This Agreement establishes the terms and conditions for the receipt of confidential address information related to cancer cases by NAACCR from Participating Member Registries for the purpose of geocoding using the Texas A&M University (TAMU) Geocoder hosted on NAACCR servers. This agreement is an assurance that all information received from Participating Member Registries is protected and shall be kept strictly confidential.

The Participating Member Registry agrees to specify in detail any additional permissions or restrictions affecting NAACCRs receipt of data for geocoding purposes. It is the responsibility of each Participating Member Registry to update these additional permissions or restrictions in accordance with applicable changes in state statute, regulation or policy.

The Participating Member Registry agrees to keep updated with the current registry designee and both a physical and mailing address.

This Agreement shall remain in effect from the date of its execution until a duly authorized representative of the Participating Member Registry notifies NAACCR of a change or termination of this Agreement through written notification sent by certified mail to appropriate designee.

Amendments

This Agreement may not be amended without prior written approval of both NAACCR and the Participating Member Registry.

Assignment

All parties understand and agree that this agreement may not be sold, assigned, or transferred in any manner and that any actual or attempted sale, assignment, or transfer shall render this agreement null, void, and of no further effects, unless approved in writing by the Participating Member Registry prior to any sale, assignment or transfer.

Confidentiality

a. Any and all data that may lead to the identification of any patient is strictly privileged and confidential. NAACCR agrees to keep all such data strictly confidential. Such confidentiality shall be maintained notwithstanding termination of this Agreement.

b. In the event of a violation of the requirements of the this Agreement or a data breach, NAACCR will notify the Participating Member Registry in writing of any violation of this Agreement, sent by certified mail, within 7 working days, and including full details of the violation and actions to be taken. NAACCR will take all feasible measures to mitigate loss or damages related to any potential breach or violation of this Agreement.

c. NAACCR agrees that all data received under the provisions of this Agreement may be used only for the purpose of geocoding.

d. All information provided to NAACCR remains the property of the Participating Member Registry where the information originated. NAACCR will not re-release any information received under the provisions of this Agreement to any third party, including NAACCR or any NAACCR contracted companies hosting NAACCR servers, unless approved in writing by the Participating Member Registry.

e. In the event that the NAACCR receives a subpoena or other compulsory legal process compelling disclosure of confidential data, NAACCR agrees to notify the Participating Registry in writing, by certified mail, within 7 working days.

f. Each party shall use the same care and discretion, but in no event less than reasonable care and discretion, to prevent disclosure, publication, or dissemination of the other party's Confidential Information except in connection with the performance of its obligations under this agreement.

Security

NAACCR will maintain a robust set of industry-standard information security policies to safeguard the privacy, confidentiality and integrity of computing systems and data assets used for the geocoding of Participating Member Registry data. These policies include both physical and logical access to data and computer systems as well as required training and data management, storage, and use policies for NAACCR personnel.

Physical Security

The servers and storage used for the purposes of the service described in this agreement are physically housed in a datacenter which is controlled by a trusted, third-party vendor. This vendor will maintain security practices for physical access to the servers and storage. The third-party vendor will also provide a suitable, monitored environment for all servers and storage.

Backups

Data uploaded or transmitted for geocoding must necessarily be present on NAACCR Servers for the geocoding process to take place. These user data files will be excluded from backups. The TAMU Geocoding system used to process the Participating Registry data utilizes a relational database management system (RDBMS) for storing the geographic reference data files necessary for geocoding. An RDBMS system requires transaction logs of queries be maintained to operate. As such, a record of query transactions may be kept for some period of time after a record has been processed. All reasonable and possible steps will be taken to ensure that these logs are emptied prior to backups being performed and/or limit their inclusion in backups.

Authentication and Access

The passwords granting access to the data and servers for the purposes of geocoding are known only to designated NAACCR staff authorized to work with Participating Member Registry data for the purposes of geocoding.

Network Security

All NAACCR servers used in the processing of Participating Member Registry data will be logically isolated using firewalls and other hardware and software means as appropriate. This servers used for geocoding will only be accessible to designated NAACCR staff authorized to work with Participating Member Registry data for the purposes of geocoding.

Virus Protection and Security Patching

The servers used for the processing of Participating Member Registry data employ industry-standard antivirus and other security software. This software and its definition databases are updated at least once per day. The operating system and other supporting software products are also updated at least once per day.

All updates described herein are dependent upon internet connection availability, hardware availability, and other factors beyond NAACCR's control. NAACCR will take reasonable measures to ensure the automatic processing of regularly scheduled updates to all software and services related to the geocoding service.

Data Retention

The Participating Member Registry is responsible for removing any files transmitted to NAACCR servers for geocoding by the TAMU Geocoding system. To do so, the Participating Member Registry must actively log onto the Participating Member Registry user account and select to delete the files from the Participating Member Registry user account following the completion of the geocoding process. This action removes the Participating Member Registry input and processed files from the NAACCR servers as well as deletes the temporary database storage used during the processing the files. All reasonable and possible efforts will be made by NAACCR to ensure that RDBMS transaction log files are deleted following the deletion of the user file.

Data Transmission and Storage

The Participating Member Registry will submit data files to NAACCR for geocoding with the TAMU Geocoding system via a secure hypertext transfer protocol (https) web portal. The log-in username and password for the NAACCR secure web portal will be the same as the user's MyNAACCR account. The Participating Member Registry will be responsible for uploading, downloading, and deleting files from the Participating Member Registry NAACCR account. Portable media will not be used at any point for the transmission of Participating Member Registry data or the resulting geocoded information.