CMS Data Sharing Clause Samples
The CMS Data Sharing clause governs the terms under which data from the Centers for Medicare & Medicaid Services (CMS) can be accessed, used, and shared between parties. Typically, this clause outlines the types of CMS data involved, the permitted purposes for its use—such as research, analysis, or compliance—and the security measures required to protect sensitive information. By clearly defining the boundaries and responsibilities for handling CMS data, this clause ensures compliance with regulatory requirements and protects patient privacy, thereby reducing the risk of unauthorized disclosure or misuse.
CMS Data Sharing. Over the Performance Period of the Model, CMS is willing to accept requests from the GMCB for Medicare data necessary to achieve the purposes of the Model. This Medicare data may include individually-identifiable Medicare eligibility status and demographic information of all Medicare FFS beneficiaries residing in Vermont, and claim and claim line data for services furnished by Medicare-enrolled providers and suppliers to Medicare FFS beneficiaries residing in Vermont. CMS may, upon request of the GMCB, provide additional reports that include the following: utilization, expenditures, quality of care, Medicare FFS eligibility type, VMA ACO alignment, and performance summary comparisons to other states. The GMCB may request individually- identifiable health information that is necessary for carrying out health oversight activities under 45 C.F.R. § 164.512(d)(1). All such requests for individually- identifiable health information must clearly state the HIPAA basis for the requested disclosure and include an assertion that the data requested constitutes the minimum necessary to carry out those activities. CMS will make best efforts to approve, deny, or request additional information regarding data requests within 60 calendar days after the State’s request. CMS will accept or reject such requests on a case-by-case basis and at CMS’s sole discretion. All information will be provided consistent with all applicable laws and regulations, including HIPAA and the regulations governing the confidentiality of substance use disorder patient records under 42 C.F.R. part 2. Appropriate privacy and security protections will be required for any data disclosed under this Agreement.
CMS Data Sharing i. During the Agreement Term, CMS will offer the State an opportunity to request certain Medicare data and reports using a data request process to be determined in a form, manner, and time by CMS. All such requests for beneficiary-identifiable information must clearly state which provision under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule permits the requested disclosure (e.g., for health oversight activities under 45 C.F.R. § 164.512(d)). The State will ensure that each request for data is limited to the minimum data necessary to accomplish the task. CMS will provide this Medicare data to the State in a manner consistent with all applicable laws and regulations, including HIPAA. CMS will make best efforts to approve, deny, or request additional information within 30 days of receipt. CMS will accept or reject such requests on a case-by-case basis and at CMS’ sole discretion.
ii. Medicare data requests may include information that has been de-identified in accordance with the HIPAA Privacy Rule requirements in 45 C.F.R. § 164.514(b). Such Medicare data may also include certain beneficiary-identifiable Medicare eligibility status and demographic information of all Medicare FFS beneficiaries residing in the State and claim line data for items and services furnished to those beneficiaries. CMS may provide additional reports that include the following: utilization, expenditures, quality of care, Medicare eligibility type, and performance summary comparisons to other states.
CMS Data Sharing. Over the Performance Period of the Model, CMS is willing to accept requests from the GMCB for Medicare data necessary to achieve the purposes of the Model. This Medicare data may include individually identifiable Medicare eligibility status and demographic information of all Medicare FFS beneficiaries residing in Vermont, and claim and claim line data for services furnished by Medicare-enrolled providers and suppliers to Medicare FFS beneficiaries residing in Vermont. Additional reports may be provided upon request that include the following: utilization, expenditures, quality of care, Medicare FFS eligibility type, VMA ACO alignment, and performance summary comparisons to other states. All such requests for individually-identifiable health information must clearly state the HIPAA basis for requested disclosure (e.g., for research purposes under 45 C.F.R. § 164.512(i), to enable GMCB to analyze healthcare utilization, quality, expenditures, and system performance under the Vermont All- payer ACO Model). CMS will make best efforts to approve, deny, or request additional information regarding data requests within a reasonable amount of time. All information will be provided consistent with all applicable laws and regulations, including HIPAA and the Part 2 regulations governing the use of information regarding diagnosis and treatment for substance abuse. Appropriate privacy and security protections will be required for any data disclosed under this Model.