This Non-Condential Data Reporting Security Agreement (“Agreement”) is made as of
between the Center for Health Information and Analysis (“CHIA”) and
Non-Condential Data Security Agreement
SECTION 1: DEFINITIONS
Non-Condential Data Security Agreement - Page 1 of 2
(“Data Reporter”).
(Data Reporter Entity Name)
(Type of Entity)
IN THIS AGREEMENT, THE FOLLOWING TERMS HAVE THE FOLLOWING MEANINGS:
CHIA: The Center for Health Information and Analysis
DATA REPORTER: Entities required by regulation to report information to CHIA.
CHIA-INET: The CHIA Internet website that collects information from Data Reporters and allows Users to download
reports related to the information submitted.
NON-CONFIDENTIAL DATA REPORTING SECURITY AGREEMENT: Pages one and two of this form, which must be
completed, signed by an authorized signatory of the Data Reporter, and submitted to CHIA.
USER: A person authorized by the Data Reporter to submit data to CHIA through CHIA-INET that has executed a
CHIA-INET User Agreement and to which CHIA has granted access to CHIA-INET. A User may be a Data Reporter
employee or contractor, or an employee of a Data Reporter contractor or intermediary.
USER AGREEMENT: Attachment A to the Non-Condential Data Reporting Security Agreement. The User Agreement
(Attachment A), must be executed by a User, contain, at a minimum, the provisions in the User Agreement (Attachment
A) and submit a copy to CHIA.
SECTION 2: RESPONSIBILITIES OF THE PARTIES
The parties agree as follows:
The Data Reporter will use CHIA-INET to submit data to CHIA. The Data Reporter will require each User to execute a
User Agreement (Attachment A) and will send a copy of the executed User Agreement (Attachment A) to CHIA along
with the original copy of the Non-Condential Data Security Agreement. The Data Reporter will retain a copy of the Non-
Condential Data Security Agreement and the original User Agreement (Attachment A).
The Data Reporter will authorize access to at least two Users. The Data Reporter will authorize access only to persons
that need to submit required data. The Data Reporter will institute appropriate password controls for each User and
will ensure that each User accesses CHIA-INET using only his or her own user ID and password and will not share this
information with any other person. The Data Reporter will immediately notify CHIA when a User is no longer authorized to
access CHIA-INET due to resignation, termination, or breach of a term of this Agreement or the User Agreement.
CHIA will give access to CHIA-INET to each User with an acceptable executed User Agreement.
The Data Reporter will retain a copy of any data submitted via CHIA-INET sufcient to enable it to resubmit if the original
submission is lost or destroyed before it is processed by CHIA.
Data Reporter Authorized Signature
Printed Name of Signer
Title of Signer
E-mail Address Telephone Number
Address City, Zip Code
Non-Condential Data Security Agreement - Page 2 of 2
The Data Reporter is solely responsible for the preservation, privacy, and security of data in its possession, including data
in transmissions received from CHIA. Use of an intermediary shall not relieve the Data Reporter of any risks or obligations
assumed by it under this Agreement, or under applicable law and regulations. The Data Reporter agrees:
(a) not to copy, disclose, publish, distribute or alter any data, data transmission, or the control structure applied to
transmissions, or use them for any purpose other than the purpose for which the Data Reporter was specically
given access and authorization by CHIA;
(b) not to obtain access to any data, transmission, or CHIA’s systems by any means or for any purpose other than as
the Center has expressly authorized the Data Reporter; and
(c) if the Data Reporter receives data not intended for receipt by the Data Reporter, the Data Reporter will
immediately notify CHIA to arrange for its return or resubmission as CHIA directs. After such return or resubmission,
the Data Reporter will immediately delete all copies of such data remaining in its possession.
Each party will take reasonable steps to ensure that the information submitted in each electronic transmission is timely,
complete, accurate and secure, and will take reasonable precautions to prevent unauthorized access to (a) its own and
the other party’s transmission and processing systems, (b) the transmissions themselves, and (c) the control structure
applied to transmissions between them.
Each party agrees to notify the other party immediately if an employee or agent, including any User, has breached the
Agreement or any provision of this Agreement. Such notication will include the identity of such individuals and the nature
of the breach. CHIA shall have the right, at its own expense and after reasonable notice, to conduct an audit of Data
Reporter during normal working hours to determine if Data Reporter is in compliance with the terms of this Agreement.
CHIA may terminate this Agreement, and the Data Reporter’s access to CHIA-INET, at any time if it determines that the
Data Reporter is not in compliance with the terms of this Agreement.
Each party is responsible for all costs, charges, or fees it may incur by transmitting electronic transmissions to, or
receiving electronic transmissions from, the other party. Each party will provide and maintain at its own expense
the personnel, equipment, software, training, services and testing necessary to implement the requirements of this
Agreement.
Each party shall regularly run anti-virus software to prevent the input or uploading of any viruses or other code capable of
disrupting or disabling computer hardware or software.
This Agreement will expire when the Data Reporter no longer submits to or receives data from CHIA-INET, or upon
termination by CHIA. Termination of this Agreement will not relieve the Data Reporter of its obligations under this
Agreement with respect to CHIA data received by the Data Reporter before the effective date of the termination.
(
SECTION 2: RESPONSIBILITIES OF THE PARTIES (Continued)
click to sign
signature
click to edit