The Affordable Care Act of 2010 directed the Center for Medicare and Medicaid Services (CMS) to establish an insurance risk adjustment program. The basic point of the program is to more evenly allocate the risk of loss for insurers serving the individual and small group market by compensating insurers with higher than expected costs and ensuring that insurers with lower than expected costs are not unjustly enriched. Several months ago CMS proposed  a regulation to initiate the risk adjustment program. In the proposed rule, CMS set forth a “centralized” model for the program: all individual and small-group insurers would be required to submit health claims to federal or state government agencies so that those agencies can perform the required risk adjustment analyses.
Health care claims are sensitive data, and the requirement of claims submission prompted some House Republicans  and some health insurance companies to argue that CMS’ model – under which the government collects and stores raw copies of the claims data – threatened the privacy of individuals’ health care information. In comments on the proposed rule, some insurance companies urged CMS to consider a “distributed” model whereby insurers would analyze the claims data themselves and send agencies the results. By not providing a copy of the claims to the government, the insurers reasoned, the bulk of the privacy and security issues were mitigated.
Last week, the Center on Budget and Policy Priorities (CBPP) released a paper  arguing that the insurers’ distributed model would make the risk adjustment program susceptible to inaccuracy and fraud. CBPP’s paper pointed out that many insurers in the individual and small group market would make errors due to a lack of experience in conducting risk adjustment analysis, while others might intentionally submit falsified results to maximize their profits – and CMS would have to rely on retroactive audits of outdated data to ensure insurers were not gaming the system. CBPP urged CMS to proceed with the centralized approach it articulated in the proposed regulations.
The Center for Democracy & Technology (CDT) agrees with CBPP that government agencies should have access to the claims data in order to execute the risk adjustment program in an accountable and accurate fashion. However, we agree with the insurers that submitting raw copies of health claims to government agencies for this and numerous other programs weakens data security – especially in the long term, as large databases of claims pile up – and puts patient privacy at risk. The two interests are not mutually exclusive, and debate over the technical architecture of programs using health claims data should not be binary: one centralized model versus one distributed model. There are multiple models.
In our comments  on the risk adjustment program, CDT recommended that CMS adopt a model that provides agencies with access to claims without requiring a copy to be sent to the government. CDT’s proposed model is one of “distributed access.” Under this model, CMS should require each plan to set aside a structured, de-identified copy of claims and encounter data in a secure system (such as on an edge server or in a secure cloud storage center). CMS should require plans to make their respective systems accessible to state or federal agencies responsible for operating risk adjustment programs. The data is not duplicated and sent to the government – but is still made available for the government to perform the necessary risk analysis. CMS and states would retain the results of their analyses, rather than keep full copies of the claims data. Accountability mechanisms – such as, perhaps, audit logs and random audits – could ensure the claims data made available to the agencies are accurate. CBPP’s paper briefly mentions CDT’s recommended model, noting that we – like CBPP – are calling for the data to be accessible to agencies, and that the agencies themselves should conduct the analyses. CBPP suggests that CMS evaluate the approach recommended by CDT to ensure it is reliable and supports the goals of reform of the health care market. We completely agree.
Unfortunately, despite the fact that distributed access networks of the sort we advocate are already in use in other commercial sectors, state and federal government agencies have not yet indicated a willingness to even give plans the option of exploring this model for analytic programs using health claims. Instead, in numerous instances health plans are required by state and federal regulations to send whole copies of patients’ claims to multiple programs seeking to crunch the data – such as OPM’s Health Claims Data Warehouse , states’ All-Payer Claims Databases , and now the risk adjustment program. But, as CDT has said before , continually building huge repositories of medical data for new research or policy needs is risky, inefficient and a poor long-term strategy. Maintaining copies of sensitive information in various locations for long periods of time sharply worsens the risk and severity of data breaches. It is burdensome for plans to set up and secure multiple data feeds to different entities in various locations, and the unnecessary collection of patients’ claims by government weakens public faith in the confidentiality of digital medical records.
CDT looks forward to working with CMS, technology vendors, state agencies, and consumer groups to further strengthen support for models of health claims analysis that do not require data to be copied and stored in multiple databases. The goal is to give government agencies and health plans greater flexibility to use distributed access over the purely centralized solution that is today’s trend. A first step, though, is to think beyond the binary debate – one type of centralized model versus one type of distributed model – and earnestly explore better options.