Title: Bill Number: HB2289/SB2239
This brief document summarizes some of the major components to HB2289 (SB2239) which is currently being considered by the Tennessee General Assembly.
The bill creates a government database of Tennesseans’ private healthcare claims. Each Tennessean that has private health insurance would be listed in the database, and all claims for care that they receive would be transmitted to the state by private health insurance companies for compilation in the database.
For example, if you went to the doctor today with a cold, and again on Friday with bronchitis, then by Monday you were admitted to the hospital with pneumonia all of that data would be submitted to the state so that the department of finance and administration can follow the progress of your illness and treatment.
The enormity of this database cannot be overstated. For instance, Blue Cross / Blue Shield processes 38,000 insurance claims per hour. Each of the claims would become part of the database.
Several New England states and Minnesota have already instituted similar databases. Minnesota’s health dept has recently begun dictating health protocols to doctors and insurance companies - what business the state has interfering in private healthcare transactions is yet unanswered.
As outlined in the bill, the government wants the private healthcare data of her citizens’ so that the Commissioner of the TN Department of Finance and Administration (presently Dave Goetz) can carry out several stated objectives including:
Improve health care accessibility and affordability,
Identify health care needs,
Determine the capacity and distribution of existing health care resources,
Evaluate the effectiveness of programs on patient outcomes,
Provide publicly available information on providers’ quality of care.
REMEMBER! This data is privately paid for information on private individuals who are making claims to private insurance companies. Frankly, the government has no business having such private information or performing any of the above duties when you privately pay for your healthcare.
Section by Section Analysis
Section 1; Adds the National Committee for Quality Assurance (NCQA) to the Tennessee Code under insurance company utilization review agents in 56-6-704.
NCQA is a non-profit organization that “promotes the adoption of strategies that we believe will improve care, enhance service and reduce costs, such as paying providers based on performance, leveraging the Web to give consumers more information, disease management and physician-level measurement.”
In a letter dated March 6, 2009 to President Obama from this non-profit organization praised the president for his White House Healthcare Summit and for moving us toward “comprehensive health care reform we need.”
Their criteria for which insurance companies must comply contains 6011 data fields on patients for evaluating cost and quality. Some large insurance companies already belong to this organization and comply with the 6011 data sets - however, others do not already comply.
Section 3 - Definitions;
Bill contains no definition for;
· All Payer Claims Database
· National Standards in Section 3 (c)(2)(A) or Section 3 (f)(1)(C).
· HEDIS information in Section 3 (f)(2)(A). Some HEDIS information is based solely on surveys.
· National multi-collaborative stakeholders found in Section 3 (c).
Section 3 (c); Tennessee Health Information Committee
· No requirements for meetings of the committee or for the call of meetings or for the format.
· There is no sunrise date for the committee.
· Under the proposed law, the Commissioner of Finance and Administration would take recommendations from the newly established “Tennessee Health Information Committee.” The committee is to be comprised of 19 members, only one of whom “represent[s] health care consumers”; all of whom may view all of the information on the database. It is unclear why oversight of the database and the functions is housed within the Department of Finance and Administration, as opposed to the TN Department of Health.
Section 3 (c)(2)(A); Calls for the committee to develop a description of data sets based on “national standards” - National standards is not defined.
Protected Health Information; Not any specific part of the bill restricts the submission of “Protected Health Information” (PHI) to the state of Tennessee - “Protected Health Information” is a dataset of 18 fields of personal information identified by HIPAA’s Privacy Rules. The bill does not preclude the state from getting your PHI; only three of the 18 fields of the PHI may not be included in the Database. In fact, HIPAA expressly allows the government to receive your Personal Health Information - http://privacyruleandresearch.nih.gov/pr_08.asp.
All through the bill it implies that the state will have Protected Health Information.
Section 3 (c)(3)(A) & (B)
Section 3 (c)(5)
Section 3 (d)(1) - one of the most obvious spots
Section 3 (f)(2) - another very obvious spot
Section 3 (d)(2)(A) asserts that “source” or “draft” information used to construct or populate the database will exist.
Nowhere does it state that the data set will be fully de-identified before the state receives the information from the insurance companies.
Section 3 (c)(2)(B); Requires the Committee to develop a method for the submission of data. NO METHOD IS DESCRIBED IN THE BILL.
Once an all payer claims database is established health insurance issuers must submit data in a standardized, electronic form, for inclusion in the database. The data submitted will include information on patients, their claims, the quality of care received, pricing rates, costs of care, and possibly other information in conformity with the National Committee for Quality Assurance (NCQA).
Section 3 (d)(2)(b); The information will be made available to virtually any branch of state government.
Section 3 (e); Excludes only three pieces of personal information from the All Claims Database; name, address, and social security number. This is startling to anyone that knows anything about datasets and privacy. HIPAA identifies 18 fields of protected health information that must be excluded in order for complete privacy to be assured. The inclusion of any of the remaining 18 fields puts patient privacy at risk.
This section should expressly state that none of the 18 fields of Protected Health Information will ever be received by the government.
Section 3 (f)(1)(A); States that all group health plans and health insurance issuers shall provide electronic health insurance claims and eligibility data in accordance with the committee and state rule. Why is eligibility data included if we do not know the persons identity? Again, there is no statement that Protected Health Information will be omitted.
Section 3 (f)(1)(B); Allows the committee and the commissioner to request any additional information from insurance companies that they deem.
Section 3 (f)(1)(C); States the committee and commissioner shall strive for standards and procedures that reflect “national standards”. No definition of national standards exists in the bill.
Section 3 (f)(2)(B); This unfunded mandate forces insurance companies to change the way they receive claims from providers to the very same format that the Centers for Medicare and Medicaid Services requires claims to be submitted.
Section 3 (f)(3); Insurance companies that fail to submit patient information to the state shall be fined up to $100 each day of delay. It is unclear whether this fine applies to the failure to file all records, or whether it is assessed per record.
Fiscal note: The TN General Assembly Fiscal Review Committee notes that the legislation will increase State expenditures by more than $200,000. That is an improbable amount for such an expansive database with continuing analysis. In Minnesota the compilation of the data base cost $1.2 million for just the first 18 months and the analysis was $3 million.
Vagueness – The bill’s language is extremely vague when describing the “duties” of the Commissioner of Finance and Administration with regards to his utilization of this database. For instance, one duty is “evaluating the effectiveness of intervention programs on improving patient outcomes.” It is unclear by what standards the commissioner is to use when making such evaluations.
Effectiveness – It is unlikely that a database, while comprehensive in nature, will allow members of the newly created TN Health Information Committee (THIC) to develop meaningful and effective recommendations that increase public health without years of extensive analysis. Billions of dollars are spent each year in the U.S. to improve public health yet the fiscal note for this legislation is just over $200,000. The likelihood of success with such a meager expenditure, especially among a myriad of other, more sophisticated research, is weak at best.
Access to Data – The proposed legislation gives access to otherwise private and confidential health care data to any “departments of state government” if the information is disclosed with the purpose of achieving the duties (of the Commissioner of Finance and Administration). Given the vagueness of the “duties” as noted supra, access to this sensitive information is given to nearly any governmental agency in the state of Tennessee.
As with all public databases, there is a significant chance the information could become compromised. This could occur from a computer “hacker” or from someone within state government (as was the case in the State Trooper’s office last year). Exposure to liability should this sensitive data become publically available is virtually infinite and could open the state to decades of litigation from around the country. Also troubling is the potential to cross-reference health care data with other databases such as school records, criminal records, and travel logs.
It should also be noted that numerous public websites already exist that allow consumers to “shop” for a health care provider that meets their needs. These websites exist without sharing identifiable or sensitive information. Thus the state already has data from which to study health care from a public policy perspective.
Privacy – As the proposed law is written, patients and health care providers are unable to exempt themselves from this database. Similarly, there is no “opt-in” provision that would apply the new law to only those choosing to be a part of the government maintained database. The law states that it will comport with all applicable Health Insurance Portability and Accountability Act (HIPAA) regulations, however this is misleading. HIPAA, by its own terms, does allow for private health care information to be shared with state agencies in certain instances and this law seems to fall within those rules. HIPAA does, however, seem to establish a reasonable expectation of privacy (between patient, provider, and insurer) and this law may unconstitutionally violate that constitutional right.
TN Residents Only? – The bill, by inference only, seems to apply only to Tennessee residents however, it is not clear that lawmakers have contemplated how to the law should apply to part-time residents, those that visit TN-based health care providers, those that work for a TN-based company though they live out of state, Tennesseans with out of state dependents, etc. Requiring insurance companies to submit data without a way to meaningfully limit the law to Tennesseans subjects both insurance companies and the state to great litigation exposure.
Costs to Consumers & Insurers – The legislation’s current fiscal note is less than $200,000 but this only takes the cost to the state government into account. Furthermore, even the fiscal note is a gross under-estimate. In Minnesota, where similar legislation passed, the cost of the program exceeded $4 million in less than 4 years. Insurance companies are likely to incur great costs when forced to conform to an electronic form as prepared by the NCQA. These costs are likely to be passed along, eventually, to consumers. Thus the stated goal of “improving…affordability of patient health care and health care coverage” is thwarted from the start.
Finally, insurance companies will have to disclose otherwise proprietary information which, according to the proposed law, is subject to “public release” via report. While this could lead to greater price transparency, it could also lead to forcing insurance companies to exit the state in favor of states that allow them to retain some competitive advantage. Again, the stated goal of “improving accessibility” could be drastically harmed if this legislation becomes a law.