Last week, the Senate HELP Committee released a discussion draft of the Lower Health Care Costs Act. Its centerpiece is a set of pretty robust safeguards to prevent patients from receiving surprise bills, as well as several possible approaches to resolving any billing disputes between health plans and providers.
But the discussion draft packs a lot more into it. It would make a bunch of changes to the drug approval process; push for greater transparency by (among other things) prohibiting gag clauses in provider contracts; create a public awareness campaign on the benefits of vaccines; and launch a competitive grant program to reduce maternal mortality.
Most surprisingly—to me, anyhow—is that the draft would establish a national claims database. That’s a big deal. As I’ve explained before, about 18 states have moved in the past decade to establish all-payer claims databases, or APCDs. At their most aggressive, the states have aimed to require every insurer to submit claims data—which is say, data on what they’re paying for and how much they’re paying for it—to a central repository. The hope is that the data can then be made available to researchers and state officials.
In 2016, however, the Supreme Court blew an enormous hole into these state-based APCDs. In Gobeille v. Liberty Mutual, the Court held that ERISA preempted any state law that purported to require self-insured employers—which is to say, two-thirds of all employers—to submit their data. The Court’s reasoning was thin, but the upshot was that these new APCDs would offer only a partial and distorted view of private health-care prices.
I offered a couple of ideas about fixing Gobeille, but they didn’t go anywhere. I had assumed there wasn’t much interest in getting some basic information about how badly we’re getting fleeced by hospitals, doctors, and drug companies.
But maybe I was wrong. The Lower Health Care Costs Act instructs HHS to enter into an agreement with a private, non-profit entity to operate a “national claims database.” It’s not quite an APCD, but it’s close.
Crucially, the discussion draft would require self-insured employer plans (all but the smallest of them) to submit all of their claims data to the database. The data-sharing obligation sweeps broadly, including information pertaining to health claims, enrollment, eligibility, and payment. By imposing data-sharing rules on self-insured employers, the national database would patch the hole that Gobeille created. The database would also have access to Medicare data, which could be aggregated with private data.
That said, the database won’t be completely comprehensive: the discussion draft doesn’t impose any data-sharing obligations on state-regulated insurers. At the same time, however, the draft confirms that states “may require” any payer “to submit claims data to the database.” If they take advantage of the flexibility, states could use the national database to get a comprehensive picture of private claims in their states. The draft also offers funding for states that want to establish their own APCDs, and requires them to share information with the national database as a condition of accessing that data.
So if the discussion draft were to become law, it would create a national most-payer claims database—an NMPCD?—while affording states the flexibility to build APCDs that leverage the information it collects. That’s all to the good.
Yet the draft presents some concerns. The biggest is that the data submitted to the national database must be de-identified, per rules laid out in HIPAA. That sounds like a reasonable effort to protect patient confidentiality. In practice, however, de-identification makes data much less useful. Zip codes and birthdays, for example, would have to be scrubbed, even though those are crucial to comparing patients in different areas or of different ages.
De-identification also makes it impossible to link databases together, which will impair all sorts of research. People don’t stay with the same payer over their lifetimes: they may be on Medicaid for a few years before they get a job that offers them coverage, only to lose the job and be relegated to the exchange. To understand what’s happening with that population, researchers have to link together data from different payers. That means they have to know who those people are and that their data have to be identifiable.
On the linkage front, the draft offers some wiggle room: the database is supposed to de-identify the data, “while retaining the ability to link data longitudinally for the purposes of research on cost and quality.” The idea seems to be that the database will use an encrypted individual identifier to allow for data linkages for research purposes. Maybe that’ll work (though the zip code and age problems still remain), but the devil is in the details. Will the operator of the national database make it easy for researchers to link data? Or will it take a cover-your-ass approach out of fear of some kind of privacy scandal?
I fear the latter, even though the privacy risks of compiling identifiable claims data are minimal. Medicare and Medicaid, for example, have long supplied researchers with identifiable data, subject to stringent privacy rules. To my knowledge, that’s never resulted in a breach of patient privacy. And the Lower Health Care Costs Act spends pages spelling out confidentiality rules on the national database and anyone who accesses its data. Absent some compelling reason to think those are inadequate—not just vague fears that maybe, somehow the data will get out—why not arm researchers and government officials with the information they need?
So the de-identification piece is a concern. On balance, though, I’m encouraged by the discussion draft. There appears to be some appetite to undo the damage that Gobeille inflicted, and to finally get some visibility into privately negotiated health-care prices.