Health Law Daily CMS walks through data access door opened by MACRA and ACA
News
Monday, February 1, 2016

CMS walks through data access door opened by MACRA and ACA

By Melissa Mitchell, J.D.

Qualified entities may soon have access to use and disseminate analyses and data of claims from Medicare and the private sector to help providers, employers, and other entities improve care delivery. A Proposed rule, which will publish in the Federal Register on February 2, 2016 incorporates provisions of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) and the new rules imposed under the Medicare Access and CHIP Reauthorization Act (MACRA) (P.L. 114-10). Interested entities have 60 days to comment on the many aspects of the rule, which will ultimately allow qualified entities to confidentially share or sell analyses of Medicare and private claims data to parties that can use the data to improve care.

New requirements. The Proposed rule sets forth new statutory requirements to expand how qualified entities are allowed to use and disclose data in the new program. The rule both explains how these entities create non-public analyses and how this data can be provided and sold to authorized users. Further, the rule provides explanation as to how the entities can provide or sell combined data or provide Medicare claims data alone at no cost to certain users. These rules are written within the bounds of the existing privacy, security, and disclosure laws and implement new privacy and security rules in the case that qualified entities or authorized users violate the data use agreements (DUAs), which are required under the new proposal.

CMS described the establishment of this proposal as “part of a broader effort by the Obama Administration to create a health care system that delivers better care, spends, dollars more wisely, and results in healthier people.” Those entities who would like to be designated as qualified entities under this proposal must apply to the program. According to CMS, 13 organizations have applied and received approval for that designation at this time. Of those, two have completed the public reporting requirements of the program.

ACA and MACRA. Section 10332 of the ACA established the qualified entity program. Under this provision, Medicare Part A and B claims data and Part D drug event data (collectively Medicare claims data) were required to be combined with other non-Medicare data to be disseminated. In that scenario, the data could only be used to evaluate providers’ and suppliers’ performance. Section 105 of MACRA, called “Expanding the Availability of Medicare Data,” expands the qualified entity program. It takes effect on July 1, 2016 and states that qualified entities may use certain types of combined data and information to conduct non-public analyses and either provide or sell this analysis to authorized users for non-public use.

Pursuant to MACRA, qualified entities must ensure compliance with any applicable provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (P.L. 104-191). The new rules also require an assessment of the disclosure of data if either the qualified entity or authorized user violate the terms of the mandated qualified entity DUA (QE DUA). Finally, the new rules also lay out annual reporting requirements, which were established to help CMS to monitor compliance with the qualified entity program.

Specific propositions for comment. In general, CMS proposed to amend 42 C.F.R. Part 401, Subpart G, which is entitled “Availability of Medicare Data for Performance Measurement,” to account for the MACRA-driven expansion of the qualified entity program. CMS included a lengthy list of proposed approaches for each of the following areas of the new program: (1) non-public analyses; (2) dissemination of data; (3) authorized users; (4) annual reporting requirements; (5) assessment for a breach; (6) termination of qualified entity agreement; (7) additional data including standardized extracts of claims data under Medicaid and the Children’s Health Insurance Program (CHIP); and (8) qualified clinical data registries.

Many proposed approaches related to the question of how to define certain terms including combined data, which is tentatively defined as “a set of CMS claims data provided under subpart G with a subset of claims data from at least one of the other claims data sources described in 42 C.F.R. section 401.707(d).” However, in the Proposed rule, the agency considered whether to establish a minimum amount of data from other sources that must be included in the combined data. On this issue, CMS indicated that creating such a threshold would be difficult given the variability of the analyses and ultimately rejected the idea. However, CMS would impose a threshold on the amount of data being provided by the issuer as it would encourage larger samples with increased reliability. Specifically, the rule would limit qualified entities to providing or selling non-public analyses that represent “a majority of the issuers’ covered lives in the geographic region and during the time frame of the non-public analyses requested by the issuer.”

Comments on this approach as well as the others contained in the Proposed rule are due on March 29, 2016.

MainStory: TopStory HealthCareReformNews ReimbursementNews CMSNews ConfidentialityNews HealthReformNews HIPAANews PartANews PartBNews PartDNews ProgramIntegrityNews QualityNews

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More