The Data Oversight Council (hereinafter referenced as DOC) believes in a policy of access that allows the broadest possible use of information resources for consumers, purchasers, health care facilities, health care insurers and health care professionals, researchers and governmental agencies. State and federal regulations and statutes and the nature of the data necessitates that measures be taken to ensure data security and quality. This need for security and quality in health care information systems and data encompasses two fundamental goals: confidentiality and integrity. Confidentiality is the control over access to information and must assure absolute confidentiality for individual patients and appropriate confidentiality for health care facilities, insurers and professionals. The integrity of the databases means that the accuracy, reliability and timeliness of the information provided must be of the highest caliber.

MISSION STATEMENT

The mission of the DOC is to provide information to assist health care providers, consumers, insurers, elected officials and government agencies in the formulation of health policy which places South Carolina in a leadership role now and in the future by:

• Recommending data to be collected based on constituent input
• Controlling collection and release of data while safeguarding the privacy of patients and providing appropriate safeguards for medical care providers
• Promoting the awareness and appropriate use of health care data and information and
• Evaluating the usefulness of the DOC process

PRINCIPLES

1. The right to privacy is a basic right of every South Carolinian. The confidentiality of the patient shall be of the utmost concern. The release or re-release of data, in raw or aggregate form, that can be reasonably expected to reveal the identity of an individual patient will be made only when a mandate has been established by statutory law.
2. The policy of the DOC shall be to make determinations on requests for information in favor of access, subject to the specific limitations concerning use, confidentiality, security and accuracy.
3. The DOC believes that through the Revenue and Fiscal Affairs Office, Data Integration and Analysis Division (hereinafter referenced as RFA), educational programs should be designed and implemented to make its information understandable and usable to purchasers, facilities, government agencies and the general public. This information will assist consumers in making informed health care decisions. The RFA will also provide additional information to government agencies and facilities to assist them in making health care policy.

DATA RELEASE PROTOCOL

Data Elements Required to be Reported

The DOC under Section 44-6-170 has the authority to designate the data elements to be reported by all health care providers. The following health care providers are required to report to the RFA:

• General acute care hospitals
• Specialized hospitals including, but not limited to,
  • Psychiatric hospitals
  • Alcohol and substance abuse hospitals
  • Rehabilitation hospitals
• Hospital-based and freestanding surgical facilities as defined in Section 44-7-130
• Hospital emergency departments licensed under Chapter 7, Article 3
• Licensed home health care agencies
• Any health care facility which provides on an outpatient basis observation services, radiation therapy, cardiac catherizations, lithotripsy, magnetic resonance imaging, positron emission therapy and other providers offering services using equipment requiring Certificate of Need

The DOC, to the extent possible, will adhere to national standards developed under the United States Department of Health and Human Services, Health Insurance Portability and Accountability Act of 1996 for defining data elements to be collected and the electronic formats used to transmit the data. The DOC will seek the input of data users and affected health care providers of data as part of a periodic review process to identify data elements to be collected. The current listing of data elements required to be collected is found in appendices A through D.

Classification and Release of Data

In order to balance the principles of access and confidentiality, the DOC has devised a classification scheme for the data elements collected under the authority of Section 44-6-170 as amended, Code of Laws of South Carolina, 1976. This classification scheme aims to promote the use of accurate health data, provide equal treatment of data requesters and data providers, expedite the release process and encourage the release of the broadest spectrum of data elements without compromising patient confidentiality and appropriate confidentiality for health care providers, insurers and facilities. Efforts will be made to present data elements in a manner that balances the needs for public information and confidentiality. The rationale for not releasing certain variables is that these fields either alone or in conjunction with other publicly available data will or have the potential to identify a patient, health care provider, health care facility and/or health care insurer.

The data elements are classified into four categories: encounter-level, restricted, confidential and never releasable..

I.   Encounter-level: Data elements that are available for general public release subject to an application and a data use agreement.

II.  Restricted: Data elements that require approval for release through the DOC subject to an application and confidentiality contract.

III. Confidential: Data elements that will only be released if a mandate has been established by statutory law subject to verification of authority.

IV. Never releasable: Data elements that may be used for statistical linking purposes only

The current classification of data elements will be periodically reviewed. New data elements will be reviewed and classified by the DOC. Until new data elements are classified, they will be considered restricted data.

The DOC recognizes the importance of releasing information that meets the quality and completeness standards established by the RFA. Therefore, while databases and/or reports may be authorized for release, the RFA may release this information only after these quality and completeness standards have been met. 

Encounter-level data will be released upon request and are subject to the confidentiality provisions set forth in Final Regulations, Revenue and Fiscal Affairs Office, Chapter 19, Statutory Authority: 1976 Code Section 44-6-170, Article 9, “Data Release For Medical Encounter Data & Financial Reports.” Failure to comply with the confidentiality provisions in these regulations can result in legal action as specified in Section 44-6-180, as amended, Code of Laws of South Carolina, 1976.

Encounter-level data files contain individual patient-level data using encounter-level data elements; release of these files requires an application and a signed Data Use Agreement. However, the RFA has permission to release aggregate customized reports based on encounter-level data without a signed agreement.

The following considerations will be applied by RFA in creating encounter-level data files.

Dates: All data elements that are date fields will be considered restricted data. Date fields provide unique information that when linked with other databases may identify an individual. On encounter-level files:

• Age will be reported in five-year age groupings and “under one category” (for children under one year of age),“one to four” (for children one to four years of age) and if over 84, reported in 85 and over category
• Length of stay will be provided rather than admission and discharge dates
• Month and day of week will be provided in lieu of admission date and/or discharge date

Procedure Coding: Depending on the instructions in the Uniform Billing Manual (UB04), procedure codes will be coded with the ICD-9 CM procedure codes, the HCPCS procedure codes and/or the CPT4 procedure codes. When using the HCPCS and/or CPT4 procedure codes the units of service will be required according to the UB 04 coding manual.

The variables admitting diagnosis, patient reason for visit, admission hour and discharge hour will be added beginning October 1, 2007. Modifications to the E-Codes will become effective October 1, 2007. The variable present of admission code for all diagnoses will be added beginning January 1, 2008. The variable NPI will be added beginning May 23, 2007.

A. Encounter-Level Data Elements

1. Inpatient Hospitalizations Encounter-Level Data Elements

• Length of stay
• Day of the week of admission
• Month of admission
• Day of the week of discharge
• Month of discharge
• Admission source
• Admission type
• Patient age in five year age cohorts at admission Patient Age at Admission in Years in 5 year groupings. Except less than 5 years that is reported as “under one category” (for children under one year of age) and “one to four” (for children one to four years of age). If over 84, reported in 85 and over category.
• Patient gender
• Patient race/ethnicity
• County of patient's residence
• Admitting Diagnosis
• Present on Admission Code for All Diagnoses
• Diagnosis codes, primary and all secondary diagnoses codes reported to RFA (including coding methodology)
• Procedure codes, primary and all secondary procedure codes reported to RFA (including coding methodology)
• Procedure day in relationship to admission date
• Time from Admission Hour to Discharge Hour
• Major diagnostic categories
• E-codes
• DRG
• Primary expected payer classification (i.e., Medicare, Medicaid, TriCare, Worker’s Compensation, Commercial, HMO, Self-pay, Indigent and Other)
• Charges by summary revenue codes
• Total charges
• Days in special units (e.g. ICU, CCU, etc)
• Physician specialty code (as adopted by the AMA)
• Patient discharge status

• Health care professional classification

  • Attending
  • Other
• All Patient Refined- DRG Level
• All Patient Refined-DRG Label

The requestor may choose one of the following facility characteristics

• Urban/rural status of health care facility
• Bed Size Based on Licensed Beds (100 beds or less, 101-299, 300 or more beds)
• Teaching status of the facility
• Level of trauma service
• Level of perinatal service
• Other facility and professional characteristics that would not permit the identification of the health care facility or professional

2. Emergency Department Visits and Facilities Reporting Observation Services Encounter-Level Data Elements

• Day of the week of admission
• Month of admission
• Admission source
• Admission type
• Patient age in five year age cohorts at admission Patient Age at Admission in Years in 5 year groupings. Except less than 5 years that is reported as “under one category” (for children under one year of age) and “one to four” (for children one to four years of age). If over 84, reported in 85 and over category.
• Patient gender
• Patient race/ethnicity
• County of patient's residence
• Patient Reason for Visit
• Diagnosis codes, primary and all secondary diagnoses codes reported to (including coding methodology)
• Procedure codes, primary and all secondary procedure codes reported to RFA (including coding methodology)
• Time from Admission Hour to Discharge Hour
• E-codes
• AHRQ (Agency for Health Care Research and Quality) broad level diagnostic categories
• AHRQ detailed diagnostic categories
• Primary expected payer classification (i.e., Medicare, Medicaid, TriCare, Worker’s Compensation, Commercial, HMO, Self-pay, Indigent and Other)
• Charges by summary revenue codes
• Total charges
• Physician specialty code (as adopted by the AMA)
• Health care professional classification
  • Attending
  • Other
• Patient discharge status

The requestor may choose one of the following facility characteristics:

• Urban/rural status of health care facility
• Bed Size Based on Licensed Beds (100 beds or less, 101-299, 300 or more beds)
• Teaching status of the facility
• Level of trauma service
• Level of perinatal service
• Other facility and professional characteristics that would not permit the identification of the health care facility or professional

3. Free Standing and Hospital Based Ambulatory Surgery Center, Imaging and Other Services/Equipment Requiring a Certificate of Need Encounter-Level Data Elements

• Day of the Week of Admission
• Primary expected payer classification (i.e., Medicare, Medicaid, TriCare, Worker’s Compensation, Commercial, HMO, Self-pay, Indigent and Other)
• Month of admission
• Admission source
• Admission type
• Total charges
• Physician(s) specialty code (as adopted by the AMA)
• Health care professional classification(s) (attending, etc.)
• Patient age at admission in years in 5-year groupings. Except less than 5 years that is reported as “under one” (for children under one year of age) and “one to four” (for children one to four years of age). If over 84, reported in 85 and over category.
• RFA assigned procedure classification code
• Patient gender
• Patient race/ethnicity
• County of patient’s residence
• Patient discharge status
• Diagnosis codes, primary and all secondary diagnoses codes reported to (including coding methodology)
• Procedure codes, primary and all secondary procedure codes reported to RFA (including coding methodology)

4. Home Health Encounter-Level Data Elements

• Number of months in episode
• Day of the week of admission
• Primary expected payer classification (i.e., Medicare, Medicaid, TriCare, Worker’s Compensation, Commercial, HMO, Self-pay, Indigent and Other)
• Month of admission
• Year of admission
• Day of the week discharge
• Month of discharge
• Admission source
• Total charges
• Physician(s) specialty code (as adopted by the AMA)
• Patient age at admission in years in 5-year groupings. Except less than 5 years that is reported as “under one” (for children under one year of age) and “one to four” (for children one to four years of age). If over 84, reported in 85 and over category
• Patient gender
• Patient race/ethnicity
• County of patient’s residence
• Diagnosis codes (including coding methodology)
• Skilled nursing services number of encounters by month of service
• Physical therapy services number of encounters by month of service
• Occupational therapy services number of encounters by month of service
• Speech therapy services number of encounters by month of service
• Respiratory therapy services number of encounters by month of service
• Medical social services number of encounters by month of service
• Home health aide number of encounters by months of service
• Discharge status
• Admission referral source

B. Application for Use of Encounter-Level Data

Persons receiving encounter-level data must complete an application and submit the signed data use agreement to the Revenue and Fiscal Affairs Office, Health and Demographics (RFARFA). The requestor must indicate which data set(s) is(are) being requested: Inpatient Hospitalizations, Emergency Department Encounters, Ambulatory Surgery, Imaging and Other Services/Equipment Requiring a Certificate of Need, or Home Health Encounters by completing the appropriate data elements form(s). The Application for Use of Encounter-Level Data is located: Data Application 

The following data elements are classified as restricted data elements. They can either directly, in combination with or indirectly, when linked with other databases, identify a patient, health care facility, health care professional or health care insurer. Access to these data elements may be gained by special request and approval by the DOC for health care facility, professional or insurer identifiable data.

A. Geographic Information Data

A Geographic information system is a computer system capable of storing, retrieving, querying, manipulating and mapping geographic data. Geo-coding compares database records with a known master address list and then locates these events to points on a map. The advent of internet map server technology allows users to view geographic data online and download public spatial datasets providing broad accessibility to information. The principal types of mapping techniques are:

• Point location
• Point frequency distribution
• Choropleth mapping
• Surface density modeling
• Spatial aggregation to other geographic units

Point location means the mapping of information showing the exact point, address, for an event. The other types of mapping techniques aggregate the data so that the maps do not identify a single event.

The RFA has the ability to geo-code all encounter-level databases at the patient, facility and/or health care provider level. The release of health care facility, health care provider and/or private insurer point-level data requires that approval of the DOC through the data release process. Nothing in the section is to be construed as to restrict the release of data back to the originating health care provider, facility and/or insurer. The DOC considers the release of point location data at the patient-level to be equivalent to releasing patient identifiable data. Consequently, the release of point-level data for patients requires that an entity have statutory authority for these data.

In the case of requests for zip code level information the DOC grants permission to the RFA to satisfy requests that RFA deems non-confidential by a properly qualified statistician using accepted analytic techniques concluding the risk is substantially limited to identify the subject of the information in accordance with the HIPAA Privacy Regulations [45 CFR § 164.514(b)] without requiring an application for release of restricted data.

A. Restricted Data

1.     Inpatient Hospitalization Restricted Data Elements

• Admission date

• Discharge date

• Admission Hour

• Discharge Hour

• Patient birth date

• Patient age in years

• Medical record number

• Patient number, facility assigned

• Unique patient number, RFA assigned

• Procedure dates

• Encrypted Carrier codes – health care insurer

• Patient zip code (digits 1-5)

• Health care professional identifier

• Unique Health care professional number, RFA assigned

• Health care facility identifier

• Unique Health care facility number, RFA assigned

2.     Emergency Department Visits and Facilities Reporting Observation Services Restricted Data Elements

• Admission date

• Admission Hour

• Discharge Hour

• Patient birth date

• Patient age in years

• Medical record number

• Patient number: facility assigned

• Unique patient number, RFA assigned

• Procedure dates

• Encrypted Carrier codes – health care insurer

• Patient zip code (digits 1-5)

• Health care professional identifier

• Unique health care professional number, RFA assigned

• Health care facility identifier

• Unique health care facility number, RFA assigned

3.     Free Standing and Hospital Based Ambulatory Surgery, Imaging and Other Services/Equipment Requiring a Certificate of Need Restricted Data Elements

• Admission date

• Patient birth date

• Patient age in years

• Medical record number

• Unique patient number, RFA assigned

• Encrypted Carrier codes

• Patient zip code (digits 1-5)

• Health care professional identifier

• Unique health care professional number, RFA assigned

• Health care facility identifier

• Unique health care facility number, RFA assigned

4.     Home Health Restricted Data Elements

• Admission date(s)

• Discharge date(s)

• Services dates by discipline

• Patient start of care date

• Service coverage period

• Patient birth date

• Patient age in years

• Medical record number

• Unique patient number: RFA assigned

• Patient zip code (digits 1-5)

• Health care professional identifier

• Unique health care professional number, RFA assigned

• Health care facility identifier

• Unique health care facility number, RFA assigned

B. Application for Encounter Data containing Restricted Data

Persons requesting access to restricted data must complete a data application for restricted data and Confidentiality Contract. The DOC, in accordance with The Principles and Protocol for the Release of Health Care Data, will review this application. If approved, persons receiving restricted data elements, including the principal investigator, chief executive officer, and the data processing manager to sign and submit confidentiality contracts to the Revenue and Fiscal Affairs Office. Researchers submitting requests for restricted data files must furnish, along with an application, a copy of their organizations IRB (Internal Review Board) approval. The Application for Use of Restricted Data Files is located in Appendix F.

C. Reports

Historically, the RFA has released two types of health care facility-specific reports; first, reports shared with the health care facility supplying the data and secondly, reports released to the general public.

The first type of facility-specific reports included zip code market share, quarterly and year-to-date trends, patient origin and out-migration market share. The DOC endorses the policy that entities supplying data to the RFA should have access to their data. This policy attempts to balance the need for confidentiality of the patient and the appropriate confidentiality of health care providers, insurers and facilities with regards to competitive health care information against the open release of data.

Because of the sensitivity of competitive information such as financial information and market share data, the DOC will release market share or financial reports, which identify providers, professionals or carriers, only as listed under the Report Approved for Release by the DOC.

1. Reports Approved for Release by the DOC

The following is a listing of the DOC approved reports for Inpatient Hospitalization, Emergency Department Visits and Ambulatory Surgery Encounters

• Summary Statistics, By Hospital
  • Inpatient Hospital Discharge Data
• Patient Origin Report By Facility
  •  Inpatient Hospital Discharge Data
  •  Emergency Department Data
  • Ambulatory Surgery Data
• Number And Percent Of Persons Treated Outside Their County Of Residence
  • Inpatient Hospital Discharge Data
  • Emergency Department Data
  • Ambulatory Surgery Data
• Summary Injuries Reports by County of Treatment

No report will be released if it cannot meet appropriate levels of accuracy as determined by the RFA. A third party may not reproduce reports without inclusion comments from affected health care professional and/or facility.

The RFA will continue to develop health care facility and professional specific reports which do not release financial or market share information. The DOC believes in the use of constituent-based subgroups to make recommendations for the types of reports necessary in the areas of health care policy, planning and outcomes. Before the release of any new, not previously DOC approved, health care facility and/or professional specific reports, the RFA and the DOC will follow the New Report Review Process to ensure the accuracy and validity of the reports. After a report has gone through the New Report Review Process, subsequent releases of the report will be subject to the Previously Approved Report Review Process.

2. The New Report Review Process

New reports, not previously approved by the DOC, will be developed utilizing the most current data available and will be provided to the affected health care facilities and/or professionals for review before release. The affected health care facilities and/or professionals will have 30 days to review these reports and to notify the RFA of any errors in data that would affect the accuracy of the report.

a. Errors in Data Reporting: Upon review of the reports, if health care facilities and/or professionals identify errors in reporting which were not discovered through normal editing procedures and which would change significantly the analytic results, as determined by the DOC, health care facilities and/or professionals will have 3 months to resubmit a corrected data tape. Health care facilities and/or professionals unable to correct their data may submit comments for inclusion in the report. In extraordinary cases, the health care facilities and/or professionals may request an extension from the DOC. The RFA will provide revised reports to health care facilities and/or professionals for an additional 14 days to review the revision of the report and submit comments for inclusion in the release. Health care facilities and/or professionals may request an extension from the DOC.

b. Errors in Report Format or Methodology: Upon review of the report, if the health care facilities and/or professionals identify errors or enhancements in format or methodology which the DOC determines to substantially alter the results the RFA will make the necessary modifications within 30 days and provide health care facilities and/or professionals a 14 day review period to submit comments for inclusion in the release. After making the necessary adjustments, the RFA will provide the reports including the health care facilities’ and/or professionals’ comments to the DOC for approval and release. Subsequent releases of these reports will be subject to the Previously Approved Report Review Process.

3. Previously Approved Report Review Process

Previously approved reports will utilize the most current data available and be reviewed by the affected health care facilities and/or professionals. The affected health care facilities and/or professionals will have 14 working days (from date of receipt of the report) to review these reports and to submit comments for inclusion in the release. After making the necessary adjustments, the RFA will release the reports including the health care facilities’ and/or professionals’ comments.

D. Special Requests

A special request is the release of restricted data elements in a manner that would allow the identification of patients and/or health care facilities and/or professionals. If the special request requires the RFA to aggregate the data by a restricted data element but not release the restricted data element, the request will be handled as a release of unrestricted data, so long as the confidentiality of patients and the appropriate confidentiality for health care professions, insurers and facilities will not be compromised. The release of the patient-level data with health care professional, facilities and/or private insurer’s identifiers will be made to researchers and government entities only.

All applicants for special requests will submit to the RFA the required documentation including, but not limited to the following: a list of the requested data elements, time frame for the requested data elements, a study protocol, intended uses of the data, policies for the protection of the restricted data elements, a Confidentiality Contract signed by the principal investigator and a detailed listing of individuals who will have access to the data. Data requests may include multiple years of prospective data, for the same research protocol, so that an application need not be filed for each year. It is the policy and practice of the RFA to provide technical assistance to applicants to assist in the application process.

Health care professional, private insurer and facility identifiable data elements approved for the applicant’s use by the DOC may not be released in any product, publication or communication without the written approval of the DOC and review and comment by the affected health care facilities and/or professionals (as specified in Section 44-6-170, as amended, Code of Laws of South Carolina, 1976). All third party reproductions of the reports must include comments from the affected health care facilities and/or professionals.

If the application requests the linking of a RFA database with other database(s), the DOC will approve the manner in which the linkage is done.

E. Health Data Analysis Task Force

The Health Data Analysis Task Force (HDATF), as specified in Section 44-6-170, as amended, Code of Laws of South Carolina, 1976, may be a committee or committees convened to make recommendations concerning types of analyses needed to carry out the goals and objectives of the Data Oversight Council. The task force will be composed of members as deemed appropriate by the subject being considered and may include technical representatives of universities and other private sector and public agencies including, but not limited to, health care providers and insurers. The DOC may request the RFA to convene the HDATF for study and review of specific data issues.

The Chair of a HDATF will be appointed by and serve at the pleasure of the Chair of the DOC and RFA. The HDATF will meet as needed. A quorum for the HDATF will be a majority of its members.

F. Follow-back Studies

For entities not having statutory authority to access patient identifiable data, patient contact for follow-back studies, using patient identifiable data, must be conducted through the health care facility and/or professional and requires the informed consent of the patient or the patient's representative. The purpose of these studies shall not be disclosed to anyone, when trying to locate patients, other than the entity originally providing the RFA with the data, the patient or the patient’s representative. No undue burden shall be placed upon health care facilities and/or professionals to comply with follow-back studies. For on-going data activities, the data users with assistance from the RFA in conjunction with the South Carolina Health Information Management Association shall develop an informed consent form for use by the appropriate facilities.

For entities having statutory authority to access patient identifiable data with confidentiality requirements comparable to the RFA, follow-back studies using patient identifiable data will be requested to be conducted in accordance and with the approval of an Internal Review Board or Privacy Board.

Confidential data will only be released if a mandate has been established by statutory law. Confidential data elements for inpatient hospitalizations, emergency room visits, observation stays, ambulatory surgery, services requiring a Certificate of Need and home health visits include, but are not limited to, patient name and address (except as otherwise provided herein) and patient zip-code (digits 6-9).

A. Release of Data to Entities as Required by Law

If an entity obtains statutory authority for the release of restricted and/or confidential data elements, that entity must submit to the RFA:

1. Written statutory evidence indicating entitlement of access to the data and
2. A copy of or citation of the statute(s) and/or regulation(s) that requires the entity to maintain the confidentiality and security of the data that satisfy the intent of Section 44-6-170, or
3. If statutory and/or regulatory requirements for the maintenance of the confidentiality and security of the data do not exist or do not satisfy the intent of Section 44-6-170, as amended, Code of Laws of South Carolina, 1976 and in Final Regulations, Revenue and Fiscal Affairs Office, Chapter 19, Statutory Authority: 1976 Code Section 44-6-170, Article 9, “Data Release For Medical Encounter Data & Financial Reports,” all persons (including staff, subcontractors and committees) with access to the data will be required to sign a confidentiality contract supplied by the RFA. These contracts shall be available upon request by the RFA.

Statutory law must mandate release of confidential data elements for follow-back investigations. The DOC encourages entities performing follow-back investigations with confidential data to adopt the DOC’s policies for follow-back investigations.

The RFA recognizes that DHEC has a public health responsibility based on legal authority that requires the receipt and use of data maintained by the RFA. Therefore, the RFA will provide data for DHEC’s surveillance activities and epidemiological investigations, as required by law.

State agencies and other organizations that have a mandate established by statutory law to access these data will be provided technical assistance for linking data sets and will be encouraged to use the RFA for data set linkages.