Help make our site better with this short survey!

Commercial Plans → Data & Reporting


Data & Reporting

The types of data involved with the National Diabetes Prevention Program (National DPP) lifestyle change program and the processes and protocols by which that data are shared among parties are similar to other data and data-sharing processes used by commercial health insurance plans and self-insured employers in their normal business operations with vendors and with medical providers.

The unique issue with the National DPP lifestyle change program is that some CDC-recognized organizations are community-based, non-clinical entities that may have no or little experience operating in the health care delivery system. While linking community-based organizations with the health care delivery system is an innovative approach that supports the overall goals of improving health outcomes and reducing health disparities, commercial plans and employers may need to work with the CDC-recognized organizations they contract with to ensure that these organizations have the capability to exchange data necessary for program participation and to comply with all relevant statutory and regulatory requirements pertaining to privacy and data security.


Types of Data

Commercial plans, employers, CDC-recognized organizations, and third-party administrators (TPAs), if used, will need to establish procedures to exchange the following data:

  • Program enrollee contact information
  • CDC-recognized organization encounter data
  • Claims data
  • Cost data
  • Participant attendance and weight loss data (as desired or appropriate)

CDC-recognized organizations maintain attendance logs and weigh-in information and aggregate the data being tracked (i.e., attendance, weight, minutes of exercise, etc.) as required by the CDC’s Diabetes Prevention Recognition Program (DPRP), which sets the standards for CDC recognition and serves as a neutral quality assurance function to assure quality and fidelity to scientific evidence. Note: Only commercial plans or employers that elect to become a CDC-recognized organization are required to submit data to CDC. While CDC-recognized organizations are free to share program data with their third-party partners, the CDC will not provide such data to commercial plans or employers.


Data Process Flows

The following are the key process flows/data exchange frameworks that the relevant parties will need to put in place to facilitate program participation, to ensure an appropriate reimbursement framework is established between CDC-recognized organizations and the commercial plan, and to support program evaluation:

  1. Commercial plan submission of member lists to CDC-recognized organizations, generated based on an analysis of historical claims data, to identify enrollees for outreach efforts.
  2. Physician group and hospital submission of electronic health record (EHR) data to a commercial plan or CDC-recognized organization to identify enrollees for outreach efforts. (For more information, see Program Delivery: Screening & Identification)
  3. CDC-recognized organization submission of a claim or invoice and encounter data to the commercial plan, employer, or TPA for reimbursement and evaluation purposes.
  4. CDC-recognized organization collection, and submission to CDC, of required program evaluation data elements for purposes of receiving pending, preliminary, and full recognition. (For more information, see DPRP requirements)


Note: The footnotes in the graphic correspond to the numbers in the text above.



Data Security and Regulatory Compliance

Commercial plans and employers will want to ensure that CDC-recognized organizations with which they contract have the capacity to meet all statutory and regulatory requirements pertaining to privacy and data security. At a basic level, CDC-recognized organizations will need to be able to ensure the privacy and confidentiality of the data their program participants will be sharing with them.

CDC-recognized organizations will also need to be aware of and able to comply with all relevant requirements of the federal Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH Act). In addition, CDC-recognized organizations will need to be aware of, and able to comply with, any separate state privacy and data security statutes and relevant regulatory requirements issued by state insurance commissioners or other state regulatory authorities.


Data Sharing and Ownership

It is critical that all parties have a clear understanding of National DPP lifestyle change program data sharing and ownership needs, and that all agreements pertaining to data sharing and ownership are reflected in any relevant contracts, business associate agreements, and memoranda of understanding. This is especially key for CDC-recognized organizations.

Local CDC-recognized organizations may need to share data with their parent organization or a third-party program evaluator. These organizations are required to share program data with the CDC. Note: CDC-recognized organizations do not need a data-sharing agreement with the CDC, and thus will need assurance that they have the agreement of commercial plans, employers, or TPAs to do so.