HOUSE BILL REPORT
ESSB 5084
This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent. |
As Reported by House Committee On:
Health Care & Wellness
Title: An act relating to modifying the all payer claims database to improve health care quality and cost transparency by changing provisions related to definitions regarding data, reporting and pricing of products, responsibilities of the office of financial management and the lead organization, submission to the database, and parameters for release of information.
Brief Description: Modifying the all payer claims database to improve health care quality and cost transparency by changing provisions related to definitions regarding data, reporting and pricing of products, responsibilities of the office of financial management and the lead organization, submission to the database, and parameters for release of information.
Sponsors: Senate Committee on Health Care (originally sponsored by Senators Becker, Frockt, Conway, Keiser and Mullet; by request of Governor Inslee).
Brief History:
Committee Activity:
Health Care & Wellness: 3/25/15, 3/31/15 [DPA].
Brief Summary of Engrossed Substitute Bill (As Amended by Committee) |
|
HOUSE COMMITTEE ON HEALTH CARE & WELLNESS |
Majority Report: Do pass as amended. Signed by 11 members: Representatives Cody, Chair; Riccelli, Vice Chair; Harris, Assistant Ranking Minority Member; Clibborn, DeBolt, Jinkins, Johnson, Moeller, Robinson, Tharinger and Van De Wege.
Minority Report: Do not pass. Signed by 3 members: Representatives Schmick, Ranking Minority Member; Caldier and Short.
Staff: Alexa Silver (786-7190).
Background:
Engrossed Second Substitute House Bill 2572, enacted in 2014, required the Office of Financial Management (OFM) to establish a statewide all-payer health care claims database to improve transparency.
Lead Organization.
The OFM Director is required to select a lead organization to coordinate and manage the database, and the lead organization is responsible for collecting claims data and reporting performance on cost and quality. At the direction of the OFM, the lead organization must, among other things: design collection mechanisms with consideration for time, cost, and benefits; ensure protection of collected data; make information from the database available as a resource; develop policies to ensure quality of data releases; develop a plan for financial sustainability and charge fees up to $5,000 (unless otherwise negotiated), with any fees comparable across requests and users and approved by the OFM; and appoint advisory committees on data policy and the data release process. The OFM initiated rulemaking in July 2014, but delayed selection of a lead organization.
Submissions to the Database.
Data suppliers must submit claims data to the database within the time frames established by the OFM Director and in accordance with procedures established by the lead organization. "Claims data" include data related to coverage and services funded in the operating budget for the Medicaid and Public Employees Benefits Board programs, as well as data voluntarily provided by health carriers and self-funded employers. Data suppliers must submit an annual status report to the OFM regarding their compliance.
Confidentiality and Release of Claims Data.
The OFM must direct the lead organization to maintain the confidentiality of data it collects that include direct or indirect patient identifiers. Any person who receives data with patient identifiers must also maintain confidentiality and may not release the information. Data with direct or indirect patient identifiers may be released to: (1) government agencies upon receipt of a signed data use agreement; and (2) researchers with approval of an institutional review board upon receipt of a signed confidentiality agreement. Data with indirect patient identifiers may be released to any person upon receipt of a signed data use agreement. Data that do not contain direct or indirect patient identifiers may be released upon request. "Direct patient identifier" means information that identifies a patient, and "indirect patient identifier" means information that may identify a patient when combined with other information.
Recipients of data with patient identifiers must agree in data use and confidentiality agreements to take steps to protect patient identifying information and not redisclose the data except as authorized in the agreement or as otherwise required by law. Recipients of data may not attempt to determine patients' identity or use the data in a manner that identifies the individuals or their families. Data obtained through database activities are not subject to subpoena, and a person with access to the data may not be compelled to testify.
Reports by the Lead Organization.
Under the OFM's supervision, the lead organization must use the database to prepare health care data reports. Prior to releasing the reports, the lead organization must submit them to the OFM for review and approval. The lead organization must ensure that no individual carrier or self-insured employer comprises more than 25 percent of the claims data used in any report generated from the database. The lead organization may not: publish data or reports that directly or indirectly identify patients or disclose specific reimbursement arrangements between a provider and a payer; compare performance in a report generated for the general public that includes any provider in a practice with fewer than five providers; or release a report comparing or identifying providers, hospitals, or data suppliers unless it allows them to verify the accuracy of the information and submit corrections within 45 days.
–––––––––––––––––––––––––––––––––
Summary of Amended Bill:
The all-payer claims database must systematically collect all medical and pharmacy claims from public and private payers, with data from all settings of care that permit the systematic analysis of health care delivery.
Lead Organization and Data Vendor.
The Director of the Office of Financial Management (OFM) must use a competitive procurement process to select a lead organization from among the best potential bidders. The OFM must award extra points in the scoring evaluation based on: whether the bidder has a long-term, self-sustainable financial model; the bidder's ability to combine cost and quality data; and the bidder's degree of experience in convening and effectively engaging stakeholders to develop reports, in meeting budget and timelines for report generations, and in health care data collection, analysis, analytics, and security. By December 31, 2017, the successful lead organization must apply to be certified as a qualified entity by the Centers for Medicare and Medicaid Services.
The lead organization must enter into a contract with a data vendor to perform data collection, processing, aggregation, extracts, and analytics. The data vendor must:
establish a secure data submission process with data suppliers;
review submitted files according to standards established by the OFM;
assess each record's alignment with established format, frequency, and consistency criteria;
maintain responsibility for quality assurance, including the accuracy and validity of data suppliers' data, the accuracy of dates of service spans, consistency of record layout and counts, and identification of duplicate records;
assign unique identifiers to individuals represented in the database;
ensure that direct patient identifiers, indirect patient identifiers, and proprietary financial information are released only in compliance with the law;
demonstrate internal controls and affiliations with separate organizations to ensure safe data collection, security of the data with state-of-the-art encryption methods, actuarial support, and data review for accuracy and quality assurance;
store data on secure servers that are compliant with the Federal Health Insurance Portability and Accountability Act, with access to data strictly controlled and limited to staff with appropriate training, clearance, and background checks; and
maintain state-of-the-art security standards for transferring data to approved requesters.
The requirements for the lead organization are modified. It must work with the data vendor to:
design data collection mechanisms considering the time and cost incurred by data suppliers and others in submission (in addition to the time and cost incurred in collection and the benefits measurement would achieve), ensuring that data meet quality standards and are reviewed for quality assurance;
store data in a manner that protects patient privacy and complies with the law;
de-identify patient-specific information with an up-to-date industry standard encryption algorithm;
develop protocols and policies, including pre-release peer review by data suppliers, to ensure the quality of data releases and reports;
develop a plan to make the database self-sustaining;
charge fees that are comparable, accounting for relevant differences across requests and uses; and
ensure that advisory committees include in-state representation from stakeholders, including large and small private purchasers and the two largest carriers supplying claims data.
The $5,000 cap on the lead organization's fees is eliminated. The OFM must adopt procedures for establishing appropriate fees. The lead organization may not charge providers or data suppliers fees other than fees directly related to requested reports. The lead organization and data vendor must submit detailed descriptions to the Office of the Chief Information Office (OCIO) to ensure robust security methods are in place, and the OCIO must report its findings to the OFM and the Legislature.
Submissions to the Database.
Health carriers, third-party administrators, and the Department of Labor and Industries must submit claims data to the database, in addition to the state Medicaid program and Public Employees' Benefits Board programs. The OFM Director may expand this requirement to other types of insurance policies. Data suppliers used by an entity that voluntarily participates in the database must provide claims data upon the entity's request. The lead organization (instead of each data supplier) must submit an annual status report to the OFM regarding compliance with these requirements. "Claims data" means the data required to be submitted, including billed, allowed, and paid amounts, and additional information defined in rule.
Requests for and Release of Claims Data.
Claims and other data are only available to requesters in processed form. Requests for claims data must include the following information: the identity of the entities that will analyze the data; the purpose of the request and an explanation of how it supports the goals of the database; the proposed methodology; the specific variables requested and an explanation of how the data are necessary to achieve the stated purpose; how the requester will ensure the data are handled in accordance with required privacy and confidentiality protections; the method by which the data will be stored, destroyed, or returned to the lead organization; the protections that will be used to keep the data from being used for unauthorized purposes; and consent to penalties for inappropriate disclosures or uses of direct or indirect patient identifiers or proprietary financial information. The lead organization may deny a request for data if the request does not include the required information or meet criteria established by the lead organization's advisory committee, or for reasons established by rule.
In conjunction with the OFM and the data vendor, the lead organization must develop a process to govern levels of access to and use of data. Release of data is permitted as follows:
Data that include proprietary financial information, direct patient identifiers, indirect patient identifiers, unique identifiers, or a combination may be released only to researchers to the extent necessary to achieve the goals of the database. The researcher must: have approval of an institutional review board; submit a signed data use and confidentiality agreement; agree not to disclose the data to any other party, including affiliated entities; and consent to penalties for inappropriate disclosure or use of direct or indirect patient identifiers or proprietary financial information.
Data that do not contain direct patient identifiers, but that may contain proprietary financial information, indirect patient identifiers, unique identifiers, or a combination may be released to government agencies with a signed data use agreement, as well as to any entity when functioning as the lead organization. Government agencies that access claims data pursuant to this provision may not use the data in the purchase or procurement of employee benefits.
Data that contain only indirect patient identifiers, unique identifiers, or a combination may be released to researchers, agencies, and other entities with a data use agreement that are approved by the lead organization.
Data that do not contain direct or indirect patient identifiers or proprietary financial information may be released upon request.
The lead organization must distinguish in advance to the OFM when it is operating as the lead organization; when acting as a private entity, its access to data is governed by the same process as other requesters. Data that contain direct patient identifiers or proprietary financial information must remain in the custody of the data vendor and may not be accessed by the lead organization, except as part of a permitted data release. The OFM must adopt procedures for data release and penalties associated with inappropriate disclosures and uses of direct or indirect patient identifiers and proprietary financial information.
Confidentiality.
The lead organization and data vendor must maintain the confidentiality of data that include proprietary financial information, in addition to direct or indirect patient identifiers. Any entity that receives data must also maintain confidentiality and may only release the data if the release is approved as part of the data request and the data do not contain proprietary financial information, direct patient identifiers, or indirect patient identifiers.
Recipients of data must agree in a data use or confidentiality agreement to: take steps to protect data containing direct or indirect patient identifiers or proprietary financial information; not redisclose the claims data, unless they do not contain proprietary financial information or direct or indirect patient identifiers and the release is approved as part of the data request; not attempt to determine the identity of a person whose data is included in the data set, use the claims or other data in a manner that identifies an individual or family, or attempt to locate information associated with a specific person; destroy or return claims data at the conclusion of the agreement; and consent to penalties for inappropriate disclosures or uses of proprietary financial information or direct or indirect patient identifiers.
Reports using data obtained through the database may not contain proprietary financial information or direct or indirect patient identifiers, but may use geographic areas with a sufficient population size or aggregate gender, age, medical condition, or other characteristics, so long as they cannot lead to the identification of an individual. Reports issued by the lead organization may use proprietary financial information to calculate aggregate cost data to be displayed in the report. The OFM must approve a format for calculating and displaying aggregate cost data to prevent the disclosure or determination of proprietary financial information. In developing the format, the OFM must solicit feedback from stakeholders and consider data presented as proportions, ranges, averages, and medians, as well as the differences in types of data gathered and submitted. Data that are distributed or reported through activities related to the database (in addition to data that are obtained through such activities) are not subject to subpoena, and a person with access to the data may not be compelled to provide such information pursuant to subpoena.
A "direct patient identifier" is a data variable that directly identifies an individual, including: names; telephone numbers; fax numbers; social security number; medical record numbers; health plan beneficiary numbers; account numbers; certificate or license numbers; vehicle identifiers and serial numbers, including license plate numbers; device identifiers and serial numbers; web universal resource locators; Internet protocol address numbers; biometric identifiers, including finger and voice prints; and full face photographic images and any comparable images. An "indirect patient identifier" is a data variable that may identify an individual when combined with other information. "Proprietary financial information" are claims data or reports that disclose or would allow the determination of specific terms of contracts, discounts, or fixed reimbursement arrangements or other specific reimbursement arrangements between a facility or provider and a payer, or internal fee schedule or other internal pricing mechanism of integrated delivery systems owned by a carrier. A "unique identifier" is an obfuscated identifier assigned to an individual represented in the database to establish a basis for following the individual longitudinally throughout different payers and encounters in the data without revealing the individual's identity.
Reports by the Lead Organization.
Under the supervision of and through the contract with the OFM, the lead organization must prepare reports using the database and the performance measure set. Prior to release, the lead organization must submit reports to the OFM for review (but not approval). By October 31 of each year, the lead organization must submit to the OFM a list of reports it anticipates producing during the following year. The OFM Director may establish a public comment period and must submit the list and any comments to the Legislature for review.
Reports that use claims data prepared by the lead organization for the Legislature and the public should promote awareness and transparency in the health care market. The features of these reports are modified to include comparisons of costs among providers and systems that account for differences in the case mix and severity of illness of patients and populations. The lead organization's published data and reports may not disclose a carrier's proprietary financial information or compare performance in a report for the general public that includes any provider in a practice with fewer than four (rather than five) providers. The lead organization may not release a report comparing and identifying providers, hospitals, or data suppliers unless it allows them to comment and submit corrections within 30 (rather than 45) days. The requirement that no individual data supplier comprise more than 25 percent of the data used in any report is eliminated.
Reports to the Legislature.
Beginning July 1, 2015, and then every six months, the OFM must report to the Legislature regarding any grants received or extended. By December 1, 2016, and 2017, the OFM must report to the Legislature regarding the development and implementation of the database, including budget and cost detail, technical progress, and work plan metrics. Following the year in which the first report is issued or the first release is provided from the database, the OFM must report to the Legislature every two years on the cost, performance, and effectiveness of the database and the performance of the lead organization. The report must use independent economic expertise, subject to appropriation, to evaluate the lead organization's performance and whether the database has advanced its stated goals. The report must also make recommendations on: how the database could be improved; whether the contract with the lead organization should be modified, renewed, or terminated; and the impact the database has had on competition.
Amended Bill Compared to Engrossed Substitute Bill:
The amended bill adds the requirement that the OFM award extra points to bidders with experience in convening stakeholders and meeting budget and timelines, as well as to bidders with an ability to combine cost and quality data. It removes the requirement that the OFM award extra points to a lead organization with experience setting up a database in at least two other states. It requires the lead organization to apply to be certified (rather than to be certified) as a qualified entity. The amended bill requires the lead organization (rather than the OFM) to enter into a contract with a data vendor. Data must be provided to the data vendor (rather than the lead organization). References to the lead organization issuing reports "in conjunction with the data vendor" are removed. The lead organization must also store and use any data (rather than only data with patient-specific or proprietary financial information) in a manner that protects privacy.
With respect to confidentiality and the release of claims data, the amended bill modifies the definitions of "direct patient identifier," "indirect patient identifier," and "unique identifier" and removes authority to provide data in original form. It permits release of data that include unique identifiers to researchers, as well as to entities approved by the lead organization. It also permits release of data with certain information to government agencies and the lead organization. It provides that the bill does not prohibit the use of geographic areas with a sufficient population size or aggregate gender, age, medical condition, or other characteristics (rather than aggregate zip codes, gender, and age) in reports, so long as they cannot lead to the identification of an individual. Finally, it requires the OFM to adopt penalties for inappropriate disclosure or use of indirect patient identifiers, in addition to direct patient identifiers and proprietary financial information.
–––––––––––––––––––––––––––––––––
Appropriation: None.
Fiscal Note: Available.
Effective Date of Amended Bill: The bill takes effect 90 days after adjournment of the session in which the bill is passed.
Staff Summary of Public Testimony:
(In support) This bill is the product of months of discussions with a broad array of stakeholders. From the beginning of the process, there was an intent to ensure that the bill included strong privacy protections for a range of information, especially personal information. The Senate's changes to the bill are mostly directed at protecting patient confidentiality, but third-party administrators and the Department of Labor and Industries have also been added to the bill so that the state collects data on everything. People are after data, as evidenced by the two recent security breaches with health carriers. Once the database is created, all the data will be in one place, so there must be very strong measures to prevent a breach. The challenge is to protect privacy while allowing the database to serve as a valuable resource on cost and quality. Proprietary financial information should be subject to protections, but it should be available to the lead organization, because that access would improve the ability of the database to do its work. The lead organization, researchers, and those with data use agreements should also have access to unique identifiers. The definition of "indirect patient identifier" should be fixed so that patients can be tracked over time when they change health carriers or move from Medicaid to the commercial market. There should be an open and neutral request for proposal process to obtain the most qualified organization. More robust discussion about characteristics for applicants is needed if they are included in the bill.
(In support with concerns) This bill needs perfecting. The term "unique identifiers" should be used throughout the bill. The lead organization should have access to proprietary financial information because there is a need to look at quality and cost in reports. The definition of "indirect patient identifiers" should be modified so that there is information to compare populations. Neither the bill nor the fiscal note defines the funding source for the startup of the database, and it is unclear whether the federal grant will be used until the lead organization can generate funds from reports. The database must be self-sustaining, but it will take nine months to establish the database before a report is generated, so there is a lag time for the funding.
(With concerns) The original bill was forged through months of discussions and compromises with a broad coalition of stakeholders to make the database workable and actionable. This version of the bill will do more harm than good. It renders the database all but inoperable, threatens to squander millions of dollars in federal grant money, and sets the state back in its transparency efforts. The question is how to strike the balance between transparency and privacy. This bill creates barriers, closes off opportunities for sustainability, and provides conflicting and overlapping definitions. In other states, statutes provide broad authority related to data and leave the details to experts in rulemaking. Standards should be developed in collaboration with experts to ensure that what is collected supports end users' needs. This bill proposes a restrictive approach to data release and reports, and it fragments decision-making authority among the OFM, data vendor, and lead organization. The lead organization should be fully responsible for the data vendor's performance. Building an all-payer claims database is a significant investment, and there should be a realistic funding plan before any files are collected. This bill increases the overall cost of the program and limits revenue by barring access to financial data.
Employers and employees need cost and quality data to make better informed purchasing decisions and to save money for themselves and the state. The information that a robust database will provide through comparative quality and cost reports will allow King County to direct its purchasing to high-value, lower-cost providers. King County has already saved money using the data from the current voluntary database, but it needs to further control health care costs to avoid a federal excise tax under the Affordable Care Act. The database should be useable for consumers and patients. Given rising medical costs, health care information should be transparent and readily available to consumers to empower them to make informed choices based on cost, quality, and safety. Health care providers use the community checkup reports of the Washington Health Alliance (Alliance). This bill will limit the number of reports generated by making it much more expensive to produce them. It also unnecessarily limits access to data and therefore its usefulness. Users will be unable to perform their own analytics. This bill does not build on the considerable investment in infrastructure that the Alliance has already made with purchasers, providers, and insurers in this state. The Legislature should allow the Alliance to compete fairly for the role. Using the existing infrastructure could save millions in start-up costs. It is important to select a lead organization that convenes stakeholders.
(Opposed) None.
Persons Testifying: (In support) Senator Becker, prime sponsor; Len Sorrin, Premera; Chris Bandoli, Regence; and Katie Kolan, Washington State Medical Association.
(In support with concerns) Lisa Thatcher, Washington State Hospital Association; and Sheri Nelson, Association of Washington Business.
(With concerns) Linda Green, Freedman Healthcare; Fred Jarrett, King County; Neil Groesch, Washington Roundtable; Patrick Connor, National Federation of Independent Business; Sarah Patterson, Virginia; and Yanling Yu, Washington Advocates for Patient Safety.
Persons Signed In To Testify But Not Testifying: None.