DAR File No. 39405

This rule was published in the June 1, 2015, issue (Vol. 2015, No. 11) of the Utah State Bulletin.


Health, Center for Health Data, Health Care Statistics

Rule R428-2

Health Data Authority Standards for Health Data

Notice of Proposed Rule

(Amendment)

DAR File No.: 39405
Filed: 05/15/2015 04:05:29 PM

RULE ANALYSIS

Purpose of the rule or reason for the change:

The purpose of this amendment is to incorporate new fine policy for late submissions by data suppliers; specify pharmacy benefit managers are subject to the rule; clarify definitions; and make minor grammatical edits.

Summary of the rule or change:

Codify amended fine policy which applies to all data suppliers required to report under Title R428. Incorporates nonsubstantive edits where needed.

State statutory or constitutional authorization for this rule:

  • Title 26, Chapter 33a

Anticipated cost or savings to:

the state budget:

The Utah Department of Health determines enactment of the amended version will not create any cost or savings impact to the state budget or UDOH's budget, since the change will not increase workload and can be carried out with existing budget.

local governments:

This filing does not create any direct cost or savings impact to local governments since they are not directly affected by the rule; nor are local governments indirectly impacted because the rule does not create a situation requiring services from local governments.

small businesses:

None--Small businesses are not impacted by this rule change, with all potentially impacted having more than 50 employees. As a result, the rule will have no effect on small business budgets for costs or savings.

persons other than small businesses, businesses, or local governmental entities:

Changes to the fine policy will only apply to non-compliant, required data submitters subject to requirements in Title R428. These changes will not create any cost or savings to businesses, individuals, local governments or persons that are not small businesses.

Compliance costs for affected persons:

Changes to the fine policy will only apply to non-compliant, required data submitters subject to requirements in Title R428. Although there are several modifications within this amendment, they simply reflect current practice.

Comments by the department head on the fiscal impact the rule may have on businesses:

The proposal amends/clarifies existing definitions and specifies that pharmacy benefits managers are also subject to this rule. It also specifies fine amounts and time frames for any data suppliers who fail to comply with the rule requirements. These amendments will financially impact business that fail to comply with the rule through the imposition of fines.

David Patton, PhD, Executive Director

The full text of this rule may be inspected, during regular business hours, at the Division of Administrative Rules, or at:

Health
Center for Health Data, Health Care Statistics
CANNON HEALTH BLDG
288 N 1460 W
SALT LAKE CITY, UT 84116-3231

Direct questions regarding this rule to:

  • Norman Thurston at the above address, by phone at 801-538-7052, by FAX at 801-237-0787, or by Internet E-mail at [email protected]

Interested persons may present their views on this rule by submitting written comments to the address above no later than 5:00 p.m. on:

07/01/2015

This rule may become effective on:

07/08/2015

Authorized by:

David Patton, Executive Director

RULE TEXT

R428. Health, Center for Health Data, Health Care Statistics.

R428-2. Health Data Authority Standards for Health Data.

R428-2-1. Legal Authority.

This rule is promulgated under authority granted by Title 26, Chapter 33a.

 

R428-2-2. Purpose.

This rule establishes definitions, requirements, and general guidelines relating to the collection, control, use and release of data pursuant to Title 26, Chapter 33a.

 

R428-2-3. Definitions.

(1) The terms used in this rule are defined in Section 26-33a-102.

(2) In addition, the following definitions apply to all of Title R428:

(a) "Adjudicated claim" means a claim submitted to a carrier for payment where the carrier has made a determination whether the services provided fall under the carrier's benefit.

(b) "Ambulatory surgery data" means the consolidation of complete billing, medical, and personal information describing a patient, the services received, and charges billed for a surgical or diagnostic procedure treatment in an outpatient setting into a data record.

(c) "Ambulatory surgical facility" is defined in Section 26-21-2.

(d) "Carrier" means any of the following Third Party Payors as defined in 26-33a-102(16):

(i) an insurer engaged in the business of health care or dental insurance in the state of Utah, as defined in Section 31A-1-301;

(ii) a business under an administrative services organization or administrative services contract arrangement;

(iii) a third party administrator, as defined in Section 31A-1-301, licensed by the state of Utah that collects premiums or settles claims of residents of the state, for health care insurance policies or health benefit plans, as defined in Section 31A-1-301;

(iv) a governmental plan, as defined in Section 414 (d), Internal Revenue Code, that provides health care benefits;

(v) a program funded or administered by Utah for the provision of health care services, including Medicaid, the Utah Children's Health Insurance Program created under Section 26-40-103, and the medical assistance programs described in Title 26, Chapter 18 or any entity under a contract with the Utah Department of Health to serve clients under such a program;

(vi) a non-electing church plan, as described in Section 410 (d), Internal Revenue Code, that provides health care benefits;

(vii) a licensed professional employer organization as defined in Section 31a-40-102 acting as an administrator of a health care insurance plan;

(viii) a health benefit plan funded by a self-insurance arrangement;

(ix) the Public Employees' Benefit and Insurance Program created in Section 49-20-103 ;

(x) a pharmacy benefit manager, defined to be a person that provides pharmacy benefit management services as defined in Section 49-20-502 on behalf of any other carrier defined in subsection R428-2-3.

(e) "Claim" means a request or demand on a carrier for payment of a benefit.

(f) "Covered period" means the calendar year on which the data used for calculation of HEDIS measures is based.

(g) "Data element" means the specific information collected and recorded for the purpose of health care and health service delivery. Data elements include information to identify the individual, health care provider, data supplier, service provided, charge for service, payer source, medical diagnosis, and medical treatment.

(h) "Discharge data" means the consolidation of complete billing, medical, and personal information describing a patient, the services received, and charges billed for a single inpatient hospital stay into a discharge data record.

(i) "Electronic media" means a compact disc, digital video disc, external hard drive, or other media where data is stored in digital form.

(j) "Electronic transaction" means to submit data directly via electronic connection from a hospital or ambulatory surgery facility to the Office according to Electronic Data Interchange standards established by the American National Standards Institute's Accredited Standards Committee, known as the Health Care Transaction Set (837) ASC X 12N.

(k) "Eligible Enrollee" means an enrollee who meets the criteria outlined in the NCQA survey specifications.

(l) "Enrollee" means any individual who has entered into a contract with a carrier for health care or on whose behalf such an arrangement has been made.

(m) "Health care claims data" means information consisting of, or derived directly from, member enrollment, medical claims, and pharmacy claims that this rule requires a carrier to report.

(n) "Health Insurance" has the same meaning as found in Section 31A-1-301.

(o) "HEDIS" means the Healthcare Effectiveness Data and Information Set, a set of standardized performance measures developed by the NCQA.

(p) "HEDIS data" means the complete set of HEDIS measures calculated by the carriers according to NCQA specifications, including a set of required measures and voluntary measures defined by the department, in consultation with the carriers.

(q) "Hospital" means a [facility]general acute hospital or specialty hospital as defined in Section 21-21-2 that is licensed under Rule R432[-100].

(r) "Level 1 data element" means a required reportable data element.

(s) "Level 2 data element" means a data element that is reported when the information is available from the patient's hospital record.

(t) "NCQA" means the National Committee for Quality Assurance, a not-for-profit organization committed to evaluating and reporting on the quality of managed care plans.

(u) "Office" means the Office of Health Care Statistics within the Utah Department of Health.

(v) "Order" means an action of the committee that determines the legal rights, duties, privileges, immunities, or other interests of one or more specific persons, but not a class of persons.

(w) "Patient Social Security number" is the social security number of a person receiving health care.

(x) "Performance Measure" means the quantitative, numerical measure of an aspect of the carrier, or its membership in part or in its entirety, or qualitative, descriptive information on the carrier in its entirety as described in HEDIS.

(y) "Public Use Data Set" means a data extract or a subset of a database that is deemed by the Office to not include identifiable data or where the probability of identifying individuals is minimal.

(z) "Report" means a disclosure of data or information collected or produced by the committee or Office, including but not limited to a compilation, study, or analysis designed to meet the needs of specific audiences.

(aa) "Research Data Set" means a data extract or subset of a database intended for use by investigators or researchers for bona fide research purposes that may include identifiable information or where there is more than a minimal probability that the data could be used to identify individuals.

(bb) "Record linkage number" is an irreversible, unique, encrypted number that will replace patient social security number.

(cc) "Sample file" means the data file containing records of selected eligible enrollees drawn by the survey agency from the carrier's sampling frame.

(dd) "Sampling Frame" means the carrier enrollment file as described criteria outlined by the NCQA survey specifications.

(ee) "Submission year" means the year immediately following the covered period.

(ff) "Survey agency" means an independent contractor on contract with the Office of Health Care Statistics.

(gg) "Utah Health Care Performance Measurement Plan" means the plan for data collection and public reporting of health-related measures, adopted by the Utah Health Data Committee to establish a statewide health performance reporting system.

(hh) "Uniform billing form" means the uniform billing form recommended for use by the National Uniform Billing Committee.

(ii) "Submittal Manual for Inpatient Data" means the document referenced in Subsection R428-1-4(1).

(jj) "Submittal Manual for Ambulatory Surgery Data" means the document referenced in Subection R428-1-4(2).

(kk) "NCQA Survey Specifications" means the document referenced in Subsection R428-1-4(3)

(ll) "NCQA HEDIS Specifications" means the document referenced in Subsection R428-1-4(4)

(mm) "Data Submission Guide for Claims Data" means the document referenced in Subsection R428-1-4(5) for data submissions required from May 15, 2014 to March 31, 2015 and the document referenced in Subsection R428-1-4(6) for data submissions beginning April 1, 2015.

 

R428-2-4. Technical Assistance.

The Office may provide technical assistance or consultation to a data supplier upon request and resource availability. The consultation shall be to enable a data supplier to submit required data according to Title R428.

 

R428-2-5. Data Classification and Access.

(1) Data collected by the committee are not public, and as such are exempt from the classification and release requirements specified in Title 63g, Chapter 2, Government Records Access and Management Act.

(2) Any person having access to data collected or produced by the committee or the Office under Title 26, Chapter 33a shall not:

(a) take any action that might provide information to any unauthorized individual or agency;

(b) scan, copy, remove, or review any information to which specific authorization has not been granted;

(c) discuss information with unauthorized persons which could lead to identification of individuals;

(d) give access to any information by sharing passwords or file access codes.

(3) Any person having access to data collected or produced by the committee or the Office under Title 26, Chapter 33a shall:

(a) maintain the data in a safe manner which restricts unauthorized access;

(b) limit use of the data to the purposes for which access is authorized;

(c) report immediately any unauthorized access to the Office or its designated security officer.

(4) A failure to report known violations by others is subject to the same punishment as a personal violation.

(5) The Office shall deny a person access to the facilities, services and data as a consequence of any violation of the responsibilities specified in this section.

 

R428-2-6. Editing and Validation.

(1) Each data supplier shall review each required record prior to submission. The review shall consist of checks for accuracy, consistency, completeness, and conformity.

(2) The Office may subject submitted data to edit checks. The Office may require the data supplier to correct data failing an edit check as follows:

(a) The Office may, by first class U.S. mail or email, inform the submitting data supplier of any data failing an edit check.

(b) The submitting data supplier shall make necessary corrections and resubmit all corrected data to the Office within 10 business days of the date the Office notified the supplier.

 

R428-2-7. Error Rates.

The committee may establish and order reporting quality standards based on non-reporting or edit failure rates.

 

R428-2-8. Data Disclosure.

(1) The committee may disclose data received from data suppliers or data or information derived from this data as specified in Title 26, Chapter 33a.

(2) The Office may prepare reports relating to health care cost, quality, access, health promotion programs, or public health. These actions may be to meet legislative intent or upon request from individuals, government agencies, or private organizations. The Office may create reports in a variety of formats including print or electronic documents, searchable databases, web-sites, or other user-oriented methods for displaying information.

(3) Unless otherwise specified by the committee, the time period for data suppliers and health care providers to prepare a response as required in Subsections 26-33a-107(1) and 26-33a-107(3) shall be 15 business days. If a data supplier fails to respond in the specified time frame, the committee may conclude that the information is correct and suitable for release.

(4) The committee may note in a report that accurate appraisal of a certain category or entity cannot be presented because of a failure to comply with the committee's request for data, edit corrections, or data validation.

(5) The Office may release to the data supplier or its designee any data elements provided by the supplier without notification when a data supplier requests the data be so supplied.

(6) The committee may disclose data in computer readable formats.

(7) The Director of the Office may approve the disclosure of a public use data set upon receipt of a written request that includes the following:

(a) the name, address, e-mail and telephone number of the requester;

(b) a statement of the purpose for which the data will be used;

(c) agreement to other terms and conditions as deemed necessary by the Office.

(8) The committee may approve the release of a research data set to an institution, association or organization for bona fide research of health care cost, quality, access, health promotion programs, or public health issues. The requester must provide:

(a) the name, address, e-mail and telephone number of the requester and for each person who will have access to the research data set;

(b) a statement of the purpose for which the research data set will be used;

(c) the starting and ending dates for which the research data set is requested;

(d) an explanation of why a public use data set could not be used for to accomplish the stated research purposes, including a separate justification for each element containing identified data requested;

(e) evidence of the integrity and ability to safeguard the data from any breach of confidentiality;

(f) evidence of competency to effectively use the data in the manner proposed;

(g) a satisfactory review from an Office-approved institutional review board;

(h) a guarantee that no further disclosure will occur without prior approval of the Office;

(i) a signed agreement to comply with other terms and conditions as stipulated by the committee.

 

R428-2-9. Penalties.

(1) The Office[, in cooperation with the committee,] may apply civil penalties or subject violators to legal prosecution.

(2) Sections 26-23-6 and 26-33a-110 specify civil and criminal penalties for failure to comply with the requirements of Title R428 or Title 26, Chapter 33a.

(3) Notwithstanding Subsection R428-2-9(2), any person that violates any provision of Title R428 may be assessed an administrative civil money penalty not to exceed $3,000 upon an administrative finding of a first violation and up to $5,000 for a subsequent similar violation within two years. A person may also be subject to penalties imposed by a civil or criminal court, which may not exceed $5,000 or a class B misdemeanor for the first violation and a class A misdemeanor for any subsequent similar violation within two years.

(4) Notwithstanding Subsection R428-2-9(2) and R428-2-9(3), a [carrier]data supplier that violates any provision of Title R428 may be assessed an administrative civil money penalty for each day of non-compliance. Fines may be imposed as follows:

(a) Not to exceed the sum of $10,000 per violation

(b) Each day of violation is a separate violation

(c) Deadlines established in separate sections of Title R428 are considered as separate provisions.

(5) The Office may impose a fine on any data supplier that misses a deadline to submit data required in Title R428 as follows:

(a) A fine of $250 per violation shall be imposed until the data has been supplied as required

(b) The fines shall increase to $500 per violation for each violation when any data supplier that is currently in violation misses another deadline

(c) After forty-five consecutive calendar days of violation, the Office may adjust the per day penalty subject to the limits in (4)(a) taking into account the following aggravating and mitigating circumstances:

(i) Prior violation history and history of compliance

(ii) Good faith efforts to prevent violations

(iii) The size and financial capability of the data supplier.

 

R428-2-10. Exemptions and Extensions.

(1) The committee may grant exemptions or extensions from reporting requirements in Title R428 to data suppliers under certain circumstances.

(2) The committee may grant an exemption to a data supplier when the supplier demonstrates that compliance imposes an unreasonable cost.

(a) A data supplier may request an exemption from any particular requirement or set of requirements of Title R428. The data supplier must submit a request for exemption no less than 30 calendar days before the date the supplier would have to comply with the requirement.

(b) The committee may grant an exemption for a maximum of one calendar year. A data supplier wishing an additional exemption must submit an additional, separate request.

(3) The committee may grant an extension to a data supplier when the supplier demonstrates that technical or unforeseen difficulties prevent compliance.

(a) A data supplier may request an extension for any deadline required in Title R428. For each deadline for which the [carrier]data supplier requests an extension, the [carrier]data supplier must submit its request no less than [15]seven calendar days before the deadline in question.

(b) The committee may grant an extension for a maximum of 30 calendar days. A data supplier wishing an additional extension must submit an additional, separate request.

(4) The supplier requesting an extension or exemption shall include:

(a) The data supplier's name, mailing address, telephone number, and contact person;

(b) the dates the exemption or extension is to start and end;

(c) a description of the relief sought, including reference to specific sections or language of the requirement;

(d) a statement of facts, reasons, or legal authority in support of the request; and

(e) a proposed alternative to the requirement or deadline.

(5) A carrier that covers fewer than 2,500 individual Utah residents as of January 1 of a given year is exempt from all requirements of this title except that once a carrier has covered a cumulative total of 2,500 such individuals during a calendar year, they are no longer considered exempt for the remainder of that year.

 

R428-2-11. Contractor Liability.

(1) A data supplier may contract with another entity to submit required data elements on their behalf under Title R428. In such cases, the data supplier must notify the Office of the identity and contact information of the contractor.

(2) Regardless of the existence of a contractor, the responsibility for complying with all requirements of Title R428 remains solely with the data supplier.

 

KEY: health, health policy, health planning

Date of Enactment or Last Substantive Amendment: [December 8, 2014]2015

Notice of Continuation: November 30, 2011

Authorizing, and Implemented or Interpreted Law: 26-33a-104

 


Additional Information

More information about a Notice of Proposed Rule is available online.

The Portable Document Format (PDF) version of the Bulletin is the official version. The PDF version of this issue is available at https://rules.utah.gov/publicat/bull-pdf/2015/b20150601.pdf. The HTML edition of the Bulletin is a convenience copy. Any discrepancy between the PDF version and HTML version is resolved in favor of the PDF version.

Text to be deleted is struck through and surrounded by brackets ([example]). Text to be added is underlined (example).  Older browsers may not depict some or any of these attributes on the screen or when the document is printed.

For questions regarding the content or application of this rule, please contact Norman Thurston at the above address, by phone at 801-538-7052, by FAX at 801-237-0787, or by Internet E-mail at [email protected].  For questions about the rulemaking process, please contact the Division of Administrative Rules.