DUA - Federal Contracts-Grants
Effective June 1, 2012, all DUA request submissions must follow the e-mail Subject line instructions below.
Responsibilities of the COR/GTL/PO
- Contractors/grantees are performing work on behalf of the federal government and therefore shall foollow all CMS information security and privacy policies
- All required documentation and procedures are followed for their contractor to gain access to CMS data
- Contractors/grantees are only approved to access the minimum data necessary to perform the functions of their contract/grant
- At the end of the contract, all CMS data is returned or destroyed as required by the Data Use Agreement (DUA)
Federal Agency Contractors and Grantees - the initial request for a DUA must be submitted through ResDAC (Researcher Data Assistance Center) a CMS contractor that provides free assistance to anyone interested in using Medicare and/or Medicaid data for their project/study. After the DUA is created, requests for changes to the DUA requesters, custodians, recipients, sub-contractors, extensions and changes to the federal contact must be routed through their federal Project Officer (PO) via e-mail for approval prior to being sent to CMS. Refer to the table below. For the initial DUA creation and updating of files in the DUA, contact ResDAC via:
- e-mail ResDAC@umn.edu
- toll-free 1-888-973-7322
- on-line www.ResDAC.org
Federal Agency and CMS Contractors and Grantees
All requests must originate with an e-mail from the contractor/grantee DUA Requester/Custodian to the COR/GTL/PO. Do NOT include the DataUseAgreement@cms.hhs.gov address in any e-mail being sent to the COR/GTL/PO.
The COR/GTL/PO shall forward the Requester/Custodian e-mail toDataUseAgreement@cms.hhs.gov stating their approval of the request.
Signing DUA forms - the COR/GTL/PO must sign the DUA forms as follows:
- DUA Form-0235, PO complete and sign Section 19 and CMS COR/GTL complete section 20 and sign section 20a with their manager completing Section 20b, and for CMS contracts the COR/GTL must secure the signature of all applicable Business Owner representatives for data being requested from their System of Records (SOR)
- DUA Addendum Form-0235a, sign in the "Signature of CMS Project Officer" section
- DUA Update Form-0235u, section 5 along with their manager and for CMS contracts the COR/GTL must secure the signature of all applicable Business Owner representatives for data being requested from their System of Records (SOR)
- DUA Certification of Disposition Form-10252 the COR/GTL/PO are no longer required to sign this form
The COR/GTL/PO must then scan and attachment to an e-mail and send to DataUseAgreement@cms.hhs.gov. The e-mail subject line must state:
| Request Type | Subject Line (do not include parenthesis) |
| New DUA | New DUA (contractor Organization) |
| Add files (DUA Update form) to existing DUA | DUA ##### Update |
| Requester change or add Custodian(s)/Recipient(s) | DUA ##### Addendum |
| Extension | DUA ##### Extension |
| Closure | DUA ##### Closure |
| Remove Custodian(s)/Recipient(s) | DUA ##### Remove contacts |
| Change federal contact | DUA ##### Federal contact change |
| Replace CMS contact on all currently open DUAs | CMS Contact (name) global replacement |
| Correct contact information | Contact (name) information update |
For requests that do not include a form, such as to remove contacts from a DUA, in the body of the e-mail state "request approved".
Data Extract System (DESY) and Integrated Data Repository (IDR) requests must be submitted via e-mail to DataUseAgreement@cms.hhs.gov by the COR/GTL. Provide the DUA #, User Id and name of individual requiring access. IDR requests must also state to which data description the individual is to be granted access.
- Page last Modified: 07/06/2012 2:12 PM
- Help with File Formats and Plug-Ins
