On July 1, 2016, CMS finalized the rule for the Qualified Entity Program, allowing “qualified entities” to use and disclose Medicare claims data to certain authorized users at no cost. It also explained how qualified entities may create non-public analysis and provide or sell such analysis to authorized users. Currently, there are 15 organizations who have received approval to be a qualified entity and of those, two have completed their public reporting. Further details are available at the Qualified Entity Certification Program.
The key elements of the final rule are as follows,
- The window period is extended for patients in face-to-face or telehealth appointment to at least once in the past 24 months.
- Qualified entities can merge clinical, social-demographic or consumer data with the combined claims data for the development of non-public analysis to produce quality reports.
- CMS emphasized on the importance of privacy and security of beneficiary information and therefore requires a qualified entity to enter into the QE Data Use Agreement with an authorized user prior to providing or selling data or non-public analysis. Entities are also required to comply with additions reporting requirements under DUA within the first three years of the program.
- Qualified entities may not provide or sell a non-public analysis to an insurer where they don’t provide coverage. In addition, entities won’t be able to contribute to the analysis if they don’t have covered lives in the region.
- The definition of an “authorized user” includes federal agencies as possible end-users of Medicare data.
- The new provision allows qualified clinical data registry to request access to Medicare data as a quasi-qualified entity.
The final rule contains a few changes from its proposed rule.