View Rule

Under the Medicare Access and CHIP Reauthorization Act (MACRA), this proposed rule would implement statutory requirements that expand the permissible uses of Medicare claims data that is obtained by qualified entities in accordance with applicable information, privacy, security and disclosure laws.  In doing so, this rule would explain how qualified entities may create non-public analyses and provide or sell such analyses to authorized users, as well as how qualified entities may provide or sell combined data, or provide Medicare claims data alone at no cost, to certain authorized users.  This rule would also implement certain privacy and security requirements and impose assessments on qualified entities in the case of a violation of a data use agreement.

Statement of Need:

The Qualified Entity Program, established by Section 10332 of the Affordable Care Act, authorizes the disclosure of Medicare claims data to qualified entities for use in public provider performance reporting. New legislation in MACRA expands the use of Medicare data by qualified entities to include additional analyses and access to certain data. Effective July 1, 2016, qualified entities may use the combined Medicare and other claims data to conduct non-public analyses and provide or sell these analyses to select users for non-public use. In addition, qualified entities may sell the combined data or provide the Medicare data at no cost to providers, suppliers, hospital associations, and medical societies for non-public use. While qualified entities are allowed to use the CMS data for other purposes than public reporting, the legislation also includes an assessment on the qualified entity for a breach of a data use agreement and new requirements for annual reporting by the qualified entities. These changes to the qualified entity program are important in driving higher quality, lower cost care in Medicare and the health system in general. Additionally, these changes are expected to drive renewed interest in the qualified entity program, leading to more transparency of provider and supplier performance while ensuring beneficiary privacy.

Summary of the Legal Basis:

Section 105 of MACRA requires proposed and final rules to be published and effective by July 1, 2016. This legislation expands both the uses of Medicare data by Qualified Entities as well as the data made available to them.

Alternatives:

None. This is a statutory requirement.

Anticipated Costs and Benefits:

As we move toward publication, estimates of the cost and benefits of these provisions will be included in the rule.

Risks:

The rule would require qualified entities to provide sufficient evidence of data privacy and security protection capabilities in order to avoid increased risks related to the protection of beneficiary identifiable data.