N.M. Admin. Code § 7.1.31.8

Current through Register Vol. 35, No. 21, November 5, 2024
Section 7.1.31.8 - STATEWIDE ALL-PAYER CLAIMS DATABASE-DUTIES-CONTRACT WITH DATA VENDOR
A.Duties of the department:
(1) The department shall establish a statewide all-payer claims database to support transparent public reporting of health care information. The database must improve transparency to: assist patients, providers, and hospitals to make informed choices about care; enable providers, hospitals, and communities to improve by benchmarking their performance against that of others by focusing on best practices, enable purchasers to identify value, build expectations into their purchasing strategy, and reward improvements over time; and promote competition based on quality and cost. The database must systematically collect all medical claims for covered medical services, pharmacy claims, dental claims, member eligibility and enrollment data, and provider data with necessary identifiers from private and public payers, with data from all settings of care that permit the systematic analysis of health care delivery.
(2) The department shall convene subcommittees to the HIS advisory committee with the approval of the secretary, including:
(a) a subcommittee on data policy development;
(b) a subcommittee to establish a data release process consistent with the requirements of this rule and to provide advice regarding formal data release requests. The advisory subcommittees must include in-state representation from key providers, hospitals, public health and health maintenance organizations, large and small private purchasers, consumer organizations, and the two largest carriers supplying claims data to the database; and
(c) other subcommittees as needed.
B.Duties of the department in contract with data vendor:
(1) The department will conduct, or may engage a data vendor to perform, data collection, processing, aggregation, extracts, and analytics. The department or data vendor must:
(a) establish a secure data submission process with data providers;
(b) review data submitters' files per standards established by the department;
(c) assess each record's alignment with established format, frequency, and consistency criteria;
(d) maintain responsibility for quality assurance, including, but not limited to:
(i) the completeness, accuracy and validity of data provider's data;
(ii) accuracy of dates of service spans;
(iii) maintaining consistency of record layout and counts; and
(iv) identifying duplicate records;
(e) assign unique identifiers, as defined in this rule, to individuals represented in the database;
(f) ensure that direct patient identifiers, indirect patient identifiers, and proprietary information are released only in compliance with federal and state privacy laws and the terms of applicable confidentiality requirements;
(g) demonstrate internal controls and affiliations with separate organizations as appropriate to ensure safe data collection, security of the data with state of the art encryption methods, actuarial support, and data review for quality assurance;
(h) store data in a manner compliant with the federal Health Insurance Portability and Accountability Act and regulations, with access to the data strictly controlled and limited to staff with appropriate training, clearance, and background checks; and
(i) maintain state of the art security standards for transferring data to approved data requestors.
(2) The data vendor must submit detailed descriptions to the department's chief information security officer to ensure robust security methods are in place.
(3) The department is responsible for internal governance, management, funding, and operations of the database. The department shall work with the data vendor to:
(a) collect claims data from data providers as provided in this rule;
(b) design data collection mechanisms with consideration for the time and cost incurred by data providers and others in submission and collection and the benefits that measurement would achieve, ensuring the data submitted meet quality standards and are reviewed for quality assurance;
(c) ensure protection of collected data and store and use of data in a manner that protects patient privacy and complies with this section. All patient-specific information must be secured with required standard encryption algorithms;
(d) consistent with requirements of this rule, make information from the database available as a resource for public and private entities, including carriers, employers, providers, hospitals, and purchasers of health care;
(e) report performance on cost and quality pursuant to this rule.
(f) develop protocols and policies, including prerelease review by any entity identified by the department, to ensure the quality of data releases and reports;
(g) the department may not charge providers or data providers fees other than fees directly related to requested reports.

N.M. Admin. Code § 7.1.31.8

Adopted by New Mexico Register, Volume XXXII, Issue 08, April 20, 2021, eff. 4/20/2021