The parties agree as follows:
SECTION 2: RESPONSIBILITIES OF THE PARTIES
The Data Reporter will use CHIA’s web-based platforms or SFTP to successfully transmit encrypted data filings. The Data
Reporter will require each User to execute a User Agreement. The Data Reporter will retain the original User Agreement for
each User they allow access to CHIA’s submission platforms. User agreements must be signed annually to ensure staff is
aware of their security obligations. The Data Reporter shall provide the User Agreement(s) to CHIA upon request.
The Data Reporter will authorize access to at least one Agreement Administrator. The Agreement Administrator
representing the Data Reporter will authorize access only to persons that need to submit or retrieve required data.
The Data Reporter will institute appropriate password controls for each User and will ensure that each User accesses
CHIA’s submission platform(s) using only his or her own user ID and password and will not share this information with
any other person. The Data Reporter will immediately notify CHIA when a User is no longer authorized to access
CHIA’s submission platform due to resignation, termination, or breach of a term of this Agreement or the User
Agreement or have the Agreement Administrator delete the User account.
CHIA will approve valid system access to each User the Agreement Administrator requests. The Data
Reporter must utilize CHIA’s encryption software tools to encrypt data containing patient-level data using
File Secure or SENDS before submitting such data.
Confidential Data Reporting Security Agreement
The Data Reporter shall institute appropriate password controls for each User and shall regularly run anti-virus software
to prevent the input or uploading of any viruses or other disabling or malicious code capable of disrupting or disabling
computer hardware or software.
The Data Reporter will retain a copy of any data submitted via CHIA’s submission platform(s) sufficient to enable it to
resubmit if the original submission is lost or destroyed before it is processed by CHIA.
The Data Reporter is solely responsible for the preservation, privacy, and security of data in its possession, including
data in transmissions received from CHIA. Use of an intermediary shall not relieve the Data Reporter of any risks
or obligations assumed by it under this Agreement, or under applicable law and regulations. The Data Reporter agrees:
(a) not to copy, disclose, publish, distribute or alter any data, data transmission, or the control structure applied to
transmissions, or use them for any purpose other than the purpose for which the Data Reporter was specifically
given access and authorization by CHIA;
(b) not to obtain access to any data, transmission, or CHIA’s systems by any means or for any purpose other than as
CHIA has expressly authorized the Data Reporter; and
(c) if the Data Reporter receives data not intended for receipt by the Data Reporter, the Data Reporter will
immediately notify CHIA to arrange for its return or
resubmission as CHIA directs. After such return
or resubmission, the Data Reporter will immediately delete all copies of such data remaining in its possession.
Each party will take reasonable steps to ensure that the information submitted in each electronic transmission is timely,
complete, accurate and secure, and will take reasonable precautions to prevent unauthorized access to (a) its own
and the other party’s transmission and processing systems, (b) the transmissions themselves, and (c) the control
structure applied to transmissions between them.
Each party agrees to notify the other party immediately if an employee or agent, including any User, has breached the
Agreement or any provision of this Agreement. Such notification will include the identity of such individuals and the nature
of the breach. CHIA shall have the right, at its own expense and after reasonable notice, to conduct an audit of Data
Reporter during normal working hours to determine if Data Reporter is in compliance with the terms of this Agreement.
CHIA may terminate this Agreement, and the Data Reporter’s access to CHIA’s Submission Platform, at any time if it
determines that the Data Reporter is not in compliance with the terms of this Agreement.
Each party is responsible for all costs, charges, or fees it may incur by transmitting electronic transmissions to, or
receiving electronic transmissions from, the other party. Each party will provide and maintain at its own expense the
personnel, equipment, software, training, services and testing necessary to implement the requirements of this Agreement.
Each party shall regularly run anti-virus software to prevent the input or uploading of any viruses or other code capable
of disrupting or disabling computer hardware or software.
This Agreement will expire when the Data Reporter no longer submits to or receives data from CHIA’s submission
platform(s), or upon termination by CHIA. Termination of this Agreement will not relieve the Data Reporter of its
obligations under this Agreement with respect to CHIA data received by the Data Reporter before the effective date of the