The following criteria are used to evaluate the appropriateness of the release of Centers for Medicare & Medicaid Services (CMS) data:

1. All requests, except for Limited Data Sets (LDS), Disproportionate Share Hospital (DSH) Rate Data, State Government Agencies requesting Outcome and Assessment Information Set (OASIS), and State Medicaid Agencies requesting Long-Term Care Minimum Data Set (LTCMDS), and EDB Customized State Files, must be e-mailed to the Research Data Assistance Center (ResDAC) for initial review at resdac@umn.edu. Once your data request has been reviewed by ResDAC and changes are made, the final request can be sent directly to CMS as directed by ResDAC.
   
2. The requestor must request data that can be disclosed under the Privacy Act of 1974 and has been published as a System of Records. The Privacy Act of 1974 and the System of Records are CMS's legal authorization to release the data and these legal requirements protect the confidentiality of individually identifiable data.
   
3. The research protocol outlines a strong research design, which clearly states the objectives and the significance of the study, and provides a credible, straightforward argument for the importance of the project. The research protocol should address the following areas: hypotheses/study issues, data limitations, data management (describe in detail the measures that will be implemented to safeguard the data and protect the privacy of CMS beneficiaries), analysis plan, analysis methods, description of the tasks, time schedule, and the qualifications of key staff.
   
4. The scope and subject matter of the project must assist CMS in monitoring, managing, and improving the Medicare and Medicaid programs or the services provided to beneficiaries. CMS must balance the potential risk to beneficiary confidentiality with the probable benefits gained from the completed research.
   
5. The requestor must demonstrate the expertise and experience to conduct and complete the study.
   
6. The requestor must sign a CMS Data Use Agreement (DUA). Additionally, the DUA requires the requestor to obtain permission before attempting to link any other data files to CMS databases. The specific inclusion of an intention to link other data files to CMS data in a study protocol approved by CMS is considered approval from CMS. Finally, the CMS DUA also defines the process that must be followed for the destruction or return of the data to CMS at the conclusion of the study.
   
7. CMS cannot support research that will lead to the creation of a product or tool that the researcher intends to market. Any tool developed using CMS data are to be made available to the entire public, without charge. CMS will review the source of funding to determine if the requestor is independent of the funding organization. For example, CMS has historically denied data requests from requestors wanting to evaluate the impact of prescription drugs if a pharmaceutical company finances the study.
   
8. All manuscripts, reports or other public dissemination of findings (including the Internet), should be sent to CMS for review prior to publication. The purpose of CMS' review is to ensure that beneficiary confidentiality is properly maintained. Any result that may lead to the identification of an individual beneficiary (e.g. small cell sizes) will be suppressed. Once CMS reviews the request, a letter of authorization or denial will be released to the requestor. Requestors should submit manuscripts to the following CMS address:
   
   Director, Division of Privacy Compliance
   Centers for Medicare & Medicaid Services
   OIS/EASG/DPC
   7500 Security Boulevard
   Mailstop: N2-04-27
   Baltimore, Maryland 21244-1850
   
   
9. The publication or public dissemination (including the Internet), of statistics which highlight resident, beneficiary or facility level data must have prior authorization from CMS. The purpose of CMS authorization is to ensure that beneficiary confidentiality is properly maintained. Any statistics developed using CMS data are to be made available to the entire public.  Once CMS reviews the request, a letter of authorization or denial will be released to the requestor. This type of request should be submitted to the address listed in item 8.

For assistance with using and obtaining CMS data, please contact:

• Research Data Assistance Center (ResDAC) at 1-888-973-7322 or,
• CMS's Data Use and Policy Hotline at 410-786-3690

Downloads
There are no Downloads
Related Links Inside CMS
There are no Related Links Inside CMS
Related Links Outside CMS
Privacy Act of 1974 System of Records Research Data Assistance Center (ResDAC)

Page Last Modified: 08/07/2006 12:00:00 AM
Help with File Formats and Plug-Ins