MEDICARE DRUG BENEFIT PATIENT DATA WILL BE KEPT ON-LINE
MEDICARE DRUG BENEFIT PATIENT DATA WILL BE KEPT ON-LINE for six months, the Health Care Financing Administration said in an Aug. 21 Federal Register notice. After six months on-line, records will be shifted for storage to the offices of the drug claims processors. The data will be kept there for 21 months, and then stored at the Federal Data Center for five years. Records will be destroyed after the end of that five-year period. The key consideration in deciding how long to maintain data on-line was the amount of time needed to review a patient's prescription drug history, according to HCFA staff. The catastrophic coverage law requires a review of potential drug interactions when prescriptions are filled. HCFA staff pharmacists reportedly agreed that access to prescriptions filled over the past 180 days would permit such a review. HCFA intends to limit the information available to pharmacies to what is necessary to establish or verify beneficiary eligibility and entitlement, to determine whether the annual Medicare prescription drug deductible has been reached or exceeded, and to counsel beneficiaries on any potential prescription drug interactions detected by the system. Data indicating potential drug interactions "will be limited to the prescription drug(s) implicated." The Aug. 21 document does not spell out requirements or restrictions for pharmacies regarding which employees are authorized to access the Medicare claims system. HCFA staff said those requirements will be discussed in Medicare conditions of participation for pharmacies (one of the upcoming proposed regs) and in Medicare manuals provided to both pharmacies and claims processors. HCFA notes, however, that every user will be "required to present a valid password before being allowed access to the system. Only those persons whose duties require access to beneficiaries' records will be given passwords." Terminal users will be "prevented from gaining access to sensitive data not required at those work stations." In addition, the computer system "will record every attempt to access or modify any beneficiary's record." At the pharmacy point-of-sale level, HCFA says that "authorized" personnel will "have only limited read/write access" to beneficiaries' records. The Federal Register notice is devoted to the issue of confidentiality of patient records in the drug benefit program. Privacy procedures for point-of-sale information generally follow the federal Privacy Act, HCFA noted. The procedures in the notice are scheduled to become effective on Oct. 20; HCFA, however, is willing to consider comments. The agency is still expecting to publish several more drug benefit proposed regulations by the end of summer. The agency has been predicting publication of eight drug benefit rules this month ("The Pink Sheet" Aug. 14, p. 5). Patient records will include standard Medicare enrollment information, including name, address, birth date, sex, race, Health Insurance Claim Number, marital status, and if applicable, date of death, as well as information on entitlement for drug coverage, deductible status, Medicare-covered outpatient drug prescription history, and secondary payer data. The HCFA notice lists approximately 20 types of authorized users who may have access to the records (see box, previous page). Users of the records "are precluded from disclosing and using any program data for non-programmatic uses and are advised of the confidentiality of the records and of the criminal sanctions for unauthorized disclosure of the information on individuals," HCFA says. AUTHORIZED USERS OF MEDICARE PRESCRIPTION DRUG BILLING DATA Authorized pharmacy personnel Beneficiaries and their designated representatives, to the extent needed to pursue drug reimbursement Other third-party contacts not designated by the beneficiaries, when that contact has information related to the patient's ability to manage his or her affairs or related to eligibility for reimbursement. For example, a person contacted when the patient is mentally incapable of providing needed information Law enforcement agencies investigating Medicare theft, forgery and fraud U.S. Postal Service investigators The Justice Department, when investigating possible criminal activities or representing HHS in litigation where the data are needed Courts or other adjudicative bodies reviewing a case involving HHS The Railroad Retirement Board Medicare peer review organizations Other peer review groups assisting Medicare in evaluating utilization or medical necessity of services State licensing boards reviewing professional misconduct Researchers, providing HHS determines the data is needed for a specific project and the researcher as quickly as possible removes information identifying individual patients State welfare departments State auditing agencies reviewing Medicaid drug benefit eligibility for dual eligibles Other state agencies evaluating the quality and costs of health services in the state, under the same provisions as for researchers Congressional offices investigating an inquiry made by a beneficiary Senior citizen volunteers helping beneficiaries with Medicare procedures Contractors working with Medicare claims processors to identify payments that should be made by other insurers Workers compensation agencies Insurance companies, self-insured groups, HMOs and other groups providing drug coverage, with disclosure limited to whether specified individuals are eligible for Medicare drug benefits HCFA contractors that are refining automated data processing methods Source: Excerpted from Aug. 21 Federal Register notice.
Sign in to continue reading.
New to Pink Sheet?
Start a free trial today!
Register for our free email digests: