CMS Research Data Policy Update and Implications

The Centers for Medicare & Medicaid Services (CMS) is navigating significant changes to its research data request and access policies, reflecting a pivotal shift towards enhanced data security and streamlined research processes. Initially scheduled for implementation in August 2024, the rollout of these policy changes has been postponed to no earlier than 2025, as CMS continues to review stakeholder feedback to refine its approach.
Policy Changes and Stakeholder Concerns
In March 2024, CMS issued an updated Request for Information (RFI) to gather feedback from the research community. The feedback has led to a decision to delay the policy changes to ensure comprehensive consideration of the concerns raised. These policy updates primarily involve the transition from physical data extracts to exclusive access via the Chronic Conditions Warehouse Virtual Research Data Center (CCW VRDC). This shift aims to address the increasing data breaches across the healthcare ecosystem by enhancing data security measures and centralizing data access in a secure environment.
Implications of the Changes
The new policy mandates that all researchers accessing CMS Research Identifiable File (RIF) data do so within the CCW VRDC, adhering to strict data security protocols. Physical data extracts will be discontinued, except for specific federal and state agency exceptions. This move is expected to not only safeguard sensitive data but also streamline the research process by consolidating access points.
Current Status and Future Outlook
As CMS evaluates the feedback from the RFI, which remained open until May 15, 2024, the agency is also planning to improve the research request process and the user experience of the CCW VRDC. These enhancements are geared towards making the CCW VRDC a more efficient and user-friendly platform for researchers, thus supporting CMS’s goal of fostering health improvement through evidence-based research. The final implementation schedule and detailed policy adjustments will be communicated in future guidance, taking into account the comprehensive feedback from the research community.
The Donaghue Foundation is closely monitoring these developments, remaining vigilant about the potential impacts on the research and researchers we support. We are committed to staying informed and considering any implications these changes may have, ensuring that our grantees have the guidance and support necessary to navigate the evolving research landscape effectively. Researchers are encouraged to continue providing their insights to ensure that the final policies effectively support their work while enhancing data security.