WSR 18-22-095
PERMANENT RULES
OFFICE OF
FINANCIAL MANAGEMENT
[Filed November 5, 2018, 8:49 a.m., effective December 6, 2018]
Effective Date of Rule: Thirty-one days after filing.
Purpose: The purpose of the rule is to establish a clear and fair process to ensure that statutory requirements related to the submission of data into the statewide all-payer health care claims data base (WA-APCD), release of data out of WA-APCD, use of the data released from WA-APCD and destruction of data once the use has been fulfilled.
Citation of Rules Affected by this Order: New WAC 82-75-700, 82-75-705, 82-75-710, 82-75-715, and 82-75-720.
Adopted under notice filed as WSR 18-19-075 (supplemental notice to WSR 18-15-062) on September 18, 2018.
Changes Other than Editing from Proposed to Adopted Version: Changes were made based on comments received from the original notice, which were incorporated in the rules published for the supplemental notice. No changes were made based on comments received from the supplemental notice. Changes from the original notice are detailed in the supplemental notice and the concise explanatory statement, available on the office of financial management WA-APCD web site.
Number of Sections Adopted in Order to Comply with Federal Statute: New 0, Amended 0, Repealed 0; Federal Rules or Standards: New 0, Amended 0, Repealed 0; or Recently Enacted State Statutes: New 5, Amended 0, Repealed 0.
Number of Sections Adopted at the Request of a Nongovernmental Entity: New 0, Amended 0, Repealed 0.
Number of Sections Adopted on the Agency's own Initiative: New 5, Amended 0, Repealed 0.
Number of Sections Adopted in Order to Clarify, Streamline, or Reform Agency Procedures: New 0, Amended 0, Repealed 0.
Number of Sections Adopted using Negotiated Rule Making: New 0, Amended 0, Repealed 0; Pilot Rule Making: New 0, Amended 0, Repealed 0; or Other Alternative Rule Making: New 5, Amended 0, Repealed 0.
Date Adopted: November 5, 2018.
Roselyn Marcus
Assistant Director
Legal and Legislative Affairs
NEW SECTION
WAC 82-75-700Purpose of audits.
There are two primary areas for which audits may be performed to ensure compliance with laws and rules related to the WA-APCD.
(1) Audits may be performed to determine if data suppliers are in compliance with the requirements for the submission of data to the WA-APCD including, but not limited to:
(a) Compliance with the data submission guide including, but not limited to, accuracy of financial fields;
(b) Data integrity, as opposed to data quality checks that the data vendor performs using thresholds and variances;
(c) Finding data that is missing or being withheld from submission into the WA-APCD; and
(d) Documenting the process for determining the number of Washington covered persons for each line of business in order to ensure that data suppliers are not artificially creating lines of business with small numbers of covered lives in order to meet the minimum threshold for exclusion to report.
(2) Audits can be performed to determine whether requestors who receive data from the WA-APCD are in compliance with the data release requirements or agreements, whether provided datasets or licenses to the data enclave including, but not limited to:
(a) For physical datasets, compliance with data use agreements, confidentiality agreements, compliance with collecting, storing, analyzing, and destroying the data; and
(b) For data enclave licenses, compliance with data use agreements, confidentiality agreements, compliance with analyzing, storing, destroying, and user license access to the data.
(3) For purposes of this section, the following definitions apply:
(a) "Data quality checks" means the extent to which data is missing or the data conforms with the data format requirements; and
(b) "Data integrity checks" means the completeness and validity of the submitted data, whether the submitted values are consistent with the instructions and intent of the data submission guide.
NEW SECTION
WAC 82-75-705When an audit may be commenced.
(1) The office may initiate a random audit to ensure compliance with data release requirements. A data requestor may not be subject to a random audit more frequently than once every three years.
(2) The office may initiate an audit of a data supplier or data requestor upon notice that one of the following events has occurred:
(a) Reports from the data vendor that there is a material change, without justification or a reasonable basis for the change provided by the data supplier, in the number of claims submitted from a data supplier. Before submitting a report under this subsection, the data vendor should have worked with the data supplier to cure any inadvertent data submission issues.
(b) Reports from the data vendor that certain types of claims are missing for a data supplier.
(c) Notice that the data requestor or data user is publishing data in reports that are not compliant with data use agreements. Violations of the data use agreements are subject to penalties in accordance with the process set forth in chapter 82-75 WAC.
(d) Notice that the data requestor or data user is publishing PFI or PHI not in compliance with state or federal requirements.
(e) Other occurrence that could indicate that the data supplier or data requestor is not in compliance with the requirements in law or rule regarding the WA-APCD.
NEW SECTION
WAC 82-75-710Audit process.
(1) Once the office determines an audit will be conducted, either as a random audit or based on a triggering event set forth in WAC 82-75-705(2), the office shall provide written notice to the subject of the audit at least thirty days before the start of the audit. The notice must include the name of the company or individuals who will be conducting the audit and the subject of the audit, including the time period for which the audit covers, which time period must be no longer than the prior three years. If the audit is the result of a triggering event, the notice will include information regarding the triggering event. The notice will also include information regarding the audit entrance conference that has been scheduled to take place within fourteen days before the audit will begin. The notice will include the location, date and time and contact person for the entrance conference and such other information as required. The office will work with the subject of the audit to ensure sufficient time is provided between providing the written notice, the date of the entrance conference, and the start of the audit.
(2) The subject of the audit is required to cooperate with the auditor, providing the information as requested. If there is a dispute during the audit, the issue should be brought to the attention of the WA-APCD program director, who will resolve the dispute. Both the auditor and the subject of the audit will be provided an opportunity to present its issues regarding the dispute, either in writing or in person. The WA-APCD program director may engage a mediator to help resolve the dispute.
(3) The auditor will be required to prepare an audit report. A draft of the audit report shall be provided to the subject of the audit for review and comments. The subject of the audit should be provided no less than thirty days to provide comment to the draft report.
(4) After receiving and reviewing any comments, and revising the draft audit report as deemed necessary, the auditor shall schedule an exit conference with the subject of the audit to review the audit and final audit report. The subject of the audit shall be provided an opportunity to submit comments or responses to the findings in the audit. The auditor shall provide a deadline, not less than thirty days after the exit conference for submission of any response to the audit.
(5) The auditor shall issue a final audit report no later than thirty days after the deadline for submission of any response. The report shall be provided to the office and the subject of the audit. The final report shall include any response provided by the subject of the audit. The office shall publish the final report on the agency web site.
(6) The auditor shall be required to sign a confidentiality/nondisclosure agreement if the auditor will have access to any confidential or proprietary information.
NEW SECTION
WAC 82-75-715Audit guide.
(1) The office shall develop the audit guide with input from the data vendor, lead organization, and stakeholders. The audit guide shall include, but is not limited to, the following topics:
(a) The audit standards that will be used for all audits to ensure compliance with generally accepted auditing practices;
(b) The process that will be used to select an auditor, including the auditor qualifications, process to identify and address conflicts of interest;
(c) Specific contract terms that should be included in any contract with an auditor including retention and destruction process for working papers.
(2) The office shall develop a process to allow for stakeholder review and comment on drafts of the audit guide and all subsequent changes to the guide. Prior to final adoption, the DPC shall be given an opportunity to review and provide comments on the draft audit guide to the office. The office shall have final approval authority over the adoption of the audit guide and all subsequent changes.
(3) The office shall conduct an annual review of the audit guide. The office will post notice that the review is being conducted and provide a time period for stakeholder to submit comments and changes to the audit guide. The office will follow the process developed pursuant to subsection (2) of this section for review and comment on draft changes to the guide.
(4) The office shall notify data suppliers before changes to the audit guide are final. Notification shall occur no less than one hundred twenty calendar days prior to the effective date of any change.
(5) The version of the audit guide that is in effect must be posted on the OFM web site. Notice should be given through the office listserv when a new audit guide is posted.
NEW SECTION
WAC 82-75-720Audit findings of a violation.
(1) If the audit finds that any person has violated laws, rules or data use agreements, the WA-APCD program director shall require an investigation be conducted in accordance with WAC 82-75-615. If the investigation determines that a violation or violations have occurred, the office will take appropriate action as set forth in chapter 82-75 WAC.
(2) In addition to any other penalties authorized by law or rule, the audited party may be required to pay the cost of the audit if, after an investigation conducted pursuant to chapter 82-75 WAC, a violation is found. The subject of the audit may contest the requirement to pay the cost of the audit or the amount requested using the appeal process set forth in chapter 82-75 WAC for the appeal of penalties.