Chapter 43.371 RCW

STATEWIDE HEALTH CARE CLAIMS DATA

Sections

43.371.005Findings.
43.371.010Definitions.
43.371.020Statewide all-payer health care claims databaseSelection and duties of lead organizationCertification as qualified entity pursuant to 42 C.F.R. Sec. 401.703(a)Contract with data vendor.
43.371.030Submission of claims data to databaseAnnual status report.
43.371.040Claims data and databaseExempt from public disclosureNot subject to subpoena or compulsory process.
43.371.050Availability of claims or data for retrievalConfidentiality of claims or dataDuties of the lead organization and the data vendor.
43.371.060Health care data reportsPublic comment periodPreparationContentsPublication or release of reports.
43.371.070Rules.
43.371.080Database development and implementationCost, performance, and effectiveness of database and performance of lead organizationReports to the legislature.


Findings.

*** CHANGE IN 2019 *** (SEE 5741-S.SL) ***
The legislature finds that:
(1) The activities authorized by this chapter will require collaboration among state agencies and local governments that purchase health care, private health carriers, third-party purchasers, health care providers, and hospitals. These activities will identify strategies to increase the quality and effectiveness of health care delivered in Washington state and are therefore in the best interest of the public.
(2) The benefits of collaboration, together with active state supervision, outweigh potential adverse impacts. Therefore, the legislature intends to exempt from state antitrust laws, and provide immunity through the state action doctrine from federal antitrust laws, activities that are undertaken, reviewed, and approved by the office pursuant to this chapter that might otherwise be constrained by such laws. The legislature does not intend and does not authorize any person or entity to engage in activities not provided for by this chapter, and the legislature neither exempts nor provides immunity for such activities including, but not limited to, agreements among competing providers or carriers to set prices or specific levels of reimbursement for health care services.

NOTES:

Finding2014 c 223: See note following RCW 41.05.800.



Definitions.

*** CHANGE IN 2019 *** (SEE 5741-S.SL) ***
The definitions in this section apply throughout this chapter unless the context clearly requires otherwise.
(1) "Authority" means the health care authority.
(2) "Carrier" and "health carrier" have the same meaning as in RCW 48.43.005.
(3) "Claims data" means the data required by RCW 43.371.030 to be submitted to the database, including billed, allowed and paid amounts, and such additional information as defined by the director in rule.
(4) "Data supplier" means: (a) A carrier, third-party administrator, or a public program identified in RCW 43.371.030 that provides claims data; and (b) a carrier or any other entity that provides claims data to the database at the request of an employer-sponsored self-funded health plan or Taft-Hartley trust health plan pursuant to RCW 43.371.030(1).
(5) "Data vendor" means an entity contracted to perform data collection, processing, aggregation, extracts, analytics, and reporting.
(6) "Database" means the statewide all-payer health care claims database established in RCW 43.371.020.
(7) "Direct patient identifier" means a data variable that directly identifies an individual, including: Names; telephone numbers; fax numbers; social security number; medical record numbers; health plan beneficiary numbers; account numbers; certificate or license numbers; vehicle identifiers and serial numbers, including license plate numbers; device identifiers and serial numbers; web universal resource locators; internet protocol address numbers; biometric identifiers, including finger and voice prints; and full face photographic images and any comparable images.
(8) "Director" means the director of financial management.
(9) "Indirect patient identifier" means a data variable that may identify an individual when combined with other information.
(10) "Lead organization" means the organization selected under RCW 43.371.020.
(11) "Office" means the office of financial management.
(12) "Proprietary financial information" means claims data or reports that disclose or would allow the determination of specific terms of contracts, discounts, or fixed reimbursement arrangements or other specific reimbursement arrangements between an individual health care facility or health care provider, as those terms are defined in RCW 48.43.005, and a specific payer, or internal fee schedule or other internal pricing mechanism of integrated delivery systems owned by a carrier.
(13) "Unique identifier" means an obfuscated identifier assigned to an individual represented in the database to establish a basis for following the individual longitudinally throughout different payers and encounters in the data without revealing the individual's identity.

NOTES:

Reviser's note: The definitions in this section have been alphabetized pursuant to RCW 1.08.015(2)(k).
Finding2014 c 223: See note following RCW 41.05.800.



Statewide all-payer health care claims databaseSelection and duties of lead organizationCertification as qualified entity pursuant to 42 C.F.R. Sec. 401.703(a)Contract with data vendor.

*** CHANGE IN 2019 *** (SEE 5741-S.SL) ***
(1) The office shall establish a statewide all-payer health care claims database to support transparent public reporting of health care information. The database must improve transparency to: Assist patients, providers, and hospitals to make informed choices about care; enable providers, hospitals, and communities to improve by benchmarking their performance against that of others by focusing on best practices; enable purchasers to identify value, build expectations into their purchasing strategy, and reward improvements over time; and promote competition based on quality and cost. The database must systematically collect all medical claims and pharmacy claims from private and public payers, with data from all settings of care that permit the systematic analysis of health care delivery.
(2) The office shall use a competitive procurement process, in accordance with chapter 39.26 RCW, to select a lead organization from among the best potential bidders to coordinate and manage the database.
(a) Due to the complexities of the all payer claims database and the unique privacy, quality, and financial objectives, the office must award extra points in the scoring evaluation for the following elements: (i) The bidder's degree of experience in health care data collection, analysis, analytics, and security; (ii) whether the bidder has a long-term self-sustainable financial model; (iii) the bidder's experience in convening and effectively engaging stakeholders to develop reports; (iv) the bidder's experience in meeting budget and timelines for report generations; and (v) the bidder's ability to combine cost and quality data.
(b) By December 31, 2017, the successful lead organization must apply to be certified as a qualified entity pursuant to 42 C.F.R. Sec. 401.703(a) by the centers for medicare and medicaid services.
(3) As part of the competitive procurement process in subsection (2) of this section, the lead organization shall enter into a contract with a data vendor to perform data collection, processing, aggregation, extracts, and analytics. The data vendor must:
(a) Establish a secure data submission process with data suppliers;
(b) Review data submitters' files according to standards established by the office;
(c) Assess each record's alignment with established format, frequency, and consistency criteria;
(d) Maintain responsibility for quality assurance, including, but not limited to: (i) The accuracy and validity of data suppliers' data; (ii) accuracy of dates of service spans; (iii) maintaining consistency of record layout and counts; and (iv) identifying duplicate records;
(e) Assign unique identifiers, as defined in RCW 43.371.010, to individuals represented in the database;
(f) Ensure that direct patient identifiers, indirect patient identifiers, and proprietary financial information are released only in compliance with the terms of this chapter;
(g) Demonstrate internal controls and affiliations with separate organizations as appropriate to ensure safe data collection, security of the data with state of the art encryption methods, actuarial support, and data review for accuracy and quality assurance;
(h) Store data on secure servers that are compliant with the federal health insurance portability and accountability act and regulations, with access to the data strictly controlled and limited to staff with appropriate training, clearance, and background checks; and
(i) Maintain state of the art security standards for transferring data to approved data requestors.
(4) The lead organization and data vendor must submit detailed descriptions to the office of the chief information officer to ensure robust security methods are in place. The office of the chief information officer must report its findings to the office and the appropriate committees of the legislature.
(5) The lead organization is responsible for internal governance, management, funding, and operations of the database. At the direction of the office, the lead organization shall work with the data vendor to:
(a) Collect claims data from data suppliers as provided in RCW 43.371.030;
(b) Design data collection mechanisms with consideration for the time and cost incurred by data suppliers and others in submission and collection and the benefits that measurement would achieve, ensuring the data submitted meet quality standards and are reviewed for quality assurance;
(c) Ensure protection of collected data and store and use any data in a manner that protects patient privacy and complies with this section. All patient-specific information must be deidentified with an up-to-date industry standard encryption algorithm;
(d) Consistent with the requirements of this chapter, make information from the database available as a resource for public and private entities, including carriers, employers, providers, hospitals, and purchasers of health care;
(e) Report performance on cost and quality pursuant to RCW 43.371.060 using, but not limited to, the performance measures developed under RCW 41.05.690;
(f) Develop protocols and policies, including prerelease peer review by data suppliers, to ensure the quality of data releases and reports;
(g) Develop a plan for the financial sustainability of the database as self-sustaining and charge fees for reports and data files as needed to fund the database. Any fees must be approved by the office and should be comparable, accounting for relevant differences across data requests and uses. The lead organization may not charge providers or data suppliers fees other than fees directly related to requested reports; and
(h) Convene advisory committees with the approval and participation of the office, including: (i) A committee on data policy development; and (ii) a committee to establish a data release process consistent with the requirements of this chapter and to provide advice regarding formal data release requests. The advisory committees must include in-state representation from key provider, hospital, public health, health maintenance organization, large and small private purchasers, consumer organizations, and the two largest carriers supplying claims data to the database.
(6) The lead organization governance structure and advisory committees for this database must include representation of the third-party administrator of the uniform medical plan. A payer, health maintenance organization, or third-party administrator must be a data supplier to the all-payer health care claims database to be represented on the lead organization governance structure or advisory committees.

NOTES:

Finding2014 c 223: See note following RCW 41.05.800.



Submission of claims data to databaseAnnual status report.

*** CHANGE IN 2019 *** (SEE 5741-S.SL) ***
(1) The state medicaid program, public employees' benefits board programs, all health carriers operating in this state, all third-party administrators paying claims on behalf of health plans in this state, and the state labor and industries program must submit claims data to the database within the time frames established by the director in rule and in accordance with procedures established by the lead organization. The director may expand this requirement by rule to include any health plans or health benefit plans defined in RCW 48.43.005(26) (a) through (i) to accomplish the goals of this chapter set forth in RCW 43.371.020(1). Employer-sponsored self-funded health plans and Taft-Hartley trust health plans may voluntarily provide claims data to the database within the time frames and in accordance with procedures established by the lead organization.
(2) Any data supplier used by an entity that voluntarily participates in the database must provide claims data to the data vendor upon request of the entity.
(3) The lead organization shall submit an annual status report to the office regarding compliance with this section.

NOTES:

Finding2014 c 223: See note following RCW 41.05.800.



Claims data and databaseExempt from public disclosureNot subject to subpoena or compulsory process.

(1) The claims data provided to the database, the database itself, including the data compilation, and any raw data received from the database are not public records and are exempt from public disclosure under chapter 42.56 RCW.
(2) Claims data obtained, distributed, or reported in the course of activities undertaken pursuant to or supported under this chapter are not subject to subpoena or similar compulsory process in any civil or criminal, judicial, or administrative proceeding, nor may any individual or organization with lawful access to data under this chapter be compelled to provide such information pursuant to subpoena or testify with regard to such data, except that data pertaining to a party in litigation may be subject to subpoena or similar compulsory process in an action brought by or on behalf of such individual to enforce any liability arising under this chapter.

NOTES:

Finding2014 c 223: See note following RCW 41.05.800.



Availability of claims or data for retrievalConfidentiality of claims or dataDuties of the lead organization and the data vendor.

*** CHANGE IN 2019 *** (SEE 5741-S.SL) ***
(1) Except as otherwise required by law, claims or other data from the database shall only be available for retrieval in processed form to public and private requesters pursuant to this section and shall be made available within a reasonable time after the request. Each request for claims data must include, at a minimum, the following information:
(a) The identity of any entities that will analyze the data in connection with the request;
(b) The stated purpose of the request and an explanation of how the request supports the goals of this chapter set forth in RCW 43.371.020(1);
(c) A description of the proposed methodology;
(d) The specific variables requested and an explanation of how the data is necessary to achieve the stated purpose described pursuant to (b) of this subsection;
(e) How the requester will ensure all requested data is handled in accordance with the privacy and confidentiality protections required under this chapter and any other applicable law;
(f) The method by which the data will be stored, destroyed, or returned to the lead organization at the conclusion of the data use agreement;
(g) The protections that will be utilized to keep the data from being used for any purposes not authorized by the requester's approved application; and
(h) Consent to the penalties associated with the inappropriate disclosures or uses of direct patient identifiers, indirect patient identifiers, or proprietary financial information adopted under RCW 43.371.070(1).
(2) The lead organization may decline a request that does not include the information set forth in subsection (1) of this section that does not meet the criteria established by the lead organization's data release advisory committee, or for reasons established by rule.
(3) Except as otherwise required by law, the office shall direct the lead organization and the data vendor to maintain the confidentiality of claims or other data it collects for the database that include proprietary financial information, direct patient identifiers, indirect patient identifiers, or any combination thereof. Any entity that receives claims or other data must also maintain confidentiality and may only release such claims data or any part of the claims data if:
(a) The claims data does not contain proprietary financial information, direct patient identifiers, indirect patient identifiers, or any combination thereof; and
(b) The release is described and approved as part of the request in subsection (1) of this section.
(4) The lead organization shall, in conjunction with the office and the data vendor, create and implement a process to govern levels of access to and use of data from the database consistent with the following:
(a) Claims or other data that include proprietary financial information, direct patient identifiers, indirect patient identifiers, unique identifiers, or any combination thereof may be released only to the extent such information is necessary to achieve the goals of this chapter set forth in RCW 43.371.020(1) to researchers with approval of an institutional review board upon receipt of a signed data use and confidentiality agreement with the lead organization. A researcher or research organization that obtains claims data pursuant to this subsection must agree in writing not to disclose such data or parts of the data set to any other party, including affiliated entities, and must consent to the penalties associated with the inappropriate disclosures or uses of direct patient identifiers, indirect patient identifiers, or proprietary financial information adopted under RCW 43.371.070(1).
(b) Claims or other data that do not contain direct patient identifiers, but that may contain proprietary financial information, indirect patient identifiers, unique identifiers, or any combination thereof may be released to:
(i) Federal, state, and local government agencies upon receipt of a signed data use agreement with the office and the lead organization. Federal, state, and local government agencies that obtain claims data pursuant to this subsection are prohibited from using such data in the purchase or procurement of health benefits for their employees; and
(ii) Any entity when functioning as the lead organization under the terms of this chapter.
(c) Claims or other data that do not contain proprietary financial information, direct patient identifiers, or any combination thereof, but that may contain indirect patient identifiers, unique identifiers, or a combination thereof may be released to agencies, researchers, and other entities as approved by the lead organization upon receipt of a signed data use agreement with the lead organization.
(d) Claims or other data that do not contain direct patient identifiers, indirect patient identifiers, proprietary financial information, or any combination thereof may be released upon request.
(5) Reports utilizing data obtained under this section may not contain proprietary financial information, direct patient identifiers, indirect patient identifiers, or any combination thereof. Nothing in this subsection (5) may be construed to prohibit the use of geographic areas with a sufficient population size or aggregate gender, age, medical condition, or other characteristics in the generation of reports, so long as they cannot lead to the identification of an individual.
(6) Reports issued by the lead organization at the request of providers, facilities, employers, health plans, and other entities as approved by the lead organization may utilize proprietary financial information to calculate aggregate cost data for display in such reports. The office shall approve by rule a format for the calculation and display of aggregate cost data consistent with this chapter that will prevent the disclosure or determination of proprietary financial information. In developing the rule, the office shall solicit feedback from the stakeholders, including those listed in RCW 43.371.020(5)(h), and must consider, at a minimum, data presented as proportions, ranges, averages, and medians, as well as the differences in types of data gathered and submitted by data suppliers.
(7) Recipients of claims or other data under subsection (4) of this section must agree in a data use agreement or a confidentiality agreement to, at a minimum:
(a) Take steps to protect data containing direct patient identifiers, indirect patient identifiers, proprietary financial information, or any combination thereof as described in the agreement;
(b) Not redisclose the claims data except pursuant to subsection (3) of this section;
(c) Not attempt to determine the identity of any person whose information is included in the data set or use the claims or other data in any manner that identifies any individual or their family or attempt to locate information associated with a specific individual;
(d) Destroy or return claims data to the lead organization at the conclusion of the data use agreement; and
(e) Consent to the penalties associated with the inappropriate disclosures or uses of direct patient identifiers, indirect patient identifiers, or proprietary financial information adopted under RCW 43.371.070(1).

NOTES:

Finding2014 c 223: See note following RCW 41.05.800.



Health care data reportsPublic comment periodPreparationContentsPublication or release of reports.

*** CHANGE IN 2019 *** (SEE 5741-S.SL) ***
(1)(a) Under the supervision of and through contract with the office, the lead organization shall prepare health care data reports using the database and the statewide health performance and quality measure set. Prior to the lead organization releasing any health care data reports that use claims data, the lead organization must submit the reports to the office for review.
(b) By October 31st of each year, the lead organization shall submit to the director a list of reports it anticipates producing during the following calendar year. The director may establish a public comment period not to exceed thirty days, and shall submit the list and any comment to the appropriate committees of the legislature for review.
(2)(a) Health care data reports that use claims data prepared by the lead organization for the legislature and the public should promote awareness and transparency in the health care market by reporting on:
(i) Whether providers and health systems deliver efficient, high quality care; and
(ii) Geographic and other variations in medical care and costs as demonstrated by data available to the lead organization.
(b) Measures in the health care data reports should be stratified by demography, income, language, health status, and geography when feasible with available data to identify disparities in care and successful efforts to reduce disparities.
(c) Comparisons of costs among providers and health care systems must account for differences in the case mix and severity of illness of patients and populations, as appropriate and feasible, and must take into consideration the cost impact of subsidization for uninsured and government-sponsored patients, as well as teaching expenses, when feasible with available data.
(3) The lead organization may not publish any data or health care data reports that:
(a) Directly or indirectly identify individual patients;
(b) Disclose a carrier's proprietary financial information; or
(c) Compare performance in a report generated for the general public that includes any provider in a practice with fewer than four providers.
(4) The lead organization may not release a report that compares and identifies providers, hospitals, or data suppliers unless:
(a) It allows the data supplier, the hospital, or the provider to verify the accuracy of the information submitted to the data vendor, comment on the reasonableness of conclusions reached, and submit to the lead organization and data vendor any corrections of errors with supporting evidence and comments within thirty days of receipt of the report;
(b) It corrects data found to be in error within a reasonable amount of time; and
(c) The report otherwise complies with this chapter.
(5) The office and the lead organization may use claims data to identify and make available information on payers, providers, and facilities, but may not use claims data to recommend or incentivize direct contracting between providers and employers.
(6)(a) The lead organization shall distinguish in advance to the office when it is operating in its capacity as the lead organization and when it is operating in its capacity as a private entity. Where the lead organization acts in its capacity as a private entity, it may only access data pursuant to RCW 43.371.050(4) (c) or (d).
(b) Except as provided in RCW 43.371.050(4), claims or other data that contain direct patient identifiers or proprietary financial information must remain exclusively in the custody of the data vendor and may not be accessed by the lead organization.

NOTES:

Finding2014 c 223: See note following RCW 41.05.800.



Rules.

*** CHANGE IN 2019 *** (SEE 5741-S.SL) ***
(1) The director shall adopt any rules necessary to implement this chapter, including:
(a) Definitions of claim and data files that data suppliers must submit to the database, including: Files for covered medical services, pharmacy claims, and dental claims; member eligibility and enrollment data; and provider data with necessary identifiers;
(b) Deadlines for submission of claim files;
(c) Penalties for failure to submit claim files as required;
(d) Procedures for ensuring that all data received from data suppliers are securely collected and stored in compliance with state and federal law;
(e) Procedures for ensuring compliance with state and federal privacy laws;
(f) Procedures for establishing appropriate fees;
(g) Procedures for data release; and
(h) Penalties associated with the inappropriate disclosures or uses of direct patient identifiers, indirect patient identifiers, and proprietary financial information.
(2) The director may not adopt rules, policies, or procedures beyond the authority granted in this chapter.

NOTES:

Finding2014 c 223: See note following RCW 41.05.800.



Database development and implementationCost, performance, and effectiveness of database and performance of lead organizationReports to the legislature.

*** CHANGE IN 2019 *** (SEE 5741-S.SL) ***
(1) By December 1st of 2016 and 2017, the office shall report to the appropriate committees of the legislature regarding the development and implementation of the database, including but not limited to budget and cost detail, technical progress, and work plan metrics.
(2) Every two years commencing two years following the year in which the first report is issued or the first release of data is provided from the database, the office shall report to the appropriate committees of the legislature regarding the cost, performance, and effectiveness of the database and the performance of the lead organization under its contract with the office. Using independent economic expertise, subject to appropriation, the report must evaluate whether the database has advanced the goals set forth in RCW 43.371.020(1), as well as the performance of the lead organization. The report must also make recommendations regarding but not limited to how the database can be improved, whether the contract for the lead organization should be modified, renewed, or terminated, and the impact the database has had on competition between and among providers, purchasers, and payers.
(3) Beginning July 1, 2015, and every six months thereafter, the office shall report to the appropriate committees of the legislature regarding any additional grants received or extended.