Form CMS-R-0235L (02/08) 3
5.
6.
7.
8.
9.
The User shall not attempt to identify or contact any specific individual whose record is included in the
limited data set file(s) specified in section 4. Absent written authorization from CMS, the User shall not
attempt to link records included in the file(s) specified in section 4 to any other beneficiary-specific
source of information.
The parties mutually agree that the aforesaid file(s) (and/or any derivative file(s)) including those files
that indirectly identify individuals and those that can be used in concert with other information to
identify individuals may be retained by the User until ________________, hereinafter known as the
“Retention Date.” The User agrees to notify CMS within 30 days of the completion of the purpose
specified in section 4 if the purpose is completed before the aforementioned retention date. Upon such
notice or retention date, whichever occurs sooner, the User must destroy such data. The User agrees to
destroy and send written certification of the destruction of the files to CMS within 30 days. The User
agrees not to retain CMS files or any parts thereof, after the aforementioned file(s) are destroyed.
The User shall not use, disclose, market, release, show, sell, rent, lease, loan, or otherwise grant access to
the limited data set files specified in section 4 of this Agreement, except as expressly permitted by this
Agreement or otherwise required by law.
a. The User agrees that any use of CMS data in the creation of any document (manuscript, table, chart,
study, report, etc.) concerning the purpose specified in section 4 (regardless of whether the report or
other writing expressly refers to such purpose, to CMS, or to the files specified in section 5 or any data
derived from such files) must adhere to CMS’ current cell size suppression policy. This policy
stipulates that no cell (eg. admittances, discharges, patients) less than 11 may be displayed. Also, no
use of percentages or other mathematical formulas may be used if they result in the display of a cell
less than 11. By signing this Agreement you hereby agree to abide by these rules and, therefore, will
not be required to submit any written documents for CMS review. If you are unsure if you meet the
above criteria, you may submit your written products for CMS review. CMS agrees to make a
determination about approval and to notify the user within 4 to 6 weeks after receipt of findings. CMS
may withhold approval for publication only if it determines that the format in which data are presented
may result in identification of individual beneficiaries.
b. The User may not disclose the limited data set file(s) specified in section 4 of this Agreement to a
Secondary User until and unless the Secondary User enters into a DUA with CMS. CMS will only enter
into a DUA with a Secondary User if the purpose for which the secondary use of the limited data set
file(s) is consistent with the purpose specified in Section 3 of this Agreement.
The User agrees to establish appropriate administrative, technical, and physical safeguards to protect the
confidentiality of the limited data set file(s) and to prevent unauthorized use or access to it. The safeguards
shall provide a level and scope of security that is not less than the level and scope of security established by
the Office of Management and Budget (OMB) in OMB Circular No. A–130, Appendix III—Security of
Federal Automated Information Systems http://www.whitehouse.gov/omb/circulars/a130/a130.html), which
sets forth guidelines for security plans for automated information systems in Federal agencies. The User
acknowledges that the use of unsecured telecommunications, including the Internet, to transmit individually
identifiable or deducible information derived from the limited data set file(s) specified in section 4 is
prohibited. Further, the User agrees that the limited data set file(s) must not be physically moved or
electronically transmitted in any way from the site indicated in section 15 without prior written approval
from CMS.
10. For each limited data set file, the User shall reimburse CMS for all associated processing fees.