(a) General. CMS shares certain beneficiary-identifiable data as described in paragraph (b) of this section and certain aggregate data as described in paragraph (c) of this section with IOTA participants regarding attributed patients who are Medicare beneficiaries and performance under the model.

(b) Beneficiary-identifiable data. CMS shares beneficiary-identifiable data with IOTA participants as follows:

(1) CMS makes available certain beneficiary-identifiable data described in paragraphs (b)(4) and (5) of this section for IOTA participants to request for purposes of conducting health care operations work that falls within the first or second paragraph of the definition of health care operations at 45 CFR 164.501 on behalf of their attributed patients who are Medicare beneficiaries.

(2) An IOTA participant that wishes to receive beneficiary-identifiable data for its attributed patients who are Medicare beneficiaries must do all of the following:

(i) Submit a formal request for the data, on an annual basis in a manner and form and by a date specified by CMS, which identifies the data being requested and attests that—

(A) The IOTA participant is requesting this beneficiary-identifiable data as a HIPAA covered entity or as a business associate, as those terms are defined at 45 CFR 160.103, to the IOTA participant's providers and suppliers who are HIPAA covered entities; and

(B) The IOTA participant's request reflects the minimum data necessary, as set forth in paragraph (b)(6) of this section, for the IOTA participant to conduct health care operations work that falls within the first or second paragraph of the definition of health care operations at 45 CFR 164.501.

(ii) Limit the request to Medicare beneficiaries whose name appears on the quarterly attribution list who have been notified in compliance with § 512.450 that the IOTA participant has requested access to beneficiary-identifiable data, and who did not decline having their claims data shared with the IOTA participant as provided in paragraph (b)(7) of this section.

(iii) Sign and submit a data sharing agreement with CMS as set forth in paragraph (b)(8) of this section.

(3) CMS shares beneficiary-identifiable data with an IOTA participant on the condition that the IOTA participant, its IOTA collaborators, and other individuals or entities performing functions or services related to the IOTA participant's activities observe all relevant statutory and regulatory provisions regarding the appropriate use of data and the confidentiality and privacy of individually identifiable health information and comply with the terms of the data sharing agreement described in paragraph (b)(8) of this section.

(4) CMS omits from the beneficiary-identifiable data any information that is subject to the regulations in 42 CFR part 2 governing the confidentiality of substance use disorder patient records.

(5) The beneficiary-identifiable data will include, when available, the following information:

(i) Quarterly attribution lists. For the relevant PY, CMS shares with the IOTA participant the quarterly attribution lists, which will include but may not be limited to the following information for each attributed patient:

(A) The year that CMS attributed the patient to the IOTA participant.

(B) The effective date of the patient's attribution to the IOTA participant.

(C) The effective date of the patient's de-attribution from the IOTA participant and the reason for such removal (if applicable).

(D) For Medicare beneficiaries, the attributed patient's data sharing preference.

(ii) Beneficiary-identifiable claims data. CMS makes available certain beneficiary-identifiable claims data for retrieval by IOTA participants no later than 1 month after the start of each PY, in a form and manner specified by CMS. IOTA participants may retrieve the following data at any point during the relevant PY. This claims data includes all of the following:

(A) Three years of historical Parts A, B, and D claims data files from the 36 months immediately preceding the effective date of each attributed patient who is a Medicare beneficiary's attribution to the IOTA participant.

(B) Monthly Parts A, B, and D claims data files for attributed patients who are Medicare beneficiaries.

(C) Monthly Parts A, B, and D claims data files for Medicare beneficiaries who have been de-attributed from the IOTA participant for claims with a date of service before the date the Medicare beneficiary was de-attributed from the IOTA participant.

(6) The IOTA participant must limit its attributed Medicare beneficiary identifiable data requests to the minimum necessary to accomplish a permitted use of the data.

(i) The minimum necessary Parts A and B data elements may include but are not limited to the following data elements:

(A) Medicare beneficiary identifier (ID).

(B) Procedure code.

(C) Gender.

(D) Diagnosis code.

(E) Claim ID.

(F) The from and through dates of service.

(G) The provider or supplier ID.

(H) The claim payment type.

(I) Date of birth and death, if applicable.

(J) Tax identification number (TIN).

(K) National provider identifier (NPI).

(ii) The minimum necessary Part D data elements may include but are not limited to the following data elements:

(A) Beneficiary ID.

(B) Prescriber ID.

(C) Drug service date.

(D) Drug product service ID.

(E) Quantity dispensed.

(F) Days supplied.

(G) Brand name.

(H) Generic name.

(I) Drug strength.

(J) TIN.

(K) NPI.

(L) Indication if on formulary.

(M) Gross drug cost.

(7)(i)(A) IOTA participants must send Medicare beneficiaries a notification about the IOTA Model and the opportunity to decline claims data sharing as required under § 512.450.

(B) Such notifications must do both of the following:

(1) State that the IOTA participant may have requested beneficiary-identifiable claims data about the Medicare beneficiary for purposes of its care coordination, quality improvement work, and population-based activities relating to improving health or reducing health care costs.

(2) Inform the Medicare beneficiary how to decline having his or her claims information shared with the IOTA participant in the form and manner specified by CMS.

(ii) Medicare beneficiary requests to decline claims data sharing remain in effect unless and until a beneficiary subsequently contacts CMS to amend that request to permit claims data sharing with IOTA participants.

(iii) The opportunity to decline having claims data shared with an IOTA participant under paragraph (b)(7)(i) of this section does not apply to any of the following:

(A) The aggregate data that CMS provides to IOTA participants under paragraph (c) of this section.

(B) The initial attribution lists that CMS provides to IOTA participants as defined at § 512.402 and specified under § 512.414(c)(1)(ii).

(C) The quarterly attribution lists that CMS provides to IOTA participants as defined at § 512.402 and specified under § 512.414(c)(2)(ii).

(D) The annual attribution reconciliation list that CMS provides to IOTA participants as defined at § 512.402 and specified under § 512.414(c)(3)(ii).

(8)(i) If an IOTA participant wishes to retrieve any beneficiary-identifiable data specified in paragraph (b) of this section, the IOTA participant must complete and submit, on an annual basis, a signed data sharing agreement, to be provided in a form and manner specified by CMS, under which the IOTA participant agrees to all of the following:

(A) To comply with the requirements for use and disclosure of this beneficiary-identifiable data that are imposed on covered entities by the HIPAA regulations at 45 CFR part 160 and part 164, subparts A and E, and the requirements of the IOTA Model set forth in this part.

(B) To comply with additional privacy, security, breach notification, and data retention requirements specified by CMS in the data sharing agreement.

(C) To contractually bind each downstream recipient of the beneficiary-identifiable data that is a business associate of the IOTA participant, including all IOTA collaborators, to the same terms and conditions to which the IOTA participant is itself bound in its data sharing agreement with CMS as a condition of the business associate's receipt of the beneficiary-identifiable data retrieved by the IOTA participant under the IOTA Model.

(D) That if the IOTA participant misuses or discloses the beneficiary-identifiable data in a manner that violates any applicable statutory or regulatory requirements or that is otherwise non-compliant with the provisions of the data sharing agreement, CMS may do all of the following:

(1) Deem the IOTA participant ineligible to retrieve the beneficiary-identifiable data under paragraph (b) of this section for any amount of time.

(2) Terminate the IOTA participant's participation in the IOTA Model under § 512.466.

(3) Subject the IOTA participant to additional sanctions and penalties available under the law.

(ii) An IOTA participant must comply with all applicable laws and the terms of the data sharing in order to retrieve beneficiary-identifiable data.

(c) Aggregate data. (1) CMS shares aggregate performance data with IOTA participants, in a form and manner to be specified by CMS, which has been de-identified in accordance with 45 CFR 164.514(b). This aggregate data includes, when available, certain de-identified data detailing the IOTA participant's performance against the transplant target information for each PY.

(2) [Reserved]