29907
Federal Register / Vol. 79, No. 100 / Friday, May 23, 2014 / Rules and Regulations
health and would improve the clinical
care of beneficiaries.
In addition to setting forth the
significant public policy reasons for
disclosure of PDE data, we made clear
in the preambles of both the Part D data
final rule and the April 2010 rule that
our primary concerns in releasing PDE
data are protecting the confidentiality of
beneficiary identifiable information and
commercially sensitive data of Part D
sponsors. Therefore, as described in the
Part D data final rule and the April 2010
rule, the release of PDE data is subject
to certain protections, described here
generally, such as encryption of
beneficiary information and aggregation
of commercially sensitive data of Part D
sponsors. In addition, whenever PDE
data is released, we only release the
minimum data necessary for a given
purpose, as determined in the sole
discretion of CMS after review of the
requestor’s detailed request for data. If
releasing data to an external entity for
research purposes, CMS indicated in the
Part D data final rule that the requestor
must be a legitimate researcher,
meaning the requestor has the requisite
experience and is working for, or on
behalf of, a reputable institution. (In the
preamble to the Part D data final rule
(73 FR 30674 citing 45 CFR 164.501), we
used the definition of ‘‘research’’
contained in the HIPAA Privacy Rule,
which defines the term as ‘‘a systematic
investigation, including research
development, testing, and evaluation,
designed to develop or contribute to
generalizable knowledge.’’) In the Part D
data final rule (73 FR 30674), we also
indicated that, consistent with our
current policies for Part A and B data,
identifiable Part D data would not be
disclosed for commercial purposes.
In the preamble to the proposed rule,
we stated that we believe the current
limitations on the release of certain data
elements hinder the use of PDE data in
a health care environment that is
substantially transforming due to the
Affordable Care Act, and that these
limitations therefore also inhibit
accompanying insights into prescription
drug benefit plans that could result from
broader release of the data. We further
stated that our experience has led us to
conclude that broader release of PDE
data to external entities can increase the
positive contributions researchers make
to the evaluation and function of the
Part D program and improve the
efficiency of the program and the
clinical care of its beneficiaries, which
is in the interest of public health. For
these reasons, we stated that increased
access to prescriber, pharmacy, and plan
identifiers by all categories of requestors
is of utmost importance and will
facilitate research by entities outside
CMS that involves identifiable plans,
prescribers, and pharmacies.
Furthermore, we stated that we could
relax the current policies on the release
of this PDE data, while still protecting
beneficiary confidentiality and
commercially sensitive data of Part D
sponsors.
Specifically, we proposed to permit
the release of unencrypted prescriber,
pharmacy, and plan identifiers
(including internal plan/pharmacy
identification numbers on the claim that
represent reference numbers assigned by
the plan at the time a drug is dispensed)
contained in PDE records to all current
categories of requestors (including other
HHS entities and the Congressional
oversight agencies, non-HHS executive
branch agencies and states, and external
entities). We noted that because the
minimum necessary policy will still
apply to all such releases, our proposal
was more a formality with respect to
HHS entities/Congressional oversight
agencies and non-HHS executive branch
agencies/states, since this data is
available in unencrypted format to these
same entities under the current Part D
data regulations ‘‘if needed.’’ For this
reason, in the proposed rule, we focused
on the release of unencrypted
prescriber, pharmacy, and plan
identifiers to external entities as
discussed later in this section.
We acknowledged in the preamble to
the proposed rule that there still may be
concerns about releasing unencrypted
prescriber, plan, and pharmacy
identifiers to outside entities based on
comments that were received in
response to our original proposed Part D
data regulations, and that were
discussed in the Part D data final rule
(73 FR 30675). In particular, we
addressed concerns that this
information could be used by
pharmaceutical companies and others
who may want to influence physicians’
prescribing patterns and interfere with
their professional judgment. As we
stated in the proposed rule, it is our
view today, however, that the vast
majority of physicians have prescribed
and do prescribe what they believe are
the appropriate medications for their
patients, and they should have no
concerns with transparency in their
prescribing patterns. Moreover, we
stated that there are other measures in
place to prevent inappropriate influence
by external entities on prescribers, such
as section 6002 of Affordable Care Act
and the federal Anti-Kickback Law
(section 1128B(b) of the Act). We also
pointed out that when data are
completely transparent, it is easier for
the attempts of some to use the data for
purposes of inappropriate manipulation
to be countered by others who have
access to the same data. We also noted
that it appears prescriber data are
already available commercially from
pharmacy data aggregators. For these
reasons, we stated that we believe that
our earlier concerns expressed in the
Part D data final rule about the release
of unencrypted prescriber identifiers in
PDE data to external entities are no
longer warranted.
In the proposed rule, in conjunction
with our proposal to broaden the release
of unencrypted prescriber identifiers,
we also highlighted our response to a
comment discussed in the Part D data
final rule, which argued that providing
access to linked physician identifiable
claims in order to pool them with
employer data would allow analysis to
reduce cost of care delivery and
improve the quality of care (73 FR
30676). We noted that in response to the
comment, we did not disagree with the
commenter, but referenced a variety of
pay for performance and value-based
health care initiatives being undertaken
by CMS at the time in an effort to
encourage health care providers to
furnish high quality health care and to
provide cost and quality information to
consumers. We also noted that in our
response to the comment, we had stated
that we intended to use PDE data in
those activities, but we declined to
adopt a policy that would include
making unencrypted prescriber
identifiers available for release to
external entities (except when needed to
link to another data set). In this
proposed rule, however, we
acknowledged that, in light of the goals
of the Affordable Care Act to improve
the quality of health care, including
through better access to information, we
now agree with the commenter
regarding the importance of providing
access to prescriber-identifiable claims
in order to allow researchers to pool
them with employer data and conduct
broader research.
We noted in the proposed rule that
our current policy on release of
ingredient cost and dispensing fee data
would not change under our proposal,
meaning the minimum necessary data
regarding ingredient costs and
dispensing fees would continue to be
available for release in disaggregated
form only to other HHS entities and
congressional oversight agencies. Non-
HHS executive branch agencies and
external entities could still only obtain
the minimum necessary ingredient cost
and dispensing fee data, and only in
aggregated form.
With respect to our proposal to
broaden the release of unencrypted plan
VerDate Mar<15>2010 19:14 May 22, 2014 Jkt 232001 PO 00000 Frm 00065 Fmt 4701 Sfmt 4700 E:\FR\FM\23MYR2.SGM 23MYR2
TKELLEY on DSK3SPTVN1PROD with RULES2