Wednesday, May 25, 2016
Dear Mr. Andy Slavitt Acting Administrator of CMS,
Thank you for the opportunity to comment on the MACRA proposed rules, which are unworkable and unacceptable. The Secretary of HHS’s Qualified Clinical Data Registries (QCDRs) are of particular concern prompting my dissent. (Refer to pages 224-250). MACRA intended for the QCDRs’ to submit Quality metrics. The rule proposes to expand QCDRs’ capabilities allowing them to submit data on measures, activities, or objectives from the Quality, Clinical Improvement Activities, and Advancing care information categories. Such authoritarian granting of expanded power to agents of your choosing is beyond your scope of power and changes the intent of the law. CMS already has access to data for the resource use performance category since such measures are claims-based. The QCDRs’ are CMS-approved entities that collect medical and/or clinical data for patient and disease tracking. Of concern is that QCDRs will provide you quality measure specifications including data elements for non-MIPS quality measures intended for reporting from certified EHR technology. Thus, this entity can collect any data the Secretary of HHS wants by collecting it as a non-MIPS measure. The QCDR must risk-adjust the non-MIPS measures and list them on their websites. Further, (page 228) QCDRs must submit to you “data on measures, activities, and objectives for all patients, not just Medicare patients.” By whose authority does CMS, the Center for Medicare and Medicaid Services, collect data on all patients in the USA? This not only changes the intent of the law and epitomizes executive overreach but violates individual Constitutional rights.
To make matters worse, on page 228, your rules “require QCDRs must comply with any request by us to review the data submitted.” Page 229, “QCDRS may request to report on up to 30 quality measures not on the annual list of MIPS quality measures.” This is a massive, intrusive data grab on All Patients by CMS entities that must allow you to review the data on any measure you desire at any time you request. When groups use a QCDR to submit their data to you, each individual eligible clinician does not need to grant individual permission to the QCDR to submit their patients’ data.
Next, the rule expands health IT vendors’ powers and allows and requires Health IT vendors to obtain data from MIPS eligible clinician’s certified EHR and submit to CMS in quality, Clinical Practice Improvement Activities, and advancing care information performance categories (page 233). The rule allows the HIT vendors to use intermediaries to submit data to CMS. Again CMS, an agency, is legislating, changing the law, and violating personal, individual privacy. This rule allows protected health information, which includes demographics and past, present, and future physical and mental individually identifiable information, to be passed through several levels of intermediaries vastly increasing, cost, bureaucratic waste, and risk of security breeches, if not data loss or transposition.
In continued unauthorized legislating on page 234, the rule defines “Qualified Registries” as a medical registry, a maintenance of certification (MOC) program operated by a specialty body of the American Board of Medical Specialties or other data intermediary and grants them power to submit data in the quality, clinical practice improvement, and advancing care information categories. One such specialty group, the ABIM, is under scrutiny for its unethical maintenance of certification practices including profiting hundreds of millions of dollars on the backs of physicians in an unethical testing/MOC industry shown by FOIA documents to include falsifying tax documents, transferring money to the ABIM foundation, and sending millions to the Cayman Islands. Such an organization and anything having to do with MOC cannot and will not be trusted by physicians for handling of privileged medical data.
Page 236 requires these intermediaries to do randomized audits of data including periodic examinations to compare patient record data with submitted data. The qualified registry must submit to CMS, quality measures and activities data on all patients, not just Medicare patients (p. 237) and “must comply with any request by us to review the data.” They must report on all payers, including Medicare part B FFS patients and non-Medicare patients.
Page 239 proposes yet another third party intermediary to transmit data, CMS-Approved Survey Vendors.
All of these CMS sanctioned third party entities “must retain all data submitted to CMS for MIPS for a minimum of 10 years.” (page 425) The potential for massive problems here is beyond the scope of these comments. This massive government intrusion into every American’s private medical data and demographics by multiple third party entities who must collect data on all patients, not just Medicare, and all payers, including commercial insurers not just Medicare, who will peruse it, gather it, adjust it, transmit it to CMS, and store it for 10 years makes the NSA look like Boy Scouts. This is unacceptable and will not be tolerated by the American people. This rule must go.
Kris Held, M.D.