Topics
More on Medicare & Medicaid

CMS sets guidelines for access to claims data under MACRA

CMS said the initiative is part of a broader effort to improve care and spend money more wisely by making use of available data.

Jeff Lagasse, Editor

The Centers for Medicare and Medicaid Services has expanded the number of healthcare organizations that are allowed to access Medicare and private claims data prior to selling it to providers and employers, according to a final rule issued last week.

The rule, required under the Medicare Access and CHIP Reauthorization Act of 2015, essentially enhances the Affordable Care Act's Qualified Entity Program. The program permits the confidential sharing or selling of private sector claims data to groups that can then use the information to support better care. The data can also be sold to providers and suppliers, such as doctors, nurses and skilled nursing facilities.

[Also: AMA outlines what physicians need to implement MACRA, presses CMS for more time]

Also included in the rule are strict privacy and security requirements for any organization receiving patient identifiable and beneficiary de-identified analyses or data, as well as expanded annual reporting requirements. For instance, if a group receives patient identifiable data or analyses, it must use protections that are at least as stringent as what is required of covered entities and their business associates for protected health information under the HIPAA Privacy and Security Rules.

CMS said the initiative is part of a broader effort to improve care and spend money more wisely by making use of available data.

"Increasing access to analyses and data that include Medicare data will make it easier for stakeholders throughout the healthcare system to make smarter and more informed healthcare decisions," said CMS Chief Data Officer Niall Brennan in a statement.

[Also: HHS sets aside $20 million to help small practices prepare for payments under MACRA]

The Qualified Entity Program allows organizations that meet certain qualifications to access patient-protected Medicare data to produce public reports. Institutions deemed qualified must combine the Medicare data with other claims data, such as private payer data, to produce quality reports that are representative of how providers and suppliers are performing across multiple payers -- for example Medicare, Medicaid or various commercial payers.

To date, 15 organizations have received approval to be a qualified entity. Of these, two have completed public reporting while the other 13 are preparing for it, according to CMS.

One change allowed by the rule is that a qualified organization can conduct analyses on chronically ill or other resource-intensive populations to increase quality, and potentially drive down costs in the healthcare system.

Future rulemaking is anticipated to expand the available data to include standardized extracts of Medicaid data, said CMS.