Minnesota All Payer Claims Database
Workgroup Meeting #3
Data Security, Privacy and Access
September 2, 2014
Kris Van Amber
Senior Management Consultant
Management Analysis & Development
Minnesota Management & Budget
Linda Green
Vice President, Programs
Freedman HealthCare
APCD Workgroup Agenda- September 2, 2014
Welcome and Introductions – Kris Van Amber
Agenda Overview – Linda Green and Kris Van Amber
Workgroup’s Discussions to Date – Linda Green
10 min
5 min
20 min
Framing Guidance to the Legislature regarding Privacy, Security
and Access
Overview
20 min
Discussion
50 min
Break
10 min
Framing Guidance to the Legislature regarding Data Quality
Overview
15 min
Discussion
30 min
Opportunity for Public Comment
Next Steps
10 min
5 min
Adjourn
2
Meeting Goals
Review Workgroup’s guidance from Meeting #2
Frame the Workgroup’s principles regarding privacy,
security and access
Provide guidance about data quality/data use
3
Workgroup Plan
Month
Topic
July
Overview of APCD
August
Data Use Parameters
September
Data Security, Privacy and Access
Data Quality Principles
October
Governance (Data Release Process)
November
Sustainability
December
Review Answers to Legislative Questions
4
Meeting #3
Welcome and Introductions – Kris Van Amber
Agenda Overview – Linda Green and Kris Van Amber
Workgroup’s Discussions to Date – Linda Green
Framing Guidance to the Legislature regarding Privacy,
Security and Access
Break
Framing Guidance to the Legislature regarding Data
Quality
Opportunity for Public Comment
Next Steps
5
Meeting 2 Recap
APCD data uses have expanded over the past decade
Nationally, other APCDs other APCDs permit broad data use
•
•
•
•
•
•
Public Health
Quality of care
Costs
Policy/Planning
Choices/Compare
Health System Capacity Planning
Most Common User Groups
•
•
•
•
•
State Agency Analysis
State Agency Operations
Academic Researchers
Patients and families
Other Users
6
Meeting #2: Data Use Parameters Discussion
Workgroup discussed three different approaches:
Broad use
• Promote the public good; support the Triple Aim
• “Anyone” can use the data
• Reflects national trends
Tiered or Phased Reporting
• Begin with low stakes reporting
• Add uses and users as database evolves
Strict controls
• Define criteria for allowable reports
• Requires some form of oversight body
Is there consensus on one of these approaches?
7
Meeting #3
Welcome and Introductions – Kris Van Amber
Agenda Overview – Linda Green and Kris Van Amber
Workgroup’s Discussions to Date –
Framing Guidance to the Legislature regarding Privacy,
Security and Access
Break
Framing Guidance to the Legislature regarding Data
Quality
Opportunity for Public Comment
Next Steps
8
Data Privacy, Security and Access
What are the Workgroup’s recommendations to guide
legislative action on the following questions:
What are the appropriate privacy and security
protections needed for the expanded use of the allpayer claims database?
What should the mechanisms be by which the data
would be released or accessed, including the necessary
information technology infrastructure to support the
expanded use of the data under different assumptions
related to the number of potential requests and
manner of access?
9
Terms
Privacy: Ensuring that individuals cannot be directly or
indirectly identified during collection, storage and use
Security: The set of technical, physical, procedural and
administrative procedures that prevent unauthorized use
Access: The methods used to provide data to
authorized users
Framework
•
•
•
•
•
HIPAA Privacy Rule
Service Organization Control Report (SOC-2)
CMS Qualified Entity requirements
State law
Data Use Agreements
10
Privacy and Security at Intake
Data Intake Structure
• Minimal PHI “hashed” upon intake
• For example: “Jane Doe” becomes “3INDzLjr2SnG8ma4LoXw==“
• Data is encrypted in motion and at rest
Physical Security
•
•
•
•
Locked rooms, limited access,
Separate servers
Hardened equipment
Ban portable media
Operational
• Maintenance and updates
• Regular, periodic testing
Administrative
• Enterprise-wide commitment to security and privacy
• Organizational accountability through a senior executive (“C-level”)
• Regularly updated policies and procedures
11
Privacy, Security, Access for Data Users
Approve on a case-by-case basis
• Type of analysis
• User experience and qualifications
• Other protections, e.g. double encryption of Member Identifiers (if
included)
Strong Data Use Agreements
• Minimum sample size rules (age, geography)
• Limitations on access
• Use for stated purpose
Provide Minimum Necessary Data
• Typically:
• Public Use Datasets
• Limited Datasets
• Emerging:
• Custom extracts and reports
• Data enclaves
12
Access Options
Higher level of detail
•
•
•
•
Typically Limited datasets
Datasets in standardized format
Custom extracts
Data enclave with query tools
Lower level of detail
• Public Use data sets
• Aggregated datasets
• Online query tools, including maps
• Reports and tables
• Custom reports
13
Discussion
Does the Workgroup support creating public use
datasets?
Should the APCD provide datasets at varying levels of
detail?
Is there an opportunity to provide data for analysis that
will not be publicly available?
14
Meeting #3
Welcome and Introductions – Kris Van Amber
Agenda Overview – Linda Green and Kris Van Amber
Workgroup’s Discussions to Date –
Framing Guidance to the Legislature regarding Privacy,
Security and Access
Break
Framing Guidance to the Legislature regarding Data
Quality
Opportunity for Public Comment
Next Steps
15
Meeting #2 Discussion about Data
Interest in better understanding the information that is in
the APCD
• Insight into what carriers submit and how that is aggregated
• Processes used to examine the data before it’s analyzed
• For provider comparisons, desire to verify data underlying the
reported results
Data use concerns
• Methodologies used to analyze the data
• Comparisons need to be fair and risk adjusted
• Interpretation of results
16
Data Quality Initiatives in Progress
Partnership with MHA to examine readmission statistics
Data intake monitoring and production analysis
Public data quality report
Independent assessment and benchmarking (plus public
report)
Feasibility of using the APCD for risk adjustment
• Includes spot audits
• Legislative report
Grant request for additional staff to perform quality
assessment, reporting
Must evolve as new types of analysis emerge
Ongoing process, not “once and done”
17
Discussion
Is there a reasonable standard for data quality? Does that
standard vary based on the type of information reported?
Should the Workgroup recommend creating an expert panel to
review data quality on an ongoing basis?
How does the Workgroup recommend distinguishing between
data quality issues and analysis/reporting issues?
18
Next Steps and Adjourn
How the group’s insights will be used going forward
Next meeting:
• October 14, 2 to 5 PM
Topic: Governance Models
Please submit any additional comments to:
Lisa Hermanson at [email protected]
19
Questions?
Linda Green
Vice President, Freedman Health Care
[email protected]
617.243.9509 x 203
Kris Van Amber
Senior Management Consultant
Management Analysis & Development (Mad)
Minnesota Management & Budget
[email protected]
651.259.3808
20