Dedicated to providing the latest
HIPAA compliance news

CMS Finalizes New Rules for QEs on Sale and Sharing of Medicare Claims Data

Share this article on:

The Centers for Medicare and Medicaid Services (CMS) has finalized a new set of Rules for qualified entities that will allow the sharing or sale of Medicare claims data to healthcare providers, employers, and other entities.

The rule changes will help to ensure that healthcare organizations, employers, and other organizations have access to the data they need to make informed decisions about the provision of care to patients. With access to all Medicare and private sector claims data, it is hoped that the quality of care provided to patients will be improved.

The rule changes, which were required under the Medicare Access and CHIP Reauthorization Act (MACRA), will permit organizations classed as qualified entities to confidentially share analyses of Medicare and private sector claims with healthcare providers, employers, and other groups that are able to use the data to improve patient care. The sale of data is also permitted. Qualified entities will be permitted to sell data to healthcare providers such as doctors, nurses, and skilled nursing facilities.

While data can be sold or shared, qualified entities are required to ensure that all data are appropriately protected. Any organization or individual receiving the data must ensure that safeguards are applied to preserve the confidentiality and integrity of ePHI. At a minimum, the safeguards must be as robust as those demanded by the Health Insurance Portability and Accountability Act (HIPAA), regardless of whether the recipient of the data is classed as a HIPAA covered entity. Those safeguards are required to be applied for the entire lifespan of the shared data, until they are permanently destroyed or returned.

Under the Qualified Entity Program (section 10332 of the Affordable Care Act) organizations are allowed to apply to become qualified entities and gain access to Medicare claims data in order to produce public reports to evaluate the services of healthcare providers and suppliers. Before data can be provided to qualified entities they must be approved as qualified entities. The approval process requires the provision of evidence to demonstrate that organizations are able to function as qualified entities in accordance with the Final Rule for the Availability of Medicare Data for Performance Management.

To date, 15 organizations have applied to be qualified entities and all have received approval. Two organizations have already provided public reports using patient claims data, while the remaining 13 are in the process of preparing public reports. Qualified entities include the Center for Improving Value in Health Care (CIVHC), FAIR Health, the Health Care Cost Institute (HCCI), HealthInsight, OptumLabs, and The Health Collaborative.

The rule changes will enhance the qualified entity program and will allow the sharing of Medicare data for non-public quality improvement, such as conducting analyses on resource-intensive populations to improve the quality of care and to reduce healthcare costs. Further rule changes are expected that will expand the range of data that can be shared and sold.

CMS Chief Data Officer Niall Brennan said “Increasing access to analyses and data that include Medicare data will make it easier for stakeholders throughout the healthcare system to make smarter and more informed healthcare decisions.”

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On