For purposes of this subpart:

(a) Qualified entity means either a single public or private entity, or a lead entity and its contractors, that meets the following requirements:

(1) Is qualified, as determined by the Secretary, to use claims data to evaluate the performance of providers and suppliers on measures of quality, efficiency, effectiveness, and resource use.

(2) Agrees to meet the requirements described in this subpart at §§401.705 through 401.721.

(b) Provider of services (referred to as a provider) has the same meaning as the term “provider” in §400.202 of this chapter.

(c) Supplier has the same meaning as the term “supplier” at §400.202 of this chapter.

(d) Claim means an itemized billing statement from a provider or supplier that, except in the context of Part D prescription drug event data, requests payment for a list of services and supplies that were furnished to a Medicare beneficiary in the Medicare fee-for-service context, or to a participant in other insurance or entitlement program contexts. In the Medicare program, claims files are available for each institutional (inpatient, outpatient, skilled nursing facility, hospice, or home health agency) and non-institutional (physician and durable medical equipment providers and suppliers) claim type as well as Medicare Part D Prescription Drug Event (PDE) data.

(e) Standardized data extract is a subset of Medicare claims data that the Secretary would make available to qualified entities under this subpart.

(f) Beneficiary identifiable data is any data that contains the beneficiary's name, Medicare Health Insurance Claim Number (HICN), or any other direct identifying factors, including, but not limited to postal address or telephone number.

(g) Encrypted data is any data that does not contain the beneficiary's name or any other direct identifying factors, but does include a unique CMS-assigned beneficiary identifier that allows for the linking of claims without divulging any direct identifier of the beneficiary.

(h) Claims data from other sources means provider- or supplier-identifiable claims data that an applicant or qualified entity has full data usage right to due to its own operations or disclosures from providers, suppliers, private payers, multi-payer databases, or other sources.

(i) Clinical data is registry data, chart-abstracted data, laboratory results, electronic health record information, or other information relating to the care or services furnished to patients that is not included in administrative claims data, but is available in electronic form.

(j) Authorized user is a third party and its contractors (including, where applicable, business associates as that term is defined at 45 CFR 160.103) that need analyses or data covered by this section to carry out work on behalf of that third party (meaning not the qualified entity or the qualified entity's contractors) to whom/which the qualified entity provides or sells data as permitted under this subpart. Authorized user third parties are limited to the following entities:

(1) A provider.

(2) A supplier.

(3) A medical society.

(4) A hospital association.

(5) An employer.

(6) A health insurance issuer.

(7) A healthcare provider and/or supplier association.

(8) A state entity.

(9) A federal agency.

(k) Employer has the same meaning as the term “employer” as defined in section 3(5) of the Employee Retirement Insurance Security Act of 1974.

(l) Health insurance issuer has the same meaning as the term “health insurance issuer” as defined in section 2791 of the Public Health Service Act.

(m) Medical society means a nonprofit organization or association that provides unified representation and advocacy for physicians at the national or state level and whose membership is comprised of a majority of physicians.

(n) Hospital association means a nonprofit organization or association that provides unified representation and advocacy for hospitals or health systems at a national, state, or local level and whose membership is comprised of a majority of hospitals and health systems.

(o) Healthcare Provider and/or Supplier Association means a nonprofit organization or association that provides unified representation and advocacy for providers and suppliers at the national or state level and whose membership is comprised of a majority of suppliers or providers.

(p) State Entity means any office, department, division, bureau, board, commission, agency, institution, or committee within the executive branch of a state government.

(q) Combined data means, at a minimum, a set of CMS claims data provided under this subpart combined with claims data, or a subset of claims data from at least one of the other claims data sources described in §401.707(d).

(r) Patient means an individual who has visited the provider or supplier for a face-to-face or telehealth appointment at least once in the past 24 months.

(s) Marketing means the same as the term “marketing” at 45 CFR 164.501 without the exception to the bar for “consent” based marketing.

(t) Violation means a failure to comply with a requirement of a CMS DUA (CMS data use agreement) or QE DUA (qualified entity data use agreement).

(u) Required by law means the same as the phrase “required by law” at 45 CFR 164.103.

[76 FR 76567, Dec. 7, 2011, as amended at 81 FR 44479, July 7, 2016]


Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.