CMS Issues Rule to Expand Access to Medicare Data
The Centers for Medicare and Medicaid Services on Friday released final rules covering increased access to analyses and data that will help providers, employers and others make more informed decisions about care delivery and quality improvement.
The new rules, required as a provision of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), are meant to augment the Qualified Entity Program, authorized by the Affordable Care Act, which lets qualified entities confidentially share or sell analyses of Medicare and private sector claims data to providers, employers and other groups that can use the data to support improved care.
For example, CMS says provisions of the rule enables qualified entities to conduct analyses on data from chronically ill or other resource-intensive patient populations to increase quality and drive down healthcare costs.
Further, under the rules, qualified entities may provide or sell claims data to providers and suppliers, such as physicians, nurses and skilled nursing facilities, among others.
“Increasing access to analyses and data that include Medicare data will make it easier for stakeholders throughout the healthcare system to make smarter and more informed healthcare decisions,” said Niall Brennan, chief data officer at CMS, in a written statement.
However, the agency points out that qualified entities must combine the Medicare data with other claims data—such as private payer data—to “produce quality reports that are representative of how providers and suppliers are performing across multiple payers—for example Medicare, Medicaid or various commercial payers.”
In addition, CMS emphasized that ensuring the privacy and security of beneficiary information is of paramount importance, and that the new rules include strict privacy and security requirements for all entities that receive patient identifiable and beneficiary de-identified analyses or data.
“For example, if entities receive patient-identifiable data or analyses, they must use protections that are at least as stringent as what is required of covered entities and their business associates for protected health information under the HIPAA Privacy and Security Rules,” stated the agency.
However, Deborah Peel, MD, founder and president of the organization Patient Privacy Rights, contends that this new rule is morally and ethically wrong.
“CMS knows that the public has never supported research without meaningful consent, which violates the Common Rule and post-World War II ethics. But worse, it’s a terrible decision because putting control of Medicare and Medicaid (protected health information) into the hands of close to a million hidden data brokers will ensure the greatest harms to the most vulnerable and supports current HIT giants whose technology must change to end harms to patients,” says Peel, an advocate for patients’ rights to control the use of personal health information in electronic systems.
“Paper medical records systems all required consent for any health info to be shared with any other doctor, except in rare emergencies,” she adds. “Paper records never caused such widespread hidden harms. Government’s job is to serve and protect people, not corporations. HHS has betrayed U.S. patients.”
In its announcement, CMS noted that the final rules contain few changes from its original proposed rule and that “future rulemaking is anticipated to expand the data available to qualified entities to include standardized extracts of Medicaid data.”
To date, 15 organizations have applied for and received approval to be a qualified entity; of those, two have completed public reporting, while the other 13 are preparing for public reporting.
(This article appears courtesy of our sister publication, Health Data Management)