Medicaid MCOs → Data & Reporting
Data & Reporting
The types of data involved with the National Diabetes Prevention Program (National DPP) lifestyle change program and the processes and protocols by which that data is shared among parties are similar to other data and data-sharing processes used by state Medicaid agencies and Medicaid managed care organizations (MCOs) in their normal business operations with each other and with medical providers.
The unique issue at play with the National DPP lifestyle change program is that some CDC-recognized organizations are community-based, non-clinical entities that may have no or little experience operating in the health care delivery system. While linking community-based organizations with the health care delivery system is an innovative approach that supports the overall goals of improving health outcomes and reducing health disparities, Medicaid MCOs may need to work with their CDC-recognized organizations to ensure that these organizations have the capability to exchange data necessary for program participation and to comply with all relevant statutory and regulatory requirements pertaining to privacy and data security.
Types of Data
Medicaid MCOs, CDC-recognized organizations, and third-party administrators (TPAs), if used, will need to establish procedures to exchange the following data:
- Medicaid eligibility information
- Program enrollee contact information
- CDC-recognized organization encounter data
- Claims data
- Cost data
CDC-recognized organizations maintain attendance logs and weigh-in information and aggregate the data being tracked (i.e., attendance, weight, minutes of exercise, etc.) as required by the CDC’s Diabetes Prevention Recognition Program (DPRP), which sets the standards for CDC recognition and serves as a neutral quality assurance function to assure quality and fidelity to scientific evidence. Note: Only MCOs that elect to become CDC-recognized organizations are required to submit data to CDC. While CDC-recognized organizations are free to share program data with their MCO partners, the CDC will not provide such data to the MCOs.
Data Process Flows
The following are the key process flows/data exchange frameworks that the relevant parties will need to put in place to facilitate program participation, to ensure an appropriate reimbursement framework is established between CDC-recognized organizations and the MCO, and to support program evaluation:
- CDC-recognized organization access Medicaid eligibility data from the state Medicaid agency to confirm that an individual eligible for the National DPP lifestyle change program is enrolled in Medicaid.
- MCO submission of member lists, generated based on an analysis of historical claims data, to CDC-recognized organizations to identify potential enrollees for outreach efforts.
- Physician group and hospital submission of electronic health record (EHR) data to a Medicaid MCO or CDC-recognized organization to identify enrollees for outreach efforts. (For more information, see Program Delivery: Screening & Identification)
- CDC-recognized organization submission of a claim or invoice and encounter data to the state Medicaid agency or Medicaid MCO (or TPA, if used) for reimbursement and evaluation purposes.
- CDC-recognized organization or Medicaid MCO submission of a claim or invoice and encounter data as a way to track quality improvements, meet program integrity, or ensure compliance in case of audit.
- CDC-recognized organization collection of and submission to CDC of required program evaluation data elements for purposes of receiving “pending” and “full recognition” National DPP lifestyle change program designation status. (For more information, see DPRP requirements)
- Medicaid MCO submission of program cost data to state Medicaid agency for purposes of refining health plan rates.
Data Security and Regulatory Compliance
Medicaid MCOs will want to ensure that CDC-recognized organizations with which they work have the capacity to meet all statutory and regulatory requirements pertaining to privacy and data security. At a basic level, CDC-recognized organizations will need to be able to ensure the privacy and confidentiality of the data their program participants will be sharing with them.
CDC-recognized organizations will need to be aware of and able to comply with all relevant requirements of the federal Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH Act). In addition, CDC-recognized organizations will need to be aware of and able to comply with any separate state privacy and data security statutes and relevant regulatory requirements issued by state insurance commissioners or other state regulatory authorities.
Data Sharing and Ownership
It is critical that all parties have a clear understanding around National DPP lifestyle change program data sharing and ownership needs and that all agreements pertaining to data sharing and ownership are reflected in any relevant contracts, business associate agreements, and memoranda of understanding. This is especially key for CDC-recognized organizations.
Local CDC-recognized organizations may need to share data with their parent organization or a third-party program evaluator. These organizations are required to share program data with the CDC. Note: CDC-recognized organizations do not need a data-sharing agreement with the CDC, and thus will need assurance that they have the agreement of Medicaid MCOs to do so.