Form J-119 - Data Sharing Request/agreement Page 4
Download a blank fillable Form J-119 - Data Sharing Request/agreement in PDF format just by clicking the "DOWNLOAD PDF" button.
Open the file in any PDF-viewing software. Adobe Reader or any alternative for Windows or MacOS are required to access and complete fillable content.
Complete Form J-119 - Data Sharing Request/agreement with your personal data - all interactive fields are highlighted in places where you should type, access drop-down lists or select multiple-choice options.
Some fillable PDF-files have the option of saving the completed form that contains your own data for later use or sending it out straight away.
ADVERTISEMENT
1
2
3
4
5
6
7
8J-119 DSA (7-17) - Page 4 of 8
Agreement No.
SECTION II. STIPULATIONS REGARDING THE USE OF INFORMATION
STIPULATIONS APPLICABLE TO THE REQUESTING ENTITY:
1. Disclosure of the data provided to the Requesting Entity is not permitted unless specifically authorized.
2. Repackaging or redistribution of data or screens, or creation of separate files will not be permitted unless specifically authorized.
3. The data shall be used only to assist in legal valid business needs as stated in Section I, item 1a of this Agreement.
4. All data shall be stored in a physically secure logically encrypted facility/system following the physical security regulations and
standards based on the type of data appropriate and related standards. HIPAA / PHI / PII / PCI/ PUB-1075 etc.
5. All data in electronic format shall be safeguarded and stored, processed and monitored so that unauthorized persons cannot
compromise the information.
6. DES shall be notified within 24 hours when an information breach occurs. Notification must be in accordance with timelines based
on State and Federal law.
7. Only authorized staff will be given access to accomplish the purpose(s) specified in Section I, item 1a of this Agreement.
8. Staff shall view, read or attend an authorized data security awareness training class, where they will be instructed on confidentiality,
privacy laws and penalties imposed when there in any non compliance. All staff with access to DES systems and/or applications
must complete an annual recertification security awareness training class as scheduled by DES.
9. A Request for Terminal Access and/or other Activity (J 125) shall be used to request specific access for each authorized staff
member and must be signed by the staff supervisor or designee.
10. All authorized staff are required to sign a User Affirmation Statement (J 129), as a condition for using requested data. T his
affirmation statement must be resigned at three (3) year intervals as scheduled by DES.
11. Any changes requiring additional access or removal of access as, shall be reported promptly to the respective data security analyst.
12. Federal and state audit and data security personnel may have access to offices and records of the requesting entity to monitor or
verify compliance with this Agreement.
13. This Data Sharing Agreement will remain in effect for 10 years from the effective date unless otherwise stipulated in Section III or
overridden by the Contract, a Memorandum of Understanding or an InterAgency Agreement. If duration is overridden by another
document, please reference the document in Section III.
14. Upon Contract Termination, Media Sanitization procedures shall be adhered to in accordance to Arizona Statewide Policy –
P8250v 1.0 - The Business Unit shall sanitize digital and non-digital information system media containing Confidential information
prior to disposal, release of organizational control, or release for reuse using defined sanitization techniques and procedures in
accordance with the Media Protection Standard S8250. [NIST 800-53 MP-6] [HIPAA 164.310(d)(2)(i)] [HIPAA 164.310(d)(2)(ii)] [IRS
Pub 1075]
15. All DES Contracts retention terms and conditions will be adhered to as written unless otherwise stated on DES Retention Policy
[(DES 1-37-12-(01)(02)(03)] is applicable.
16. Requesting entity is responsible for all costs and licenses associated with securely connecting to DES and for maintaining
confidential standards.
STIPULATIONS APPLICABLE TO PROVIDER:
1. DES will use the Requesting Entity employee identifying information solely for the purpose of establishing access.
2. Only authorized DES employees will have access to requesting agency employee data.
3. In accordance with applicable federal, state, and/or local privacy regulations, DES will protect all information collected from the
Requesting Entity.
STIPULATIONS APPLICABLE TO HIPAA – HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT
1. All staff shall attend an authorized HIPAA awareness training class, where they will be instructed on confidentiality, privacy,
information safeguards and penalties imposed when compliance is breached.
2. If applicable, a “Business Associate Contract” [45 CFR 164.502(e), 154.504(e). 164.532(d) & (e)] on file and it will be attached to
this data sharing agreement as an addendum.
STIPULATIONS APPLICABLE TO DIVISION DATA OWNERS:
1. DES Division Security Rep shall verify external or internal requesters and submit service desk ticket (SD) and attach the received
(J-125 from external customers only) and process account. SD ticket must contain DSA# and all contents of attached J-125 in
the SD summary field. DES Division Security Reps shall monitor and manage all accounts which have access to their data or with
who this DSA in partnership.
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Legal