FINANCIAL MANAGEMENT

[Filed July 16, 2018, 12:45 p.m.]

Preproposal statement of inquiry was filed as WSR 18-09-028.

Title of Rule and Other Identifying Information: Amending chapter 82-75 WAC, related to the statewide all-payer health care claims database (WA-APCD). Specifically, the rules will address activities related to ensuring that there is compliance with the following requirements: Submission, release of data, use of data and destruction of data.

Hearing Location(s): On August 21, 2018, at 9:30 a.m., at 302 Sid Snyder Avenue S.W., Fourth Floor, Room 440, Olympia, WA 98501.

Date of Intended Adoption: September 15, 2018.

Submit Written Comments to: Thea Mounts, 106 11th Avenue S.W., P.O. Box 43124, Olympia, WA 98504, email apcd@ofm.wa.gov, by August 21, 2018.

Assistance for Persons with Disabilities: Contact office of financial management (OFM), phone 360-902-3092, TTY 360-753-4107, email hayden.mackley@ofm.wa.gov, by August 17, 2018.

Purpose of the Proposal and Its Anticipated Effects, Including Any Changes in Existing Rules: The purpose of the rule is to establish a clear and fair process to ensure that statutory requirements related to the submission of data into the WA-APCD, release of data out of the WA-APCD, use of the data released from the WA-APCD and destruction of data once the use has been fulfilled.

Reasons Supporting Proposal: Chapter 43.371 RCW directs OFM to establish WA-APCD to support transparent public reporting of health care information. The chapter requires specified providers to submit claims data pursuant to the schedule developed by OFM and the data submission guide. There are also strict requirements regarding the release, use and destruction of the data from WA-APCD. In order to ensure that the statutory and regulatory provisions are being followed, it is imperative that OFM develop an audit program.

Statutory Authority for Adoption: RCW 43.371.070.

Statute Being Implemented: Chapter 43.371 RCW.

Rule is not necessitated by federal law, federal or state court decision.

Name of Proponent: OFM, governmental.

Name of Agency Personnel Responsible for Drafting: Roselyn Marcus, Insurance Building, Olympia, Washington, 360-902-0434; Implementation and Enforcement: Thea Mounts, Helen Sommers Building, Olympia, Washington, 360-902-0552.

A school district fiscal impact statement is not required under RCW 28A.305.135.

A cost-benefit analysis is not required under RCW 34.05.328. OFM is not a listed agency in RCW 34.05.328 (5)(a)(i).

This rule proposal, or portions of the proposal, is exempt from requirements of the Regulatory Fairness Act because the proposal:

Is exempt under RCW 19.85.025(3) as the rule content is explicitly and specifically dictated by statute.

Assistant Director for

Legal and Legislative Affairs

WAC 82-75-700Purpose of audits.

There are two primary areas for which audits may be performed to ensure compliance with laws and rules related to the WA-APCD.

(1) Audits may be performed to determine if data suppliers are in compliance with the requirements for the submission of data to the WA-APCD including, but not limited to:

(a) Compliance with the data submission guide including, but not limited to, accuracy of financial fields;

(b) Data integrity, as opposed to data quality checks that the data vendor performs using thresholds and variances;

(d) Documenting the process for determining the number of Washington covered persons for each line of business in order to ensure that data suppliers are not artificially creating lines of business with small numbers of covered lives in order to meet the minimum threshold for exclusion to report.

(2) Audits can be performed to determine whether requestors who receive data from the WA-APCD are in compliance with the data release requirements or agreements, whether provided datasets or licenses to the data enclave including, but not limited to:

(a) For physical datasets, compliance with data use agreements, confidentiality agreements, compliance with collecting, storing, analyzing, and destroying the data; and

(b) For data enclave licenses, compliance with data use agreements, confidentiality agreements, compliance with analyzing, storing, destroying, and user license access to the data.

(3) For purposes of this section, the following definitions apply:

(a) "Data quality checks" means the extent to which data is missing or the data conforms with the data format requirements; and

(b) "Data integrity checks" means the completeness and validity of the submitted data, whether the submitted values are consistent with the instructions and intent of the data submission guide.

WAC 82-75-705When an audit may be commenced.

(1) The office may initiate a random audit to ensure compliance with data submission requirements or data release requirements. A data supplier or data requestor may not be subject to a random audit more frequently than once every three years.

(2) The office may initiate an audit including, but not limited to, occurrence of the following events:

(a) Reports from the data vendor that there is a material change, without justification or a reasonable basis for the change provided by the data supplier, in the number of claims submitted from a data supplier. Before submitting a report under this subsection, the data vendor should have worked with the data supplier to cure any inadvertent data submission issues.

(b) Reports from the data vendor that certain types of claims are missing for a data supplier.

(c) Notice that the data user is publishing data in reports that are not compliant with data use agreements. Violations of the data use agreements are subject to penalties in accordance with the process set forth in chapter 82-75 WAC.

(d) Notice that the data user is publishing PFI or PHI not in compliance with state or federal requirements.

WAC 82-75-710Audit process.

(1) Once the office determines an audit will be conducted, either as a random audit or based on a triggering event set forth in WAC 82-75-705, the office shall provide written notice to the subject of the audit at least thirty days before the start of the audit. The notice must include the name of the company or individuals who will be conducting the audit and the subject of the audit, including the time period for which the audit covers. If the audit is the result of a triggering event, the notice will include information regarding the triggering event. The notice will also include information regarding the audit entrance conference that has been scheduled to take place within fourteen days before the audit will begin. The notice will include the location, date and time and contact person for the entrance conference and such other information as required. The office will work with the subject of the audit to ensure sufficient time is provided between providing the written notice, the date of the entrance conference, and the start of the audit.

(2) The subject of the audit is required to cooperate with the auditor, providing the information as requested. If there is a dispute during the audit, the issue should be brought to the attention of the WA-APCD program director, who will resolve the dispute. Both the auditor and the subject of the audit will be provided an opportunity to present its issues regarding the dispute, either in writing or in person. The WA-APCD program director may engage a mediator to help resolve the dispute.

(3) The auditor will be required to prepare an audit report. A draft of the audit report shall be provided to the subject of the audit for review and comments. The subject of the audit should be provided no less than thirty days to provide comment to the draft report.

(4) After receiving and reviewing any comments, and revising the draft audit report as deemed necessary, the auditor shall schedule an exit conference with the subject of the audit to review the audit and final audit report. The subject of the audit shall be provided an opportunity to submit comments or responses to the findings in the audit. The auditor shall provide a deadline, not less than thirty days after the exit conference for submission of any response to the audit.

(5) The auditor shall issue a final audit report no later than thirty days after the deadline for submission of any response. The report shall be provided to the lead organization, the office, and the subject of the audit. The office shall publish the report on the agency web site.

(6) The auditor shall be required to sign a confidentiality/nondisclosure agreement if the auditor will have access to any confidential or proprietary information.

WAC 82-75-715Audit guide.

(1) The office shall develop the audit guide with input from the data vendor and stakeholders. The lead organization shall develop a process to allow for stakeholder review and comment on drafts of the audit guide and all subsequent changes to the guide. The office shall have final approval authority over the audit guide and all subsequent changes.

(2) The office shall notify data suppliers before changes to the audit guide are final. Notification shall occur no less than one hundred twenty calendar days prior to the effective date of any change.

(3) The version of the audit guide that is in effect must be posted on the OFM web site. Notice should be given through the office listserv when a new audit guide is posted.

WAC 82-75-720Audit findings of a violation.

(1) If the audit finds that any person has violated laws, rules or data use agreements, the WA-APCD program director shall require an investigation be conducted in accordance with WAC 82-75-615. If the investigation determines that a violation or violations have occurred, the office will take appropriate action as set forth in chapter 82-75 WAC.

(2) In addition to any other penalties authorized by law or rule, the audited party may be required to pay the cost of the audit if a violation is found. The subject of the audit may contest the requirement to pay the cost of the audit or the amount requested using the appeal process set forth in chapter 82-75 WAC for the appeal of penalties.