Washington State

House of Representatives

Office of Program Research

BILL

ANALYSIS

Health Care & Wellness Committee

ESSB 5084

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

Brief Description: Modifying the all payer claims database to improve health care quality and cost transparency by changing provisions related to definitions regarding data, reporting and pricing of products, responsibilities of the office of financial management and the lead organization, submission to the database, and parameters for release of information.

Sponsors: Senate Committee on Health Care (originally sponsored by Senators Becker, Frockt, Conway, Keiser and Mullet; by request of Governor Inslee).

Brief Summary of Engrossed Substitute Bill

  • Requires health carriers, third-party administrators, and the Department of Labor and Industries to submit claims data to the all-payer health care claims database.

  • Requires the Office of Financial Management (OFM) to use a competitive procurement process to select a lead organization to manage the database, and modifies requirements applicable to the lead organization.

  • Requires the OFM to select a data vendor, and establishes responsibilities for the data vendor.

  • Modifies standards for reports and release of claims data based on whether the data contain proprietary financial information, direct patient identifiers, or indirect patient identifiers.

Hearing Date: 3/25/15

Staff: Alexa Silver (786-7190).

Background:

Engrossed Second Substitute House Bill 2572, enacted in 2014, required the Office of Financial Management (OFM) to establish a statewide all-payer health care claims database. The goals of the database are to improve transparency to: assist patients, providers, and hospitals to make informed choices about care; enable providers, hospitals, and communities to benchmark their performance; enable purchasers to identify value, build expectations into their purchasing strategies, and reward improvements over time; and promote competition based on quality and cost.

Lead Organization.

The OFM Director is required to select a lead organization to coordinate and manage the database, and the lead organization is responsible for collecting claims data and reporting performance on cost and quality. At the direction of the OFM, the lead organization must, among other things: design collection mechanisms with consideration for time, cost, and benefits; ensure protection of collected data; make information from the database available as a resource; develop policies to ensure quality of data releases; develop a plan for financial sustainability and charge fees up to $5,000 (unless otherwise negotiated), with any fees comparable across requests and users and approved by the OFM; and appoint advisory committees on data policy and the data release process. The OFM initiated rulemaking in July 2014, but delayed selection of a lead organization.

Submissions to the Database.

Data suppliers must submit claims data to the database within the time frames established by the Director and in accordance with procedures established by the lead organization. "Claims data" include data related to coverage and services funded in the operating budget for the Medicaid and Public Employees Benefits Board programs, as well as data voluntarily provided by health carriers and self-funded employers. Data suppliers must submit an annual status report to the OFM regarding their compliance.

Confidentiality and Release of Claims Data.

The OFM must direct the lead organization to maintain the confidentiality of data it collects that include direct or indirect patient identifiers. Any person who receives data with patient identifiers must also maintain confidentiality and may not release the information. Data with direct or indirect patient identifiers may be released to: (1) government agencies upon receipt of a signed data use agreement; and (2) researchers with approval of an institutional review board upon receipt of a signed confidentiality agreement. Data with indirect patient identifiers may be released to any person upon receipt of a signed data use agreement. Data that do not contain direct or indirect patient identifiers may be released upon request. "Direct patient identifier" means information that identifies a patient, and "indirect patient identifier" means information that may identify a patient when combined with other information.

Recipients of data with patient identifiers must agree in a data use agreement and confidentiality agreement to take steps to protect patient identifying information and not re-disclose the data except as authorized in the agreement or as otherwise required by law. Recipients of data may not attempt to determine patients' identity or use the data in a manner that identifies the individuals or their families. Data obtained through activities related to the database are not subject to subpoena, and a person with access to the data may not be compelled to testify.

Reports by the Lead Organization.

Under the supervision of the OFM, the lead organization must use the database to prepare health care data reports. Prior to releasing reports that use claims data, the lead organization must submit the reports to the OFM for review and approval. The lead organization may not publish data or reports that directly or indirectly identify patients or disclose specific reimbursement arrangements between a provider and a payer. In addition, the lead organization may not compare performance in a report generated for the general public that includes any provider in a practice with fewer than five providers. The lead organization may not release a report comparing or identifying providers, hospitals, or data suppliers unless it allows them to verify the accuracy of the information and submit corrections within 45 days. The lead organization must ensure that no individual carrier or self-insured employer comprises more than 25 percent of the claims data used in any report or other analysis generated from the database.

Summary of Bill:

The all-payer health care claims database must systematically collect all medical and pharmacy claims from public and private payers, with data from all settings of care that permit the systematic analysis of health care delivery.

Lead Organization and Data Vendor.

The Director of the Office of Financial Management (OFM) must use a competitive procurement process to select a lead organization from among the best potential bidders. The request for proposals must award extra points: based on the lead organization's degree of experience in health care data collection, analysis, analytics, and security; to a lead organization that has experience reviewing and setting up an all-payer claims database in at least two other states; and to a lead organization that has a long-term, self-sustainable financial model. The successful lead organization must be certified as a qualified entity by the Centers for Medicare and Medicaid Services by December 31, 2017.

The OFM must also enter into a separate contract with a data vendor, which will work at the direction of the lead organization to perform data collection, processing, aggregation, extracts, and analytics. The data vendor must:

The requirements for the lead organization are modified. It must work with the data vendor to:

The $5,000 cap on the lead organization's fees is eliminated. The OFM must adopt procedures for establishing appropriate fees.

The lead organization and data vendor must submit detailed descriptions to the Office of the Chief Information Office (OCIO) to ensure robust security methods are in place. The OCIO must reports its findings to the OFM and the appropriate committees of the Legislature.

Submissions to the Database.

The Department of Labor and Industries, health carriers, and third-party administrators must submit their claims data to the database, in addition to the state Medicaid program and Public Employees' Benefits Board programs. The OFM Director may expand this requirement to include other types of insurance policies. Data suppliers used by an entity that voluntarily participates in the database must provide claims data to the lead organization upon the entity's request. The lead organization (instead of each data supplier) must submit an annual status report to the OFM regarding compliance with these requirements. "Claims data" means the data required to be submitted, including billed, allowed, and paid amounts, and additional information defined in rule.

Release of Claims Data.

Requests for claims data must include the following information: the identity of the entities that will analyze the data; the purpose of the request and an explanation of how it supports the goals of the law governing the database; the proposed methodology; the specific variables requested and an explanation of how the data are necessary to achieve the stated purpose; how the requester will ensure the data are handled in accordance with required privacy and confidentiality protections; the method by which the data will be stored, destroyed, or returned to the lead organization; the protections that will be used to keep the data from being used for unauthorized purposes; and consent to penalties for inappropriate disclosures or uses of direct patient identifiers and proprietary financial information. The lead organization may deny a request for data if the request does not include the required information or meet criteria established by the lead organization's advisory committee or for reasons established by rule.

In conjunction with the OFM and the data vendor, the lead organization must develop a process to govern levels of access to and use of data. Data that include proprietary financial information, direct patient identifiers, or indirect patient identifiers may be released only to researchers to the extent necessary to achieve the goals of the database. The researcher must: have approval of an institutional review board; submit a signed data use and confidentiality agreement; agree not to disclose the data to any other party, including affiliated entities; and consent to penalties for inappropriate disclosure or use of patient identifiers and proprietary financial information. Data that contain only indirect patient identifiers may be released to entities approved by the lead organization. Data that do not contain direct or indirect patient identifiers or proprietary financial information may be released upon request. Data that contain direct patient identifiers or proprietary financial information must remain in the custody of the data vendor and may not be released to the lead organization. The lead organization must distinguish in advance to the OFM when it is operating as the lead organization; when acting as a private entity, its access to data is governed by the same process as other requesters.

The OFM must adopt procedures for data release and penalties associated with inappropriate disclosures and uses of patient identifiers and proprietary financial information.

Confidentiality.

The OFM must direct the lead organization and the data vendor to maintain the confidentiality of data that include proprietary financial information, in addition to direct or indirect patient identifiers. Any entity that receives data must also maintain confidentiality and may only release the data if it does not contain proprietary financial information, direct patient identifiers, or indirect patient identifiers and the release is approved as part of the data request.

A "direct patient identifier" is a data variable that directly identifies an individual, including a first name, last name, social security number, birth month or day, medical record number, individual health plan beneficiary number, full face photograph, and any comparable images, postal address, telephone number, fax number, electronic mail address, contact information, or other data or records that can be directly connected to an individual. An "indirect patient identifier" is a data variable that can be associated with an individual when characteristics are considered in combination or when combined with other data sources, including geographic identifiers smaller than a state and dates directly related to an individual. "Proprietary financial information" means claims data or reports that disclose or would allow the determination of specific terms of contracts, discounts, or fixed reimbursement arrangements or other specific reimbursement arrangements between a facility or provider and a payer, or internal fee schedule or other internal pricing mechanism of integrated delivery systems owned by a carrier.

Recipients of data must agree in a data use or confidentiality agreement to: take steps to protect data containing direct or indirect patient identifiers or proprietary financial information; not re-disclose the claims data, unless they do not contain proprietary financial information or direct or indirect patient identifiers and the release is approved as part of the data request; not attempt to determine the identity of a person whose data is included in the data set, use the claims or other data in a manner that identifies an individual or family, or attempt to locate information associated with a specific person; destroy or return claims data at the conclusion of the agreement; and consent to penalties for inappropriate disclosures or uses of proprietary financial information or direct patient identifiers.

Reports using data obtained through the database may not contain proprietary financial information or direct or indirect patient identifiers, but may use aggregate zip codes, gender, and age, so long as they cannot lead to the identification of an individual. Reports issued by the lead organization in conjunction with the data vendor may use proprietary financial information to calculate aggregate cost data to be displayed in the report. The OFM must approve a format for calculating and displaying aggregate cost data to prevent the disclosure or determination of proprietary financial information. In developing the format, the OFM must solicit feedback from stakeholders and consider data presented as proportions, ranges, averages, and medians, as well as the differences in types of data gathered and submitted. Data that are distributed or reported through activities related to the database (in addition to data that are obtained through such activities) are not subject to subpoena, and a person with access to the data may not be compelled to provide such information pursuant to subpoena.

Reports by the Lead Organization.

Under the supervision of and through the contract with the OFM, the lead organization must, in conjunction with the data vendor, prepare reports using the database and the performance and quality measure set. Prior to release, the lead organization must submit reports to the OFM for review (but not approval). By October 31 of each year, the lead organization must submit to the OFM a list of reports it anticipates producing during the following year. The OFM Director may establish a public comment period and must submit the list and any comments to the Legislature for review.

Reports that use claims data prepared by the lead organization for the Legislature and the public should promote awareness and transparency in the health care market. The features of these reports are modified to include comparisons of costs among providers and systems that account for differences in the case mix and severity of illness of patients and populations. The lead organization's published data and reports may not disclose a carrier's proprietary financial information or compare performance in a report for the general public that includes any provider in a practice with fewer than four providers (rather than five). The lead organization may not release a report comparing and identifying providers, hospitals, or data suppliers unless it allows the provider, hospital, or data supplier to comment on the reasonableness of conclusions reached and submit corrections within 30 days (rather than 45 days). The requirement that no individual data supplier comprise more than 25 percent of the data used in any report is eliminated.

Reports to the Legislature.

Beginning July 1, 2015, and then every six months, the OFM must report to the Legislature regarding any grants received or extended. By December 1, 2016, and 2017, the OFM must report to the Legislature regarding the development and implementation of the database, including budget and cost detail, technical progress, and work plan metrics. Following the year in which the first report is issued or the first release is provided from the database, the OFM must report to the Legislature every two years on the cost, performance, and effectiveness of the database and the performance of the lead organization. The report must use independent economic expertise, subject to appropriation, to evaluate the lead organization's performance and whether the database has advanced its stated goals. The report must also make recommendations on: how the database could be improved; whether the contract with the lead organization should be modified, renewed, or terminated; and the impact the database has had on competition.

Appropriation: None.

Fiscal Note: Requested on March 18, 2015.

Effective Date: The bill takes effect 90 days after adjournment of the session in which the bill is passed.