Z-0486.1

SENATE BILL 5741

State of Washington
66th Legislature
2019 Regular Session
BySenators Keiser, Rivers, Frockt, and Mullet; by request of Office of Financial Management and Health Care Authority
AN ACT Relating to making changes to support future operations of the state all payer claims database by transferring the responsibility to the health care authority, partnering with a lead organization with broad data experience, including with self-insured employers, and other changes to improve and ensure successful and sustainable database operations for access to and use of the data to improve health care, providing consumers useful and consistent quality and cost measures, and assess total cost of care in Washington state; amending RCW 43.371.005, 43.371.020, 43.371.030, 43.371.050, 43.371.060, 43.371.070, and 43.371.080; reenacting and amending RCW 43.371.010; adding a new section to chapter 43.371 RCW; creating a new section; and declaring an emergency.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:
Sec. 1. RCW 43.371.005 and 2014 c 223 s 9 are each amended to read as follows:
The legislature finds that:
(1) The activities authorized by this chapter will require collaboration among state agencies and local governments that ((purchase))are involved in health care, private health carriers, third-party purchasers, health care providers, and hospitals. These activities will identify strategies to increase the quality and effectiveness of health care delivered in Washington state and are therefore in the best interest of the public.
(2) The benefits of collaboration, together with active state supervision, outweigh potential adverse impacts. Therefore, the legislature intends to exempt from state antitrust laws, and provide immunity through the state action doctrine from federal antitrust laws, activities that are undertaken, reviewed, and approved by the ((office))authority pursuant to this chapter that might otherwise be constrained by such laws. The legislature does not intend and does not authorize any person or entity to engage in activities not provided for by this chapter, and the legislature neither exempts nor provides immunity for such activities including, but not limited to, agreements among competing providers or carriers to set prices or specific levels of reimbursement for health care services.
Sec. 2. RCW 43.371.010 and 2015 c 246 s 1 are each reenacted and amended to read as follows:
The definitions in this section apply throughout this chapter unless the context clearly requires otherwise.
(1) "Authority" means the health care authority.
(2) "Carrier" and "health carrier" have the same meaning as in RCW 48.43.005.
(3) "Claims data" means the data required by RCW 43.371.030 to be submitted to the database, including billed, allowed and paid amounts, and such additional information as defined by the director in rule.
(4) "Data supplier" means: (a) A carrier, third-party administrator, or a public program identified in RCW 43.371.030 that provides claims data; and (b) a carrier or any other entity that provides claims data to the database at the request of an employer-sponsored self-funded health plan or Taft-Hartley trust health plan pursuant to RCW 43.371.030(1).
(5) "Data vendor" means an entity contracted to perform data collection, processing, aggregation, extracts, analytics, and reporting.
(6) "Database" means the statewide all-payer health care claims database established in RCW 43.371.020.
(7) "Direct patient identifier" means a data variable that directly identifies an individual, including: Names; telephone numbers; fax numbers; social security number; medical record numbers; health plan beneficiary numbers; account numbers; certificate or license numbers; vehicle identifiers and serial numbers, including license plate numbers; device identifiers and serial numbers; web universal resource locators; internet protocol address numbers; biometric identifiers, including finger and voice prints; and full face photographic images and any comparable images.
(8) "Director" means the director of ((financial management))the authority.
(9) "Indirect patient identifier" means a data variable that may identify an individual when combined with other information.
(10) "Lead organization" means the organization selected under RCW 43.371.020.
(11) "Office" means the office of financial management.
(12) "Proprietary financial information" means claims data or reports that disclose or would allow the determination of specific terms of contracts, discounts, or fixed reimbursement arrangements or other specific reimbursement arrangements between an individual health care facility or health care provider, as those terms are defined in RCW 48.43.005, and a specific payer, or internal fee schedule or other internal pricing mechanism of integrated delivery systems owned by a carrier.
(13) "Unique identifier" means an obfuscated identifier assigned to an individual represented in the database to establish a basis for following the individual longitudinally throughout different payers and encounters in the data without revealing the individual's identity.
Sec. 3. RCW 43.371.020 and 2015 c 246 s 2 are each amended to read as follows:
(1) The office shall establish a statewide all-payer health care claims database ((to)). On January 1, 2020, the office must transfer authority and oversight for the database to the authority. The office and authority must develop a transition plan that sustains operations by July 1, 2019. The database shall support transparent public reporting of health care information. The database must improve transparency to: Assist patients, providers, and hospitals to make informed choices about care; enable providers, hospitals, and communities to improve by benchmarking their performance against that of others by focusing on best practices; enable purchasers to identify value, build expectations into their purchasing strategy, and reward improvements over time; and promote competition based on quality and cost. The database must systematically collect all medical claims and pharmacy claims from private and public payers, with data from all settings of care that permit the systematic analysis of health care delivery.
(2) The ((office))authority shall use a competitive procurement process, in accordance with chapter 39.26 RCW, to select a lead organization ((from among the best potential bidders)) to coordinate and manage the database.
(a) Due to the complexities of the all payer claims database and the unique privacy, quality, and financial objectives, the ((office))authority must ((award extra points in the scoring evaluation for))give strong consideration to the following elements in determining the appropriate lead organization contractor: (i) The ((bidder's))organization's degree of experience in health care data collection, analysis, analytics, and security; (ii) whether the ((bidder))organization has a long-term self-sustainable financial model; (iii) the ((bidder's))organization's experience in convening and effectively engaging stakeholders to develop reports, especially among groups of health providers, carriers, and self-insured purchasers in the state; (iv) the ((bidder's))organization's experience in meeting budget and timelines for report generations; and (v) the ((bidder's))organization's ability to combine cost and quality data, especially among groups of health providers, carriers, and self-insured purchasers.
(b) ((By December 31, 2017,))The successful lead organization must apply to be certified as a qualified entity pursuant to 42 C.F.R. Sec. 401.703(a) by the centers for medicare and medicaid services.
(3) As part of the competitive procurement process referenced in subsection (2) of this section, the lead organization shall enter into a contract with a data vendor or multiple data vendors to perform data collection, processing, aggregation, extracts, and analytics. ((The))A data vendor must:
(a) Establish a secure data submission process with data suppliers;
(b) Review data submitters' files according to standards established by the ((office))authority;
(c) Assess each record's alignment with established format, frequency, and consistency criteria;
(d) Maintain responsibility for quality assurance, including, but not limited to: (i) The accuracy and validity of data suppliers' data; (ii) accuracy of dates of service spans; (iii) maintaining consistency of record layout and counts; and (iv) identifying duplicate records;
(e) Assign unique identifiers, as defined in RCW 43.371.010, to individuals represented in the database;
(f) Ensure that direct patient identifiers, indirect patient identifiers, and proprietary financial information are released only in compliance with the terms of this chapter;
(g) Demonstrate internal controls and affiliations with separate organizations as appropriate to ensure safe data collection, security of the data with state of the art encryption methods, actuarial support, and data review for accuracy and quality assurance;
(h) Store data on secure servers that are compliant with the federal health insurance portability and accountability act and regulations, with access to the data strictly controlled and limited to staff with appropriate training, clearance, and background checks; and
(i) Maintain state of the art security standards for transferring data to approved data requestors.
(4) The lead organization and data vendor must submit detailed descriptions to the office of the chief information officer to ensure robust security methods are in place. The office of the chief information officer must report its findings to the ((office))authority and the appropriate committees of the legislature.
(5) The lead organization is responsible for internal governance, management, funding, and operations of the database. At the direction of the ((office))authority, the lead organization shall work with the data vendor to:
(a) Collect claims data from data suppliers as provided in RCW 43.371.030;
(b) Design data collection mechanisms with consideration for the time and cost incurred by data suppliers and others in submission and collection and the benefits that measurement would achieve, ensuring the data submitted meet quality standards and are reviewed for quality assurance;
(c) Ensure protection of collected data and store and use any data in a manner that protects patient privacy and complies with this section. All patient-specific information must be deidentified with an up-to-date industry standard encryption algorithm;
(d) Consistent with the requirements of this chapter, make information from the database available as a resource for public and private entities, including carriers, employers, providers, hospitals, and purchasers of health care;
(e) Report performance on cost and quality pursuant to RCW 43.371.060 using, but not limited to, the performance measures developed under RCW 41.05.690;
(f) Develop protocols and policies, including prerelease peer review by data suppliers, to ensure the quality of data releases and reports;
(g) Develop a plan for the financial sustainability of the database as ((self-sustaining))may be reasonable and customary as compared to other states' databases and charge fees for reports and data files as needed to fund the database. Any fees must be approved by the ((office))authority and should be comparable, accounting for relevant differences across data requests and uses. The lead organization may not charge providers or data suppliers fees other than fees directly related to requested reports and data files; and
(h) Convene advisory committees with the approval and participation of the ((office))authority, including: (i) A committee on data policy development; and (ii) a committee to establish a data release process consistent with the requirements of this chapter and to provide advice regarding formal data release requests. The advisory committees must include in-state representation from key provider, hospital, public health, health maintenance organization, large and small private purchasers, consumer organizations, and the two largest carriers supplying claims data to the database.
(6) The lead organization governance structure and advisory committees for this database must include representation of the third-party administrator of the uniform medical plan. A payer, health maintenance organization, or third-party administrator must be a data supplier to the all-payer health care claims database to be represented on the lead organization governance structure or advisory committees.
Sec. 4. RCW 43.371.030 and 2015 c 246 s 3 are each amended to read as follows:
(1) The state medicaid program, public employees' benefits board programs, all health carriers operating in this state, all third-party administrators paying claims on behalf of health plans in this state, and the state labor and industries program must submit claims data to the database within the time frames established by the director in rule and in accordance with procedures established by the lead organization. The director may expand this requirement by rule to include any health plans or health benefit plans defined in RCW 48.43.005(26) (a) through (i) to accomplish the goals of this chapter set forth in RCW 43.371.020(1). Employer-sponsored self-funded health plans and Taft-Hartley trust health plans may voluntarily provide claims data to the database within the time frames and in accordance with procedures established by the lead organization.
(2) Any data supplier used by an entity that voluntarily participates in the database must provide claims data to the data vendor upon request of the entity.
(3) The lead organization shall submit an annual status report to the ((office))authority regarding compliance with this section.
Sec. 5. RCW 43.371.050 and 2015 c 246 s 5 are each amended to read as follows:
(1) Except as otherwise required by law, claims or other data from the database shall only be available for retrieval in processed form to public and private requesters pursuant to this section and shall be made available within a reasonable time after the request. Each request for claims data must include, at a minimum, the following information:
(a) The identity of any entities that will analyze the data in connection with the request;
(b) The stated purpose of the request and an explanation of how the request supports the goals of this chapter set forth in RCW 43.371.020(1);
(c) A description of the proposed methodology;
(d) The specific variables requested and an explanation of how the data is necessary to achieve the stated purpose described pursuant to (b) of this subsection;
(e) How the requester will ensure all requested data is handled in accordance with the privacy and confidentiality protections required under this chapter and any other applicable law;
(f) The method by which the data will be ((stored,)) destroyed((, or returned to the lead organization)) at the conclusion of the data use agreement;
(g) The protections that will be utilized to keep the data from being used for any purposes not authorized by the requester's approved application; and
(h) Consent to the penalties associated with the inappropriate disclosures or uses of direct patient identifiers, indirect patient identifiers, or proprietary financial information adopted under RCW 43.371.070(1).
(2) The lead organization may decline a request that does not include the information set forth in subsection (1) of this section that does not meet the criteria established by the lead organization's data release advisory committee, or for reasons established by rule.
(3) Except as otherwise required by law, the ((office))authority shall direct the lead organization and the data vendor to maintain the confidentiality of claims or other data it collects for the database that include proprietary financial information, direct patient identifiers, indirect patient identifiers, or any combination thereof. Any entity that receives claims or other data must also maintain confidentiality and may only release such claims data or any part of the claims data if:
(a) The claims data does not contain proprietary financial information, direct patient identifiers, indirect patient identifiers, or any combination thereof; and
(b) The release is described and approved as part of the request in subsection (1) of this section.
(4) The lead organization shall, in conjunction with the ((office))authority and the data vendor, create and implement a process to govern levels of access to and use of data from the database consistent with the following:
(a) Claims or other data that include proprietary financial information, direct patient identifiers, indirect patient identifiers, unique identifiers, or any combination thereof may be released only to the extent such information is necessary to achieve the goals of this chapter set forth in RCW 43.371.020(1) to researchers with approval of an institutional review board upon receipt of a signed data use and confidentiality agreement with the lead organization. A researcher or research organization that obtains claims data pursuant to this subsection must agree in writing not to disclose such data or parts of the data set to any other party, including affiliated entities, and must consent to the penalties associated with the inappropriate disclosures or uses of direct patient identifiers, indirect patient identifiers, or proprietary financial information adopted under RCW 43.371.070(1).
(b) Claims or other data that do not contain direct patient identifiers, but that may contain proprietary financial information, indirect patient identifiers, unique identifiers, or any combination thereof may be released to:
(i) Federal, state, tribal, and local government agencies upon receipt of a signed data use agreement with the ((office))authority and the lead organization. Federal, state, tribal, and local government agencies that obtain claims data pursuant to this subsection are prohibited from using such data in the purchase or procurement of health benefits for their employees; ((and))
(ii) Any entity when functioning as the lead organization under the terms of this chapter; and
(iii) The Washington health benefit exchange established under chapter 43.71 RCW, upon receipt of a signed data use agreement with the authority and the lead organization as directed by rules adopted under this chapter.
(c) Claims or other data that do not contain proprietary financial information, direct patient identifiers, or any combination thereof, but that may contain indirect patient identifiers, unique identifiers, or a combination thereof may be released to agencies, researchers, and other entities as approved by the lead organization upon receipt of a signed data use agreement with the lead organization.
(d) Claims or other data that do not contain direct patient identifiers, indirect patient identifiers, proprietary financial information, or any combination thereof may be released upon request.
(5) Reports utilizing data obtained under this section may not contain proprietary financial information, direct patient identifiers, indirect patient identifiers, or any combination thereof. Nothing in this subsection (5) may be construed to prohibit the use of geographic areas with a sufficient population size or aggregate gender, age, medical condition, or other characteristics in the generation of reports, so long as they cannot lead to the identification of an individual.
(6) Reports issued by the lead organization at the request of providers, facilities, employers, health plans, and other entities as approved by the lead organization may utilize proprietary financial information to calculate aggregate cost data for display in such reports. The ((office))authority shall approve by rule a format for the calculation and display of aggregate cost data consistent with this chapter that will prevent the disclosure or determination of proprietary financial information. In developing the rule, the ((office))authority shall solicit feedback from the stakeholders, including those listed in RCW 43.371.020(5)(h), and must consider, at a minimum, data presented as proportions, ranges, averages, and medians, as well as the differences in types of data gathered and submitted by data suppliers.
(7) Recipients of claims or other data under subsection (4) of this section must agree in a data use agreement or a confidentiality agreement to, at a minimum:
(a) Take steps to protect data containing direct patient identifiers, indirect patient identifiers, proprietary financial information, or any combination thereof as described in the agreement;
(b) Not redisclose the claims data except pursuant to subsection (3) of this section;
(c) Not attempt to determine the identity of any person whose information is included in the data set or use the claims or other data in any manner that identifies any individual or their family or attempt to locate information associated with a specific individual;
(d) Destroy ((or return)) claims data ((to the lead organization)) at the conclusion of the data use agreement; and
(e) Consent to the penalties associated with the inappropriate disclosures or uses of direct patient identifiers, indirect patient identifiers, or proprietary financial information adopted under RCW 43.371.070(1).
Sec. 6. RCW 43.371.060 and 2015 c 246 s 6 are each amended to read as follows:
(1)(a) Under the supervision of and through contract with the ((office))authority, the lead organization shall prepare health care data reports using the database and the statewide health performance and quality measure set. Prior to the lead organization releasing any health care data reports that use claims data, the lead organization must submit the reports to the ((office))authority for review.
(b) By October 31st of each year, the lead organization shall submit to the director a list of reports it anticipates producing during the following calendar year. The director may establish a public comment period not to exceed thirty days, and shall submit the list and any comment to the appropriate committees of the legislature for review.
(2)(a) Health care data reports that use claims data prepared by the lead organization for the legislature and the public should promote awareness and transparency in the health care market by reporting on:
(i) Whether providers and health systems deliver efficient, high quality care; and
(ii) Geographic and other variations in medical care and costs as demonstrated by data available to the lead organization.
(b) Measures in the health care data reports should be stratified by demography, income, language, health status, and geography when feasible with available data to identify disparities in care and successful efforts to reduce disparities.
(c) Comparisons of costs among providers and health care systems must account for differences in the case mix and severity of illness of patients and populations, as appropriate and feasible, and must take into consideration the cost impact of subsidization for uninsured and government-sponsored patients, as well as teaching expenses, when feasible with available data.
(3) The lead organization may not publish any data or health care data reports that:
(a) Directly or indirectly identify individual patients;
(b) Disclose a carrier's proprietary financial information; or
(c) Compare performance in a report generated for the general public that includes any provider in a practice with fewer than four providers.
(4) The lead organization may not release a report that compares and identifies providers, hospitals, or data suppliers unless:
(a) It allows the data supplier, the hospital, or the provider to verify the accuracy of the information submitted to the data vendor, comment on the reasonableness of conclusions reached, and submit to the lead organization and data vendor any corrections of errors with supporting evidence and comments within thirty days of receipt of the report;
(b) It corrects data found to be in error within a reasonable amount of time; and
(c) The report otherwise complies with this chapter.
(5) The ((office))authority and the lead organization may use claims data to identify and make available information on payers, providers, and facilities, but may not use claims data to recommend or incentivize direct contracting between providers and employers.
(6)(a) The lead organization shall distinguish in advance to the ((office))authority when it is operating in its capacity as the lead organization and when it is operating in its capacity as a private entity. Where the lead organization acts in its capacity as a private entity, it may only access data pursuant to RCW 43.371.050(4) (b), (c), or (d).
(b) Except as provided in RCW 43.371.050(4), claims or other data that contain direct patient identifiers or proprietary financial information must remain exclusively in the custody of the data vendor and may not be accessed by the lead organization.
Sec. 7. RCW 43.371.070 and 2015 c 246 s 7 are each amended to read as follows:
(1) The director shall adopt any rules necessary to implement this chapter, including:
(a) Definitions of claim and data files that data suppliers must submit to the database, including: Files for covered medical services, pharmacy claims, and dental claims; member eligibility and enrollment data; and provider data with necessary identifiers;
(b) Deadlines for submission of claim files;
(c) Penalties for failure to submit claim files as required;
(d) Procedures for ensuring that all data received from data suppliers are securely collected and stored in compliance with state and federal law;
(e) Procedures for ensuring compliance with state and federal privacy laws;
(f) Procedures for establishing appropriate fees;
(g) Procedures for data release; ((and))
(h) Penalties associated with the inappropriate disclosures or uses of direct patient identifiers, indirect patient identifiers, and proprietary financial information; and
(i) A minimum reporting threshold below which a data supplier is not required to submit data.
(2) The director may not adopt rules, policies, or procedures beyond the authority granted in this chapter.
Sec. 8. RCW 43.371.080 and 2015 c 246 s 8 are each amended to read as follows:
(1) ((By December 1st of 2016 and 2017, the office shall report to the appropriate committees of the legislature regarding the development and implementation of the database, including but not limited to budget and cost detail, technical progress, and work plan metrics.
))The authority shall report every two years to the appropriate committees of the legislature regarding the cost, performance, and effectiveness of the database and the performance of the lead organization under its contract with the ((office))authority. Using independent economic expertise, subject to appropriation, the report must evaluate whether the database has advanced the goals set forth in RCW 43.371.020(1), as well as the performance of the lead organization. The report must also make recommendations regarding but not limited to how the database can be improved, whether the contract for the lead organization should be modified, renewed, or terminated, and the impact the database has had on competition between and among providers, purchasers, and payers.
(((3) Beginning July 1, 2015, and every six months thereafter, the office))(2) The authority shall annually report to the appropriate committees of the legislature regarding any additional grants received or extended.
NEW SECTION.  Sec. 9. A new section is added to chapter 43.371 RCW to read as follows:
(1) To assess and improve performance of the database by state agencies, the authority shall convene a state agency coordinating structure, consisting of state agencies with related data needs to ensure effectiveness of the database and the agencies' programs. The coordinating structure must collaborate in a private/public manner with the lead organization and other partners key to the broader success of the database. The coordinating structure must consult with the authority in any development of database policies and rules, including but not limited to ensuring agency access to the database.
(2) The office must participate as a key part of the coordinating structure and evaluate progress towards meeting the goals of the database, and, as necessary, recommend strategies for maintaining and promoting the progress of the database in meeting the intent of this section, and report its findings annually to the legislature. The office must have all necessary access to database processes, procedures, methodologies, and outcomes to perform these functions. The annual review shall assess, at a minimum the following:
(a) The list of approved agency use case projects and related data requirements under RCW 43.371.050(4);
(b) Successful and unsuccessful data requests and outcomes related to agency and nonagency health researchers pursuant to RCW 43.371.050(4);
(c) On-line data portal access and effectiveness related to research requests and data provider review and reconsideration;
(d) Adequacy of data security and policy consistent with the policy of the office of the chief information officer; and
(e) Timeliness, adequacy, and responsiveness of the database with regard to requests made under RCW 43.371.050(4) and for potential improvements in data sharing, data processing, and communication.
(3) To promote the goal of improving health outcomes through better cost and quality information, the authority and the office, in consultation with the agency coordinating structure, lead organization, data vendor, and the performance measurement coordinating committee, must jointly develop an effectiveness review process for the state common measure set as adopted under RCW 70.320.030. The office may make recommendations for improvements in the areas evaluated as needed.
NEW SECTION.  Sec. 10. (1) The powers, duties, and functions of the office of financial management provided in chapter 43.371 RCW, except as otherwise specified in this act, are transferred to the health care authority.
(2)(a) All reports, documents, surveys, books, records, files, papers, or written material necessary for the health care authority to carry out the powers, duties, and functions in chapter 43.371 RCW being transferred from the office of financial management to the health care authority and that are in the possession of the office of financial management must be delivered to the custody of the health care authority. All funds or credits of the office of financial management that are solely for the purposes of fulfilling the powers, duties, and functions in chapter 43.371 RCW shall be assigned to the health care authority.
(b) Any specific appropriations made to the office of financial management for the sole purpose of fulfilling the duties, powers, and functions in chapter 43.371 RCW must, on the effective date of this section, be transferred and credited to the health care authority.
(c) If any question arises as to the transfer of any funds, books, documents, records, papers, files, equipment, or other tangible property used or held in the exercise of the powers and the performance of the duties and functions transferred, the director of financial management must make a determination as to the proper allocation and certify the same to the state agencies concerned.
(3) All rules and pending business before the office of financial management specifically related to its powers, duties, and functions in chapter 43.371 RCW that are being transferred to the health care authority shall be continued and acted upon by the health care authority. All existing contracts and obligations remain in full force and must be performed by the health care authority.
(4) The transfer of the powers, duties, and functions of the office of financial management does not affect the validity of any act performed before the effective date of this section.
(5) If apportionments of budgeted funds are required because of the transfers directed by this section, the director of financial management shall certify the apportionments to the agencies affected, the state auditor, and the state treasurer. Each of these must make the appropriate transfer and adjustments in funds and appropriation accounts and equipment records in accordance with the certification.
NEW SECTION.  Sec. 11. This act is necessary for the immediate preservation of the public peace, health, or safety, or support of the state government and its existing public institutions, and takes effect immediately.
--- END ---