Bill Text


Bill PDF |Add To My Favorites | print page

AB-2830 Health Care Payments Data Program.(2019-2020)

SHARE THIS: share this bill in Facebook share this bill in Twitter
Date Published: 06/04/2020 09:00 PM
AB2830:v96#DOCUMENT

Amended  IN  Assembly  June 04, 2020
Amended  IN  Assembly  May 20, 2020
Amended  IN  Assembly  May 12, 2020

CALIFORNIA LEGISLATURE— 2019–2020 REGULAR SESSION

Assembly Bill
No. 2830


Introduced by Assembly Member Wood

February 20, 2020


An act to amend Sections 1386, 127671, 127672, and 127673 of, to amend the heading of Chapter 8.5 (commencing with Section 127671) of Part 2 of Division 107 of, to add Sections 127671.1, 127672.8, 127672.9, 127673.1, 127673.2, 127673.3, 127673.4, 127673.5, 127673.6, 127673.7, 127673.8, 127673.81, 127673.82, 127673.83, 127673.84, and 127674.1 to, to repeal Section 127671.5 of, and to repeal and add Section 127674 of, the Health and Safety Code, relating to health care.


LEGISLATIVE COUNSEL'S DIGEST


AB 2830, as amended, Wood. Health Care Payments Data Program.
Existing law, the Knox-Keene Health Care Service Plan Act of 1975 (Knox-Keene), provides for licensure and regulation of health care service plans by the Department of Managed Health Care and makes a willful violation of that act a crime. Existing law provides for the regulation of health insurers by the Department of Insurance. Existing law, the Information Practices Act of 1977, regulates the collection and disclosure of personal information regarding individuals by state agencies, except as specified. Under existing law, a person who willfully requests or obtains a record containing personal information from an agency under false pretenses or a person who intentionally discloses medical, psychiatric, or psychological information held by an agency is guilty of a misdemeanor.
Existing law states the intent of the Legislature to establish the Health Care Cost Transparency Database to collect information on the cost of health care, and requires the Office of Statewide Health Planning and Development to convene a review committee to advise the office on the establishment and implementation of the database. Existing law requires, subject to appropriation, the office to establish, implement, and administer the database by July 1, 2023. Existing law requires certain health care entities, including a health care service plan, to provide specified information to the office for collection in the database.
This bill would delete those provisions relative to the Health Care Cost Transparency Database and would instead require the office to establish the Health Care Payments Data Program to implement and administer the Health Care Payments Data System, which would include health care data submitted by health care service plans, health insurers, a city or county that offers self-insured or multiemployer-insured plans, and other specified mandatory and voluntary submitters. The bill would require the Department of Managed Health care and the Department of Insurance to take appropriate action to bring a plan or insurer into compliance if the office notifies the appropriate department of a plan or insurer’s failure to submit required data, and would specify that the failure of a health care service plan to submit required data is a violation of Knox-Keene. Because a willful violation of these provisions by a health care service plan would be a crime, and because a city or county that offers self-insured or multiemployer-insured plans would be required to submit health care data to the office, the bill would impose a state-mandated local program.
This bill would require the office to use the above-described data to produce publicly available information, including data products, summaries, analyses, studies, and other reports, to support goals that include improving public health, reducing disparities, and reducing health care costs. The bill would also require the office to submit a report to the Legislature, on or before March 1, 2024, that includes, among other things, claims data reported by mandatory and voluntary submitters. The bill would protect the confidentiality of personally identifiable data submitted to the system and would exempt it from disclosure, but would authorize controlled access to that nonpublic data by outside data analysts, researchers, and other qualified applicants if the data and requesters meet specified criteria. The bill would require a person accessing nonpublic data to sign a data use agreement subject to the penalties of the Information Practices Act of 1977. Because a willful violation of a data use agreement would be a crime, the bill would impose a state-mandated local program.
This bill would authorize the office to establish pricing mechanisms for data products, custom reports, and the use of nonpublic data, and would require revenues from those activities to be deposited into the Health Care Payments Data Fund, for use by the office upon appropriation by the Legislature. The bill would require the office to establish a Health Care Payments Data Program advisory committee with specified membership to assist and advise the director of the office in formulating program policies regarding data collection, management, use, and access, and development of public information to meet the goals of the program. The bill would also require the office to establish a data release committee with specified membership to make recommendations about applications seeking either program data with direct personal identifiers or the transmission of standardized datasets, except for data requests from other state agencies.
Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.
This bill would make legislative findings to that effect.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that with regard to certain mandates no reimbursement is required by this act for a specified reason.
With regard to any other mandates, this bill would provide that, if the Commission on State Mandates determines that the bill contains costs so mandated by the state, reimbursement for those costs shall be made pursuant to the statutory provisions noted above.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: YES   Local Program: YES  

The people of the State of California do enact as follows:


SECTION 1.

 Section 1386 of the Health and Safety Code is amended to read:

1386.
 (a) The director may, after appropriate notice and opportunity for a hearing, by order suspend or revoke any license issued under this chapter to a health care service plan or assess administrative penalties if the director determines that the licensee has committed any of the acts or omissions constituting grounds for disciplinary action.
(b) The following acts or omissions constitute grounds for disciplinary action by the director:
(1) The plan is operating at variance with the basic organizational documents as filed pursuant to Section 1351 or 1352, or with its published plan, or in any manner contrary to that described in, and reasonably inferred from, the plan as contained in its application for licensure and annual report, or any modification thereof, unless amendments allowing the variation have been submitted to, and approved by, the director.
(2) The plan has issued, or permits others to use, evidence of coverage or uses a schedule of charges for health care services that do not comply with those published in the latest evidence of coverage found unobjectionable by the director.
(3) The plan does not provide basic health care services to its enrollees and subscribers as set forth in the evidence of coverage. This subdivision shall not apply to specialized health care service plan contracts.
(4) The plan is no longer able to meet the standards set forth in Article 5 (commencing with Section 1367).
(5) The continued operation of the plan will constitute a substantial risk to its subscribers and enrollees.
(6) The plan has violated or attempted to violate, or conspired to violate, directly or indirectly, or assisted in or abetted a violation or conspiracy to violate any provision of this chapter, any rule or regulation adopted by the director pursuant to this chapter, or any order issued by the director pursuant to this chapter.
(7) The plan has engaged in any conduct that constitutes fraud or dishonest dealing or unfair competition, as defined by Section 17200 of the Business and Professions Code.
(8) The plan has permitted, or aided or abetted any violation by an employee or contractor who is a holder of any certificate, license, permit, registration, or exemption issued pursuant to the Business and Professions Code or this code that would constitute grounds for discipline against the certificate, license, permit, registration, or exemption.
(9) The plan has aided or abetted or permitted the commission of any illegal act.
(10) The engagement of a person as an officer, director, employee, associate, or provider of the plan contrary to the provisions of an order issued by the director pursuant to subdivision (c) of this section or subdivision (d) of Section 1388.
(11) The engagement of a person as a solicitor or supervisor of solicitation contrary to the provisions of an order issued by the director pursuant to Section 1388.
(12) The plan, its management company, or any other affiliate of the plan, or any controlling person, officer, director, or other person occupying a principal management or supervisory position in the plan, management company, or affiliate, has been convicted of or pleaded nolo contendere to a crime, or committed any act involving dishonesty, fraud, or deceit, which crime or act is substantially related to the qualifications, functions, or duties of a person engaged in business in accordance with this chapter. The director may revoke or deny a license hereunder irrespective of a subsequent order under the provisions of Section 1203.4 of the Penal Code.
(13) The plan violates Section 510, 2056, or 2056.1 of the Business and Professions Code or Section 1375.7.
(14) The plan has been subject to a final disciplinary action taken by this state, another state, an agency of the federal government, or another country for any act or omission that would constitute a violation of this chapter.
(15) The plan violates the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code).
(16) The plan violates Section 806 of the Military and Veterans Code.
(17) The plan violates Section 1262.8.
(18) The plan violates Chapter 8.5 (commencing with Section 127671) of Part 2 of Division 107, including the data submission requirements of that chapter.
(c) (1) The director may prohibit any person from serving as an officer, director, employee, associate, or provider of any plan or solicitor firm, or of any management company of any plan, or as a solicitor, if either of the following applies:
(A) The prohibition is in the public interest and the person has committed, caused, participated in, or had knowledge of a violation of this chapter by a plan, management company, or solicitor firm.
(B) The person was an officer, director, employee, associate, or provider of a plan or of a management company or solicitor firm of any plan whose license has been suspended or revoked pursuant to this section and the person had knowledge of, or participated in, any of the prohibited acts for which the license was suspended or revoked.
(2) A proceeding for the issuance of an order under this subdivision may be included with a proceeding against a plan under this section or may constitute a separate proceeding, subject in either case to subdivision (d).
(d) A proceeding under this section shall be subject to appropriate notice to, and the opportunity for a hearing with regard to, the person affected in accordance with subdivision (a) of Section 1397.

SEC. 2.

 The heading of Chapter 8.5 (commencing with Section 127671) of Part 2 of Division 107 of the Health and Safety Code is amended to read:
CHAPTER  8.5. Health Care Payments Data Program

SEC. 3.

 Section 127671 of the Health and Safety Code is amended to read:

127671.
 (a) The Legislature finds and declares that California has a substantial public interest in the price, cost, utilization, equity, and quality of health care services. California is a major purchaser of health coverage through the Public Employees’ Retirement System, the State Department of Health Care Services, the Department of General Services, the Department of Corrections and Rehabilitation, the California Health Benefit Exchange, and other entities acting on behalf of a state purchaser. California also provides major tax expenditures through the tax exclusion of employer-sponsored coverage and tax deductibility of coverage purchased by individuals, as well as tax deductibility of excess health care costs for individuals and families.
(b) It is the intent of the Legislature in enacting this chapter to establish a system to collect information regarding health care costs, quality, and equity. Health care data is reported and collected through many disparate systems. Creating a process to aggregate and use this data will provide greater transparency regarding health care costs, utilization, quality, and equity, and the information may be used to inform policy decisions regarding the provision of quality health care, improving public health, reducing disparities, advancing health coverage, reducing health care costs, and providing public benefit for Californians and the state, while preserving consumer privacy.
(c) It is the intent of the Legislature to improve data transparency to achieve a sustainable health care system with more equitable access to affordable and quality health care for all.
(d) It is the intent of the Legislature in enacting this chapter to encourage state agencies, researchers, health care service plans, health insurers, providers, and other stakeholders to use this data to develop innovative approaches, services, and programs that may have the potential to deliver health care that is both cost effective and responsive to the needs of enrollees, including recognizing the diversity of California and the impact of social determinants of health.
(e) It is the intent of the Legislature that the development of a Health Care Payments Data System be substantially completed no later than July 1, 2023, pursuant to this chapter.
(f) For purposes of this chapter:
(1) “Director” means the Director of the Office of Statewide Health Planning and Development.
(2) “Fund” means the Health Care Payments Data Fund established pursuant to Section 127674.
(3) “Office” means the Office of Statewide Health Planning and Development.
(4) “Program” means the Health Care Payments Data Program established pursuant to Section 127671.1.
(5) “Qualified applicants” includes state agencies, mandatory submitters, established nonprofit research institutions, the University of California, nonprofit educational institutions, providers, labor unions, self-insured multiemployer plans that submit data to the system, and consumer organizations certified for the Consumer Participation Program administered by the Department of Managed Health Care pursuant to Section 1348.9.
(6) “System” means the Health Care Payments Data System.

SEC. 4.

 Section 127671.1 is added to the Health and Safety Code, to read:

127671.1.
 (a) The office shall establish, implement, and administer the Health Care Payments Data Program to implement and administer the system in accordance with this chapter.
(b) The system shall collect data on all California residents to the extent feasible and permissible under state and federal law.

SEC. 5.

 Section 127671.5 of the Health and Safety Code is repealed.

SEC. 6.

 Section 127672 of the Health and Safety Code is amended to read:

127672.
 (a) (1) The Office of Statewide Health Planning and Development shall convene a Health Care Payments Data Program advisory committee, composed of health care stakeholders and experts, including, but not limited to, all of the following:
(A) Health care service plans, including specialized health care service plans.
(B) Insurers that have a certificate of authority from the Insurance Commissioner to provide health insurance, as defined in Section 106 of the Insurance Code.
(C) Suppliers, as defined in paragraph (3) of subdivision (b) of Section 1367.50. 1367.50, that have an independent scope of practice.
(D) Providers, as defined in paragraph (2) of subdivision (b) of Section 1367.50. 1367.50, that are hospitals or clinics.
(E) Self-insured employers.
(F) Multiemployer self-insured plans that are responsible for paying for health care services provided to beneficiaries or the trust administrator for a multiemployer self-insured plan.
(G) Businesses that purchase health care coverage for their employees.
(H) Organized labor.
(I) Organizations representing consumers.
(2) The advisory committee shall consist of no fewer than nine and no more than 11 persons.
(3) In addition to the members specified by paragraph (2), the director of the office, the director of the State Department of Health Care Services, and the executive director of the California Health Benefit Exchange, or their officially designated representatives, shall be nonvoting ex officio members of the advisory committee.
(4) Each appointed member shall serve a term of two years, except one-half of the initial appointments shall be for one year. Each appointed member shall serve at the discretion of the director and may be removed at any time.
(5) The chairperson of the advisory committee shall be an appointed member and shall be elected by a majority of the appointed members.
(6) The advisory committee shall meet at least quarterly or when requested by the director.
(7) The advisory committee shall assist and advise the director in formulating program policies regarding data collection, management, use, and access, and development of public information to meet the goals of the program. The advisory committee shall, through its meetings, provide a forum for stakeholder and public engagement. Upon request of the director, the advisory committee may assist and advise on the office’s other data programs.
(8) On or before July 1, 2023, the advisory committee shall make recommendations to the office on how existing state public health data functions may be integrated into the system. The advisory committee shall also recommend options for state public health data integration. These recommendations shall be published on the office’s internet website.

(8)

(9) The advisory committee shall not have decisionmaking authority related to the administration of the system and shall not have a financial interest, individually or through a family member, in the recommendations made to the office. The advisory committee shall hold public meetings with stakeholders, solicit input, and set its own meeting agendas. Meetings of the advisory committee are subject to the Bagley-Keene Open Meeting Act (Article 9 (commencing with Section 11120) of Chapter 1 of Part 1 of Division 3 of Title 2 of the Government Code).

(9)

(10) The members of the advisory committee appointed from outside government shall serve without compensation, but shall receive a per diem for each day’s attendance at an advisory committee meeting. All members shall be reimbursed for any actual and necessary expenses incurred in connection with their duties as members of the committee.
(b) The office may convene other committees or workgroups as necessary to support effective operation of the system. These committees may be standing committees or time-limited workgroups, at the discretion of the director.

SEC. 7.

 Section 127672.8 is added to the Health and Safety Code, to read:

127672.8.
 The office shall ensure that the system can map to other datasets, including public health datasets on morbidity and mortality, and data regarding the social determinants of health.

SEC. 8.

 Section 127672.9 is added to the Health and Safety Code, to read:

127672.9.
 (a) The office may contract with a data collection vendor. If the office contracts with a data collection vendor, that vendor shall have experience in health care databases, including the collection of data for all payer claims databases, and specifically experience in the collection of nonclaims based nonclaims-based data such as encounter data.
(b) Until January 1, 2026, for purposes of implementing this chapter, including, but not limited to, hiring staff and consultants, facilitating and conducting meetings, conducting research and analysis, and developing the required reports, the office may enter into exclusive or nonexclusive contracts on a bid or negotiated basis. Contracts entered into or amended pursuant to this section are exempt from Chapter 6 (commencing with Section 14825) of Part 5.5 of Division 3 of Title 2 of the Government Code and Part 2 (commencing with Section 10100) of Division 2 of the Public Contract Code, and are exempt from the review or approval of any division of the Department of General Services.

SEC. 9.

 Section 127673 of the Health and Safety Code is amended to read:

127673.
 (a) The office shall develop guidance to require data submission from the entities specified in this chapter. The guidance shall include a methodology for the collection, validation, refinement, analysis, comparison, review, and improvement of health care data to be submitted by entities specified in this chapter, including, but not limited to, data from fee-for-service, capitated, integrated delivery system, and other alternative, value-based, payment sources, and any other form of payment to health care providers by health plans, health insurers, or other entities described in this chapter.
(b) Notwithstanding any other state law, for the purpose of providing information for inclusion in the system, mandatory submitters shall, and voluntary submitters may, provide health care data, including claim and encounter, member enrollment, provider information, nonclaims-based payments, premiums, and pharmacy rebate data, and provide all of the following to the office:
(1) Utilization data from the health care service plans’ and insurers’ medical payments or, in the case of entities that do not use payments data, including, but not limited to, integrated delivery systems, encounter data consistent with the core set of data elements for data submission proposed by the All-Payer Claims Database Council, the University of New Hampshire, and the National Association of Health Data Organizations.
(2) Pricing information for health care items, services, and medical and surgical episodes of care gathered from payments for covered health care items and services, including contracted rates, allowed amounts, fee schedules, and other information regarding the cost of care necessary to determine the amounts paid by health plans, health insurers, and public programs to health care providers and other entities. This shall include nonclaims-based payment information such as deductibles, copayments, and coinsurance and other information as needed to determine the total cost of care.
(3) Personally identifiable information that the plan or insurer possesses, including detailed patient identifiers such as first and last name, address, date of birth, gender or gender identity, and Social Security Number or individual taxpayer identification number, in order to support analyses, including, but not limited to, longitudinal, public health impacts, and social determinants of health analyses. Personally identifiable information shall be subject to the privacy protections of this chapter and shall not be publicly available, except as specified in this chapter.
(4) Personal health information, including age, gender, gender identity, race, ethnicity, sexual orientation, health status, health condition, and any other data elements that constitute personal health information in this chapter.
(c) For purposes of this chapter, “mandatory submitters” include all of the following:
(1) A health care service plan, including a specialized health care service plan.
(2) An insurer licensed to provide health insurance, as defined in Section 106 of the Insurance Code.
(3) A self-insured plan subject to Section 1349.2, or a state entity, city, county, or other political subdivision of the state, or a public joint labor management trust, that offers self-insured or multiemployer-insured plans that pay for or reimburse any part of the cost of health care services.
(4) The State Department of Health Care Services, for those enrolled in Medi-Cal and other insurance affordability programs, whether enrolled in Medi-Cal managed care, fee-for-service Medi-Cal, or any other payment arrangement.

(5)On and after January 1, 2026, a provider, as defined in paragraph (2) of subdivision (b) of Section 1367.50.

(6)On and after January 1, 2026, a supplier, as defined in paragraph (3) of subdivision (b) of Section 1367.50.

(d) For purposes of this chapter, “voluntary submitters” include, but are not limited to:
(1) A self-insured employer that is not subject to Section 1349.2.
(2) A multiemployer self-insured plan that is responsible for paying for health care services provided to beneficiaries.
(3) The trust administrator for a multiemployer self-insured plan.

(e)The office may establish a form to be used by providers and suppliers to submit data as required by this chapter. The form shall not include information that is not available to providers, such as premiums, rebates for outpatient pharmacy, or enrollment in coverage. The form shall permit the program to determine whether a mandatory submitter provided information on the same claim or encounter.

(4) A provider, as defined in paragraph (2) of subdivision (b) of Section 1367.50, that is a hospital or clinic.
(5) A supplier, as defined in paragraph (3) of subdivision (b) of Section 1367.50, that has an independent scope of practice and submits claims electronically.

(f)

(e) Included lines of business for entities subject to this section shall, to the extent permitted by state and federal law, include all of the following:
(1) Commercial lines of business, including individual, small group, large group, and Medicare Advantage.
(2) Self-insured plans subject to state law, including those governed by Section 1349.2.
(3) Dental, vision, and behavioral health plans.
(4) Medi-Cal plans, to the extent that this information is not provided by the State Department of Health Care Services.
(5) Student health insurance.

(g)

(f) Excluded lines of business include all of the following:
(1) Supplemental insurance, including Medicare supplemental coverage.
(2) Stop-loss plans.
(3) Chiropractic-only and vision-only plans that do not cover essential health benefits.

(h)

(g) (1) The minimum threshold for mandatory submitters shall be determined by the office and shall not exceed 50,000 total covered lives for either of the following:
(A) A plan providing comprehensive benefits in commercial, self-insured, or Medicare Advantage products.
(B) A plan providing dental-only coverage.
(2) A qualified health plan shall submit either directly or through the California Health Benefit Exchange, as determined by the exchange.
(3) The State Department of Health Care Services shall submit information for those enrolled in Medi-Cal and other insurance affordability programs, whether enrolled in Medi-Cal managed care, fee-for-service Medi-Cal, or any other payment arrangement.

(i)

(h) (1) Health plans, insurers, and other mandatory submitters shall submit monthly all core data, including claims, encounters, eligibility, and provider files.
(2) Nonclaims payment data files shall be submitted, at a minimum, annually.

(j)

(i) (1) In its initial implementation, the office shall seek data for the three years prior to the effective date of this chapter.
(2) In ongoing administration of the system, the office shall provide data for no less than three years and may seek data for longer time periods to support the intent of this chapter.

(k)

(j) To the extent possible, the office shall incorporate into the system any data collected by the office from providers, including hospital discharge abstract data records and emergency care data records provided to the office by health facilities and ambulatory surgery data records provided to the office by ambulatory surgical centers.

(l )

(k) The office may accept and incorporate into the system any available information that will further the goals of the program.
(l) (1) On or before March 1, 2024, the office shall submit a report to the Legislature that includes all of the following:
(A) Claims data reported by mandatory submitters.
(B) Claims data reported by voluntary submitters.
(C) Data on the covered lives reported, percentage of the population for which the office has data, the number of self-insured plans, providers and suppliers who have voluntarily submitted data, variation of completeness of data across geographic regions, such as the California Health Benefit Exchange’s rating regions, the extent of data submitted on hospitals, physicians, and physician groups, and any other information that is available to determine if hospital and physician data are captured.
(D) A cost estimate if providers and suppliers become mandatory submitters.
(E) The number of data requests from qualified applicants and their data uses.
(2) The office may request the data release committee established pursuant to Section 127673.84 to assist with the report.
(3) The report shall be submitted in compliance with Section 9795 of the Government Code.
(m) The office performs public health activities in implementing this chapter and is acting as a health oversight agency, as defined in Section 164.501 of Title 45 of the Code of Federal Regulations. The information collected in accordance with this chapter is necessary to carry out oversight and projects with public health purposes.
(n) Article 8 (commencing with Section 1798.30) of Chapter 1 of Title 1.8 of Part 4 of Division 3 of the Civil Code shall not apply to records and personal information collected by the system pursuant to this section.

SEC. 10.

 Section 127673.1 is added to the Health and Safety Code, to read:

127673.1.
 (a) (1) The office shall report the information it receives pursuant to this chapter in a form that allows valid comparisons across care delivery systems.
(2) The office shall develop policies and procedures to outline the format and type of data to be submitted pursuant to this chapter.
(b) Mandatory submitters are responsible for submitting complete and accurate data directly to the system and facilitating data submissions from data owners, including, but not limited to, data feeds from pharmacy benefit managers, behavioral health organizations, and any subsidiaries, affiliates, or subcontractors that a mandatory submitter has contracted with for services covered by this chapter.

SEC. 11.

 Section 127673.2 is added to the Health and Safety Code, to read:

127673.2.
 (a) In the development of the system, the office or its designee shall consult with state and federal entities, as necessary, to implement the program. State entities shall assist and provide to the office access to datasets needed to effectuate the intent of this chapter.
(b) The office shall seek data on Medicare enrollees from the federal Centers for Medicare and Medicaid Services and shall incorporate that data, to the extent possible.
(c) The office shall accept data from voluntary submitters if it is provided in a manner and format specified by the office.

SEC. 12.

 Section 127673.3 is added to the Health and Safety Code, to read:

127673.3.
 (a) The office shall develop and maintain a master person index, a master provider index, and a master payer index that will enable the matching of California residents longitudinally and across coverage sources, and will enable the matching of providers across practice arrangements, payment sources, and regulators.
(b) The office shall supplement these indices with data from other public and private sources, including, but not limited to, the following:
(1) Other data maintained by the office.
(2) Vital statistics.
(3) Facility licensure data from the State Department of Public Health.
(4) Health professional licensure data from the Department of Consumer Affairs.
(5) Private sources of valid and reliable data, such as a provider directory utility if it is demonstrably accurate over time.

SEC. 13.

 Section 127673.4 is added to the Health and Safety Code, to read:

127673.4.
 (a) The office shall develop data quality and improvement processes and shall make these processes publicly available.
(b) Data quality processes shall be applied to each major phase of the system life cycle, including, but not limited to:
(1) Source data intake.
(2) Data conversion and processing.
(3) Data analysis, reporting, and release.
(4) Other data processes necessary for the system.
(c) The office shall provide, upon request of an interested party, to the interested party, and shall regularly report to the health care data policy advisory committee, information on data quality and data quality improvement processes, including, but not limited to, the following:
(1) Descriptions of processes and methodologies.
(2) Periodic updates on known issues and the implications of the issues for data quality and data availability.
(3) Other impediments to the functioning of the system.

SEC. 14.

 Section 127673.5 is added to the Health and Safety Code, to read:

127673.5.
 (a) (1) The purpose of the system is to learn about and seek to improve public health, population health, social determinants of health, and the health care system, not about individual patients.
(2) All policies and procedures developed in implementing this chapter shall ensure that the privacy, security, and confidentiality of consumers’ individually identifiable health information is protected, consistent with state and federal privacy laws, including the Confidentiality of Medical Information Act and the federal Health Insurance Portability and Accountability Act (HIPAA).
(b) (1) The office shall develop policies regarding data aggregation and the protection of individual confidentiality, privacy, and security for individual consumers and patients.
(2) Individual patient-level data is exempt from the disclosure requirements of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1 of the Government Code), and shall not be made available except pursuant to this chapter or the Information Practices Act of 1977 (Chapter 1 (commencing with Section 1798) of Title 1.8 of Part 4 of Division 3 of the Civil Code) until the office has developed a policy regarding the release of that data.

SEC. 15.

 Section 127673.6 is added to the Health and Safety Code, to read:

127673.6.
 The office shall develop an information security program that uses existing state standards and complies with applicable state and federal laws.

SEC. 16.

 Section 127673.7 is added to the Health and Safety Code, to read:

127673.7.
 The office shall include in an annual analysis, but shall not limit the content of that analysis to, all of the following:
(a) Population and regional level data on prevention, screening, and wellness utilization.
(b) Population and regional level data on chronic conditions, management, and outcomes.
(c) Population and regional level data on trends in utilization of procedures for treatment of similar conditions to evaluate medical appropriateness.
(d) Regional variation in payment level for the treatment of identified chronic conditions.
(e) Data regarding hospital and nonhospital payments, including inpatient, outpatient, and emergency department payments and nonhospital ambulatory service data.

SEC. 17.

 Section 127673.8 is added to the Health and Safety Code, to read:

127673.8.
 (a) The office shall use the program data to produce publicly available information, including data products, summaries, analyses, studies, and other reports, to support the goals of the program. The office shall receive input on priorities for the public information portfolio from the advisory committee. The office may establish a pricing mechanism for data products.
(b) The office may establish a public liaison function through which individuals may submit requests for specific products or analyses. The office may establish a pricing mechanism for custom reports. The office shall maintain copies of custom reports as part of the program public information portfolio.
(c) The office may establish a research program to conduct research, as defined in Section 164.501 of Title 45 of the Code of Federal Regulations, to support program policy goals.
(d) Publicly available data products and reports shall protect patient and consumer privacy.

SEC. 18.

 Section 127673.81 is added to the Health and Safety Code, to read:

127673.81.
 (a) All personal consumer information obtained or maintained by the program shall be confidential. Only deidentified aggregate patient or other consumer data shall be included in a publicly available analysis, data product, or research.
(b) The system and all program data shall be exempt from the disclosure requirements of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1 of the Government Code).
(c) Program data shall not be used for determinations regarding individual patient care or treatment and shall not be used for any individual eligibility or coverage decisions or similar purposes.

SEC. 19.

 Section 127673.82 is added to the Health and Safety Code, to read:

127673.82.
 (a) The office shall develop a comprehensive program for data use, access, and release that includes data use agreements that require data users to comply with this chapter. The purpose of the data use, access, and release program is to ensure that only aggregated, deidentified information is publicly accessible.
(b) Access to nonpublic data shall be governed by the data use, access, and release program.
(c) To meet the research and policy goals of the program, controlled access to nonpublic data by outside data analysts, researchers, and other qualified applicants is necessary.
(d) The office shall establish a secure research environment for access to potentially identifiable information. The environment shall include access controls sufficient to ensure that users access only the data specified in an approved data request and that personal information is protected from unapproved use.
(e) The office shall, with the advice of the advisory committee and data release committee, develop criteria, policies, and procedures for access to and release of nonpublic data. The policies shall be designed to recognize a patient’s right of privacy and shall include at least the privacy protection standards specified in Section 127673.83.
(f) The office shall establish a pricing mechanism for the use of nonpublic data.
(g) The office shall maintain information about requests and the disposition of requests, and shall develop processes for the timely consideration and release of nonpublic data.

SEC. 20.

 Section 127673.83 is added to the Health and Safety Code, to read:

127673.83.
 (a) In accessing or obtaining nonpublic data through the secure environment, users shall only have access to the minimum amount of potentially identifiable data necessary for an approved project or access to a dataset designed for an approved purpose. Each person who accesses or obtains nonpublic personal data shall sign a data use agreement. Violation of a data use agreement shall be considered a violation of Section 1798.56 of the Civil Code and, if applicable, Section 1798.57 of the Civil Code.
(b) Access to data in the secure research environment shall be permissible as follows:
(1) If the data does not include any of the direct personal identifiers listed in Section 164.514(e) of Title 45 of the Code of Federal Regulations, access may be provided to qualified applicants for research and analysis purposes consistent with program goals.
(2) If the data may include any of the direct personal identifiers listed in Section 164.514(e) of Title 45 of the Code of Federal Regulations, access may be provided only to qualified applicants for research projects that offer significant opportunities to achieve program goals and meet all of the following criteria:
(A) Project approval has been recommended by the data release committee.
(B) The project has been approved by the Committee for the Protection of Human Subjects pursuant to subdivision (t) of Section 1798.24 of the Civil Code. Pursuant to that section, the office may release data to established nonprofit research institutions, the University of California, and other nonprofit educational institutions.
(C) The requester has documented expertise with privacy protection and with the analysis of large sets of confidential data.
(D) The research shall be made available to the office.
(c) The office’s policies shall limit release or transmittal of personal information outside the secure environment.
(1) The office may develop standardized limited datasets that do not include any of the direct personal identifiers listed in Section 164.514(e) of Title 45 of the Code of Federal Regulations, and have the minimum necessary personal information for types of purposes specified by the office. Standardized datasets may be transmitted to qualified applicants if the requester has documented expertise with privacy protection and with the analysis of large sets of confidential data, data security will meet the standards that the office shall apply to personal data, and project approval has been recommended by the data release committee.
(2) Data described in paragraph (2) of subdivision (b) may be transmitted to an outside researcher only if the researcher meets all the criteria of that paragraph, the researcher has documented expertise with data security and the protection of large sets of confidential data, and data security will meet the standards that the office shall apply to personal data.
(d) Program data, including personal information, may be shared with other state agencies pursuant to subdivision (e) of Section 1798.24 of the Civil Code. For purposes of that section, personal information has been collected for the purposes specified in Section 127671, which include analyzing and improving state programs related to public health and the provision of health care or health care coverage.

SEC. 21.

 Section 127673.84 is added to the Health and Safety Code, to read:

127673.84.
 (a) The office shall establish a data release committee with a membership of at least 7 and no more than 11 members appointed by the director. Notwithstanding any other law, a quorum shall be achieved with one fewer member than one-half of the full membership.
(b) The appointed members shall include representatives of health care payers, providers, purchasers, researchers, consumers, and labor. Representatives of program data submitters shall not constitute a majority of members. The members shall have knowledge and experience with health care data, privacy, and security.
(c) Each appointed member shall serve a term of two years, except one-half of the initial appointments shall be for one year. The director may remove a member for cause.
(d) (1) The data release committee shall make recommendations about all applications seeking either program data with direct personal identifiers or the transmission of standardized datasets, except for data requests from other state agencies. Upon request of the director, the data release committee shall also make recommendations about other applications for program data.
(2) In making recommendations about applications seeking program data, except for data requests from other state agencies, the data release committee shall consider whether the use of the data is consistent with the goals of the system and whether it provides greater transparency regarding health care costs, utilization, quality, equity, or how the information may be used to inform policy decisions regarding the provision of quality health care, improving public health, reducing health disparities, advancing health coverage, and reducing health care costs.
(e) Upon request of the director, the data release committee shall generally advise the director about privacy and security matters related to the program and provide feedback on the program’s data application review processes and other matters.
(f) The chairperson of the data release committee shall be appointed from among the members by the director.
(g) A member of the data release committee appointed from outside state government shall serve without compensation, but shall receive a per diem for each day’s attendance at a data release committee meeting. All members shall be reimbursed for any actual and necessary expenses incurred in connection with their duties as members of the committee.

SEC. 22.

 Section 127674 of the Health and Safety Code is repealed.

SEC. 23.

 Section 127674 is added to the Health and Safety Code, to read:

127674.
 (a) The office shall expend the General Fund moneys appropriated in the 2018–19 Budget Act (Chapter 23 of the Statutes of 2019) for the purposes of this chapter and the former Health Care Transparency Database to fund the implementation and operation of the program.
(b) The Health Care Payments Data Fund is hereby established within the office for the purpose of receiving and expending revenues collected pursuant to this chapter.
(c) All revenues collected pursuant to this chapter shall be deposited in the fund. Any amounts raised by the collection of the revenues that are not required to meet appropriations in the Budget Act shall remain in the fund and shall be available to the office in succeeding years upon appropriation by the Legislature.
(d) The office shall seek to maximize federal financial participation from the Medicaid program for the system, working through the sole state agency for Medicaid, the State Department of Health Care Services, and shall do so while relying on moneys appropriated from the General Fund in the 2018–19 Budget Act and the 2019–20 Budget Act. Act, and on an ongoing basis using any federally allowed fund source for the state match.
(e) (1) The office may impose a data user fee for an eligible user that is in compliance with this chapter, including, but not limited to, provisions related to consumer privacy and data security. The revenue from the data user fee shall not exceed the office’s administrative costs in providing an eligible user’s access to the system.
(2) State agencies and consumer organizations certified for the consumer participation program administered by the Department of Managed Health Care pursuant to Section 1348.9 are not subject to the user fee but are required to comply with this chapter, including, but not limited to, provisions related to consumer privacy and data security.
(f) (1) Upon exhaustion of the General Fund moneys appropriated in the 2018–19 Budget Act, and after accounting for other sources of available funding as described in paragraph (2), funding for the actual and necessary expenses of the office in implementing this chapter shall be provided, subject to appropriation by the Legislature, from transfers of moneys from the Managed Care Fund and the Insurance Fund.
(2) The total amount of funds to be transferred from the Managed Care Fund and the Insurance Fund in a budget year pursuant to paragraph (1) shall be equal to the amount necessary to fund the actual and necessary expenses of the office minus the resources projected to be available to fund the office using other funding sources, including, as applicable, data user fees, available federal reimbursement, grant funds, or other funds.

(2)

(3) The share of funding from the Managed Care Fund shall be based on the number of covered lives in the state that are covered under plans regulated by the Department of Managed Health Care, including covered lives under Medi-Cal managed care, as determined by the Department of Managed Health Care, in proportion to the total number of all covered lives in the state.

(3)

(4) The share of funding to be provided from the Insurance Fund shall be based on the number of covered lives in the state that are covered under health insurance policies and benefit plans regulated by the Department of Insurance, including covered lives under Medicare supplement plans, as determined by the Department of Insurance, in proportion to the total number of all covered lives in the state.
(5) The office shall submit annually, as part of its January budget proposal, projections of the actual and necessary expenses of the office and the projected contributions from the Managed Care Fund, Insurance Fund, and other funds available to support these expenses.
(g) The office may accept foundation funding from foundations not affiliated or controlled by a health care entity.

SEC. 24.

 Section 127674.1 is added to the Health and Safety Code, to read:

127674.1.
 The office shall notify the Department of Managed Health Care or the Department of Insurance, as appropriate, if a health care service plan or health insurer fails to comply with this chapter. The Department of Managed Health Care and the Department of Insurance shall take appropriate action necessary to bring the plan or insurer into compliance.

SEC. 25.

 The provisions of this act are severable. If any provision of this act or its application is held invalid, that invalidity shall not affect other provisions or applications that can be given effect without the invalid provision or application.

SEC. 26.

 The Legislature finds and declares that Sections 9, 14, and 18 of this act, which amend Section 127673 of, and add Sections 127673.5 and 127673.81 to, the Health and Safety Code, impose a limitation on the public’s right of access to the meetings of public bodies or the writings of public officials and agencies within the meaning of Section 3 of Article I of the California Constitution. Pursuant to that constitutional provision, the Legislature makes the following findings to demonstrate the interest protected by this limitation and the need for protecting that interest:
In order to protect confidential and proprietary information submitted for inclusion in the Health Care Payments Data System, it is necessary for that information to remain confidential.

SEC. 27.

 No reimbursement is required by this act pursuant to Section 6 of Article XIII B of the California Constitution for certain costs that may be incurred by a local agency or school district because, in that regard, this act creates a new crime or infraction, eliminates a crime or infraction, or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIII B of the California Constitution.
However, if the Commission on State Mandates determines that this act contains other costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code.