CMS Changes data policy and prepares to release data

Lots of you have written me to let me know that CMS has changed its policy regarding physician payment-related data and plans to release data soon.

They have also published the comments that they received on the policy change. We will be looking at these comments further, because they are an interesting data point in themselves.

The good news here, is that this represents an acknowledgement that physician salary will no longer result in a guaranteed no for FOIA requests. The downside is this is something of a non-policy, with some mixed messaging. For instance, the blog post and the actual policy document, don’t actually say the same thing at all.

As CMS makes a determination about how and when to disclose any information on a physician’s Medicare payment, we intend to consider the importance of protecting physicians’ privacy and ensuring the accuracy of any data released as well as appropriate protections to limit potential misuse of the information.

The problem here is that there is no information on how the balance between “accuracy of data”, “physician privacy” and “misuse avoidance” might mean. More importantly, it is not clear at all that CMS actually has the right to make determinations on “the accuracy of data” or what “misuse” might entail. The actual policy document is much more circumspect about the determinations that CMS can make:

CMS will make case-by-case determinations as to whether exemption 6 of the Freedom of Information Act applies to a given request for information  pertaining to the amounts that were paid to individual physicians under Medicare

The exemptions to FOIA are clearly spelled out, and there is no exemption for “inaccurate” data, or for “misuse” unless misuse = national security risk (exemption 1). So the blog post is somewhat confusingly claiming that A. They are are going to do something they do not have the right to do under FOIA and B. Something beyond what their actual published policy change states.

Clear as mud.


MRW I am trying to understand the new CMS FOIA policy

Essentially, the new policy is a somewhat confusing non-policy. They will release data when it is a “good idea” to release data, evoking the 6th exemption to FOIA (that’s the one that ensures that FOIA requests do not invade privacy) whenever they feel that is appropriate. Not sure what happens when I request something that can be “misused” or something that might be “inaccurate”. Personally I am probably more interested in the inaccurate data than anything else, since that is where the juicy stuff probably is…