Delaware.gov logo

Authenticated PDF Version

DELAWARE HEALTH INFORMATION NETWORK

 

Statutory Authority: 16 Delaware Code, Sections 10306 & 10311-10315 (16 Del.C. §§10306, 10311-10315)

FINAL

ORDER

103 Delaware Health Care Claims Database Data Collection Regulation

In accordance with 16 Del.C. §10306, and for the reasons set forth herein, the Delaware Health Information Network (DHIN) enters this Order adopting the Delaware Health Care Claims Database Data Collection Regulation.

NATURE OF THE PROCEEDINGS

Pursuant to its authority under 16 Del.C. §10306, DHIN proposes to adopt a regulation to establish procedures for submission of claims data by a mandatory reporting entity and a template for a data submission and use agreement to be entered into between DHIN and each reporting entity. The agreement includes procedures for submission, collection, aggregation, and distribution of claims data, and a summary of how claims data may be used for geographic, economic, and peer group comparisons.

DHIN gave notice of its intent to adopt the proposed regulation in the July 1, 2017 issue of the Delaware Register of Regulations. DHIN solicited written comments from the public for thirty (30) days as mandated by 29 Del.C. §10118(a).

SUMMARY OF COMMENTS RECEIVED WITH AGENCY RESPONSE AND EXPLANATION OF CHANGES

Highmark BCSD Inc. (Highmark Delaware) and UnitedHealth Group offered the following summarized observations. The Delaware Health Information Network (DHIN) has considered each comment and responds as follows.

#
Category
Feedback Received
DHIN Response
1
Definitions
"Claims data": Clarify that this term includes the capitalized term "Claims Data" as used in the proposed regulation and "Required Claims Data" as the term is defined in Section 2.
The definition of Claims Data in Section 2.0 is revised as follows:
"Claims Data" includes Required Claims Data and any additional health care information that a voluntary reporting entity elects, through entry into an appropriate Data Submission and Use Agreement, to submit to the Delaware Health Care Claims Database.
2
Health Care Claims Database Committee
"Health Care Claims Database Committee": Include within the definition of this term that the Committee shall consist of at least two Mandatory Reporting Entities, and at least one of which shall be a national payer with experience participating in databases similar to HCCD.
As defined in 16 Del.C. §10314(a)(1), the Health Care Claims Database Committee shall be established by the DHIN Board of Directors. While this Regulation cannot usurp the authority of the Board to appoint this Committee, the Board has historically established subcommittees that include multidisciplinary stakeholders representing diverse voices and interests. Details on how the Committee will function will be included in a separate Regulation pertaining to Data Access.
3
Onboarding of new Mandatory Reporting Entities
Subsection 3.2: In order to begin the development and run up for data submission where a Mandatory Reporting Entity has not been actively reporting data due to membership levels being below the mandatory threshold level, we recommended ensuring the newly mandatory reporting for these entities be done in a mutually agreeable fashion in order to ensure that each party's expectations are aligned with respect to the work needed to begin data submissions.
As outlined in Subsection 3.2, onboarding of new Mandatory Reporting Entities will be based on a compliance schedule developed by the Health Care Claims Database Administrator and the newly Mandatory Reporting Entity.
4
Submission Timelines
Subsection 4.4.1: Corrected and conforming files should be due no less than 20 business days following notification from the HCCD Administrator. The current proposal of 10 business days leaves little time to investigate, build and correct data files that may require substantial reprograming.
As outlined in Subsection 4.4.1, the Health Care Claims Database Administrator may grant extensions of deadlines in circumstances when additional time is required.
5
Sensitive Information
Subsection 5.1; Due to the potentially sensitive nature of the information being submitted to the HCCD, which includes trade secrets and commercial or financial information, including for example plan paid and allowed amounts, we strongly recommend updating this subsection to include reference to the section of Delaware law that protects this type of commercial and financial information from being classified as a Public Record under the Freedom of Information Act.
Additional language is inserted in into Subsection 5.1 which specifically references 29 Del.C. §10002(I)(2) and confirms that trades secrets and commercial or financial information of a privileged or confidential nature is not a Public Record under the Freedom of Information Act.
6
Reporting Schedule
Historical Files: Required Claims Data files for calendar years 2013 and 2014 have been placed in archive and are not easily accessible and programmable for data submission to the HCCD. It would take approximately two years to retrieve such data from archive and submit to the HCCD in its required format. It would also be unduly burdensome for UnitedHealth Group to retrieve and submit it, because it is not archived in its original data format. For these reasons we strongly recommend limiting historical data submissions to the current and two previous calendar years (2015, 2016, and 2017).
To accommodate those instances when a Mandatory Reporting Entity is unable to comply with the Reporting Schedule or Submission Guide – most commonly when a payer’s system does not collect a required element or the payer would experience an unreasonable burden in providing the information – the HCCD Administrator may authorize Mandatory Reporting Entity-specific overrides and variances. This override and exception process is outlined in Section 4.3 of the Submission Guide.
7
Data Submission and Use Agreement
Subsection 4.1: In accordance with the HCCD's enabling statute, 16 Del.C. §10313(a)(4) which requires that DHIN and each mandatory reporting entity execute a mutually acceptable data submission and use agreement, we recommend mirroring the statutory language in order to ensure the intent of the legislature that such agreements be mutually acceptable.
By entering into the Data Submission and Use Agreement (DSUA), Mandatory Reporting Entities will be agreeing to the terms and conditions described therein, thereby rendering the DSUA “mutually agreeable.”
8
Data Submission and Use Agreement
In order to develop a mutually agreeable data submission and use agreement, we have provided a redlined copy of the DSUA with what we believe are the minimally necessary changes. These include for example:
As stipulated in 16 Del.C. §10313(3), the DHIN shall promulgate a template form for a data submission and use agreement (DSUA) for the submission of required claims data by a Mandatory Reporting Entity. Attachment B of this Regulation serves as this template. In having a public comment period, DHIN has solicited feedback from Mandatory Reporting Entities and the general public regarding the content of this DSUA. DHIN will negotiate with Reporting Entities in good faith to reach mutually agreeable terms that generally conform to the template and meet the statutory intent. Terms that do not meet the overall requirements of the statute and regulation will not be mutually agreeable.
 
 
Section 3b.: Because the DSUA is required under 16 Del.C. §103l3(a)(4) to be mutually agreeable, where rights of the parties as mutually agreed upon between DHJN and the Mandatory Reporting Entity are greater in the DSUA than in the regulation, the terms of the DSUA should prevail since such terms have been agreed upon between the two parties. To allow DHIN to override a mutually agreeable DSUA through regulation would be contrary to the intent of the HCCD's enabling statute.
Section 3c.: A new Section 3c. has been inserted to recognize that the parties to the DSUA will work in good faith with each other to meet data submission, reporting, and timeframes, and that where a Reporting Entity is unable to meet a requirement of the DSUA or HCCD Regulation, that the parties will work in good faith to find a mutually agreeable solution.
Section 4a.: This section has been revised to reflect the intent of the enabling statute that specifically restricts the purposes for which a requesting party shall be permitted to use Claims Data, which includes "facilitating the design and evaluation of alternative delivery and payment models, including population health research and provider risk-sharing arrangements." See 16 Del.C. §10314(a). While the legislative purpose and intent of the HCCD, as articulated in 16 Del. C. §10311, includes "to achieve the Triple Aim" and to "improve the public health through increased transparency" these broad themes are limited to the specific purposes articulated in§ 10314 when it comes to the use and disclosure of Claims Data to a requesting party.
By entering into the DSUA, Mandatory Reporting Entities will be agreeing to the terms and conditions described therein, thereby rendering the DSUA “mutually agreeable.”
 
 
 
 
 
 
 
 
 
 
 
Each requirement for data submission, reporting, and timeframes already includes a provision for mutual agreement and resolution in cases in which the Reporting Entity is unable to comply with the stated requirement. It is unnecessary to add an additional paragraph to that effect.
 
 
 
 
 
The legislative intent “to achieve the Triple Aim” and “improve the public health through increased transparency” is included in the opening sections of 16 Del.C. Chapter 103 Subsection II which describe the overall purpose for the creation of the Health Care Claims Database. The fact that later sections do not specifically reference each element of the statutory purpose for enacting the HCCD should not be interpreted to restrict those purposes. The HCCD Committee members will represent the stakeholder groups and will ensure that data is only made available in conformance with the statutory purposes of the HCCD.
9
Data Submission Guide
The DSG contains no thresholds. While a majority of fields are marked with an "R'' and it appears the expectation is that data will be provided at 100% completion, it should be noted the data does not exist at 100% completion. Additional information will be necessary to identify the actual threshold being requested as well as information on the actual variance process.
The Submission Guide has been revised to include threshold levels for all data elements and more detail on the override and exception process (Section 4.3).
 
10
Data Submission Guide
In the eligibility file, there are a number of Primary Care Physician or PCP fields. UnitedHealth Group has limited PCP demographics.
The medical claim file requires a Claim Version number, Ambulatory Payment Classification, Present on Admission Indicator, Servicing Provider, Capitated Service Indicator, Provider Network Indicator data elements, which are not always available. A variance will be needed for these fields.
In the pharmacy claim file the Claim Version Number is a required field. This data element is unavailable in our claims data warehouse and will not be reportable. A variance will be needed for this field.
The provider file specifications require data for servicing provider. This data is available approximately 90% of the time. The Billing provider data is available approximately 95%. A variance will be needed.
The Submission Guide has been revised based on feedback received, and the updated version 0.3 dated September 17, 2017 has been posted to the DHIN website. If a Mandatory Reporting Entity is not able to comply with the requirements outlined in the Submission Guide, they will need to apply for an override or exception as outlined in Section 4.3 of the Submission Guide.

Highmark Feedback

1
Data Submission and Use Agreement
Please explain how the proposed Regulation and the Data Submission and Use Agreement Template are consistent with 16 Del.C. §10313 which requires ‘a mutually acceptable data submission and use agreement’? By way of example, please consider the following additional questions regarding the DSUA.
Attachment B. Data Submission and Use Agreement Section 1. a. . . “The HCCD Regulations shall take precedence over any terms and conditions represented in this Agreement”. In light of this wording, is it your understanding that the DSUA can include clauses that the parties have agreed to involve matters that are either not addressed in the HCCD Regulations, or are not fully determined by the Regulation?
Attachment B. Data Submission and Use Agreement Section 3. b. “or as mutually agreed” While interested in retaining this clause, in light of the next sentence in the Regulation stating that ‘in case of conflict between this Agreement and the HCCD Regulations, the HCCD Regulations shall take precedence”, please explain a circumstance in which the contractual and regulatory reporting schedule would not override any mutual agreement to any other dates?
Attachment B. Data Submission and Use Agreement. In the absence of proposed regulatory wording addressing situations identified in §10314(e) in which data use requests are received from potential competitors of a reporting entity, please explain how DHIN will address these instances. We recommend a meeting to discuss this statutory obligation in order to assure whether (and possibly how) it must be included in the proposed regulation. This is made more important due to the DSUA item 1 statement that the Regulation takes precedence over any terms of the DSUA.
As stipulated in 16 Del.C. §10313(3), the DHIN shall promulgate a template form for a data submission and use agreement (DSUA) for the submission of required claims data by a Mandatory Reporting Entity. Attachment B of this Regulation serves as this template. In having a public comment period, DHIN has solicited feedback from Mandatory Reporting Entities and the general public regarding the content of this DSUA. DHIN will negotiate with Reporting Entities in good faith to reach mutually agreeable terms that generally conform to the template and meet the statutory intent. The intent of this language is to ensure that the terms and intent of the statute and regulation cannot be circumvented or overridden through individual agreements or contract language.
 
By entering into the DSUA, Mandatory Reporting Entities will be agreeing to the terms and conditions described therein, thereby rendering the DSUA “mutually agreeable.”
 
 
 
 
 
The Data Submission and Use Agreement template duplicates the data submission schedule outlined in Attachment A to the HCCD Data Collection Regulation. Should the regulation be amended at some future time to modify the data submission schedule, this language ensures that the schedule as specified in the regulation takes precedence over the schedule in the DSUA without requiring the Parties to renegotiate the DSUA in its entirety.
 
 
 
 
 
 
 
 
DHIN intends to promulgate a separate regulation on access to data through the HCCD. It will provide greater detail regarding the methods and process for requesting access to claims data and the situations in which such requests might be granted or denied. All statutory obligations regarding protection of and access to protected health information and sensitive business information will be addressed in the data access regulation.
2
Sensitive Information
Please explain why Social Security numbers are to be provided pursuant to the Data Submission Guide when the authorizing statute (16 Del.C. §10312 (8) a.) identifies only ‘Basic demographic information, including the patient’s gender, age and geographic area of residency.’ as ‘Required claims data’.
In the absence of a single identifier used by all Reporting Entities to uniquely identify patients, DHIN will use technology tools and matching algorithms to link data submitted by multiple Reporting Entities on the same person. DHIN has over a decade of experience in this activity due our work with linking clinical data into a longitudinal Community Health Record. We have found that including at least the last four digits of the patient’s social security number improves the match rate very significantly. A clean match will be needed in order to link a patient’s data across all of their insurance providers (e.g. coordination of benefits) and follow a patient’s claims and enrollment historical longitudinally.
3
Data Elements
If a Mandatory Reporting Entity does have an optional data element in its records, is it obligated to report that data element? If not, what are the criteria that the submitter must satisfy in order to not report that element?
As outlined in Section 4.1 of the Submission Guide, a data element marked as “O” is optional but should be provided when available. Otherwise, the field may contain a null value.
4
Data Security
What special security protections are contemplated by DHIN as a result of collecting Social Security numbers?
As the Health Care Claims Database Administrator, DHIN will ensure that all data is stored in a highly secure environment, following both DHIN’s HITRUST Certified Process and all CMS protocols for the secure storage of sensitive information.
5
Data Security
Concern regarding the alignment of Highmark Delaware’s existing commitments to individuals and others regarding the sharing of data with the obligations of providing data to DHIN which will then share with others.
The Health Care Claims Database (HCCD) Administrator is committed to serving as a responsible steward of patient data and has invested heavily in its infrastructure and security safeguards to make sure that data arrives and resides securely. The HCCD Committee, appointed by the DHIN Board of Directors and comprised of multidisciplinary stakeholders, will further ensure that data is shared responsibly and only for the purposes of the enabling legislation.
6
Data Security
In light of the fact that commercial and financial information of a privileged and confidential nature is being collected, how does DHIN commit to achieving and maintaining appropriately high security standards?
Does the proposed Regulation contemplate allowing a DSUA which
a. requires DHIN to maintain particular standards of security
b. entitles data submitters to audit or otherwise have access to reasonably assure themselves regarding the security of their data
c. may require imposing different terms in data use agreements depending upon the nature of the different potential users of an entity’s data
d. entitles a submitter to not provide optional information
The Health Care Claims Database (HCCD) Administrator is committed to serving as a responsible steward of patient data and has invested heavily in its infrastructure and security safeguards to make sure that data arrives and resides securely. DHIN is certified under the HITRUST security framework as following industry best practices in protecting the privacy and security of protected data. The HCCD Committee, appointed by the DHIN Board of Directors and comprised of multidisciplinary stakeholders, will further ensure that data is shared responsibly and only for the purposes of the enabling legislation. DHIN will negotiate the terms of the Data Submission and Use Agreement with Reporting Entities to arrive at mutually agreeable terms that do not undermine either the letter or spirit of the enabling statute and supporting regulations.

FINDINGS OF FACT

The public was given notice of DHIN's intention to adopt the proposed regulation and was given opportunity to provide DHIN with comments. The required Regulatory Flexibility Analysis and Impact Statement for this proposed regulation was submitted. Public comments were received, considered, and response provided. Thus, the Delaware Health Information Network (DHIN) finds that the proposed regulation should be adopted as in the best interest of the general public of the State of Delaware.

THEREFORE, IT IS SO ORDERED, this 15th day of September, 2017, that the proposed Delaware Health Care Claims Database Data Collection Regulation 103 is adopted and shall become effective ten (10) days following publication in the Delaware Register of Regulations, in accordance with 29 Del.C. §10118(e) and (g).

Janice L. Lee, MD, Delaware Health Information Network

103 Delaware Health Care Claims Database Data Collection Regulation

1.0 Authority and Purpose

1.1 Statutory Authority. 16 Del.C. §10306 authorizes DHIN to promulgate rules and regulations to carry out its objectives under 16 Del.C. Ch. 103, Subchapter II.

1.2 The Health Care Claims Database ("HCCD") was created by statute, pursuant to 16 Del.C. Ch. 103, Subchapter II, under the purview of DHIN, to achieve the "Triple Aim" of the State's ongoing health care innovation efforts: (1) improved health; (2) health care quality and experience; and (3) affordability for all Delawareans. The HCCD is created and maintained by the Delaware Health Information Network (DHIN), to facilitate data driven, evidence-based improvements in access, quality, and cost of healthcare and to promote and improve the public health through increased transparency of accurate Claims Data and information. To accomplish those objectives, a centralized Health Care Claims Database was established to enable the State to more effectively understand utilization across the continuum of health care in Delaware and achieve the Triple Aim.

2.0 Definitions

The following words, terms, and phrases, when used in this regulation, shall have the following meaning, and use of the singular shall include the plural, unless the context clearly indicates otherwise:

"Claims [data Data]" includes [required claims data Required Claims Data] and any additional health care information that a voluntary reporting entity elects, through entry into an appropriate Data Submission and Use Agreement, to submit to the Delaware Health Care Claims Database.

"Data Submission and Use Agreement" or "DSUA" shall mean the agreement between the HCCD Administrator and the Reporting Entity describing the specific terms and conditions for data submission and use. A template for the DSUA is Attachment B to this regulation.

"HCCD Administrator" shall mean the Delaware Health Information Network and its staff and contractor(s) that are responsible for collecting data submissions, providing secure production services and providing data access for approved users.

"Health Care Claims Database" or "HCCD" shall mean the database and associated technology components maintained by DHIN and authorized under 16 Del.C. Ch. 103, Subchapter II.

"Health Care Claims Database Committee" or the "Committee" shall mean the subcommittee established by the Delaware Health Information Network Board of Directors and governed by its by-laws that has the authority to determine when claims data should be provided to a Data Requester to facilitate the purposes of the enabling legislation, and such other duties as designated the DHIN Board of Directors consistent with the enabling legislation.

"Health care services" means as defined in 18 Del.C. §6403.

"Health insurer" shall mean as defined in 18 Del.C. §4004(b). "Health insurer" does not include providers of casualty insurance, as defined in 18 Del.C. §906; providers of group long-term care insurance or long-term care insurance, as defined in 18 Del.C. §7103; or providers of a dental plan or dental plan organization, as defined in 18 Del.C. §3802.

"Mandatory Reporting Entity" means the following entities, except as prohibited under federal law:

The State Employee Benefits Committee and the Office of Management and Budget, under each entity's respective statutory authority to administer the State Group Health Insurance Program in 19 Del.C. Ch. 96, and any Health Insurer, Third Party Administrator, or other entity that receives or collects charges, contributions, or premiums for, or adjusts or settles health claims for, any State employee, or their spouses or dependents, participating in the State Group Health Insurance Program, except for any carrier, as defined in 29 Del.C. §5290, selected by the State Group Health Insurance Plan to offer supplemental insurance program coverage under 29 Del.C. Ch. 52C.
The Division of Medicaid and Medical Assistance, with respect to services provided under programs administered under Titles XIX and XXI of the Social Security Act.
Any Health Insurer or other entity that is certified as a qualified health plan on the Delaware Health Insurance Marketplace for plan year 2017 or any subsequent plan year.
Any federal health insurance plan providing Health Care Services to a resident of this State, including Medicare fee for service, Medicare Part C/Medicare Advantage and Medicare Part D Prescription Drug plans and the Federal Employees Health Benefits Plan.

"Member" means individuals, employees, and dependents for which the Reporting Entity has an obligation to adjudicate, pay or disburse claims payments. The term includes covered lives. For employer-sponsored coverage, Members include certificate holders and their dependents. This definition includes all members of the State Group Health Insurance Program regardless of state of residence.

"Provider" means a hospital, facility, or any health care practitioner licensed, certified, or authorized under State law to provide Health Care Services and includes hospitals and health care practitioners participating in group arrangements, including accountable care organizations, in which the hospital or health care practitioners agree to assume responsibility for the quality and cost of health care for a designed group of beneficiaries.

"Pricing information" includes the pre-adjudicated price charged by a Provider to a Reporting Entity for Health Care Services, the amount paid by a Member or insured party, including co-pays and deductibles, and the post-adjudicated price paid by a Reporting Entity to a Provider for Health Care Services.

"Reporting Date" means a calendar deadline for test, historical and periodic update file submission to be scheduled on a regularly recurring basis, by which Required Claims Data must be submitted by a Reporting Entity to the Health Care Claims Database, as shown in the Data Submission Guide.

"Reporting Entity" means either a Mandatory Reporting Entity or a Voluntary Reporting Entity.

"Required Claims Data" as authorized under 16 Del.C. §10312(8) shall mean the required data containing records of member eligibility, medical services claims and pharmacy claims as specified in the Submission Guide.

"Submission Guide" shall mean the document providing the specific formats, timelines, data quality standards and other requirements for claims data submission, incorporated as Addendum One to the DSUA. It shall be established and maintained as technical guidance document and substantively updated on an annual basis.

"Third Party Administrator" means as defined in 18 Del.C. §102.

"Voluntary Reporting Entity" includes any of the following entities that has chosen to submit or has been instructed to submit data at the request of an employer or client and enters into a Data Submission and Use Agreement, unless such entity is a Mandatory Reporting Entity:

Any Health Insurer.
Any Third Party Administrator not otherwise required to report.
Any entity, which is not a Health Insurer or Third Party Administrator, when such entity receives or collects charges, contributions, or premiums for, or adjusts or settles health care claims for, residents of this State.
3.0 Reporting Entity Requirements

3.1 Registration: By December 31 of each year, each Mandatory Reporting Entity and each Voluntary Reporting Entity shall provide a contact and enrollment update form indicating if health care claims are being paid for Members and if applicable the types of coverage and estimated enrollment for the following calendar year. Each Mandatory Reporting Entity and participating Voluntary Reporting Entity is responsible for resubmitting or amending the form whenever modifications occur relative to the health care data files, type(s) of business conducted, or contact information.

3.2 Threshold for Covered Lives: Mandatory Reporting Entities with fewer than a total of 1000 covered lives may request an exemption from data submission at the end of a calendar year for the next year. If total enrollment subsequently increases to more than 1000 covered lives, the Mandatory Reporting Entity shall notify the HCCD Administrator to develop a compliance schedule. A Mandatory Reporting Entity that becomes eligible for an exemption shall continue to submit data for two full calendar quarters after receiving such exemption.

3.3 Excluded Mandatory Reporting Entities: As defined in 16 Del.C. §10312(3), the following providers of coverage are excluded from this rule: casualty insurance, long term care, dental care vision care, and employee welfare benefit plans regulated by ERISA.

3.4 Participating Voluntary Entities: Voluntary Reporting Entities are held to the same standards, expectations, and processes as Mandatory Reporting Entities for as long as they remain Reporting Entities.

3.5 New Reporting Entities that have not previously submitted files to the HCCD shall notify the HCCD Administrator and shall submit files according to the form and intervals described in Attachment A "Reporting Schedule."

3.6 Run-Out Period After Terminating Coverage: Mandatory Reporting Entities shall submit medical and pharmacy claims files for at least six months following the termination of coverage date for any Member for any reason, including a change in the status of the Reporting Entity. This should include any subrogated claims or claims held in suspense, with dates of service up to and including the termination date.

4.0 Claims Data Submission

4.1 Data Submission and Use Agreement: Reporting Entities shall enter into the HCCD Data Submission and Use Agreement, or "DSUA," no later than 90 days after the effective date of this rule. Such agreement shall be incorporated into this regulation as Attachment B.

4.2 Submission Guide: The HCCD Administrator shall develop and disseminate a Submission Guide, included as Addendum One to the DSUA. All files must conform to the formats and data quality requirements established in the Submission Guide, generally as follows:

Medical Claims File. As detailed in the Submission Guide, Reporting Entities shall report information about all covered services provided to Members in all settings of care under all reimbursement arrangements, including but not limited to fee for service, capitated arrangements, and any other claims-based payment methods.
Pharmacy Claims File. As detailed in the Submission Guide, Reporting Entities shall report pharmacy paid claims for covered pharmacy benefits that were dispensed to Members.
Member Eligibility File. As detailed in the Submission Guide, Reporting Entities shall report information on every Member enrolled during the reporting month whether or not the Member utilized services during the reporting period.
Provider File. As detailed in the Submission Guide, Reporting Entities shall report information that will uniquely identify health care Providers and allow retrieval of related information from eligibility, medical and pharmacy claims files. (1) Tax id numbers shall be submitted as part of the dataset except in the case that a provider uses their personal social security number as their tax id number in which case the tax id number need not be submitted.

4.3 Submission Schedule: Reporting Entities shall submit data files pursuant to the schedule in Attachment A.

4.4 Data Submitter Responsibilities: Each Reporting Entity is responsible for the submission of all Required Claims Data processed by any subcontractor on its behalf unless such subcontractor is already submitting the identical Required Claims Data as a Reporting Entity.

4.4.1 Upon notification by the HCCD Administrator, Reporting Entities shall provide corrected, conforming files within 10 business days. The HCCD Administrator may grant extensions of deadlines.

4.4.2 The HCCD Administrator may grant temporary or permanent approvals of a Reporting Entity's request for an override of a data submission requirement.

4.5 Replacement of Data Files. No Reporting Entity may replace a complete data file submission more than one year after the end of the month in which the file was submitted unless it can establish exceptional circumstances for the replacement. Any replacements after this period must be approved by the HCCD Administrator. Individual adjustment records may be submitted with any monthly data file submission.

4.6 Updating Submission Guide: The HCCD Administrator may update reporting specifications annually. Reporting Entities shall submit data that conforms to the updated specifications within 180 days after the effective date of the new version of the Submission Guide.

4.7 Submitting Additional Information: The HCCD Administrator may require Reporting Entities to submit information about the insurance product covering each member, including covered services, market sector, plan characteristics, total premiums, deductibles, co-insurance and copayments, by amending the Submission Guide.

5.0 Privacy, Confidentiality and Security

5.1 Pursuant to 29 Del.C. §10002(I)(1) [and (2)], medical and other health care data on individual persons [and trade secrets and commercial or financial information obtained from a person which is of a privileged or confidential nature] is not a Public Record under the Freedom of Information Act.

5.2 All claims data shall be transmitted to the HCCD Administrator and stored in a secure manner compliant with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009, as each is amended from time to time.

5.3 Transmission, storage and use or disclosure of claims data shall conform to all applicable Federal and State laws and regulations which address privacy, security, confidentiality, and breach notification of health care data.

6.0 Compliance

Compliance: Mandatory Reporting Entities' failure to file, report or correct data or comply with data standards may be considered a violation of 16 Del.C. Ch. 103.

Attachment A

Reporting Schedule

1. Test Files

Reporting Entities shall submit one month of Required Claims Data files containing Member, Claims, Prescription Drugs and a sample of Provider data not more than 180 days after the effective date of this rule or as otherwise approved by the HCCD Administrator.

2. Historical Files

Reporting Entities shall submit Required Claims Data files for calendar years 2013, 2014, 2015 and 2016 that conform to file formats on the 181st day after the effective date of this rule.

3. Partial year submission for the current calendar year

Reporting Entities shall submit Claims Data files for calendar 2017 and for claims adjudicated in the elapsed months of calendar 2018, as directed by the HCCD Administrator, no later than May 1, 2018.

4. Ongoing Data Submission

Reporting Entities shall submit monthly files containing claims paid and encounters adjudicated during the prior calendar month within 30 calendar days of the last day of the following month. The schedule for this submission is provided below and will continue in similar format in subsequent years. Submission dates falling on a weekend or legal holiday are extended to the next following business day.

Attachment B

Data Submission and Use Agreement Template

Data Submission and Use Agreement

Between the Delaware Health Information Network

and

[name of Reporting Entity]

For the Delaware Health Care Claims Database

This Data Submission and Use Agreement between the Delaware Health Information Network ("DHIN"), a not-for-profit statutory instrumentality of the State of Delaware located at 107 Wolf Creek Blvd, Suite, 2, Dover, DE 19901 and [name of reporting entity] (the "Reporting Entity") sets forth the terms and conditions for the collection and use of health care claims data for the Delaware Health Care Claims Database.

Recitals

WHEREAS Under 16 Del.C. Ch. 103 as enacted, the Delaware General Assembly directed the Delaware Health Information Network to develop, maintain and administer the Delaware Health Care Claims Database (HCCD); and

WHEREAS Effective health care data analysis and reporting are essential to achieving the Triple Aim and helping move the state's health care system from a fee-for-service to a valued-based system that rewards providers for quality and efficiency of care; and

WHEREAS Claims data are an important component of population health research and analysis and support value-based health care purchasing and prevalence of illness or injury; and

WHEREAS provider and other health care entities accepting financial risk for managing the health care needs of a population should have access to claims data as necessary to effectively manage that risk; and

WHEREAS DHIN Is authorized to create the HCCD to facilitate data-driven, evidence-based improvements in health care and improve public health through increased transparency of accurate health care claims data and information; and

WHEREAS 16 Del.C. §10313 directs that DHIN and each reporting entity shall execute a data submission and use agreement that includes procedures for submission, collection, aggregation and distribution of claims data,

NOW THEREFORE THE PARTIES AGREE AS FOLLOWS:

1. Precedence

a. DHIN shall promulgate regulations to implement the provisions of 16 Del.C. Ch. 103, hereinafter, and as the same may be amended from time to time, the "HCCD Regulations". The HCCD Regulations shall take precedence over any terms and conditions represented in this Agreement.

b. Definitions in Section 2.0 of the HCCD Regulations shall also pertain to this Agreement.

2. Data Submission: Privacy and Security

a. 16 Del.C. Ch. 103 establishes DHIN as a public health authority that is responsible for public health matters pursuant to 45 CFR 164.501.

b. The HIPAA Privacy Rule permits covered entities to disclose PHI for general public health activities per 45 CFR 164.512(b)(1)(i).

c. Notwithstanding these provisions, DHIN shall ensure protection of patient privacy under provisions of 16 Del.C. Ch. 103, and including HIPAA, Title XIX and XXI of the Social Security Act and the HITECH Act and all other applicable state and federal privacy laws.

3. Data Submission: Collection

a. Reporting [Entities Entity] shall submit Required Claims Data to the HCCD according to the specifications set forth in the Submission Guide. The Submission Guide is a technical guidance document, and may be updated and replaced without replacing the entire agreement.

b. Reporting [Entities Entity] shall submit Required Claims Data to the HCCD according to the schedule set forth in Attachment A, Reporting Schedule, of the HCCD Regulations, or as mutually agreed. The schedule is included herein for convenience, but in case of conflict between this Agreement and the HCCD Regulations, the HCCD Regulations shall take precedence.

c. Reporting [entities Entity] shall submit data files using protocols developed by the HCCD.

i. The Submission Guide shall reflect the content and formats in use by similar databases in other states.

ii. The data submission specifications shall be updated no more than once per calendar year.

iii. The parties agree to review and discuss any such changes prior to the effective date.

iv. Reporting [Entities Entity] shall provide conforming data no later than 180 calendar days after publication of changes or by agreement between the HCCD Administrator and the Reporting Entity.

v. The HCCD Administrator may provide clarifications and technical corrections as needed to assist Reporting [Entities Entity] in providing data submissions that conform to specifications.

d. Reporting [entities Entity] shall provide corrected data files within the timelines established in subsection 4.4.1 of the HCCD Regulations, or as mutually agreed.

e. Upon agreement between DHIN and the Reporting Entity, the Reporting Entity may submit additional data to the HCCD to improve or augment established reporting.

f. DHIN will review the Submission Guide and any subsequent annual revisions with Reporting [Entities Entity] prior to the 180 day implementation period and on an annual basis thereafter.

g. Data collection methodologies in the Submission Guide shall facilitate uniformity among various health care claims databases of other states and specification of data fields, consistent with national standards.

h. Reporting [Entities Entity] may request exemptions from specific data collection requirements, including minimum standards for reporting, subject to the approval of the HCCD Administrator.

4. Claims Data Uses

a. Pursuant to 16 Del.C. §10314(a)(1), Claims Data shall only be provided to a requesting party when a majority of the HCCD Committee determines that such request facilitates the statutory purposes of the HCCD.

i. Reporting Entities shall be given opportunity for comment prior to release of Claims Data.

ii. Determinations of the Committee shall be provided in writing to the requesting party.

iii. Decisions of the Committee shall be final and not subject to appeal.

b. Data Requestors may include payers, providers and purchasers.

c. The submitted claims data may be used for the broad purposes described in the enabling statute, including:

i. Alternative delivery and payment models

ii. Population health research

iii. Provider risk-sharing arrangements

iv. Public transparency

v. Other uses in furtherance of the "Triple Aim" of improved health, health care quality and experience, and affordability

d. Detailed permitted uses include, but are not limited to, the following:

i. Population health research and reporting on disease incidence, prevalence, and geographic distribution, costs of care and service utilization

ii. Health care service price variation reports and studies

iii. Design, model and evaluate payment models and purchasing initiatives

iv. Effects of care delivery strategies (e.g., care coordination, behavioral health integration) on utilization and outcomes

v. Efficiency of care, service models or procedures based on quality, value and/or outcomes

vi. Public facing provider performance reports

vii. Augment patient-specific records with data derived from the HCCD to improve the care of the patient, ensure better outcomes and deliver better value.

e. Publicly available data and reports shall, to the fullest extent practicable, comply with guidance in Statement 6 of the United States Department of Justice and Federal Trade Commission Enforcement Policy on Provider Participation in Exchanges of Price and Cost Information, August 1996, as the same may be amended, supplemented or modified from time to time, available at https://www.justice.gov/atr/statements-antitrust-enforcement-policy-health-care#CONTNUM_49 (last visited June 5, 2017).

f. Standard public-facing reports may be developed which provide aggregated, summary level views of the data in accordance with the statutory purpose of public transparency.

Applicable Law:

This Agreement shall be governed by and construed under the laws of the State of Delaware without regard to conflicts of law principles.

IN WITNESS WHEREOF, and intending to be legally bound thereby, the Parties have caused their duly authorized representatives to execute this Agreement.

Signatories:

[Reporting Entity] Delaware Health Information Network

____________________________________ ____________________________________

[Name] Janice L. Lee, MD

[Title] Chief Executive Officer

Date: Date:

21 DE Reg. 293 (10/01/17) (Final)
 
+