/Nonconcur Š Signature of CMS System Manager or Business Owner Date Concur/Nonconcur Š Signature of CMS System Manager or Business Owner Date According to the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number. The valid OMB control number for this information collection is 0938-0734. The time required to complete this information collection is estimated to average 30 minutes per response, including the time to review instructions, search existing data resources, gather the data needed, and complete and review the information collection. If you have any comments concerning the accuracy of the time estimate(s) or suggestions for improving this form, please write to: CMS, 7500 Security Boulevard, Attn: Reports Clearance Officer, Baltimore, Maryland 21244-1850. 6
170 KB – 6 Pages