U S Department of Health and Human Services www.hhs.gov
  CMS Home > Research, Statistics, Data and Systems > Privacy Protected Data Request: Policies & Procedures > DUA Extensions, Returning or Destroying CMS Data
Privacy Protected Data Request: Policies & Procedures

DUA Extensions, Returning or Destroying CMS Data

What Do I Do When My Data Use Agreement (DUA) Expires or It Is About To Expire?

How Do I Close My DUA?

  • Upon completion of project and/or expiration of the DUA, the data must be returned to the Centers for Medicare & Medicaid Services (CMS) at the requestor's expense, or destroyed and a statement certifying this action sent to CMS. The Requestor agrees that no data, copies, or parts thereof, shall be retained when the file(s) are returned or destroyed, unless CMS has authorized in writing such retention of said file(s).
  • Destroying/Degaussing CMS data – Provide a letter to CMS on your organization's letterhead certifying that this action has taken place.  This letter must also reference the DUA number and study name and delineate the data set names and volume/serial numbers of the files being destroyed. Requestor should forward the certificate of destruction to:

Director, Division of Privacy Compliance
Centers for Medicare & Medicaid Services
OIS/EASG/DPC
7500 Security Boulevard
Mailstop: N2-04-27
Baltimore, MD  21244-1850

  • Returning CMS Data – Return data and any derivative files to CMS along with a letter delineating the data set names and volume numbers of the files being returned. The letter should reference the DUA number and study name. This letter should be sent to the following address:

Centers for Medicare & Medicaid Services
CMS Data Center
North Building
Attention: Data Release Area
7500 Security Boulevard
Baltimore, MD  21244-1850       

How Do I Extend My DUA?

  • If the project is still active and the DUA has expired, a one (1) year extension may be granted. The request for extension will only be granted if the data will continue to be used for the original project purpose and the expiration date has occurred within the past year, otherwise a new DUA must be negotiated. The Letter of Request for extension or new DUA should be directed to:

    Director, Division of Privacy Compliance
    Centers for Medicare & Medicaid Services
    OIS/EASG/DPC
    7500 Security Boulevard
    Mailstop: N2-04-27
    Baltimore, Maryland 21244-1850

 

Downloads
Certification of Destruction [PDF, 20KB]
Related Links Inside CMS

There are no Related Links Inside CMS
Related Links Outside CMSExternal Linking Policy

There are no Related Links Outside CMS

 

Page Last Modified: 04/09/2008 6:19:28 AM
Help with File Formats and Plug-Ins

Submit Feedback




www1