In 2010, the Colorado General Assembly saw the opportunities an immense repository of data such as the Colorado All Payer Claims Database (CO APCD) could afford – they also saw the possibilities for exploitation and built safeguards into the use of the CO APCD. When drafting the legislation that shaped the database, they explicitly stated that the purpose of the CO APCD was “facilitating the reporting of health care and health quality data that results in transparent and public reporting of safety, quality, cost, and efficiency information at all levels of health care.” The bill sponsors detailed how the data collected would be available in two ways 1) “to the public…as a resource to insurers, consumers, employers, providers, purchasers of health care, and state agencies to allow for continuous review of health care utilization, expenditures, and quality and safety performance in Colorado;…”, and 2) to “state agencies and private entities in Colorado engaged in efforts to improve health care.”
The policymakers also directed the Colorado Department of Health Care Policy and Financing (HCPF) to appoint an administrator of the database and to assemble a multi-stakeholder Advisory Committee. Working together, the Center for Improving Value in Health Care (CIVHC), as designated administrator, and the CO APCD Advisory Committee developed and implemented a database that would go on to collect upwards of five million claims each month. They determined which data elements to collect and established the criteria for accessing and releasing the valuable data. Decisions governing the collection, release, and reporting of CO APCD data, based on recommendations arising from this collaboration, are enacted via the Executive Director Rule from HCPF and incorporated into the Colorado Code of Regulations (10 CCR 2505-5/1.2004.A-1.200.9A – the CO APCD Rule).
The CO APCD Rule outlines the claim types to be collected, which entities must submit data, what penalties might be assessed in the event of non-compliance, and the conditions that must be met for release of CO APCD data. Public releases of data are governed by rules different from those of non-public data.
Public releases must:
- be aggregated and summarized to protect patient identity according to the Health
- Information Portability and Accountability Act (HIPAA),
- follow all federal regulations, such as the Health Information Technology for Economic and Clinical Health (HITECH), and anti-trust laws,
- “describe patterns of incidence and variation of targeted medical conditions, state and regional cost patterns and utilization of services[;]” and
- be published via a consumer-facing website to achieve the purposes of the CO APCD.
Non-public data released must meet the following criteria:
- Be consistent with the legislative purpose of the CO APCD – better care, better health, lower costs.
- Contribute to efforts to improve health care for Colorado residents.
- Comply with the requirements of HIPAA and federal regulations such as HITECH or anti-trust laws.
- Use recognized analytic methods.
CIVHC checks to ensure every application for non-public CO APCD data meets all the requirements for release. A Data Release and Review Committee (DRRC), made up of CIVHC partners from different areas of health care, evaluates requests to ensure they are “consistent with the statutory purpose of the APCD, will contribute to efforts to improve health care quality, value or public health outcomes for Colorado residents and compl[y] with the requirements of HIPAA.” The DRRC then advises the administrator whether the request meets the requirements for release. Once a project is determined to meet the criteria for release, non-public CO APCD data requestors must complete the application process, which involves fulfilling additional requirements to adhere to CIVHC data privacy and security policies.
Examples of public releases of CO APCD data can be found on civhc.org under Public Data, and descriptions of non-public releases are available on the Change Agent Index.