APCD- Frequently Asked Questions
- Q: How do I obtain access to secure payer area?
- A: In accordance with R428-15-8. Carrier Registration, each carrier shall register with the Office of Health Care Statistics by completing the online payer registration form. Once the Carrier has registered, information will be sent to contacts specified during registration process.
- Q: Is a HIPAA Business Associate Agreement (BAA) required between entities providing data to the All Payer Claims Database and the State?
- A: A BAA is not required because 45 CFR 164.512 (b)(1)(i) allows disclosure to the APCD without the authorization of the individual patient.
Normally a BAA is required for a covered entity to disclose protected health information outside normal treatment, payment and operations. However, there is a specific provision in HIPAA that allows disclosure of such data to a public health authority without the need for a BAA.
The HIPAA provision found at 45 CFR 164.512 (b)(1)(i) says that a covered entity may disclose protected health information "for public health activities" to "a public health authority that is authorized by law to collect or receive such information for the purpose of...public health investigations."
The Utah Department of Health is such a public health authority. The Utah Health Data Authority Act (Utah Code Sec 26-33a-104 ) authorizes the committee to "collect analyze, and distribute health care data to facilitate ...quality and cost-effective health care" The specific authorization for the APCD is in our administrative rules at R428-15.
In short, these disclosure are authorized by law and fall within the public health exception and do not require a BAA. The covered entity will not be violating HIPAA when they make the required disclosures to the APCD.
- Q: Is UHIN membership required to submit data to the APCD?
- A: Yes, payers are required to submit medical claims data through the UHIN network. Pharmacy and enrollment files may be submitted directly to the Office of Health Care Statistics (OHCS) through the FTP Secure established specifically for this purpose. However, the OHCS recommends data submissions occur through UHIN.
Membership with UHIN must be coordinated with their customer service personnel and according to their procedures (see http://www.uhin.org/pages/membership.php). Once a member, the OHCS will need your UHIN Trading Partner Number or TPN. Our office will then coordinate your test file submission.