Buzzwords are everywhere in government. A few years ago, "deep-dive" was the word of choice. Everyone was suggesting a deep-dive into one issue or another. More recently, the term du jour seems to be "silo." These unfortunate silos seem to be everywhere, and everyone wants to break them down.
I bring up buzzwords because I recently had the pleasure of presiding over my first regulatory hearing as Commissioner of the Division, and certain phrases were used over and over again. As you may know, we proposed regulations to collect and make data available on all health care claims in Massachusetts through a database called the All-Payer, All-Provider Claims Database (the "APCD").
The APCD will be an unprecedented, centralized database of health care information. It will be used to study health care costs, quality, and utilization as we have never been able to examine these areas before, and more importantly, it will offer consumers and employers full transparency about these issues.
At the hearing, there was general support for the APCD, but many also expressed reservations about the Divison's ability to protect confidential information in the database. In fact, the same three words kept repeatedly coming up: "security," "privacy," and "confidentiality".
These are not just buzzwords, and I want to explain how the Division is committed to maintaining the security, privacy, and confidentiality of the information we collect and analyze:
Security: The Division has collected and maintained a hospital discharge database for more than 20 years without one single breach of data. (This database includes virtually all of the state's inpatient, outpatient, and emergency department visits.) We are proud of this track record, and will apply even more stringent standards to the APCD.
Privacy: Under the proposed regulation, payers would be required to submit data elements including personal health information (PHI). Protecting PHI and complying with state and federal privacy laws and regulations, including HIPAA, is clearly of utmost importance to me and the Division. Before claims data is placed in the Division's automated database, we encrypt the data and replace it with a unique personal identifier. This allows us to track patients across services without seeing or using their PHI.
Confidentiality: First, the Division will never release any personal identifying information to the public. The proposed tiers of available files include data elements that comply with federal and state laws for privacy and confidentiality. Second, all data requests require the submission of an application that will be publicly posted and open for your feedback. The applications must ensure a certain security protocol, and the data has to be used for the stated public interest.
As we develop the APCD, we will continue to update you on our progress, and I welcome your feedback. With an APCD, we can finally conduct the "deep-dives" and tear down the "silos" that we hear so much about and more importantly, infuse full transparency into the health care cost and quality dialogue for consumers.