Subject to providing the beneficiary with the opportunity to decline data sharing as described in this Sec. 425.708, and subject to having a valid DUA in place, CMS, upon the ACO's request for the data for purposes of evaluating the performance of its ACO participants or its ACO providers/suppliers, conducting quality assessment and improvement activities, and conducting population-based activities relating to improved health, will provide the ACO with beneficiary identifiable claims data for preliminary prospective assigned beneficiaries and other beneficiaries who receive primary care services from an ACO participant upon whom assignment is based during the agreement period.
(a) If an ACO wishes to receive beneficiary identifiable claims data, it must sign a DUA and it must submit a formal request for data. ACOs may request data as often as once per month.
(b) The ACO must certify that it is requesting claims data about either of the following:
(1) Its own patients, as a HIPAA-covered entity, and the request reflects the minimum data necessary for the ACO to conduct its own health care operations work that falls within the first or second paragraph of the definition of health care operations at 45 CFR 164.501.
(2) The patients of its HIPAA-covered entity ACO participants or its ACO providers/suppliers as the business associate of these HIPAA covered entities, and the request reflects the minimum data necessary for the ACO to conduct health care operations work that falls within the first or second paragraph of the definition of health care operations at 45 CFR 164.501 on behalf of those participants.
(c) The use of identifiers and claims data will be limited to developing processes and engaging in appropriate activities related to coordinating care and improving the quality and efficiency of care that are applied uniformly to all Medicare beneficiaries with primary care services at the ACO, and that these data will not be used to reduce, limit or restrict care for specific beneficiaries.
(d) To ensure that beneficiaries have a meaningful opportunity to decline having their claims data shared with the ACO, the ACO may only request claims data about a beneficiary if--
(1) The beneficiary name appears on the preliminary prospective assignment list found on the initial or quarterly aggregate report, or has received primary care services from an ACO participant upon whom assignment is based (under Subpart E of this part), during the agreement period.
(2) The beneficiary has been notified in writing how the ACO intends to use beneficiary identifiable claims data in order to improve the quality of care that is furnished to the beneficiary and, where applicable, coordinate care offered to the beneficiary; and
(3) The beneficiary did not exercise the opportunity to decline having his/her claims data shared with the ACO as provided in Sec. 425.708.
(e) At the ACO's request, CMS continues to provide ACOs with updates to the requested beneficiary identifiable claims data, subject to beneficiary's opportunity to decline data sharing under Sec. 425.708.
(f) If an ACO requests beneficiary identifiable information, compliance with the terms of the data use agreement described in Sec. 425.710 is a condition of an ACO's participation in the Shared Savings Program.
Effective Date Note: At 80 FR 32844, June 9, 2015, Sec. 425.704 was amended by revising its heading and paragraph (d)(1), and in the introductory text, by removing the phrase ``claims data for preliminary prospectively assigned beneficiaries'' and adding in its place the phrase ``claims data for preliminarily prospectively and prospectively assigned beneficiaries'' and by removing the phrase ``upon whom assignment is based during the agreement period'' and adding in its place the phrase ``that submits claims for primary care services used to determine the ACO's assigned population under subpart E of this part during the performance year'', in paragraph (a) by removing the phrase ``ACOs may request data as often'' and adding in its place ``ACOs may access requested data as often'', and in paragraph (d)(2) by removing the phrase ``has been notified in writing how the ACO intends to use'' and adding in its place the phrase ``has been notified in compliance with Sec. 425.708 that the ACO has requested access to'', effective Jan. 1, 2016.