As discussed in a previous Query, individuals or organizations can request non-public data releases from the Colorado All Payer Claims Database (CO APCD) to help answer questions or solve problems around health and health care in Colorado.

Today, we continue exploring the steps requestors must take to apply for a release of non-public data from CIVHC.

The Non-Public Data Release Application

When requestors begin the process of accessing non-public data from the CO APCD, CIVHC’s Health Data Consultants work closely with them to determine what data will meet their needs and what path the request will follow. Once the project goals are established — and they meet the legislative criteria of advancing better health, better care, or lower cost for Coloradans — the first official step in the process is to fill out an application.

The application establishes project purpose and benefit to Colorado, the data needed, how the data will be used, and what steps the requestor and/or their organization will take to ensure the data is secure. If the request requires protected health information (PHI), it must be reviewed by the Data Release Review Committee (DRRC). Once the application is approved internally by the CIVHC compliance team and the DRRC (if necessary), the requestor signs a Data Use Agreement (DUA) form. The DUA covers much of the same ground as the application, but it serves as a formal contract rather than an application.

Data Request Application Sections

Project Schedule and Purpose

In the first section of the application, requestors outline the project for which CO APCD data is necessary. They are asked to describe the timeline, goals of their project, and their research questions or problems they are trying to solve. Crucially, they must also detail how their project will benefit Colorado or Colorado residents – a requirement specifically laid out in the CO APCD Rule – and indicate how the project will improve health care quality, increase value, and/or improve health outcomes for Colorado residents.

Data Needed

Based on project goals and the requestor’s analytic resource capacity and experience, CIVHC helps determine the right type, format, and content of the data request. This starts with choosing between a data extract (also known as a data set) or report.

  • Data Sets are ideal for those with analytic expertise who want to conduct their own research
  • Reports are better suited for those who need CIVHC’s analysts to conduct the work on their behalf

If no PHI is needed, the requestor may receive a De-Identified Report or De-Identified Data Set.

If PHI is required, there are three levels available:

  • Limited Data Set: Includes elements like date of service or 5-digit ZIP codes
  • Identifiable Data Set: May contain direct identifiers (e.g., names or full addresses), and requires DRRC approval
  • Custom Report (de-identified or limited data): Tailored insights developed specifically for the requestor’s project goals and can include tables, narrative summaries, or visualizations – this is helpful for users who want actionable insights without managing raw data.

Limited and Fully Identifiable Data Sets have strict parameters around what can be included due to federal and local laws and regulations such as HIPAA and antitrust. Under these rules, requestors can only receive the minimum necessary amount of data to accomplish their project. They also must explain why they require each element, and, when possible, aggregate the data to protect patient privacy.

Data Requirements

The “Data Matching and Linkage” section outlines the specifics of the data needed. For applications including de-identified data, the requestor may be asked to select which data elements or filter requirements to include, such as lines of business, years of data, claim types, and more. This is where the application process becomes more custom – and flexible.

Depending on the type of application and the project’s goals, requestors may plan to combine the CO APCD data with other data sets or analyze specific patient populations. To do this, CIVHC may request additional information via the Data Element Selection Form (DESF), where requestors indicate exactly which pieces of data are needed.

For projects involving data linkage or matching, requestors may:

  • Provide a Finder File (a file with information about a specific group of individuals to match the CO APCD data),
  • Request a Member Match File (allowing CIVHC to link CO APCD data to an external registry or data set), or
  • Ask CIVHC to generate a Control Group for comparative purposes.

Not every project needs linkages to external data sources, but when it’s proposed, CIVHC reviews the methodology to ensure that data privacy and security are upheld. If PHI is involved, the DRRC steps in to provide additional oversight, and final data release is again contingent on execution of the DUA.

Data Use Agreement

Once the application is finalized and all parties agree on the data elements, the requestor signs the Data Use Agreement. This is a contract that reiterates that the requestor will use the CO APCD data in the ways stated in the application only, and will destroy the data after the time frame indicated – any deviation from what was already decided upon will be in violation of the agreement.

For more information, view our Non-Public Releases page or contact us at ColoradoAPCD@civhc.org to discuss how we can support your project.