(a) DHIN shall provide Delaware health-care payers, providers, and purchasers with access to the Delaware Health Care Claims Database for the purpose of facilitating the design and evaluation of alternative delivery and payment models, including population health research and provider risk-sharing arrangements.
(1) Claims data provided to the Delaware Health Care Claims Database may be provided to a requesting person only when a majority of the DHIN Board of Directors, or of a subcommittee established under DHIN's bylaws for purposes of administering the Health Care Claims Database, determines that the claims data should be provided to the requesting person to facilitate the purposes of this subchapter or to the Delaware Health Care Commission.
a. A written determination under this paragraph (a)(1) must be provided to the requesting person.
b. A determination under this paragraph (a)(1) is final and not subject to appeal. A requesting person does not have a private right of action against DHIN or another person to enforce this section.
(2) DHIN shall, in consultation with the Delaware Health Care Commission, promulgate rules and regulations regarding the appropriate form and content of an application to receive claims data, providing examples of requests for claims data that will generally be deemed consistent with the purposes of this subchapter.
(b) Claims data provided to a requesting person under this section must be provided under DHIN's existing confidentiality and data security protocols and in compliance with applicable state and federal laws relating to the privacy and security of protected health information, including compliance, to the fullest extent practicable consistent with the purposes under this subchapter, with guidance found in Statement 6 of the Department of Justice and Federal Trade Commission Enforcement Policy regarding the exchange of price and cost information. A provider or purchaser must maintain individually identifiable patient health information under all applicable state and federal laws relating to the confidentiality and security of protected health information, including privacy and security requirements under regulations promulgated under this chapter.
(c) (1) For the purposes of public health improvement research and activities, DHIN shall provide access, at no cost, to all claims data reported by the Delaware Health Care Claims Database under this subchapter to the following state agencies:
a. Office of Management and Budget.
b. State Employee Benefits Committee.
c. Division of Public Health.
d. State Council for Persons with Disabilities.
e. Division of Medicaid and Medical Assistance.
f. Department of Insurance.
g. Delaware Health Care Commission.
(2) A state agency under paragraph (c)(1) of this section may enter into an appropriate agreement with DHIN to allow DHIN to perform data warehousing and analytics functions that the state agency, or an entity on behalf of the state agency, has performed under the state agency's authority.
(d) DHIN may promulgate regulations to make available to the public certain data extracts and analyses that is not individually identifiable, as DHIN determines is consistent with, and necessary to, achieve the goals and policies of this subchapter. Before the data extracts and analyses, the process under subsection (e) of this section must be completed.
(e) (1) DHIN shall promulgate regulations to notify a mandatory reporting entity or voluntary reporting entity when claims data that the mandatory reporting entity or voluntary reporting entity submitted may be released for a purpose permitted under this subchapter.
(2) DHIN shall provide the mandatory reporting entity or voluntary reporting entity with an opportunity to comment on the data release request prior to its release.
(3) Prior to the data release, DHIN shall review, consider, and respond to comments that a mandatory reporting entity or voluntary reporting entity submits during the comment period.
(4) If a mandatory reporting entity or voluntary reporting entity identifies a party requesting the release of data as a potential competitor of the reporting entity, DHIN shall limit disclosure of pricing information that includes postadjudicated claims data, to the fullest extent practicable and consistent with the purposes of this subchapter, to a summary format that allows for analysis without revealing contracted pricing information.
(5) If a mandatory reporting entity or voluntary reporting entity identifies a person requesting the release of data as a potential competitor of the reporting entity, DHIN shall limit disclosure of pricing information that includes postadjudicated claims data, to the fullest extent practicable and consistent with the purposes of this subchapter, to a summary format that allows for analysis without revealing contracted pricing information.
(f) The DHIN shall promulgate regulations to ensure confidentiality, privacy, and security protections of health-care data and all other information that DHIN collects, stores, or releases, subject to applicable state and federal health-care privacy, confidentiality, and data security laws.