Current through October 31, 2024
Section 425.710 - Data use agreement(a)(1) Before receiving any beneficiary identifiable data, ACOs must enter into a DUA with CMS. Under the DUA, the ACO must comply with the limitations on use and disclosure that are imposed by HIPAA, the applicable DUA, and the statutory and regulatory requirements of the Shared Savings Program.(2) If the ACO misuses or discloses data in a manner that violates any applicable statutory or regulatory requirements or that is otherwise non-compliant with the provisions of the DUA, it will no longer be eligible to receive data under subpart H of this part, may be terminated from the Shared Savings Program under § 425.218 , and may be subject to additional sanctions and penalties available under the law.