Common use of CMS Data Sharing Clause in Contracts

CMS Data Sharing. i. During the Agreement Term, CMS will offer the State an opportunity to request certain Medicare data and reports using a data request process to be determined in a form, manner, and time by CMS. All such requests for beneficiary-identifiable information must clearly state which provision under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule permits the requested disclosure (e.g., for health oversight activities under 45 C.F.R. § 164.512(d)). The State will ensure that each request for data is limited to the minimum data necessary to accomplish the task. CMS will provide this Medicare data to the State in a manner consistent with all applicable laws and regulations, including HIPAA. CMS will make best efforts to approve, deny, or request additional information within 30 days of receipt. CMS will accept or reject such requests on a case-by-case basis and at CMS’ sole discretion. ii. Medicare data requests may include information that has been de-identified in accordance with the HIPAA Privacy Rule requirements in 45 C.F.R. § 164.514(b). Such Medicare data may also include certain beneficiary-identifiable Medicare eligibility status and demographic information of all Medicare FFS beneficiaries residing in the State and claim line data for items and services furnished to those beneficiaries. CMS may provide additional reports that include the following: utilization, expenditures, quality of care, Medicare eligibility type, and performance summary comparisons to other states.