Department of Health and Human Services
Centers for Medicare and Medicaid Services
Room 341D-05, Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, DC 20201
Re: Request for Public Comments on the Potential Release of Medicare Physician Data
The undersigned organizations appreciate the opportunity to provide our views concerning the Centers for Medicare and Medicaid Services’ (CMS) request for public comment on the potential release of Medicare physician claims data. We welcome the opportunity to work with CMS to improve meaningful and appropriate access to this information, and recognize the potential value and importance of Medicare physician claims data. If used correctly, this data can provide accurate and meaningful information to patients, physicians, and other stakeholders that can improve quality at the point of care. We therefore support the appropriate use of Medicare claims data to inform and improve our health care system.
With these goals in mind, we encourage CMS to partner with physicians to develop policies that will promote the reliable and effective use of this information. We urge CMS to carefully consider how use of this data may change over time, and the role it may play in an evolving Medicare system. Our goal is to promote efforts focused on improving the quality of patient care while safeguarding against potential abuses that could negatively impact health care outcomes or diminish the privacy of Medicare physicians and patients. It is from this perspective that we offer the following comments responding to specific questions listed in the CMS request for public comment.
- Whether physicians have a privacy interest in information concerning payments they receive from Medicare and, if so, how to properly weigh the balance between that privacy interest and the public interest in disclosure of Medicare payment information, including physician-identifiable reimbursement data?
The public's interest in disclosure of claims and payment data resulting from government health care programs must be balanced against the confidentiality and personal privacy interests of physicians, their practice entities, and patients, who may be adversely impacted by disclosures. Steps must be taken to ensure that the release of data does not mislead the public into making inappropriate and potentially harmful health care treatment decisions. In light of these considerations, the release of raw data regarding physician claims for providing medical services should be limited for specific purposes and with appropriate safeguards.
In particular, reports, analyses, or other publications that incorporate Medicare claims data must include appropriate disclosures and/or explanatory statements as to the limitations and potential misinterpretations of the data. Such misinterpretation can result from data limitations that do not include the costs of providing care such as specialty, location, patient mix and demographics, drug and supply costs, hospital and service costs, professional liability coverage, support staff, and other practice costs, as well as the potential for mistakes and errors in the data or its attribution. It is important to note that individual Medicare payment information should be presented together with quality (i.e., clinical) information, encouraging and facilitating value-based decision making by consumers. If quality information is not available, cost and price information should be presented in a context that raises the importance of considering quality in decisions about providers, treatments, and health care services.
In addition, Medicare data is used primarily to pay claims and therefore includes confidential and sensitive information about patients and their treatments. Under current law, when CMS releases such data (e.g., under a data use agreement) the agency must ensure that disclosure complies with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws. Given the potential for security breaches, hackers, or efforts to re-identify information, we urge CMS to consider the potential impact of any data release on patient privacy and engage with experienced data statisticians, physician organizations, and other relevant stakeholders on ways to further protect such data.
While we recognize the significant privacy interests for both physicians and patients, we also acknowledge the potential benefits of physician claims data. As noted in the request for comments, Medicare has experienced significant changes prompting stakeholder interest in the information. We believe that CMS has and continues to respond appropriately to these new demands by expanding access to the data while protecting its integrity. In particular, we recognize that, since 2010, CMS has released an unprecedented amount of aggregated data, including offering providers Quality and Resource Use Reports and working to provide Accountable Care Organizations with monthly claim feeds for approximately three million beneficiaries. CMS has also allowed beneficiaries full and open access to their Medicare claims data through the Blue Button Initiative that permits beneficiaries to download data in a simple format and then share this information with providers and caregivers.
We believe these efforts to release Medicare physician data are appropriate, recognizing that they serve to enhance the quality of our health care system and include safeguards. The unfettered release of raw data, however, could easily result in inaccurate and misleading information that could ultimately undermine the quality of care for patients. Publication of reimbursement information for any purpose and without appropriate safeguards would move toward an opposite extreme—it would categorically dismiss significant privacy interests and would fail to ensure that the data can be used in a truly effective manner. Such broad, indiscriminate disclosure of personal financial information would undermine the careful balance which presently exists in existing laws and regulations that recognize the interests between public disclosure and the privacy of physicians and patients.
In particular, Congress recognized these competing principles when it enacted legislation to improve access to Medicare claims data through the Qualified Entity (QE) program included as part of the Affordable Care Act. This legislation creates a structure through which experienced entities can receive Medicare claims data and publish public reports for quality improvement purposes. However, it also preserves the privacy interest in the data by ensuring the information being used for quality improvement is appropriately risk-adjusted and allows physicians an opportunity to correct their information. We therefore support the protections that are currently available under the Affordable Care Act and the implementing regulations ensuring disclosures are appropriate and include certain procedural safeguards. Such programs may be expanded, allowing for greater flexibility and innovation, while recognizing the benefit and importance of appropriate safeguards.
- What specific policies CMS should consider with respect to disclosure of individual physician payment data that will further the goals of improving the quality and value of care, enhancing access and availability of CMS data, increasing transparency in government, and reducing fraud, waste, and abuse within CMS programs?
If not approached thoughtfully, release of individual physician payment data to anyone for any purpose can have unintentional, adverse consequences for patients, providers, and the health care system. For any data release program safeguards must be in place to ensure that neither false nor misleading conclusions are derived from this information. We therefore urge CMS to consider adopting the following policies: focus on release efforts that seek to improve health care quality; ensure accuracy of the data by educating those accessing the information and allowing physicians to review and correct any errors; and follow existing safeguards, including appropriate risk-adjustment and attribution methods, for any public reports that utilize the information.
Focus on improving care quality
As an initial matter, we fundamentally support efforts that increase knowledge about the quality of care and the efficient use of resources in the delivery of health care services. We recognize that greater access to Medicare data may be necessary to expand new delivery models and transform the existing Medicare payment system. Consequently, we urge CMS to engage with physicians and focus on care quality given that obstacles to this data may be blocking improvements to our health care system.
CMS should concentrate efforts aimed at improving the quality of health care services. Multiple federal agencies already have broad access to Medicare claims data, in addition to a range of other health care information, and tremendous financial resources provided by taxpayers to support their investigations into program integrity matters. Allowing other, untrained entities that lack knowledge about the Medicare program to attempt to detect fraud and abuse is likely to bring false or incorrect accusations without due process that ultimately undermine federal investigator efforts and result in wasted finite resources. In addition, a focus on fraud and abuse may spur meritless medical liability lawsuits that manipulate the data to paint a false and misleading picture of the standard of care. As explicitly provided for in the Affordable Care Act, any release of this data should not be subject to discovery or admitted into evidence without the identified physician’s consent. This should include all analyses or reports derived from this data.
Meaningful efforts to ensure data accuracy
Medicare data is highly susceptible to misleading conclusions. CMS should undertake a detailed educational program to explain any Medicare data release program and openly address its limitations, including that the data may take into account only a small fraction of a physician’s patient population or may be outdated. We also encourage providing greater access to entities that demonstrate prior experience in handling Medicare data to ensure this information is used in a manner that is safe and protects patient privacy. To further guarantee accuracy of this data, physicians must have the opportunity to review and correct their information in a timely manner.
Necessary safeguards when publicly reporting Medicare data
CMS must not only monitor the release of the data, but also any public reporting of this information. As noted by CMS Deputy Administrator Director Jonathan Blum, claims data are complex and often require sophisticated interpretations to obtain useful, meaningful, and understandable information about the quality of care. Without statistically valid sample sizes and standardized risk-adjustment and attribution methods, multiple and conflicting reports could be published for the same physician. Ultimately, this will undermine the usefulness of this data and could lead to misleading and inaccurate information about health care quality. Attribution and risk adjustment methodologies should also be assessed on a condition-specific basis, be based on physician and other expert input, and transparent to all stakeholders.
Likewise, public release of information in the media or on the Internet, without safeguards and due process, can jeopardize the professional reputations of innocent physicians and threaten their ability to practice medicine. Indeed, there is a well-documented history of private insurers misusing claims data to profile physicians, deny them reasonable reimbursement, or subject patients to higher out-of-pocket costs. To avoid these abuses, physicians must have the opportunity to request their data for review and comment prior to use in publications. Providers must also be permitted to review and appeal any conclusions that are part of a public report.
We urge CMS to keep existing safeguards intact for the public reporting of Medicare data. We also encourage CMS to consider ways to increase flexibility for non-public or internal uses that pose fewer privacy and reputational risks. One example includes allowing QEs more flexible access to Medicare data for use in enhancing internal quality performance reporting for quality improvement activities.
- The form in which CMS should release information about individual physician payment, should CMS choose to release it (e.g., line item claim details, aggregated data at the individual physician level).
Entities are seeking access to Medicare physician data for a variety of different purposes, all of which will influence the most appropriate way in which to release and present the data. Currently, entities like the Research Data Assistance Center (ResDAC) assist in navigating Medicare data so that researchers can readily access the most relevant information. Maintaining this approach, as opposed to developing a new public database, improves the usefulness of the material and allows for monitoring and safeguarding the release of information. In contrast, a public database, while easy to access, is cumbersome to search and would require the agency to devote significant new resources in order to create a workable system.
In regard to the data elements, CMS should consider whether certain information is more likely to confuse than assist in providing meaningful and accurate information about the quality of care. For example, while procedure codes and physician charges may be useful to those with significant experience with Medicare data, patients may need access to more general, synthesized information that can simply convey the types of services and treatment offered by a specific physician. We recommend that CMS protect the privacy of patient and physician identifiable information, such as the National Provider Identifier, which may be susceptible to fraud and misuse.
In addition, raw Medicare claims data is a crude metric for assessing the quality of medical care. When used in isolation this data ignores the more important clinical factors that affect patients, including case mix, co-morbidities, and other patient characteristics. These deficiencies are exacerbated by the fact that Medicare claims constitute only a portion of services performed by many physicians. For these reasons, we discourage public reporting of claims data without any relevant quality information or the inclusion of other payer sources. CMS must safeguard attempts to mischaracterize the data or emphasize volume as an indicator of quality.
If not approached thoughtfully, public release of Medicare claims data can have unintentional adverse consequences for patients. Patient de-selection can occur for individuals at higher-risk for illness due to age, diagnosis, severity of illness, multiple co-morbidities, or economic and cultural characteristics that make them less adherent to established protocols. Further, physicians and patients must be able to easily understand and act upon the information made available through the use of Medicare claims data, and not have to decipher conflicting reports that present opposing and inaccurate conclusions about physicians or the quality of care.
In conclusion, we are at a critical juncture with respect to expanding access to physician Medicare data that can help promote meaningful, accurate, and innovative ways to improve the overall quality of patient care. We look forward to working alongside CMS to establish appropriate ways to utilize this data to advance our health care system and improve health care quality, delivery, and access.
We appreciate the opportunity to comment on this important matter.