The procedures described in this section support the University’s Registration and Protection of Systems Policy and Data Classification Policy with respect to the University’s obligation to safeguard data provided by the U.S. Centers of Medicare and Medicaid Services (“CMS”) to researchers at the University. Any researcher who wishes to have access to Restricted Use NCHS-CMS Medicare Data (“CMS Restricted-Use Data”) or to permit others to have access to such Data must follow these procedures. For more information on the definition of CMS Restricted-Use Data see https://www.cdc.gov/nchs/data-linkage/medicare-restricted.htm.
Each of the Principal Investigator of a research study (”PI”), his/her department, and the department’s Executive Manager (as defined in the University Information Security Charter) are responsible for ensuring that these procedures are followed. The department must also ensure that the relevant Certified IT Group (“CITG”) is involved.
Prior to finalizing a Data Use Agreement (“DUA”) with CMS, Sponsored Projects Administration must review the DUA with the PI.
Any PI who wishes to have access to CMS Restricted-Use Data or to permit others to have access to such Data must work with his/her CITG to ensure the CITG’s assistance in safeguarding such data. In such a case, the following steps should be undertaken: