Data Sharing Agreement FAQs
Per Cal. Health and Safety Code, Section 130290(f):
Required Signatory type
- General Acute Care Hospitals as defined by Section 1250.
- Physician organizations and medical groups*
- Skilled nursing facilities, as defined by Section 1250, that currently maintain electronic records.
- Health care service plans and disability insurers that provide hospital, medical or surgical coverage that are regulated by the Department of Managed Health Care of the Department of Insurance. This section shall also apply to a Medi-Cal managed care plan under a comprehensive risk contract with the state Department of Health Care Services pursuant to Chapter 7 (commencing with Section 14000) or Chapter 8 (commencing with section 14200) of Part 3 of Division 9 of the Welfare and Institutions Code that is not regulated by the Department of Managed Health Care of the Department of Insurance.
- Clinical laboratories, as that term is used in Section 1265 of the Business and Professions Code, and that are regulated by the State Department of Public Health
- Acute psychiatric hospitals as defined by Section 1250.
County health, public health, social services and other organizations are also encouraged to sign the Data Sharing Agreement
How will county health departments participate in the Data Sharing Agreement? Are they required to sign? Can any organization sign the Data Sharing Agreement?
“Participant(s)” shall mean each health care organization as set forth in California Health and Safety Code § 130290(f) and any other person or organization that is a signatory to this Agreement. Participants may include, but are not limited to, a health information network, a community information exchange, a laboratory, a health system, a health IT developer, a community-based organization, a payer, a government agency, a research institute, or a Social Services Organization.
Data Sharing Agreement, Section 3, Definitions: Mandatory Signatories: Legally required to execute the Data Sharing Agreement by 1/31/2023. Voluntary Signatories: county health, public health, social services, and other organizations are encouraged to execute the Data Sharing Agreement if they are able to comply with its provisions and associated P&Ps. May sign after 1/31/2023. View Source PDF
If my organization is currently exchanging data with an HIE is it necessary to sign the Data Sharing Agreement?
Yes, if your organization is a required signatory per Cal. Health and Safety Code, section 130290(f), then CA law mandates signing the Data Sharing Agreement.
What if the legal or general counsel has redlines or potential edits to the Data Sharing Agreement? How will requested edits be handled?
The Data Sharing Agreement published in July 2022, is a final State document and must be signed as drafted. Continue to monitor development of P&Ps through the coming months. View Source PDF
Which nursing homes are required to sign? The statute says “skilled nursing facilities.. that currently maintain electronic records.” Does this mean not all nursing homes need to sign? Does this exempt those nursing homes on paper?
Skilled nursing facilities that maintain electronic records or “electronic health information” as defined under federal regulation in section 171.102 of Title 45 of the Code of Federal Regulations are required to sign the Data Sharing Agreement.
- A provider organization described in paragraph (2) of subdivision (g) of Section 1375.4.
- A risk-bearing organization, as defined in Section 1375.4.
- A restricted health care service plan and limited health care service plan under subdivision (a) of Section 1300.49 of Title 28 of the California Code of Regulations. The inclusion of restricted health care service plans and limited health care service plans in the definition of “physician organization” does not narrow, abrogate, or otherwise alter the regulatory authority of the Department of Managed Health Care over these entities.
- A medical foundation exempt from licensure pursuant to subdivision (l) of Section 1206.
- A medical group practice, a professional medical corporation, a medical partnership, or any lawfully organized group of physicians and surgeons that provides, delivers, furnishes, or otherwise arranges for health care services and is comprised of 25 or more physicians. (See, e.g. Cal. Health & Safety Code, section 127500.2)
Unlikely; only individuals “authorized to sign the Data Sharing Agreement on behalf of the” IPA must do so – not all physicians employed or contracted by an IPA.
Does the Data Sharing Agreement require all signatories to comply with HIPAA Privacy and Security Rules?
Participants must follow all applicable state and federal law when sharing Health and Social Services Information through the Data Sharing Agreement. For example, if the information is covered by the Health Insurance Portability and Accountability Act (HIPAA) and the Lanterman-Petris-Short Act (LPS), the Participant would need to meet an exception in both HIPAA and LPS in order to share the information. In addition, health information can generally be shared with a valid authorization for release of information from the patient/individual. View Source PDF
My hospital shares data via Carequality’s framework. Does that satisfy all my data sharing obligations under the DSA?
“The Data Exchange Framework allows Participants to provide access to or exchange information through any health information exchange network, health information organization or technology that adheres to the Data Sharing Agreement and Policies and Procedures found on our (CHHS) website. It is the responsibility of each Participant to ensure they meet the requirements of the Data Sharing Agreement and its Policies and Procedures. Several nationwide networks and frameworks may satisfy some or all of the requirements for the Data Sharing Agreement and Policies and Procedures.” View Source PDF
AB 133 requires “real-time access to, or exchange of, health information.”
Per the P&Ps, every DxF Participant is required to “provide access to or exchange health and social services information with every other Participant consistent with the Permitted, Required and Prohibited Purposes Policy and Procedure.”
Data Sharing Agreement defines “Health and Social Services Information” as:
Health and Social Services Information shall mean any and all information received, stored, processed, generated, used, transferred, disclosed, made accessible, or shared… including but not limited to… information related to the provision of health care services… and information related to the provision of social services.
Health and Social Services Information may include PHI, PII, de-identified data, anonymized data, pseudonymized data, metadata, digital identities, and schema.
Can Data Sharing Agreement signatories charge other organizations fees to share data under the Data Sharing Agreement?
Participants are prohibited from charging fees to other Participants for any exchange of Health and social services Information under the Data Sharing Agreement; Provided that the foregoing shall not prohibit a Qualified HIO from charging fees to participants who engage in data-sharing activities through the Qualified HIO.
(CalHHS Data Exchange Framework Policy and Procedure, “Permitted Required and Prohibited Purposes”, Status: Final, Policy: OPP-4, Publication Date: July 5, 2022, Version: 1.0) section 5. FEES: subsection a.