In 2010, the Colorado General Assembly saw the opportunities an immense repository of data such as the Colorado All Payer Claims Database (CO APCD) could afford – they also saw the possibilities for exploitation and built safeguards into the use of the CO APCD. When drafting the legislation that shaped the database, they explicitly stated that the purpose of the CO APCD was “facilitating the reporting of health care and health quality data that results in transparent and public reporting of safety, quality, cost, and efficiency information at all levels of health care.” The bill sponsors detailed how the data collected would be available in two ways 1) “to the public…as a resource to insurers, consumers, employers, providers, purchasers of health care, and state agencies to allow for continuous review of health care utilization, expenditures, and quality and safety performance in Colorado;…”, and 2) to “state agencies and private entities in Colorado engaged in efforts to improve health care.”
The policymakers also directed an administrator be appointed and a multi-stakeholder Advisory Committee be seated to help the administrator develop and implement a database that would go on to collect upwards of five million claims each month, at last count. Center for Improving Value in Health Care (CIVHC), as designated administrator, and the Advisory Committee worked together to determine what data elements to collect and to establish the criteria under which this valuable data could be released. Decisions governing the collection, release, and reporting of CO APCD data, based on recommendations arising from this collaboration, are enacted via Executive Director Rule from the Colorado Department of Health Care Policy and Financing and incorporated into the Colorado Code of Regulations (10 CCR 2505-5/1.2004.A-1.200.9A – the CO APCD Rule).
The CO APCD Rule outlines the claim types to be collected, what entities must submit data, what penalties might be assessed in the event of non-compliance, and the conditions which must be met for release of CO APCD data. Public releases of data are governed by different rules than releases of non-public data.
Public releases must:
- be aggregated and summarized to protect patient identity according to the Health Information Portability and Accountability Act (HIPAA),
- follow all federal regulations, such as the Health Information Technology for Economic and Clinical Health (HITECH), and anti-trust laws,
- “describe patterns of incidence and variation of targeted medical conditions, state and regional cost patterns and utilization of services[;]” and
- should be published via a consumer-facing website to achieve the purposes of the CO APCD.
Non-public data released must meet the following criteria:
- Be consistent with the legislative purpose of the CO APCD – better care, better health, lower costs
- Contribute to efforts to improve health care for Colorado residents
- Comply with the requirements of HIPAA and federal regulations such as HITECH or anti-trust laws
- Use recognized analytic methods
CIVHC checks to ensure every application for non-public CO APCD data meets all the requirements for release. A Data Release and Review Committee (DRRC), made up of CIVHC partners and different areas of health care, evaluates requests to ensure they are “consistent with the statutory purpose of the APCD, will contribute to efforts to improve health care quality, value or public health outcomes for Colorado residents and compl[y] with the requirements of HIPAA.” The DRRC then advises the administrator whether the request meets the requirements for release. Once a project is determined to meet the criteria for release, non-public CO APCD data requestors must complete the application process, which involves fulfilling additional requirements to adhere to CIVHC data privacy and security policies.