WSR 18-19-075
PROPOSED RULES
OFFICE OF
FINANCIAL MANAGEMENT
[Filed September 18, 2018, 8:06 a.m.]
Supplemental Notice to WSR 18-15-062.
Preproposal statement of inquiry was filed as WSR 18-09-028.
Title of Rule and Other Identifying Information: Amending chapter 82-75 WAC, related to the statewide all-payer health care claims database (WA-APCD). Specifically, the rules will address activities related to ensuring that there is compliance with the following requirements: Submission, release of data, use of data and destruction of data. The office of financial management (OFM) held a hearing on August 21, 2018. In response to the hearing notice, OFM received written and verbal comments. After considering the comments, OFM made significant changes to the rules subject to that hearing, to incorporate this feedback. The rules, as amended, are the subject of this second hearing
Hearing Location(s): On October 23, 2018, at 9:30 a.m., at 302 Sid Snyder Avenue S.W., Fourth Floor, The HIVE, Olympia, WA 98501.
Date of Intended Adoption: November 5, 2018.
Submit Written Comments to: Thea Mounts, 106 11th Avenue S.W., P.O. Box 43124, Olympia, WA 98504, email apcd@ofm.wa.gov, by October 23, 2018.
Assistance for Persons with Disabilities: Contact OFM, phone 360-902-3092, TTY 360-753-4107, email hayden.mackley@ofm.wa.gov, by October 19, 2018.
Purpose of the Proposal and Its Anticipated Effects, Including Any Changes in Existing Rules: The purpose of the rule is to establish a clear and fair process to ensure that statutory requirements related to the submission of data into the WA-APCD, release of data out of the WA-APCD, use of the data released from the WA-APCD and destruction of data once the use has been fulfilled.
Reasons Supporting Proposal: Chapter 43.371 RCW directs OFM to establish a WA-APCD to support transparent public reporting of health care information. The chapter requires specified providers to submit claims data pursuant to the schedule developed by OFM and the data submission guide. There are also strict requirements regarding the release, use and destruction of the data from APCD. In order to ensure that the statutory and regulatory provisions are being followed, it is imperative that OFM develop an audit program.
Statutory Authority for Adoption: RCW 43.371.070.
Statute Being Implemented: Chapter 43.371 RCW.
Rule is not necessitated by federal law, federal or state court decision.
Name of Proponent: OFM, governmental.
Name of Agency Personnel Responsible for Drafting: Roselyn Marcus, Insurance Building, Olympia, Washington, 360-902-0434; Implementation and Enforcement: Thea Mounts, Helen Sommers Building, Olympia, Washington, 360-902-0552.
A school district fiscal impact statement is not required under RCW 28A.305.135.
A cost-benefit analysis is not required under RCW 34.05.328. OFM is not a listed agency in RCW 34.05.328 (5)(a)(i).
This rule proposal, or portions of the proposal, is exempt from requirements of the Regulatory Fairness Act because the proposal:
Is exempt under RCW 19.85.025(3) as the rule content is explicitly and specifically dictated by statute.
September 18, 2018
Roselyn Marcus
Assistant Director for
Legal and Legislative Affairs
AUDITS
NEW SECTION
WAC 82-75-700Purpose of audits.
There are two primary areas for which audits may be performed to ensure compliance with laws and rules related to the WA-APCD.
(1) Audits may be performed to determine if data suppliers are in compliance with the requirements for the submission of data to the WA-APCD including, but not limited to:
(a) Compliance with the data submission guide including, but not limited to, accuracy of financial fields;
(b) Data integrity, as opposed to data quality checks that the data vendor performs using thresholds and variances;
(c) Finding data that is missing or being withheld from submission into the WA-APCD; and
(d) Documenting the process for determining the number of Washington covered persons for each line of business in order to ensure that data suppliers are not artificially creating lines of business with small numbers of covered lives in order to meet the minimum threshold for exclusion to report.
(2) Audits can be performed to determine whether requestors who receive data from the WA-APCD are in compliance with the data release requirements or agreements, whether provided datasets or licenses to the data enclave including, but not limited to:
(a) For physical datasets, compliance with data use agreements, confidentiality agreements, compliance with collecting, storing, analyzing, and destroying the data; and
(b) For data enclave licenses, compliance with data use agreements, confidentiality agreements, compliance with analyzing, storing, destroying, and user license access to the data.
(3) For purposes of this section, the following definitions apply:
(a) "Data quality checks" means the extent to which data is missing or the data conforms with the data format requirements; and
(b) "Data integrity checks" means the completeness and validity of the submitted data, whether the submitted values are consistent with the instructions and intent of the data submission guide.
NEW SECTION
WAC 82-75-705When an audit may be commenced.
(1) The office may initiate a random audit to ensure compliance with data release requirements. A data requestor may not be subject to a random audit more frequently than once every three years.
(2) The office may initiate an audit of a data supplier or data requestor upon notice that one of the following events has occurred:
(a) Reports from the data vendor that there is a material change, without justification or a reasonable basis for the change provided by the data supplier, in the number of claims submitted from a data supplier. Before submitting a report under this subsection, the data vendor should have worked with the data supplier to cure any inadvertent data submission issues.
(b) Reports from the data vendor that certain types of claims are missing for a data supplier.
(c) Notice that the data requestor or data user is publishing data in reports that are not compliant with data use agreements. Violations of the data use agreements are subject to penalties in accordance with the process set forth in chapter 82-75 WAC.
(d) Notice that the data requestor or data user is publishing PFI or PHI not in compliance with state or federal requirements.
(e) Other occurrence that could indicate that the data supplier or data requestor is not in compliance with the requirements in law or rule regarding the WA-APCD.
NEW SECTION
WAC 82-75-710Audit process.
(1) Once the office determines an audit will be conducted, either as a random audit or based on a triggering event set forth in WAC 82-75-705(2), the office shall provide written notice to the subject of the audit at least thirty days before the start of the audit. The notice must include the name of the company or individuals who will be conducting the audit and the subject of the audit, including the time period for which the audit covers, which time period must be no longer than the prior three years. If the audit is the result of a triggering event, the notice will include information regarding the triggering event. The notice will also include information regarding the audit entrance conference that has been scheduled to take place within fourteen days before the audit will begin. The notice will include the location, date and time and contact person for the entrance conference and such other information as required. The office will work with the subject of the audit to ensure sufficient time is provided between providing the written notice, the date of the entrance conference, and the start of the audit.
(2) The subject of the audit is required to cooperate with the auditor, providing the information as requested. If there is a dispute during the audit, the issue should be brought to the attention of the WA-APCD program director, who will resolve the dispute. Both the auditor and the subject of the audit will be provided an opportunity to present its issues regarding the dispute, either in writing or in person. The WA-APCD program director may engage a mediator to help resolve the dispute.
(3) The auditor will be required to prepare an audit report. A draft of the audit report shall be provided to the subject of the audit for review and comments. The subject of the audit should be provided no less than thirty days to provide comment to the draft report.
(4) After receiving and reviewing any comments, and revising the draft audit report as deemed necessary, the auditor shall schedule an exit conference with the subject of the audit to review the audit and final audit report. The subject of the audit shall be provided an opportunity to submit comments or responses to the findings in the audit. The auditor shall provide a deadline, not less than thirty days after the exit conference for submission of any response to the audit.
(5) The auditor shall issue a final audit report no later than thirty days after the deadline for submission of any response. The report shall be provided to the office and the subject of the audit. The final report shall include any response provided by the subject of the audit. The office shall publish the final report on the agency web site.
(6) The auditor shall be required to sign a confidentiality/nondisclosure agreement if the auditor will have access to any confidential or proprietary information.
NEW SECTION
WAC 82-75-715Audit guide.
(1) The office shall develop the audit guide with input from the data vendor, lead organization, and stakeholders. The audit guide shall include, but is not limited to, the following topics:
(a) The audit standards that will be used for all audits to ensure compliance with generally accepted auditing practices;
(b) The process that will be used to select an auditor, including the auditor qualifications, process to identify and address conflicts of interest;
(c) Specific contract terms that should be included in any contract with an auditor including retention and destruction process for working papers.
(2) The office shall develop a process to allow for stakeholder review and comment on drafts of the audit guide and all subsequent changes to the guide. Prior to final adoption, the DPC shall be given an opportunity to review and provide comments on the draft audit guide to the office. The office shall have final approval authority over the adoption of the audit guide and all subsequent changes.
(3) The office shall conduct an annual review of the audit guide. The office will post notice that the review is being conducted and provide a time period for stakeholder to submit comments and changes to the audit guide. The office will follow the process developed pursuant to subsection (2) of this section for review and comment on draft changes to the guide.
(4) The office shall notify data suppliers before changes to the audit guide are final. Notification shall occur no less than one hundred twenty calendar days prior to the effective date of any change.
(5) The version of the audit guide that is in effect must be posted on the OFM web site. Notice should be given through the office listserv when a new audit guide is posted.
NEW SECTION
WAC 82-75-720Audit findings of a violation.
(1) If the audit finds that any person has violated laws, rules or data use agreements, the WA-APCD program director shall require an investigation be conducted in accordance with WAC 82-75-615. If the investigation determines that a violation or violations have occurred, the office will take appropriate action as set forth in chapter 82-75 WAC.
(2) In addition to any other penalties authorized by law or rule, the audited party may be required to pay the cost of the audit if, after an investigation conducted pursuant to chapter 82-75 WAC, a violation is found. The subject of the audit may contest the requirement to pay the cost of the audit or the amount requested using the appeal process set forth in chapter 82-75 WAC for the appeal of penalties.