Vt. Stat. Ann. tit. 18, § 9410 - Health care database

Health care database

The Commissioner of the Department of Financial Regulation must establish and maintain a unified health care database in order to:

• Determine the capacity and distribution of existing resources;
• Identify health care needs and inform health policy;
• Evaluate the effectiveness of interventions to improve patient outcomes;
• Compare costs between treatment settings and approaches;
• Provide information to consumers and purchasers of health care;
• Improve the quality and affordability of health care and coverage.

The unified health database  program must also include a consumer health care price and quality information system to provide consumers with transparent information to make informed decisions. 

The Commissioner must form a working group composed of commissioners from other key departments as well as other interested stakeholders, including providers, insurers, and consumers.  The Commissioner may require a health plan covering 5% of covered lives to file a consumer health care price and quality information plan with the Commissioner.  The Commissioner may adopt rules necessary to fulfill this law, including a gradual rollout of the consumer health care price and quality information plan.  The Commissioner must also ensure there are not duplicative efforts related to price and quality reporting. 

The database must contain unique patient and provider identifiers and a uniform coding system.  It must also reflect all health care utilization, costs, and resources in the state, and those used to provide care to Vermont residents in another state. 

The Commissioner must issue rules to establish the types of information required to be reported and the time and manner of reporting.  Health insurers, providers, health care facilities, and governmental agencies must file data, reports, schedules, and other information deemed necessary by the Commissioner, including:

• Health insurance claims and enrollment information;
• Hospital budget review information;
• Any other information relating to health care costs, prices, quality, utilization, or resources required by the Commissioner.

Information or records that are protected by physician-patient privilege or otherwise are confidential, must not disclose the patient’s identity.  Additionally, the Commissioner must establish a confidentiality code to ensure information is handled appropriately. 

Any person who knowingly fails to comply with this law will be subject to an administrative penalty of no more than $1,000 per violation.  Violations that the Commissioner determines are willful will be subject to an administrative penalty of $10,000.  Violations of the confidentiality requirements of this section, and where the individual uses, sells, or transfers information for commercial advantage, pecuniary gain, personal gain, or malicious harm, will lead to an administrative penalty of no more than $50,000 per violation. 

All health insurers must electronically provide to the Commissioner:

• Health insurance claims data, with exceptions to reporting services provided to residents of other states;
• Cross-matched claims data on requested members, subscribers, or policyholders;
• Member, subscriber or policyholder information needed to determine third party liability.

The collection, storage and release of health care data and statistical information subject to the federal requirements under HIPAA must be governed as such.  All health insurers that collect Health Employer Data and Information set (HEDIS) must submit this data to the Commissioner. 

The Commissioner must work with with the Agency of Human Services to develop a comprehensive health care information system. The collaboration will help to define the data sets for inclusion in the comprehensive health care information system, the criteria and procedures for the development of limited use data sets, the criteria and procedures to ensure that HIPAA compliant limited use data sets are accessible, and a proposed time frame for the creation of a comprehensive health care information system. 

To the extent allowed by HIPAA, the data must be available as a resource for insurers, employers, providers, purchasers of health care, and state agencies to review health care utilization, expenditures, and performance in Vermont. Data should be presented comparatively considerations based on geography, demographics, general economic factors, and institutional size.  The health information system must not publicly disclose data that contains personal identifiers.