These types of requests are generally for requests to reuse data originally released for another purpose. These types of requests require a ResDAC review and are reviewed by the CMS Privacy Board.

Required Documentation

1. ResDAC Data Request Document Checklist
   
   Checklist to be used by the researcher to ensure that all documentation has been completed, prior to emailing to ResDAC for review. Email checklist with documentation to be reviewed.
   
   
   
2. Written Request Letter
   
   The Written Request Letter, submitted on organizational letterhead, outlines the primary purpose(s) for which the data are required. If requested, ResDAC will provide a sample Written Request Letter for review. The Written Request Letter should contain the following elements:
   
   
   • The purpose for which the data are needed
   • A brief description of the methodology in which the data will be used
   • Delineation of the data requirements
   • Criteria for data selection or searches
   
   
   
3. Study plan or protocol
   
   The Study protocol is a 10-12 page document that delineates the objective, background, methods, and importance of the study being proposed. CMS will evaluate the purpose for which the data will be used to determine whether:
   
   
   • The purpose requires individually identifiable records
   • The project is of sufficient importance to warrant effect, or risk, on beneficiary privacy
   • There is reasonable probability that use of data will accomplish purpose, i.e., project is soundly designed and properly financed. Attention: Researchers that are federally funded may submit their approved grant proposal in combination with a Federally Funded Executive Summary in lieu of the study plan/protocol discussed above.
   
   
   
4. Data Use Agreement (DUA)
   
   The DUA delineates the confidentiality requirements of the Privacy Act and CMS's data release policies and procedures. Instructions for completion are included in the "DUA" document supplied with this packet. This agreement specifies that the requester will:
   
   
   • Ensure the data will be used only for the specific purpose stated in the agreement
   • Develop and implement the appropriate procedural, technical, and physical safeguards to prevent unauthorized use
   • Not release any files without prior CMS approval
   • Return or destroy file(s) by the date specified
   • Not publish or release information that would permit the identification of a beneficiary

   Signature Addendum: If anyone besides the requester or custodian is going to handle CMS data, a signature addendum may be required. View examples of when the addendum is required, for the signature addendum form, and for instructions on how to incorporate it into the DUA

   
   
5. Internal Review Board (IRB) Documentation of Waiver Approval
   
   

   IRB documentation is required by the CMS Privacy Board.

   
   

6. Evidence of Funding
   
   CMS requires documentation that the project has been adequately financed to allow for its completion. Evidence of funding is usually a copy of the face sheet of the grant, contract, or cooperative agreement. CMS is required to obtain compensation for its costs incurred in the processing of data, and costs will vary depending upon the number of records in the finder file, the number of records searched, and the method of retrieval. Payment is made to CMS after the data request is approved. The researcher should receive an approval letter that details the cost of the files and provides instructions for reimbursement.
   
   
   
7. Specification Worksheet (replacing the CMS Data Request Form)

   The Specification Worksheet contains requester information, shipping information, method of payment, and study/project data extract details. Note, for reuse requests, only complete the 'contact and request' cover page worksheet.
   
   
   

8. CMS Disclaimer User Agreement for Privacy Protected Data ­ Custom Requests

   CMS form stating that the level of support provided by CMS in relation to the timeframe for data delivery, data accuracy, data documentation, and data integrity is acceptable.
   
   
   

9. Privacy Board Review Summary Sheet
   
   

   The CMS Privacy Review Board uses this document as a permanent record of the Privacy Board review.
   
   
   

10. Letter of Support from Project Officer (federally funded projects only)
    
    The letter of support from a federal project officer is only applicable for those researchers whose project is funded by a federal granting institution. The project officer will also be required to sign the DUA.
    
    
    
11. Certification of Reuse Form
    
    

    The Certification of Reuse Form is used by CMS to determine the individual to whom the data was originally released to.

    Note: in the event that the original data was released prior to April 2003, there may be a charge associated with the reuse of the data. Contact ResDAC for details.
    
    
    

12. Formal CMS Cost Estimate
    
    Cost estimate from CMS outlining the costs of obtaining the data. Not required, but highly recommended.
    
    
    
13. Letter of Support from the Original Requestor
    
    

    If someone other that the original requestor of the data is requesting reuse, a letter of support from the original requestor of the data is needed.
    
    
    

14. Letter of Support from Original Project Officer
    
    

    If the original project for which the data was requested was federally funded, then a letter from the original Project Officer is required.
    
    
    

15. Additional documentation needed for Assessment data
    
    If the reuse request involves MDS, OASIS, or IRF-PAI data researcher will need to indicate the specific variables to be used in the analysis.
    
    
    

    After ResDAC review, Reuse data request packets should be mailed to:
    
    

    Maribel Franey, Division Director
    Division of Privacy Compliance Data Development (DPC)
    Centers for Medicare & Medicaid Services (CMS)
    OIS/EASG/DPC N2-04-27
    7500 Security Blvd.
    Baltimore, Maryland 21244-1850