CMS-10394 Letter of Commitment Template

QECP Letter of Commitment

Month, DD, YYYYY
Point of Contact and Executive
Entity Name
Address
City, State Zip
Director, Office of Enterprise Data & Analytics
Centers for Medicare & Medicaid Services
7500 Security Boulevard
Mail stop: B2-29-04
Baltimore, Maryland 21244-1850
Dear Director:
This letter outlines the understanding between the Centers for Medicare & Medicaid Services (CMS) and
Entity Name regarding Entity Name’s intent to complete the remaining Qualified Entity Certification
Program (QECP) minimum requirements:
•

Data Security Review (Element 2.1)

•

Intentions Regarding Non-Public Analyses (Element 2.2)

•

Provider Corrections and Appeals, if applicable (Element 2.3)

•

Secure transmission of beneficiary data, if applicable (Element 2.4)

•

Standard Measure Use, if applicable (Element 3.1)

•

Alternative Measure Use, if applicable (Element 3.2)

•

Provider and Public Report Design (Element 3.3)

This letter includes the following:
•

Attachment A: QECP Public Reporting Attestation

•

Attachment B: Contractual Relationship Attestation (if applicable)

•

Attachment C: Cloud Service Provider (CSP) Identification (if applicable)

•

Attachment D: Quality Improvement Organization (QIO) Attestation (if applicable)

If CMS deems us to have sufficiently met the remaining minimum requirements listed above, Entity
Name will publicly release a Qualified Entity (QE) provider performance report within 12 months of
receipt of the QE Medicare data (as proposed in Attachment A).
We acknowledge that, prior to our Phase 1 application submission, we will have sufficiently completed
the following:
•

Attached evidence in the QECP online application for Elements 1.1, 1.2, 1.3, and 1.4, including:
•

This Letter of Commitment, signed and uploaded to Element 1.1

•

An attestation of Entity Name’s ability to meet all applicable requirements for Phases 2 and 3
and the ability to provide evidence during the relevant phase of the application

1

QECP Letter of Commitment

Entity Name understands that QE Medicare data will only be distributed to Entity Name upon successful
completion of Phase 2: Data Security & Corrections and Appeals, CMS approval of submitted QE Data
Use Agreement (DUA) materials, and payment of appropriate fees for the QE Medicare data. Further,
Entity Name also understands that a Compliant Phase 2 review outcome does not provide a CMS
endorsement, nor does it validate the sufficiency of the QE’s data security and privacy program for
purposes outside of the QECP. QECP Phase 2 review outcomes are based solely on the information QEs
provide to CMS at the time of the Phase 2 review. There is no guarantee regarding the future
performance of a QE, especially as new system, personnel, and environmental vulnerabilities and
threats are continually evolving.
Entity Name may not distribute provider or public reports containing QE Medicare claims data provided
under this program until the QECP Team has reviewed Entity Name’s compliance with all of the program
requirements. Upon review, if Entity Name does not demonstrate compliance with QECP requirements,
CMS reserves the right to retract QE certification and require Entity Name to destroy or return QE
Medicare data.
The terms of this understanding are acceptable to Entity Name, and Entity Name acknowledges our
agreement below.
Approved By:
Entity Name

Address

Date

Phone Number

Entity Name

Entity Address

MM/DD/YYYY

Phone Number

Authorized Officer

Date

Authorized Officer Name, Title

MM/DD/YYYY

Entity Signature
Entity Signature

Authorized Officer Signature
Authorized Officer Signature

2

Attachment A: QECP Public Reporting Attestation
Entity Name will publicly report within 1 year of receiving QE Medicare data.
Approved By:
Authorized Officer

Date

Authorized Officer Name, Title

MM/DD/YYYY

Authorized Officer Signature
Authorized Officer Signature

A-1

Attachment B: Contractual Relationship Attestation
Table 1: Lead and Contractor or Member Organizations
Category

Details

Legal Name of Lead Entity

Organization Name

Trade Name/Database Administrator (DBA)

Organization Name

Name(s) of Contractor or Member Organizations,
if applicable

Organization Name

Does any organization on your team (lead or
other) also hold a QIO contract with CMS?

Yes, list organizations below:
• Organization Name
• Organization Name
• Organization Name
• Organization Name

No
Repeat the following two tables for each contractor or member organization relevant to the Entity’s
application and program.
Table 2: Attestation of Agreement with Contractor or Member Organization
Category
Details
Legal Name of Contractor, Vendor, Partner,
Subsidiary or Member Organization

Organization Name

Trade Name/DBA

Organization Name

Description of contractual relationship (A general
description of agreements in place between the
lead Entity and other contractor or member
organizations, as applicable)

Insert Text

Effective dates on agreement

Month DD, YYYY - Month DD, YYYY

The partner noted above will be responsible for,
or involved in meeting, compliance for the
following QECP elements:

• Insert Text
• Insert Text
• Insert Text

B-1

Attachment B: Contractual Relationship Attestation
The lead Entity must attest to the following statements regarding each contractor or member
organization (as applicable) by responding yes or no to each statement.
Table 3: Affirmation Statements
Statement

Response

The contractor or member organization is willing
to sign a QECP DUA.

Yes

The contractor or member organization
understands that it will also be subject to CMS
review as part of the QECP and its actions may
result in sanctions and/or termination of the
Qualified Entity.

Yes

The lead and contractor or member organization
have a legally enforceable agreement in place
that includes breach of contract liability if one of
the members of the group fails to deliver and
there would be the potential of collecting
damages for that failure to perform.

Yes

No
No

No

To the best of my knowledge and belief, all data in this attestation are true and correct, the document
has been authorized by the governing body of the lead Entity, and the lead Entity will comply with the
terms and conditions of the award and applicable Federal requirements.
Approved By:
Authorized Representative
Authorized Representative
Name, Title

Date
MM/DD/YYYY

Phone
Number
Phone
Number

Authorized Representative Signature
Authorized Representative
Signature

B-2

Attachment C: CSP Identification
The lead Entity must attest to the following statements regarding the planned use of a CSP, within the
lead organization either directly or with a contractually identified data vendor.
Name of Intended CSP
Table 4: CSP Identification

Statement

Response

The lead Entity plans to use a CSP within their system or has a contract
that uses a CSP.

Yes

The lead Entity understands that any CSP that will be used for CMS
data storage must have FedRAMP approval and an Authority to
Operate with CMS.

Yes

No
No

To the best of my knowledge and belief, all data in this attestation are true and correct, the document
has been authorized by the governing body of the lead Entity, and the lead Entity will comply with the
terms and conditions of the award and applicable federal requirements.
Approved By:
Authorized
Representative
Authorized
Representative
Name, Title

Address
Authorized
Representative
Address

Date
MM/DD/YYYY

Phone Number
Phone
Number/Email
Address

Authorized Representative
Signature
Authorized
Representative
Signature

C-1

Attachment D: CMS QIO Attestation
An Entity that holds a QIO contract with CMS is permitted to function as a QE, or as part of a QE Team,
under the following conditions:
•

The Entity may not represent the fact that they are a QIO while conducting the QE activities.

•

Any resources, both financial and operational, funded by CMS as part of the QIO contract may
not be used to sustain the Entity’s QE program in any way.

•

The Entity must continue to uphold all terms of their QIO contract, including their confidentiality
and conflict of interest contractual obligations. The Entity may wish to request a conflict of
interest determination by the CMS Office of Acquisitions and Grants Management.
The Entity must complete an attestation during Phase 1 of the QECP Minimum Requirements
Review attesting that they will adhere to the three conditions listed above.

•

The table and signature section below must be completed by an authorized representative for each
Entity in your QE Team that holds a QIO contract with CMS. If none, you are not required to submit
Attachment C.
Table 5: QIO Demographics
Category

Details

Name of Entity recognized as a QIO (lead Entity
or partner/collaborator as part of the QE Team)

Organization Name

States for which Entity functions as a QIO

State(s)

QIO Contact within the Entity (Name, Title, Email
Address, and Phone Number)

First Name Last Name, Title
Email Address
Phone Number
First Name Last Name, Title
Email Address
Phone Number

QIO Contact within CMS (Name, Title, Email
Address, and Phone Number)

D-1

Attachment D: CMS QIO Attestation
Table 6: QIO Affirmation Statements
Category

Details

We agree to maintain distinct and separate representation between QE
and QIO activities. We will not represent QE work or resulting products
to be a function of our QIO contract with CMS.

Yes

We agree to maintain funding for QE activities separate from QIO
funded CMS sources. Funds or resources provided by CMS to support
the QIO program will not be used or spent for the QE program,
including funds or resources for operating the QIO Standard Data
Processing Systems (SDPS). Medicare obtained by QEs will not be
stored on the SDPS.

Yes

If approved as a Certified QE (or a member of a certified QE Team), we
agree to uphold all terms of our QIO contract, including confidentiality
and conflict of interest contractual obligations. We understand that, per
our request, a QE/QIO conflict of interest analysis can be performed by
CMS Office of Acquisition and Grants Management (OAGM).

Yes

No

No

No

To the best of my knowledge and belief, all information in this attestation is true and correct. The
document has been authorized by the governing body of the Entity mentioned on page C-1, and the
Entity will comply with all terms and conditions of the affirmation statements mentioned on pages C-1
through C-2.
Approved By:
Authorized
Representative

Address

Date

Authorized
Representative Name,
Title

Authorized
Representative Address
Line 1

MM/DD/YYYY

Phone Number
Phone
Number/Email
Address

Authorized
Representative
Signature
Authorized
Representative
Signature

D-2