Supporting Statement – Part A
Application and Triennial Re-application to Be a Qualified Entity to
Receive Medicare Data for Performance Measurement (ACA Section
10332)
(CMS-10394, OMB 0938-1144)
Section 10332 of the Patient Protection and Affordable Care Act (ACA) requires the Secretary to make standardized extracts of Medicare claims data under Parts A, B, and D available to “qualified entities” for the evaluation of the performance of providers of services and suppliers. The statute provides the Secretary with discretion to establish criteria to determine whether an entity is qualified to use claims data to evaluate the performance of providers of services and suppliers. After consideration of comments from a wide variety of stakeholders during the public comment period, CMS established “Medicare Program; Availability of Medicare Data for Performance Measurement” (hereinafter called the Final Rule and referred to as the Medicare Data Sharing Program) published in the Federal Register on December 7, 2011 (42 CFR, Part 401, Subpart G). To implement the requirements outlined in the legislation, CMS established the
Qualified Entity Certification Program (QECP) to evaluate an organization’s eligibility across three areas: organizational and governance capabilities, addition of claims data from other sources (as required in the statute), and data privacy and security.
This collection covers the application through which organizations provide information to CMS to determine whether they will be approved as a qualified entity. This collection also covers the triennial re-application (CMS-10596; 0938-1317) through which organizations provide information to CMS to determine whether they are approved to continue as a qualified entity. CMS is requesting this package (0938-1144) to be reinstated with revisions.
The Patient Protection and Affordable Care Act (ACA) was enacted on March 23, 2010 (Pub.L. 111-148). ACA amends section 1874 of the Social Security Act by adding a new subsection (e) to make standardized extracts of Medicare claims data under Parts A, B, and D available to qualified entities to evaluate the performance of providers of services and suppliers. This is the application needed to determine an organization’s eligibility as a qualified entity.
The information from the collection is used by CMS to determine whether an organization meets the criteria required to be considered a qualified entity to receive Medicare claims data under ACA Section 10332. CMS evaluates the organization’s eligibility in terms of organizational and governance capabilities, addition of claims data from other sources, and data privacy and security.
To assess an organization’s compliance with QE (Qualified Entity) eligibility requirements, the Qualified Entity Certification Program (QECP) implements a phased application process. In addition, QE certification is valid for 3 years, and QEs must reapply at least 6 months prior to the 3-year certification expiration to ensure continued participation in the QE program. During reapplication, a QE must submit documentation on any changes to ensure continued compliance with QECP requirements. To obtain online access to the online application/re-application submission system, QE must register. Once a registration form has been submitted and verified, access is granted to the secure QECP Application or Reapplication via a Salesforce CRM hosted in the Salesforce Government Cloud. QECP Application access credentials include a unique user ID, password, and secure web URL. This user profile provides the applicant with access to the online QE application form, documentation library, FAQs, and other essential QECP resources. When an applicant is ready to submit an application or reapplication for review, they simply click on Submit. Once submitted the application is locked, and no further changes can be made. The applicant will see a notification at the top of the screen indicating if the submission was successful. At that time, your application will be validated for completeness, and, if found complete, the QECP/CMS review will commence. All applications are submitted by electronic means.
This information collection does not duplicate any other effort and the information cannot be obtained from any other source.
No special considerations are given to small businesses. The same information is needed to assess the qualifications of all organizations.
Data are collected once at the time of application for each phase and reapplication. If this information was not collected or collected less frequently, CMS would not have evidence of program participants meeting eligibility criteria for qualified entities under 42 CFR § 401.705 placing the privacy and security of Medicare beneficiary claims data at risk.
Some of the information gathered as part of this data collection may be considered proprietary and confidential (e.g., financial statements, data flow diagram, data security policies and procedures, and methodologies used to develop and calculate non-standard measures). All information gathered as part of this data collection is held strictly confidential by the contractor and used only for the purpose of the QECP. Access to information collected is restricted, and only those who are charged with reviewing the information for the purposes of certification or the oversight of such reviews, are provided access to the information. Information gathered are used only for purposes of certification and not made available or disclosed outside the scope of the certification process unless appropriately authorized by “48 CFR § 352.224-71 - Confidential Information” terms and conditions in the government’s contract with the data collection contractor.
8. Federal Register/Outside Consultation
The 60-day federal register notice published on 01/21/2022 (87 FR 3301).
No comments were received.
The 30-day federal register notice published on 04/04/2022 (87 FR 19517).
There are no payments/gifts to respondents. This collection is only set out to establish criteria to determine whether an entity is qualified to use claims data to evaluate the performance of providers of services and suppliers.
We pledge privacy to the extent allowed by law. The applications will be kept secure. No proprietary data or information will be disclosed outside the Government and will not be duplicated, used, or disclosed – in whole or in part – for any purpose other than to evaluate the application. Files containing the applications or information from these forms will be safeguarded in accordance with Departmental standards and National Institute of Standards and Technology (NIST) Special Publication 800-53,
Recommended Security Controls for Federal Information Systems and Organizations which limits access to only authorized personnel. The safeguards shall provide a level of security as required by Office of Management and Budget (OMB) Circular No. A-130 (revised), Appendix III – Security of Federal Automated Information Systems.
11. Sensitive Questions
No sensitive questions are part of this information collection.
To date, there are 36 Qualified Entities (QEs), comprised of profit companies, non-profit agencies, including medical associations and consumer, provider, and supplier groups. Non-profit QEs also include community quality collaboratives, which are community-based organizations of multiple stakeholders that work together to transform health care at the local level by promoting quality and efficiency of care, and by measuring and publishing quality information. Current for-profit QEs include several health insurance providers, healthcare analytic companies, data vendors, and technology companies. There is one state department of health, three are a CMS-approved Qualified Clinical Data Registry (QCDR), a school of public health. Going forward, we believe that we will continue to see an increase in applications from healthcare analytic and technology companies given the expanded uses of the Medicare data afforded by section 105 of the Medicare Access and CHIP Reauthorization Act (MACRA) of 2016. We also expect to continue to see provider network companies and other CMS- approved QCDRs apply to the program. We have examined available information related to these entities to inform our assumptions. We estimate that 30 additional organizations will submit applications to participate as qualified entities
We estimate that the average response to complete each application will be 360 hours and will include a mix of staff from the following occupations: social scientists, network and systems administers and executives. The time estimate for preparation of the application is based upon the professional judgment of staff members at the Centers for Medicare and Medicaid Services and the QECP implementation support contractor. We estimate that 10 organizations will apply each year at an average response time of 360 hours per response. Therefore, we have calculated the annual burden as follows: 10 responses X 360 hours per response =3,600 burden hours (annual).
For reapplication, we estimate that the average response to complete each reapplication will be 20 hours and will include a mix of staff from the following occupations: social scientists, network and systems administers and executives. The time estimate for preparation of the application is based upon the professional judgment of staff members at the Centers for Medicare and Medicaid Services and the QECP implementation support contractor. We estimate that 10 organizations will reapply each year at an average response time of 20 hours per response. Therefore, we have calculated the annual burden as follows: 10 responses X 20 hours per response = 200 burden hours (annual).
Changes in burden reflect the program’s transition to a set of online submission forms in a secure Salesforce Customer Relationship Management (CRM) system. Reducing requests for detailed information from QE data suppliers Reducing requested responses to data security controls from 368 to 192 controls and supporting documentation from 18 data security control families to 5 data security control families. Eliminating previously collected information which was deemed no longer necessary to determine eligibility for QECP certification and progression through Phases of operation. In Re-application eliminating redundant items already collected through OMB# 0938-1309 Annual Report Workbook and other information not essential to determining an organizations eligibility to meet minimum program requirements.
Table 1 presents the total request for QECP application and reapplication data collection.
Table 1. Burden & Cost Summary |
|
|
New Request |
Hours/Collection |
380 |
Cost/Collection |
$ 39,293.00 |
Hours/Year |
3,800 |
Cost/Year |
$ 416,390.00 |
3year Total Hours |
11,400 |
3year Total Cost |
$1,178,790.00 |
As referenced earlier, we believe that social scientists, network and systems administrators, and an executive from each organization will be involved in responding to the information collection requirements (see Table 2 below).
To derive average costs, we used data from the U.S. Bureau of Labor Statistics’ May
2020 National Occupational Employment and Wage Estimates for all salary estimates (www.bls.gov/oes/current/oes_nat.htm). In this regard, the following table presents the mean hourly wage, the cost of fringe benefits, and the adjusted hourly wage.
Occupation |
2020 hourly w |
Overhead/ |
Total |
|
wage rate |
fringe (100%) |
hourly cost |
Social Scientist |
$ 43.880 |
$ 43.88 |
$ 87.76 |
Information Security Analysts |
$ 51.720 |
$ 51.72 |
$ 103.44 |
Executive |
$ 95.120 |
$ 95.12 |
$ 190.24 |
For the QECP Application, Table 3 below estimates the total cost for a social scientist to be $21,062.40 (240 hours x $87.76/hour). We estimate the total annual cost for an information security analyst to be $8,275.20 (80 hours x $103.44/hour). We estimate the total cost for a chief executive to be $7,609.60 (40 hours x $190.24/hour). From this, we estimate that the cost per organization for applying initially to be a qualified entity will be $36,947.20, and we estimate that 30 organizations will apply over three years.
Occupation |
2020 Hourly Cost |
Total Hours |
Cost per Response |
Number of Responses |
Total Costs |
Social Scientist |
$ 87.76 |
240 |
$ 21,062.40 |
30 |
$ 631,872.00 |
Information Security Analysts |
$ 103.44 |
80 |
$ 8,275.20 |
30 |
$ 248,256.00 |
Executive |
$ 190.24 |
40 |
$ 7,609.60 |
30 |
$ 228,288.00 |
Total |
|
360 |
$ 36,947.20 |
30 |
$ 1,108,416.00 |
For QECP Re-application, Table 3 below estimates the total cost for a social scientist to be $877.60 (10 hours x $87.76/hour). We estimate the total cost for an information security analyst to be $517.20 (5 hours x $103.44/hour). We estimate the total cost for a chief executive to be $951.20 (5 hours x $190.24/hour). From this, we estimate that the cost per organization for reapplying to be a qualified entity will be $2,346.00, and we estimate that 30 organizations will apply over three years.
Occupation |
2020 Hourly Cost |
Total Hours |
Cost per Response |
Number of Responses |
Total Costs |
Social Scientist |
$ 87.76 |
10 |
$ 877.60 |
30 |
$ 26,328.00 |
Information Security Analysts |
$ 103.44 |
5 |
$ 517.20 |
30 |
$ 15,516.00 |
Executive |
$ 190.24 |
5 |
$ 951.20 |
30 |
$ 28,536.00 |
Total |
|
20 |
$ 2,346.00 |
30 |
$ 70,380.00 |
The total hour burden or 3-years will be 11,400 hours (360 hours multiplied by 30 organizations for application plus 20 hours multiplied by 30 organizations for reapplication = 11,400 hours) and the total cost will be $1,178,796.00.
Based on the information listed above, the overall annual burden associated with this information collection requirements is calculated at 3,800 hours (11,400 hours divided by 3 years = 3,800 hours). We estimate 30 organizations applying and 30 organizations reapplying to be a qualified entity during the 3-year period.
Additionally, the annual average cost burden is estimated at $392,932.00.
($1,178,796.00 divided by 3 years = $392,932.00)
There are no capital costs associated with preparing the application to be a qualified entity.
It is estimated that the annual CMS costs for managing the information collection will include one full time equivalent at the GS-13 step 4 level with an annual fully loaded salary of $174,830 for 2021, and $274,446 in contractor support, for a total of $449,276.00.
The changes presented in this supporting statement reflect: 1) decrease in burden associated with QECP Application; 2) decrease in burden associated with triennial Reapplication; and 3) combining Application and Re-Application into one data collection request.
For the QECP Application, the burden estimated has been adjusted to reflect data collection reduced from previously OMB approved collection through:
Transitioning to a set of online submission forms in a secure Salesforce Customer Relationship Management (CRM) system;
Reducing requests for detailed information from up-to 150 different data suppliers to just 5 data suppliers plus an aggregate of all remaining suppliers;
Reducing requested responses to data security controls from 368 to 192 controls and supporting documentation from 18 data security control families to 5 data security control families; and
Eliminating previously collected information which was deemed no longer necessary to determine eligibility for QECP certification and progression through Phases of operation.
Table 4 presents changes to burden and cost reflected in this request for the QECP Application in comparison with previously approved data collection requests under OMB: 0938-1144.
Table 4. QECP Application Changes to Burden and Costs |
|||
|
Prior Package OMB: 0938-1144 |
New Request |
Change |
Hours/Collection |
500 |
360 |
-140 |
Cost/Collection |
$ 43,898.80 |
$36,947.00 |
$ (6,951.80) |
Hours/Year |
5,000 |
3,600 |
-1400 |
Cost/Year |
$ 438,988.00 |
$ 392,932.00 |
$ (69,518.00) |
3year Total Hours |
15,000 |
10,800 |
-4200 |
3year Total Cost |
$ 1,316,964.00 |
$ 1,108,410 |
$ (208,554) |
For the QECP Re-application, the burden estimated has been adjusted to reflect data collection reduced from previously OMB approved collection through:
Transitioning to a set of online submission forms in a secure Salesforce Customer Relationship Management (CRM) system;
Reducing requests for detailed information from up-to 150 different data suppliers to just 5 data suppliers plus an aggregate of all remaining suppliers;
Eliminated previously collected information and artifacts thus eliminating the need for legal review; and
Eliminated redundant items being collected through OMB# 0938-1309 Annual Report Workbook and other information which is not essential to determine an organization’s eligibility to meet minimum program requirements.
Table 5 presents changes to burden and cost reflected in this request for QECP Re-application in comparison with previously approved data collection requests under OMB: 0938-1317.
Table 5. Re-application Changes to Burden and Costs |
|||
|
Prior Packages OMB: 0938-1317 |
New Request |
Change |
Hours/Collection |
120 |
20 |
-100 |
Cost/Collection |
$ 6,166.00 |
$ 2,346.00 |
|
Hours/Year |
1,200 |
200 |
-1000 |
Cost/Year |
$ 61,660.00 |
$ 46,920.00 |
$ (14,740.00) |
3year Total Hours |
3,600 |
600 |
-3000 |
3year Total Cost |
$ 184,980 |
$ 70,380 |
$ (114,600) |
The combined data collection for QECP Application and Re-application represents a total estimated decrease of 7,200 in burden and $252,758.00 in cost over a three-year period.
Table 6 presents changes to burden and cost reflected in this request in comparison with previously approved data collection requests under OMB: 0938-1144 and OMB: 0938-1317 combined.
|
Table 6. Combined Changes to Burden and Costs |
|
|||
|
Prior Packages |
New (Combined) Request |
Change
|
||
|
OMB: 0938-1144
|
OMB: 0938-1317
|
Combined Packages |
|
|
Hours/Collection |
500 |
120 |
620 |
380 |
-240 |
Cost/Collection |
$ 43,898.80 |
$ 6,166.00 |
$ 50,064.80 |
$ 39,293.00 |
$ (10,771.80) |
Hours/Year |
5,000 |
1,200 |
6,200 |
3,800 |
-2400 |
Cost/Year |
$ 438,988.00 |
$ 61,660.00 |
$ 500,648.00 |
$416,390.00 |
$ (84,258.00) |
3year Total Hours |
15,000 |
3,600 |
18,600 |
11,400 |
-7200 |
3year Total Cost |
$1,316,964 |
$ 184,980 |
$ 1,501,944 |
$ 1,178,790 |
$ (323,154) |
The only other changes made that impact burden to individual applicants were updates to the BLS labor categories, which have increased since the last information collection submission.
16. Publication/Tabulation Dates
There are no publication/tabulation dates associated with this collection.
CMS would like to display the expiration date as indicated.
On the footer of every page for the following information collection instruments:
QECP Online Application Portal
QECP Letter of Commitment
QECP Letter of Commitment for Quasi QEs
QECP QA Worksheet (within the PRA disclosure statement)
On the first page/worksheet (“Instructions” tab) of the following information collection instruments:
QECP Data Source Attestation - Instructions QECP Data Security Workbook - Instructions
QECP Measure Information Workbook - Instructions
There are no exceptions to the certification statement.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | Supporting Statement – Part A Application To Be a Qualified Entity to Receive Medicare Data for Performance Measurement (ACA Sec |
| Subject | Supporting Statement – Part ASupporting Statement – Part A Application To Be a Qualified Entity to Receive Medicare Data for Per |
| Author | CMS OEDA |
| File Modified | 0000-00-00 |
| File Created | 2022-04-12 |