42 CFR 401.703 - Definitions.
For purposes of this subpart:
(a)Qualified entity means either a single public or private entity, or a lead entity and its contractors, that meets the following requirements:
(2) Agrees to meet the requirements described in this subpart at §§ 401.705 through 401.721.
(b)Provider of services (referred to as a provider) has the same meaning as the term “provider” in § 400.202 of this chapter.
(c)Supplier has the same meaning as the term “supplier” at § 400.202 of this chapter.
(d)Claim means an itemized billing statement from a provider or supplier that, except in the context of Part D prescription drug event data, requests payment for a list of services and supplies that were furnished to a Medicare beneficiary in the Medicare fee-for-service context, or to a participant in other insurance or entitlement program contexts. In the Medicare program, claims files are available for each institutional (inpatient, outpatient, skilled nursing facility, hospice, or home health agency) and non-institutional (physician and durable medical equipment providers and suppliers) claim type as well as Medicare Part D Prescription Drug Event (PDE) data.
(f)Beneficiary identifiable data is any data that contains the beneficiary's name, Medicare Health Insurance Claim Number (HICN), or any other direct identifying factors, including, but not limited to postal address or telephone number.
(g)Encrypted data is any data that does not contain the beneficiary's name or any other direct identifying factors, but does include a unique CMS-assigned beneficiary identifier that allows for the linking of claims without divulging any direct identifier of the beneficiary.
(h)Claims data from other sources means provider- or supplier-identifiable claims data that an applicant or qualified entity has full data usage right to due to its own operations or disclosures from providers, suppliers, private payers, multi-payer databases, or other sources.
(i)Clinical data is registry data, chart-abstracted data, laboratory results, electronic health record information, or other information relating to the care or services furnished to patients that is not included in administrative claims data, but is available in electronic form.
(j)Authorized user is a third party and its contractors (including, where applicable, business associates as that term is defined at 45 CFR 160.103) that need analyses or data covered by this section to carry out work on behalf of that third party (meaning not the qualified entity or the qualified entity's contractors) to whom/which the qualified entity provides or sells data as permitted under this subpart. Authorized user third parties are limited to the following entities:
(1) A provider.
(2) A supplier.
(3) A medical society.
(4) A hospital association.
(5) An employer.
(6) A health insurance issuer.
(8) A state entity.
(9) A federal agency.
(k)Employer has the same meaning as the term “employer” as defined in section 3(5) of the Employee Retirement Insurance Security Act of 1974.
(l)Health insurance issuer has the same meaning as the term “health insurance issuer” as defined in section 2791 of the Public Health Service Act.
(m)Medical society means a nonprofit organization or association that provides unified representation and advocacy for physicians at the national or state level and whose membership is comprised of a majority of physicians.
(n)Hospital association means a nonprofit organization or association that provides unified representation and advocacy for hospitals or health systems at a national, state, or local level and whose membership is comprised of a majority of hospitals and health systems.
(o)Healthcare Provider and/or Supplier Association means a nonprofit organization or association that provides unified representation and advocacy for providers and suppliers at the national or state level and whose membership is comprised of a majority of suppliers or providers.
(p)State Entity means any office, department, division, bureau, board, commission, agency, institution, or committee within the executive branch of a state government.
(q)Combined data means, at a minimum, a set of CMS claims data provided under this subpart combined with claims data, or a subset of claims data from at least one of the other claims data sources described in § 401.707(d).
(r)Patient means an individual who has visited the provider or supplier for a face-to-face or telehealth appointment at least once in the past 24 months.
(t)Violation means a failure to comply with a requirement of a CMS DUA (CMS data use agreement) or QE DUA (qualified entity data use agreement).
(u)Required by law means the same as the phrase “required by law” at 45 CFR 164.103.
- 42 CFR 401.713 — Ensuring the Privacy and Security of Data.
- 42 CFR 401.707 — Operating and Governance Requirements for Qualified Entities.
- 42 CFR 401.719 — Monitoring and Sanctioning of Qualified Entities.
- 42 CFR 401.722 — Qualified Clinical Data Registries.
- 42 CFR 401.718 — Dissemination of Data.
- 42 CFR 401.716 — Non-Public Analyses.