While an all-payer claims database (APCD) could offer Californians new ways to keep track of health care costs, lawmakers must take steps to guarantee that data would remain secure.
To achieve the Triple Aim of reducing health care costs while improving quality and expanding access, Californian policymakers and providers need new ways to measure and track spending across the health care system. Consumers, too, need better tools to track and compare costs between different providers.
All-payer claims databases (APCDs) offer this functionality. They track and store provider-specific claims data, including amounts paid by payers, in a space that policymakers, researchers, and consumers can use to better understand the health care system and its costs. But with such great accessibility comes risk: While they form the foundation for pricing and transparency tools, APCDs also store a huge amount of sensitive and confidential data in one place that could become the target of a hacking attempt or other malicious intrusion. For this reason, among others, it is imperative that the state find ways to ensure the safety and correct dissemination of any data housed in an APCD.
By analyzing APCDs in four US states, this report builds a set of recommendations for Californian lawmakers to consider when creating the framework that would support a potential APCD in the state. It offers in-depth analysis across three main areas:
- Governmental oversight and structure. An independent, permanent oversight body with a broad-based membership should manage the APCD.
- Data privacy and security. By making the APCD a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) and the California Medical Information Act (CMIA), policymakers could build on existing regulations to guarantee security.
- Release of information. Safe data release is the primary function of an APCD. Lawmakers should create a robust and clear set of rules to govern it, and bring data release under both HIPAA and CMIA.