Subject to subparagraph (B), to the extent consistent with applicable information, privacy, security, and disclosure laws (including paragraph (3)), notwithstanding paragraph (4)(B) of section 1874(e) of the Social Security Act (42 U.S.C. 1395kk(e)) and the second sentence of paragraph (4)(D) of such section, beginning July 1, 2016, a qualified entity may use the combined data described in paragraph (4)(B)(iii) of such section received by such entity under such section, and information derived from the evaluation described in such paragraph (4)(D), to conduct additional non-public analyses (as determined appropriate by the Secretary) and provide or sell such analyses to authorized users for non-public use (including for the purposes of assisting providers of services and suppliers to develop and participate in quality and patient care improvement activities, including developing new models of care).
Any analyses provided or sold under subparagraph (A) to an employer described in paragraph (9)(A)(iii) may only be used by such employer for purposes of providing health insurance to employees and retirees of the employer.
A qualified entity may not provide or sell an analysis to a health insurance issuer described in paragraph (9)(A)(iv) unless the issuer is providing the qualified entity with data under section 1874(e)(4)(B)(iii) of the Social Security Act (42 U.S.C. 1395kk(e)(4)(B)(iii)).
The purposes described in this subparagraph are assisting providers of services and suppliers in developing and participating in quality and patient care improvement activities, including developing new models of care.
A qualified entity may not charge a fee for providing the data under subparagraph (A)(ii).
Except as provided in subparagraph (B), an analysis or data that is provided or sold under paragraph (1) or (2) shall not contain information that individually identifies a patient.
To the extent consistent with applicable information, privacy, security, and disclosure laws, an analysis or data that is provided or sold to a provider of services or supplier under paragraph (1) or (2) may contain information that individually identifies a patient of such provider or supplier, including with respect to items and services furnished to the patient by other providers of services or suppliers.
An authorized user shall not use an analysis or data provided or sold under paragraph (1) or (2) for marketing purposes.
A qualified entity and an authorized user described in clauses (i), (ii), and (v) of paragraph (9)(A) shall enter into an agreement regarding the use of any data that the qualified entity is providing or selling to the authorized user under paragraph (2). Such agreement shall describe the requirements for privacy and security of the data and, as determined appropriate by the Secretary, any prohibitions on using such data to link to other individually identifiable sources of information. If the authorized user is not a covered entity under the rules promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996, the agreement shall identify the relevant regulations, as determined by the Secretary, that the user shall comply with as if it were acting in the capacity of such a covered entity.
Except as provided in subparagraph (B), an authorized user that is provided or sold an analysis or data under paragraph (1) or (2) shall not redisclose or make public such analysis or data or any analysis using such data.
A provider of services or supplier that is provided or sold an analysis or data under paragraph (1) or (2) may, as determined by the Secretary, redisclose such analysis or data for the purposes of performance improvement and care coordination activities but shall not make public such analysis or data or any analysis using such data.
Prior to a qualified entity providing or selling an analysis to an authorized user under paragraph (1), to the extent that such analysis would individually identify a provider of services or supplier who is not being provided or sold such analysis, such qualified entity shall provide such provider or supplier with the opportunity to appeal and correct errors in the manner described in section 1874(e)(4)(C)(ii) of the Social Security Act (42 U.S.C. 1395kk(e)(4)(C)(ii)).
Any amounts collected pursuant to this paragraph shall be deposited in Federal [2] Supplementary Medical Insurance Trust Fund under section 1841 of the Social Security Act (42 U.S.C. 1395t).
The term “provider of services” has the meaning given such term in section 1861(u) of the Social Security Act (42 U.S.C. 1395x(u)).
The term “qualified entity” has the meaning given such term in section 1874(e)(2) of the Social Security Act (42 U.S.C. 1395kk(e)).[3]
The term “supplier” has the meaning given such term in section 1861(d) of the Social Security Act (42 U.S.C. 1395x(d)).
To the extent consistent with applicable information, privacy, security, and disclosure laws, beginning July 1, 2016, the Secretary shall, at the request of a qualified clinical data registry under section 1848(m)(3)(E) of the Social Security Act (42 U.S.C. 1395w–4(m)(3)(E)), provide the data described in subparagraph (B) (in a form and manner determined to be appropriate) to such qualified clinical data registry for purposes of linking such data with clinical outcomes data and performing risk-adjusted, scientifically valid analyses and research to support quality improvement or patient safety, provided that any public reporting of such analyses or research that identifies a provider of services or supplier shall only be conducted with the opportunity of such provider or supplier to appeal and correct errors in the manner described in subsection (a)(6).
Data described in paragraph (1)(B) shall be provided to a qualified clinical data registry under paragraph (1) at a fee equal to the cost of providing such data. Any fee collected pursuant to the preceding sentence shall be deposited in the Centers for Medicare & Medicaid Services Program Management Account.