“Indiana missed a deadline to share information with the CMS about how its Medicaid expansion has affected access to care.
“Republican Gov. Mike Pence’s administration said it didn’t trust that the agency could protect the data.
“The missed deadline is the latest in a back and forth between the state and the federal agency, which is trying to gauge the impact of Indiana’s conservative approach to expansion, which includes different levels of coverage and requires beneficiaries to make payments into health savings accounts.
“Pence’s insurance and health policy director, Tyler Ann McGuffee, wrote to the CMS Friday saying she had never received a response from the CMS after inquiring about security measures taken by the agency’s vendors…
“The CMS wants to use data from Indiana’s Medicaid expansion to inform its decision regarding similar requests by Arizona, Kentucky and Ohio, which are considering similar approaches to Indiana’s expansion.
“Indiana officials ‘outlined several concerns about providing personal health information to the CMS vendors that we have no contractual or legal relationship to,’ McGuffee says…
“By June 13, CMS had provided just one of the requested vendor agreements and upon reviewing the document, the state found no provisions requiring the CMS vendors to adhere to state or federal privacy protections and regulations.
“The state has now restated its request to get the agreement of the second vendor and language for both vendors that specifies the required data safety and security measures.
“’While we understand your timeline … we cannot short-change the State’s review process as this could put our citizens’ personal health information at risk and potentially create liabilities for the state,’ McGuffee said in the letter addressed to the CMS.” Source: Modern Healthcare