The Joint Commission on Accreditation of Healthcare Organizations will continue data-mining operations for quality-improvement programs and may move forward with a controversial plan to require hospitals to provide it with patient-identifiable health records as part of the accreditation process.
In addition, a JCAHO subsidiary will honor its contract with the Blue Cross and Blue Shield Association and provide two more quarterly, hospital-specific performance reports to a number of Blues plans, a deal that caused a six-month flap between the JCAHO and its hospital clients. Hospitals won a recent round in that fight by pressuring the JCAHO to drop its plans to sell additional data-analysis services to payers (See editorial, p. 20).
The JCAHO board "further affirmed the Joint Commission's need to secure access to patient-level performance data to support its ongoing accreditation-related measurement activities," according to a statement released Nov. 21. In order not to detract from what it called its "core objective" of performance improvement, "the Joint Commission has decided not to sell performance measurement data analyses to private, third-party payors."
While the JCAHO's recent moves close the door on that part of the controversy, another hospital industry concern remains unresolved--HIPAA privacy liability ensuing from the JCAHO seeking patient-identifiable data from the hospitals as part of accreditation.
The sharing of "protected health information" that is, medical records in which the individual patient can be identified, is regulated by the HIPAA privacy rule. In a telephone interview last week, Jerod Loeb, the JCAHO's executive vice president of research, said the organization will seek protected health information from the hospitals. The JCAHO will not need patients' names, but other data elements that could be used to identify specific patients will be requested, although which data elements are needed has yet to be determined. "We're working now on figuring that out," Loeb said.
Loeb said the information that the JCAHO is seeking has been shared for years by the hospitals with intermediaries such as the Illinois Hospital Association. The IHA, the Maryland Quality Indicator Project and dozens of other intermediaries de-identify and aggregate the data for internal analysis by the hospitals and reporting to the JCAHO and the CMS.
It will be up to a newly formed data-policy advisory committee working with the JCAHO's staff and ultimately the JCAHO board at subsequent meetings, to make the final determination on which data elements will be sought, according to Kathy Barry, chief communications officer for the Oakbrook Terrace, Ill.-based accreditation group.
Barry said two of the four sets of reports have been delivered and the two remaining under the contract will be prepared and distributed to the Blues, with a final series of reports going out early next year.
Currently, the JCAHO requires its accredited hospitals to provide it with aggregated data on selected clinical-performance measures backed up by a 20% sample of de-identified patient-level data the JCAHO uses to check the accuracy of the aggregated data. Earlier this year, the JCAHO discussed a plan to require hospitals to substitute patient-level data for aggregate data as part of the Oryx data submission program.
On Nov. 11, in a five-page legal opinion the JCAHO submitted to HHS' Office for Civil Rights, the agency said it plans to seek patient-identifiable data through the accreditation process "to better verify the quality of the hospital performance data it receives." The office has enforcement responsibilities for the HIPAA privacy rule, which governs the use of patient-identifiable data.
The JCAHO's legal opinion came in response to a challenge submitted Nov. 3 to the OCR by the American Hospital Association (Nov. 21, p. 8). The association's filing with the federal agency said "there is no evidence" that providing the Joint Commission with additional patient-level data is necessary for accreditation.
AHA spokesman Richard Wade said that any patient-level data supplied to the JCAHO "has to be de-identified." He said some HIPAA issues could be worked out. "We've said to the Joint Commission that the hospital has to be able to say `no' and the data submission shouldn't be tied to accreditation."
The Federation of American Hospitals and the Association of American Medical Colleges joined the AHA in a Nov. 10 letter to JCAHO President and Chief Executive Officer Dennis O'Leary opposing the JCAHO's plan to sell data to third parties and supporting the AHA's request for clarification of HIPAA implications of the JCAHO's data-mining ventures.