As discussed in a previous Query, individuals or organizations can request licensed data releases from the Colorado All Payer Claims Database (CO APCD) to help answer questions or solve problems around health and health care in Colorado.
Today, we continue exploring the steps requestors must take to license CO APCD data from CIVHC.
The Licensed Data Release Application
When data users begin the process of licensing data from the CO APCD, CIVHC’s Data Access team works closely with them to determine what data will meet their needs and what path the request will follow. Once the project goals are established — and are ensured to meet the legislative criteria of advancing better health, better care, or lower cost for Coloradans — the first official step in the process is to fill out an application.
The application establishes project purpose and benefit to Colorado, the data needed, how the data will be used, and what steps the requestor and/or their organization will take to ensure the data is secure. If the request requires protected health information (PHI), the application must be reviewed by the Data Release Review Committee (DRRC). Once the application is approved internally by the CIVHC compliance team and the DRRC (if necessary), the requestor signs a Data Use Agreement (DUA) form. The DUA covers much of the same ground as the application, but it serves as a formal contract rather than an application.
Data Request Application Sections
Project Schedule and Purpose
In the first section of the application, requestors outline the project for which CO APCD data is necessary. They are asked to describe the timeline, goals of their project, and their research questions or problems they are trying to solve. Crucially, they must also detail how their project will benefit Colorado or Colorado residents – a requirement specifically laid out in the CO APCD Rule – and indicate how the project will improve health care quality, increase value, and/or improve health outcomes for Colorado residents.
Data Needed
Based on project goals and the requestor’s analytic resource capacity and experience, CIVHC helps determine the right type, format, and content of the data request. This starts with choosing between a data extract (also known as a data set) or report.
- Data Sets are ideal for those with analytic expertise who want to conduct their own research.
- Reports are better suited for those who need CIVHC’s analysts to conduct the work on their behalf.
If no PHI is needed, the requestor may receive a De-Identified Report or De-Identified Data Set.
If PHI is required, there are three levels available. All projects in these categories must obtain DRRC approval:
- Limited Data Set: Includes elements like date of service or 5-digit ZIP codes.
- Identifiable Data Set: May contain direct identifiers (e.g., names or full addresses)
- Custom Report (de-identified or limited data): Tailored insights developed specifically for the requestor’s project goals and can include tables, narrative summaries, or visualizations – this is helpful for users who want actionable insights without managing raw data.
Any release of data or reports including PHI include strict parameters around what can be included due to federal and local laws and regulations such as HIPAA and antitrust. Under these rules, requestors can only receive the minimum necessary amount of data to accomplish their project. They also must explain why they require each element, and, when possible, aggregate the data to protect patient privacy.
Data Requirements
The “Data Matching and Linkage” section of the application outlines the specifics of the data needed. For applications including de-identified data, the requestor may be asked to select which data elements or filter requirements to include, such as lines of business, years of data, claim types, and more. This is where the application process becomes more custom – and flexible.
Depending on the type of application and the project’s goals, requestors may plan to combine the CO APCD data with other data sets or analyze specific patient populations. To do this, CIVHC may request additional information via the Data Element Selection Form (DESF), where requestors indicate exactly which pieces of data are needed.
For projects involving data linkage or matching, requestors may:
- Provide a Finder File (a file with information about a specific group of individuals to match the CO APCD data),
- Request a Member Match File (allowing CIVHC to link CO APCD data to an external registry or data set), or
- Ask CIVHC to generate a Control Group for comparative purposes.
Not every project needs linkages to external data sources, but when it’s proposed, CIVHC reviews the methodology to ensure that data privacy and security are upheld. If PHI is involved, the DRRC steps in to provide additional oversight, and final data release is again contingent on execution of the DUA.
Data Use Agreement
Once the application is finalized and all parties agree on the data elements, the requestor signs the Data Use Agreement (DUA) and the Data Release Form (DRF). The DUA is a contract that reiterates that the requestor will use the CO APCD data in the ways stated in the application only and will destroy the data after the time frame indicated – any deviation from what was already decided upon will be in violation of the agreement. The DRF is a document that will commit the data requestor to the negotiated fee and provides detailed information on payment terms and agreements.
When a data applicant receives their data, it will be sent as a compressed pipe delimited .txt file via a secure portal, accessible through credentials that will be provided to the recipient. For more information, view our Licensed Releases page or read through our data FAQ. If you want help licensing data or procuring a report leveraging CO APCD data, contact us at coapcd@civhc.org and someone from our Data Access team will get back with you.
