153.455(3)
(3) Beginning on the date, if any, that the secretary of health services and the secretary of employee trust funds determine that the data organization is not in compliance with the contract under s.
153.05 (2r) with respect to the performance of the collection and public reporting of information regarding the cost, quality, and effectiveness of health care, including the development and maintenance of a centralized data repository, or determine that there is insufficient statewide participation under the requirements of the contract, the secretaries may modify or terminate the contract. If the secretaries terminate the contract, they shall recommend to the department of administration that that department use a competitive request-for-proposal process to solicit offers from other organizations for performance of the services required of the data organization under the terminated contract. If no organization responds to the request for proposals or if a successor contract cannot be achieved, sub.
(4) applies.
153.455(4)
(4) If the contract with the data organization is terminated under sub.
(3) and no organization responds to the request for proposals or a successor contract cannot be achieved, the department, in its capacity as a public health authority, shall collect health care information, including as specified under
s. HFS 120.14 (1), Wis. Adm. Code, in effect on April 13, 2006, and may request health care claims information, which may be voluntarily provided by insurers or administrators, under this subchapter; shall analyze and disseminate, or contract for the performance of analysis and dissemination of, the health care information; and may analyze and disseminate, or may contract for the performance of analysis and dissemination of, the health care claims information.
153.46
153.46
Release of data by entity. 153.46(1)(1)
After completion of data verification, comment, and review procedures, the entity under contract under s.
153.05 (2m) (a) shall release data, together with comments, if any, in the following forms:
153.46(1)(b)
(b) For information that is submitted by hospitals or ambulatory surgery centers, public use data files that do not permit the identification of specific patients, employers, or health care providers. The identification of patients, employers, or health care providers shall be protected by all necessary means, including the deletion of patient identifiers and the use of calculated variables and aggregated variables.
153.46(1)(c)
(c) Custom-designed reports containing portions of the data under par.
(b). Reports under this paragraph may include the patient's zip code or U.S. bureau of the census census tract or block group only if at least one of the following applies:
153.46(1)(c)1.
1. Other potentially identifying data elements are not released.
153.46(1)(c)2.
2. Population density is sufficient to mask patient identity.
153.46(1)(c)3.
3. Other potentially identifying data elements are grouped to provide population density sufficient to protect identity.
153.46(1)(c)4.
4. Multiple years of data elements are added to protect identity.
153.46(1m)
(1m) After completion of data verification and review procedures specified under s.
153.01 (4j), the entity may, but is not required to, release special data compilations.
153.46(2)
(2) The entity under contract under s.
153.05 (2m) (a) shall provide to the department and to any other organization or agency the data necessary to fulfill the department's, organization's, or agency's statutory mandates for epidemiological purposes.
153.46(3)
(3) The entity under contract under s.
153.05 (2m) (a) may, but is not required to, release hospital-specific, ambulatory surgery center-specific, and hospital or ambulatory surgery center employer-specific data, except in public use data files as specified under sub.
(1) (b).
153.46(4)
(4) The entity under contract under s.
153.05 (2m) (a) shall, as limited by this section and s.
153.50, provide equal access to the data collected and reports generated by the entity to all requesters that pay the fees under s.
153.65 (2).
153.46(5)
(5) The entity under contract under s.
153.05 (2m) (a) shall provide to the department, without charge, claims and provider survey information that is requested by or required to be provided to the department.
153.46(6)
(6) No person who purchases a data compilation or report under s.
153.65 (2) may release or sell the data sets so purchased.
153.46(7)
(7) Any required distributions of reports by the entity under contract under s.
153.05 (2m) (a) may be fulfilled by providing an electronic copy of the report, unless the requesting person specifically requests a paper copy.
153.46(8)
(8) The entity under contract under s.
153.05 (2m) (a) shall notify each physician with a license from this state who appears in the facility-submitted data that the physician has the opportunity to review that data. The entity may fulfill this notification requirement by providing a notice on the entity's Internet site and providing a procedure to make a request to the entity to review the data. The physician review process shall occur concurrently with the facility review process.
153.46 History
History: 2003 a. 33 ss.
2094r,
2094x;
2015 a. 287.
153.50
153.50
Protection of patient confidentiality. Subject to s.
153.455:
153.50(1)(b)1.1. “Patient-identifiable data", for information submitted by hospitals and ambulatory surgery centers, means all of the following data elements:
153.50(1)(b)1m.
1m. “Patient-identifiable data" does not include calculated variables that are derived from patient-identifiable data and the dissemination of which does not permit patient identification.
153.50(1)(b)1r.
1r. “Patient-identifiable data" does not include data elements that identify a patient's race or ethnicity.
153.50(1)(b)2.
2. “Patient-identifiable data", for information submitted by health care providers who are not hospitals or ambulatory surgery centers and by insurers and administrators, means all of the following data elements:
153.50(1)(b)2.b.
b. Whether the patient's condition is related to employment, and occurrence and place of an auto accident or other accident.
153.50(1)(b)2.c.
c. Date of first symptom of current illness, of current injury or of current pregnancy.
153.50(1)(b)2.d.
d. First date of the patient's same or similar illness, if any.
153.50(1)(b)2.e.
e. Dates that the patient has been unable to work in his or her current occupation.
153.50(1)(c)
(c) “Small number" means a number that is insufficiently large to be statistically significant, as determined by the department.
153.50(3)
(3)
Measures to ensure protection of patient identity. To ensure that the identity of patients is protected when information obtained by the department, by the entity under contract under s.
153.05 (2m) (a), or by the data organization under contract under s.
153.05 (2r) is disseminated, the department, the entity, and the data organization shall do all of the following:
153.50(3)(a)
(a) Aggregate any data element category containing small numbers. The department, in so doing, shall use procedures that are developed by the department and that follow commonly accepted statistical methodology.
153.50(3)(b)
(b) Remove and destroy all of the following data elements on the uniform patient billing forms that are received by the department, the entity, or the data organization under the requirements of this subchapter:
153.50(3)(b)3.
3. Any other insured's name, employer name and date of birth.
153.50(3)(b)4.
4. The signature of the patient or other authorized signature.
153.50(3)(b)5.
5. The signature of the insured or other authorized signature.
153.50(3)(b)7.
7. The patient's account number, after use only as verification of data by the department or by the entity.
153.50(3)(c)
(c) Develop, for use by purchasers of data under this subchapter, a data use agreement that specifies data use restrictions, appropriate uses of data and penalties for misuse of data, and notify prospective and current purchasers of data of the appropriate uses.
153.50(3)(d)
(d) Require that a purchaser of data under this subchapter sign and have notarized the data use agreement of the department, the entity, or the data organization, as applicable.
153.50(3m)
(3m)
Provider, administrator, or insurer measures to ensure patient identity protection. A health care provider that is not a hospital or ambulatory surgery center or an insurer or an administrator shall, before submitting information required by the department, or by the data organization under contract under s.
153.05 (2r), under this subchapter, convert to a payer category code as specified by the department or the data organization, as applicable, any names of an insured's payer or other insured's payer.
153.50(4)
(4)
Release of patient-identifiable data. 153.50(4)(a)
(a) Except as specified in. pars.
(b) and
(c), under the procedures specified in sub.
(5), release of patient-identifiable data may be made only to any of the following:
153.50(4)(a)1.a.a. An agent of the department who is responsible for the patient-identifiable data in the department, in order to store the data and ensure the accuracy of the information in the database of the department or to create a calculated variable that is derived from the patient-identifiable data.
153.50(4)(a)1.b.
b. An agent of the entity under contract under s.
153.05 (2m) (a) who is responsible for the patient-identifiable data of the entity, in order to store the data and ensure the accuracy of the information in the database of the entity or to create a calculated variable that is derived from the patient-identifiable data.
153.50(4)(a)1.c.
c. An agent of the data organization under contract under s.
153.05 (2r) who is responsible for the patient-identifiable data of the data organization, in order to store the data and ensure the accuracy of the information in the database of the data organization or to create a calculated variable that is derived from the patient-identifiable data.
153.50(4)(a)2.
2. A health care provider that is not a hospital or ambulatory surgery center or the agent of such a health care provider, to ensure the accuracy of the information in the database of the department or the data organization under contract under s.
153.05 (2r), or a health care provider that is a hospital or ambulatory surgery center or the agent of such a health care provider, to ensure the accuracy of the information in the database of the entity under contract under s.
153.05 (2m) (a).
153.50(4)(a)3.
3. The department or its agent, for purposes of epidemiological investigation, or, with respect to information from health care providers that are not hospitals or ambulatory surgery centers, the department or the data organization under contract under s.
153.05 (2r), to eliminate the need for duplicative databases.
153.50(4)(a)4.
4. An agency or organization that is required by federal or state statute to obtain patient-identifiable data for purposes of epidemiological investigation or to eliminate the need for duplicative databases.
153.50(4)(b)
(b) Of information submitted by health care providers that are not hospitals or ambulatory surgery centers, patient-identifiable data that contain a patient's date of birth may be released under par.
(a) only under circumstances as specified by rule by the department.
153.50(5)
(5)
Procedures for release of patient-identifiable data. 153.50(5)(a)(a) The department, an entity that is under contract under s.
153.05 (2m) (a), or a data organization that is under contract under s.
153.05 (2r) may not release or provide access to patient-identifiable data to a person authorized under sub.
(4) (a) unless the authorized person requests the department, entity, or data organization, in writing, to release the patient-identifiable data. The request shall include all of the following:
153.50(5)(a)3.
3. For a person who is authorized under sub.
(4) (a) to receive or have access to patient-identifiable data, evidence, in writing, that indicates that authorization.
153.50(5)(a)4.
4. For an agency or organization that is authorized under sub.
(4) (a) 4. to receive or have access to patient-identifiable data, evidence, in writing, of all of the following:
153.50(5)(a)4.a.
a. The federal or state statutory requirement to obtain the patient-identifiable data.
153.50(5)(a)4.b.
b. Any federal or state statutory requirement to uphold the patient confidentiality provisions of this subchapter or patient confidentiality provisions that are more restrictive than those of this subchapter; or, if the latter evidence is inapplicable, an agreement, in writing, to uphold the patient confidentiality provisions of this subchapter.
153.50(5)(b)
(b) Upon receipt of a request under par.
(a), the department, entity, or data organization, whichever is applicable, shall, as soon as practicable, comply with the request or notify the requester, in writing, of all of the following:
153.50(5)(b)1.
1. That the department, entity, or data organization, as applicable, is denying the request in whole or in part.
153.50(5m)
(5m)
Employers not to request patient-identifiable data. Notwithstanding subs.
(4) and
(5) no employer may request the release of or access to patient-identifiable data of an employee of the employer.
153.50(6)(a)(a) The department or entity under contract under s.
153.05 (2m) (a) may not require a health care provider submitting health care information under this subchapter to include the patient's name or social security number, and the department may not require a health care provider submitting health care information under this subchapter to include the patient's street address.
153.50(6)(am)
(am) Hospitals or ambulatory surgery centers shall submit the patient's street address to the entity under contract under s.
153.05 (2m) (a) as directed by the entity. The entity may only use the street address to create a calculated variable that does not identify a patient's address or to convert the data element to the corresponding U.S. bureau of the census census tract and block group. The entity shall destroy the street address information upon the creation of the variable or upon the conversion to the census tract and block group.