42 CFR § 401.709 - The application process and requirements.
(a) Application deadline. CMS accepts qualified entity applications on a rolling basis after an application is made available on the CMS Web site. CMS reviews applications in the order in which they are received.
(b) Selection criteria. To be approved as a qualified entity under this subpart, the applicant must meet one of the following:
(1) Standard approval process: Meet the eligibility and operational and governance requirements, fulfill all of the application requirements to CMS' satisfaction, and agree to pay a fee equal to the cost of CMS making the data available. The applicant and each of its contractors that are anticipated to have access to the Medicare data must also execute a Data Use Agreement with CMS, that among other things, reaffirms the statutory ban on the use of Medicare data provided to the qualified entity by CMS under this subpart for purposes other than those referenced in this subpart.
(2) Conditional approval process: Meet the eligibility and operational and governance requirements, and fulfill all of the application requirements to CMS' satisfaction, with the exception of possession of sufficient claims data from other sources. Meeting these requirements will result in a conditional approval as a qualified entity. Entities gaining a conditional approval as a qualified entity must meet the eligibility requirements related to claims data from other sources the entity intends to combine with the Medicare data, agree to pay a fee equal to the cost of CMS making the data available, and execute a Data Use Agreement with CMS, that among other things, reaffirms the statutory ban on the use of Medicare data provided to the qualified entity by CMS under this subpart for purposes other than those referenced in this subpart before receiving any Medicare data. If the qualified entity is composed of lead entity with contractors, any contractors that are anticipated to have access to the Medicare data must also execute a Data Use Agreement with CMS.
(c) Duration of approval. CMS permits an entity to participate as a qualified entity for a period of 3 years from the date of notification of the application approval by CMS. The qualified entity must abide by all CMS regulations and instructions. If the qualified entity wishes to continue performing the tasks after the 3-year approval period, the entity may re-apply for qualified entity status following the procedures in paragraph (f) of this section.
(d) Reporting period. A qualified entity must produce reports on the performance of providers and suppliers at least annually, beginning in the calendar year after they are approved by CMS.
(e) The distribution of data—(1) Initial data release. Once CMS fully approves a qualified entity under this subpart, the qualified entity must pay a fee equal to the cost of CMS making data available. After the qualified entity pays the fee, CMS will release the applicable encrypted claims data, as well as a file that crosswalks the encrypted beneficiary ID to the beneficiary name and the Medicare HICN. The data will be the most recent data available, and will be limited to the geographic spread of the qualified entity's other claims data, as determined by CMS.
(2) Subsequent data releases. After the first quarter of participation, CMS will provide a qualified entity with the most recent additional quarter of currently available data, as well as a table that crosswalks the encrypted beneficiary ID to the beneficiary's name and the Medicare HICN. Qualified entities are required to pay CMS a fee equal to the cost of making data available before CMS will release the most recent quarter of additional data to the qualified entity.
(f) Re-application. A qualified entity that is in good standing may re-apply for qualified entity status. A qualified entity is considered to be in good standing if it has had no violations of the requirements in this subpart or if the qualified entity is addressing any past deficiencies either on its own or through the implementation of a corrective action plan. To re-apply a qualified entity must submit to CMS documentation of any changes to what was included in its previously-approved application. A re-applicant must submit this documentation at least 6 months before the end of its 3-year approval period and will be able to continue to serve as a qualified entity until the re-application is either approved or denied by CMS. If the re-application is denied, CMS will terminate its relationship with the qualified entity and the qualified entity will be subject to the requirements for return or destruction of data at § 401.721(b).