DOC

publishahcancalorg

By Christina Hunt,2014-04-17 23:10
7 views 0
publishahcancalorg

    MEMORANDUM

     LLP Reed Smith

    1301 K Street, N.W.

    Suite 1100 - East Tower

    Washington, D.C. 20005-3373

    +1 202 414 9200

    Fax +1 202 414 9299 reedsmith.com

     To: American Health Care Association Members

    Date: October 19, 2011

    Subject: Instructions for Completing the Data Use Agreement, DUA Signature Addendum,

    and the Research Request Packet

     As part of the Bundled Payment Initiative, CMS will make available Medicare claims data to organizations that submit the Bundled Payment Initiative’s letter of intent, and request and are approved to receive the data. In order to receive the data from CMS, an organization must submit a completed DUA form, DUA signature addendum(s) (if necessary), and a completed Research Request Packet, in addition to the letter of intent form. The organization must submit all of these materials simultaneously via email to BundledPayments@cms.hhs.gov by 5:00 pm EDT November 4, 2011. Below are certain general instructions and clarifications for completing each document.

    Data Use Agreement

     It is anticipated that participants in the Bundle Payment Initiative will want to review data from CMS to assist in developing their pricing proposals. A potential Bundled Payment Initiative

    applicant must submit a DUA in order to receive Medicare data for the development of an application.

     By way of background, when an external entity requests the use of personal identifiable data from CMS that is covered by the Privacy Act of 1974, it must sign a DUA in order to obtain that data. A DUA is a binding legal agreement between CMS and an external entity such as a contractor, an academic institution, another Federal government agency, or a state agency. The agreement delineates the confidentiality requirements of the Privacy Act, sets forth security safeguards, and explains CMS's data use policies and procedures. The DUA serves to both inform data users of the confidentiality requirements and obtain their agreement to abide by these requirements. Additionally, the DUA acts as a control mechanism through which CMS can track the location of its data and the reason for the release 1of the data.

     1 See CMS, System Lifecycle Framework Template, Details for Data Use Agreements, available at

    http://www.cms.gov/SystemLifecycleFramework/Tmpl/itemdetail.asp?filterType=none&filterByDID=-

    99&sortByDID=1&sortOrder=ascending&itemID=CMS1228520&intNumPerPage=10.

    NEW YORK ; LONDON ; HONG KONG ; CHICAGO ; WASHINGTON, D.C. ; BEIJING ; PARIS ; LOS ANGELES ; SAN FRANCISCO ; PHILADELPHIA ; SHANGHAI ; PITTSBURGH MUNICH ; ABU DHABI ; PRINCETON ; NORTHERN VIRGINIA ; WILMINGTON ; SILICON VALLEY ; DUBAI ; CENTURY CITY ; RICHMOND ; GREECE ; OAKLAND

American Health Care Association Members

    错误?使用“开始”选项卡将 Date 应用于要在此处显示的文

    字。

    Page 2

     2 An external entity (“Requestor”) must complete the Limited Data Set DUA (CMS-R-0235L) in 3order to gain access to limited data set files and years of data. Below are certain general instructions

    and clarifications for completing the Limited Data Set DUA.

    1. In the first paragraph and Section #1, enter the Requestor’s Organization Name.

    2. Section #2 provides that CMS retains all ownership rights to the requested limited data set files

    and makes no warranty with respect to the accuracy of any data in the files.

    3. In Section #3, enter the study and/or project name, CMS contract number, if applicable, and a

    brief summary of the research purpose for which the requested files will be used. CMS has

    completed this section for the CMMI Bundled Payment Initiative.

    4. Completion of the Research Request Packet will satisfy the requirements set forth in Attachment

    A. See below for general instructions regarding the Research Request Packet. For more

    comprehensive instructions, in addition to a discussion of practical and legal implications of

    obtaining CMS data, see our technical assistance memorandum on completing the Research

    Request Packet for the CMMI Initiative that is available under the AHCA resources section of

    AHCA Bundled Payment Initiative web page. the

    5. In Section #4, identify the limited data set (“LDS”) files and years of data requested. The

    Requestor should specify particular filenames. CMS has completed this section for the CMMI

    Bundled Payment Initiative.

    a. The LDS files CMS will provide include the Standard Analytic Files for the following

    payment systems: inpatient hospital, outpatient hospital, home health agency, skilled

    nursing facility, carrier, and durable medical equipment. The Standard Analytic Files

    include all final action claims for each payment system and can be linked by a

    beneficiary identifier so that an individual beneficiary’s care can be tracked across

    payments systems, by institutional providers, and over time.

    b. CMS will also provide a denominator SAF file, which includes demographic information

    about beneficiaries, their Medicare eligibility status, and certain other variables including

    date of death.

     2 Available at http://www.cms.gov/CMSForms/CMSForms/itemdetail.asp?filterType=none&filterByDID=-

    99&sortByDID=1&sortOrder=ascending&itemID=CMS045945&intNumPerPage=2000.

    3 Instructions can also be found on page 1 of the Limited Data Set DUA (CMS-R-0235L). Id.

    American Health Care Association Members

    错误?使用“开始”选项卡将 Date 应用于要在此处显示的文

    字。

    Page 3

    6. Section #5 provides that the Requestor should not attempt to identify or contact any specific

    individual whose record is included in the requested LDS files. Absent written authorization

    from CMS, the Requestor should not attempt to link records included in the requested LDS files

    to any other beneficiary-specific source of information.

    7. In Section #6, applicants enter the projected completion date of the study or project (“Retention

    Date”). CMS has completed this section for the CMMI Bundled Payment Initiative. If the

    study or project is completed prior to the Retention Date, the Requestor agrees to notify CMS

    within thirty days. Importantly, upon notice of completion to CMS or the Retention Date

    whichever is sooner the Requestor must destroy all requested LDS files. The Requestor

    has thirty days to destroy the files and send written certification of the files’ destruction to CMS.

    a. In meeting the CMS requirements, a Requestor should consider how its information

    technology system will ensure privacy protections and prevent unauthorized access and

    utilization. On the retention date or before (if the study is complete) the CMS data must

    be destroyed. This includes any data back-ups. The Applicant must ensure complete

    removal and destruction of the requested LDS data files from all backup systems as

    required by the DUA. For example, the backed up LDS files may need to be segregated

    from other backed up data to ensure complete removal upon completion of the study or

    project.

    b. A Requestor should consider designating a point person within the organization to be

    responsible for this process.

    8. In Section #7, the Requestor agrees not to use, disclose, or otherwise grant access to the

    requested LDS files except as expressly permitted by the DUA or otherwise required by law. In

    other words, a potential Bundled Payment Initiative applicant can only use the LDS files for

    developing its application.

    9. Section 8:

    a. In Section #8a, the Requestor agrees to adhere to CMS’s current cell size suppression

    policy with respect to the creation of any document, table, chart, report, etc. for release to

    anyone not authorized to access the data. This policy prohibits the disclosure of data if

    the data cell (e.g., admittances, discharges, patients) contains eleven or fewer

    individuals. This policy also applies to the use of percentages and other mathematical

    formulas. However, the Requestor is not required to submit any written documents for

    CMS to review. The Requestor may submit their documents to CMS for review if the

    Requestor is unsure whether they have satisfied the suppression policy. CMS agrees to

    make an approval determination and notify the Requestor within four to six weeks and

    CMS may only withhold approval for publication if it determines that the format in which

    data are presented may result in the identification of individual beneficiaries.

    American Health Care Association Members

    错误?使用“开始”选项卡将 Date 应用于要在此处显示的文

    字。

    Page 4

    b. Section #8b provides that the Requestor may only disclose the requested LDS files to a

    Secondary Requestor if that Secondary Requestor enters into a DUA with CMS. CMS

    will only enter into a DUA with a Secondary Requestor if the secondary use purpose is

    consistent with the purpose set forth in Section 3 by the Requestor.

    10. In Section #9, the Requestor agrees to establish appropriate administrative, technical, and

    physical safeguards to protect the confidentiality of the requested LDS files and to prevent

    unauthorized use or access to them. The safeguards must be, at a minimum, equivalent to those

    established by the Office of Management and Budget (OMB) in OMB Circular No. A-130, 4Appendix IIISecurity of Federal Automated Information Systems. The Requestor

    acknowledges that the use of unsecured telecommunications, such as the Internet, to transmit

    individually identifiable information derived from the requested LDS files is prohibited. The

    Requestor also agrees that the requested LDS files will not be physically moved or electronically

    transmitted in any way from the site indicated in Section 15 without CMS’s prior written

    approval.

    11. Section #10 provides that the Requestor shall reimburse CMS for all associated processing fees

    with respect to each requested LDS file. As noted in the FAQ, CMS will not apply a processing

    fee for the requested LDS data for the Bundled Payment Initiative.

    12. Section #11 provides that the Requestor must promptly notify CMS of any use or disclosure of

    information not provided for by the DUA when the Requestor becomes aware of such use. 13. In Section #12, the Requestor acknowledges that in the event of a disclosure of information in

    the requested LDS files that is inconsistent with the DUA, penalties under ? 1106(a) of the

    Social Security Act, 18 U.S.C. ? 641, and the Privacy Act may apply.

    14. In Section #13, the Requestor agrees to abide by all provisions set out in the DUA for protection

    of the requested LDS files and acknowledges having received notice of potential criminal, civil,

    and/or administrative penalties for violation of the DUA.

    15. Section #14 must be filled out by an authorized individual on behalf of the Requestor. 16. Section #15 must be filled out by the Requestor and identifies the Custodian of the requested

    files. The Custodian shall oversee the establishment and maintenance of security arrangements

    to prevent unauthorized use as required by the DUA. The Requestor must notify CMS within

    fifteen days of any change of custodianship. CMS may disapprove the appointment and require

    a new Custodian at any time.

     4 Available at http://www.whitehouse.gov/omb/circulars/a130/a130.html.

American Health Care Association Members

    错误?使用“开始”选项卡将 Date 应用于要在此处显示的文

    字。

    Page 5

    17. Sections #16 and #17 are to be filled out by CMS.

DUA Signature Addendum

     The Signature Addendum to the DUA identifies additional individuals who would have permission to access the requested LDS files.

    1. The Signature Addendum requires the name, organization name, telephone number, email

    address, dated signature, and task or role of any additional individual who may have access to the

    requested files. It is important to include any additional organization that will have access to the

    LDS files. These individuals could include members of your information technology department,

    internal analysts, and/or external vendors that your organization may retain to assist you in

    exploring and analyzing bundles, estimating episode costs, determining target prices and

    discount factors, etc. These individuals and organizations should be consistent with the Data

    Management Safeguards section of the Research Request Packet that will be submitted together

    with the Letter of Intent..

    2. In general, a DUA signature addendum lists internal employees as well as outside consultants or

    applicants that will be used by the entity completing the DUA as part of the research project. Research Request Packet

    5 The Research Request Packet must be submitted simultaneously with the Data Use Agreement

    and the Letter of Intent if an organization wishes to obtain access to the LDS data files. Below are certain general instructions for completing the Research Request Packet. For more specific instructions, see our technical assistance memorandum on completing the Research Request Packet for the CMMI Initiative that is available under the AHCA resources section of the AHCA Bundled Payment Initiative

    web page.

    1. On page 3 is the sample written request letter prepared by CMS that outlines the primary

    purpose(s) for which the data will be utilized for this study. In the request letter the Requestor

    identifies the LDS data, the years for the data, and the markets for which they are requesting data.

    To assist Requestors, CMS has completed the section related to the type of LDS data and the

    years of data that are available for this study. Requestors, however, must complete the section

    related to the markets for which they are requesting data. CMS has divided the country into 92

    Hospital Referral Clusters (“HRCs”), which are defined by beneficiary county of residence. The

     5 Available at http://innovations.cms.gov/areas-of-focus/patient-care-models/Bundled-Payments-%20Care-

    Improvement-Application.html.

    American Health Care Association Members

    错误?使用“开始”选项卡将 Date 应用于要在此处显示的文

    字。

    Page 6

    Requestor must identify on page 3 which geographical areas (or HRCs) are most appropriate for their analysis. A list of HRCs appears on page 2 of the Research Request Packet and an appendix defining the exact counties included in each HRC begins on page 11. Finally, the Requestor must identify a contact person and execute the signature line.

    2. Introduction. Beginning on page 4 is the Research Protocol, The Research Protocol document describes the objectives, background, methods, and importance of the study being proposed. To assist Requestors for this project, CMS has completed the introductory section that describes the purpose for the data to define episodes for the Initiative. No changes to this section are required. Project Issues and Methods. Also on page 4, the Requestor must describe the episodes, the

    methodology and analytic plan for this Initiative, and, if applicable, describe any forums where you will present results based on the data analysis beyond it’s utilization for the Initiative application. For this section, the Requestor must:

    a. List the MS-DRGs around which they propose to develop episodes and describe the type

    of episodes they wish to explore (acute, post-acute, or combined). The MS-DRGs are

    assigned after a short term acute care hospital discharge. In this initiative they function

    as the “anchor” that triggers an episode of care that is to be bundled. Any MS-DRGs

    listed are not binding on the Requestor’s eventual selection of agreed-upon MS-DRGs.

    The Requestor may choose to include all MS-DRGs here and indicate criteria they may

    use to select MS-DRGs to develop episodes.

    b. Describe in detail the plan to analyze the data for the project, including the methodology

    and procedures that will be used. For further suggestions regarding this section, see our

    technical assistance memorandum on completing the Research Request Packet for the

    CMMI Initiative that is available under the AHCA resources section of the AHCA

    Bundled Payment Initiative web page.

    c. Indicate whether they anticipate generating and using further tabulations, aggregations, or

    other data presentations beyond the scope of an application for participation in the

    Bundles Payments for Care Improvement Initiative. If so, the Requestor must indicate

    the forums under which they plan to present their results.

    d. State whether any of the methodology or tools contain proprietary information.

    Proprietary information is exempt from release under the Freedom of Information Act if

    it falls within Exemption 4, 5 U.S.C. ? 552(b)(4).

    3. Data Management Safeguards. On page 5, the Requestor begins to describe the data

    privacy protections that will be in place for conducting this research, which could include discussion about how you will maintain an inventory of CMS data files and manage physical access to the data files for the duration of your DUA. As part of this section, the Requestor must:

    American Health Care Association Members

    错误?使用“开始”选项卡将 Date 应用于要在此处显示的文

    字。

    Page 7

    a. Identify who will have the main responsibility for organizing, storing, and archiving the

    data. This should correlate with Section #15 of the DUA (see above), but may include

    more than one person.

    b. Explain the infrastructure (facilities, hardware, software, etc.) that will secure the

    requested LDS files. As outlined in Section #9 of the DUA (see above), the Requestor

    must have in place, at a minimum, safeguards equivalent to those established by the

    Office of Management and Budget (OMB) in OMB Circular No. A-130, Appendix III

    Security of Federal Automated Information Systems.

    c. Indicate whether additional organizations are involved in analyzing the LDS files. If so,

    the Requestor must indicate how these organizations’ analysts will access the LDS files.

    These organizations should also be listed in the Signature Addendum as described above.

    d. Describe the procedures that will be used to protect the privacy and identity of an

    individual. Thus, the Requestor will need to have appropriate technical security measures

    in place, but also may wish to implement analysis plans that avoid identification of

    particular Medicare beneficiaries in the results and aggregations. See Section #8a of the

    DUA setting forth CMS’s current cell size suppression policy. For assistance in

    completing this section, the Requestor may wish to review the CMS Data Management

    Plan Guidelines for additional information on the type of data management and privacy

    protection safeguards that CMS takes into consideration for researchers seeking access to

    LDS data in general.

    e. Describe safeguards that would be followed for permitted disclosures of data, if

    applicable. CMS has however prospectively filled this section out. CMS notes that

    no disclosures of data to anyone outside CMS will be permitted.

    4. Key Personnel. On page 6, the Requestor must:

    a. List all staff, including consultants, who will have access to the LDS files and their role

    in the project. No disclosure of data to anyone outside CMS will be permitted. Thus,

    only personnel listed in the research protocol will be able to access the data.

    5. Dissemination/Implementation. CMS has also prospectively completed this section for the

    Requestor. Specifically, CMS has set forth that the findings of this research will be used in the

    application for awards under the Bundled Payments for Care Improvement Initiative of CMMI.

    Data will not be disseminated on the individual or aggregate level.

    6. Proprietary Information. On page 7, CMS has set forth that if the Research Application contains

    proprietary information, a statement to that effect must be included in the Project Issues and

    Methods section (see above).

American Health Care Association Members

    错误?使用“开始”选项卡将 Date 应用于要在此处显示的文

    字。

    Page 8

    7. Financial Arrangement. On page 7, CMS countermands Section #10 of the DUA (see above)

    and states that Requestors whose research protocols and DUAs are approved will be

    provided LDS files requested at no cost to them.

    8. Data Request Worksheet. On page 8, the Requestor must set forth the Project Information

    (including Project Contact), the Primary User (who may be the same person as the Project

    Contact), and the Custodian (see Section #15 of the DUA). The Requestor must also restate the

    LDS files requested (see page 3 of the Research Request Packet) and provide shipping

    information.

    * * * * *

    If you have any general or specific questions about the Bundled Payment Initiative, please email “CMS Bundled Payments for Care Improvement” directly at BundledPayments@cms.hhs.gov. Please email

    research@ahca.org if you have questions or require further clarification regarding the contents of this memorandum.

    * * * * *

    The contents of this memorandum are for informational purposes only and do not constitute legal advice. It is recommended that organizations have counsel review the Letter of Intent, Data Use Agreement, and Research Request Packet prior to submission to CMS.

Report this document

For any questions or suggestions please email
cust-service@docsford.com