Congress wasn’t going for subtlety when it passed the “Doc Fix” law—officially known as the Medicare Access and CHIP Reauthorization Act of 2015. The Act takes a 20-pound mallet to the Sustainable Growth Rate and hammers out a mandate for the interoperability of electronic health records. But the Act also picks up an awl and scribes a few fine lines into the Affordable Care Act that may expand the use of Medicare claims data to develop new models of patient care.
Before the Doc Fix law, the Affordable Care Act permitted Medicare claims data to be released to “qualified entities”—organizations that meet CMS requirements for statutory and regulatory experience as well as data privacy and security. There were, however, severe limitations on how qualified entities could use the Medicare data. Qualified entities were only permitted to use the data to produce and publish comparative reports on the performance of healthcare providers, and they were prohibited from using Medicare data for any other purpose, including selling or analyzing the data.
The combination of the high cost of implementing and maintaining an information technology infrastructure that meets the qualified entity program requirements and the prohibition on charging for data analytics services hindered the program’s development. Only 12 organizations have been certified as qualified entities since the inception of the program.
In a move surprising both for its responsiveness and potential effectiveness, Congress addressed the problem in the Doc Fix law. Section 105(a) of the Act expands qualified entities’ ability to use Medicare claims data to permit:
- using the data for non-public analyses;
- providing or selling analyses to authorized users (e.g., healthcare providers, suppliers, and employers) for non-public use;
- providing or selling the Medicare data—but only if combined with other data—to authorized users for non-public use; and
- providing (but not selling) Medicare claims data to authorized users for non-public use.
There are limitations, of course. First, qualified entities may only provide or sell analyses and data to “authorized users,” which includes hospitals and other healthcare facilities that participate in Medicare, physicians who participate in Medicare, employers, health insurance issuers and any other entities approved by the Secretary of the Department of Health and Human Services. Second, an authorized user may not use analyses or data it receives from a qualified entity for marketing purposes, and it may not make those analyses or data public. Third, analyses or data provided or sold to an authorized user may not contain information that individually identifies a patient, except for a patient of the authorized user.
While these are only incremental changes to the qualified entity program, they appear to increase the usefulness and viability of the program. Healthcare providers, healthcare technology vendors and employers may now be able to use Medicare claims data to facilitate the development of new healthcare products and to improve the quality of patient care.