Organizations approved as qualified entities will be able to confidentially share or sell analyses of Medicare and private sector claims data to healthcare providers, employers and others organizations focused on improving care, according to a final rule announced by the Centers for Medicare & Medicaid Services Friday.

As part of the rule, which implements section 105 of the Medicare Access and CHIP Authorization Act, organizations receiving patient-identifiable or beneficiary de-identified information are required to use protections equivalent to what is outlined by HIPAA’s Privacy and Security Rules.

"At a minimum, regardless of whether the authorized user is a HIPAA-covered entity, such protections of beneficiary identifiable data must be at least as protective as what is required of covered entities and their business associates regarding protected health information (PHI) under the HIPAA Privacy and Security Rules," CMS states. "In all cases, these requirements must be imposed for the life of such beneficiary identifiable data or nonpublic analyses and/or any derivative data, that is until all copies of such data or non-public analyses are returned or destroyed."

According to CMS, the rule will bolster data-sharing efforts, which will lead to better care and lower costs.

“Increasing access to analyses and data that include Medicare data will make it easier for stakeholders throughout the healthcare system to make smarter and more informed healthcare decisions,” CMS Chief Data Officer Niall Brennan said in a statement.

Fifteen organizations so far have received approval to be qualified entities, including the Health Care Cost Institute, Optum Labs and The Health Collaborative.

To learn more:
- here’s the CMS announcement
- check out the final rule