How To Avoid Pitfalls in Collecting and Protecting Data for NCQA LTSS Distinction

By Nancy Ross Bell, RN

Estimated time to read: 4 minutes

If your organization is new to Case Management-Long-Term Services and Supports (CM-LTSS) or LTSS Distinction and has not become accredited for NCQA Health Equity, you may be unfamiliar with the specific practices that must be in place to collect data on individuals and keep it private.  Read the highlights on two new Elements in the 2024 standards and tips from our MHR Consultant on avoiding pitfalls.

What was new with the 2024 standards that must be in place?

For surveys on LTSS Distinction scheduled on or after July 1, 2024, NCQA added two new Elements to the Health Plan (HP) and CM-LTSS standards:

• Demographic Data Collection: HP LTSS 1D, CM-LTSS 2A
• Privacy Protections for Data: HP LTSS 1E, CM-LTSS 2B

For all Elements:

• The Scope of Review applies to All Surveys
• The Look-Back Period (LBP) is prior to the survey date

For Demographic Data Collection:

• Documented Processes and Reports or Materials are required. However, a detailed implementation plan with a timeline may be submitted in place of a documented process, reports, or materials for surveys scheduled on or between July 1, 2024, and June 30, 2025.

For Privacy Protections for Data:

• Under the Scope of Review, NCQA reviews policies & procedures in place throughout the LBP for managing access to and use of race/ethnicity and language data. For this Element, the LBP is prior to the survey date.

NOTE:  Always refer to NCQA’s current year standards for complete information and detail.  

Demographic Data Collection (HP LTSS 1D, CM-LTSS 2A: Explanation)

NCQA explains the need for an organizational framework to collect data directly from the individual or caregiver as needed and use indirect methods if direct methods are unsuccessful.

Direct method of data collection:

Direct data collection is demonstrated by a documented process and a list of questions asked of the individual or caregiver to obtain data on race/ethnicity and language. 

At a minimum, the framework must include the following.

• Who: The population or subset of individuals from whom data is collected
• What: The process for soliciting information and follow-up if a response was requested but not provided
• When: The time data may be collected, such as during calls, at intake, or assessment with a healthcare professional
• Where: The setting in which data is collected
• How: The method by which data is collected and by whom it is collected, such as on enrollment or registration forms, the organization’s website, surveys, data feeds from a state Medicaid agency or CMS, health care providers or practitioners, health plans, and community social workers
• Questions: Enrollment forms, health assessments, or scripts used to guide staff when verbally collecting data include:
  • Race and ethnicity
  • Spoken English Language Proficiency and Spoken Language Preferred for Health Care
  • Preferred language for written language (recommended)

Evidence of collecting data on the individuals it serves is demonstrated through organization reports or materials specific to LTSS.

Data collected on language must be used to identify the organization’s threshold language(s) for translation purposes.

Indirect method of data collection on race/ethnicity:

What happens if a response from an individual or caregiver on race/ethnicity cannot be directly obtained? First, the organization is required to have a process within its framework to attempt the direct collection of data. If an individual is unable to provide a response to a direct request because of age or functional inability to communicate, data may be collected from the person’s caregiver and considered direct data collection. Additionally, the organization may use other methods that directly request data, such as electronic health records, health information exchanges, and state or local agencies.  (LS 1D Explanation)

The organization should use as many channels as available to collect race/ethnicity data on individuals. However, if asking individuals to self-identify race/ethnicity yields initial results from only a small percentage of individuals, then the organization may use estimation methods to supplement its understanding of race/ethnicity.

Methods to estimate race/ethnicity may include:

• Geocoding using home address or alternative at the smallest geographic unit possible. For example, geographic assignment at the census block level is likely to be more accurate than census tract or zip code-level data.
• Surname analysis using the last name to infer information, including race/ethnicity
• Geocoding and surname analysis together
• American Community Survey to infer information, including race/ethnicity

Avoid pitfalls in data collection and reporting:

• The framework for collecting data should describe how it may differ for various subsets of individuals. For example, community social workers may be integral in providing data for persons with mental illness, while a person’s caregiver may be asked to provide data for a person with a brain injury.
• If the individual is unable to provide information because of cognitive or other issues, the organization must have a process in place to attempt the collection of data from other direct sources.
• The framework for data collection is specific to the organization’s LTSS population or subset of individuals from whom data is collected

Required reports:

• Aggregate report of race/ethnicity using Office of Management and Budget (OMB) categories for members served
• Aggregate report of languages spoken by members served
• Threshold language(s) identified from the report on languages

Privacy Protections for Data (HP LTSS 1E, CM-LTSS 2B)

Now that data is collected, it is of critical importance to keep it private.

Policies and procedures (P&P) are required to manage access to race/ethnicity and language data.

Documented processes must include the policy objectives and procedures describing the course of action and methods to follow to achieve the objective. The P&P must also include an effective date and be formally adopted. (See NCQA’s Appendix 4—Glossary: Policies and Procedures.)

P&P on access to data covers media, devices, and hardware movement, data storage, disposal, and reuse of media and devices. Consider persons who have access to the data from the time of receipt, where it is stored, and how it can be accessed.

P&P on the permissible use of data includes, for example, data shared with clients or other entities, such as community-based organizations delegated to provide services.

P&P on the impermissible use of data includes disclosure to unauthorized users or entities not included as permissible.

Avoid pitfalls on privacy protections for data:

• Documented processes of data access and use must be specific when describing how they may vary for certain groups of individuals, staff, and entities.  
• If race/ethnicity and languages are intended to be covered under its HIPAA/PHI privacy policies, they must explicitly state these factors.
• Include the process by which the organization approves and terminates the use of data. For example,
  • a nurse case manager may access the data, but an administrative assistant within the same department may not. Or,
  • a nurse case manager may have access to the data, but if transferred to another department, such as utilization management, the access may be revoked due to the assumption of a new role.

Delegation and Automatic Credit

The Element on Demographic Data Collection may be delegated, following all delegation standards (HP LTSS 4, CM-LTSS 8).

Additionally, automatic credit may be available when delegating to other accredited HP or CM organizations with LTSS Distinction. (See Appendix 2-Delegation and Automatic Credit Guidelines.)

The Element on Privacy Protections of Data is a Structural Element, meaning that this Element may be delegated, but delegates must follow the organization’s Policies and Procedures on privacy protections.  Alternatively, organizations can adopt the delegate’s practices with formal approval by the organization’s governing board. 

Key Points

• Specificity is required for policies and procedures – don’t short-cut the descriptions; include an effective date and signature of approval.
• Consider subsets of populations where processes may differ.
• Ensure reports are specific to LTSS.
• Investigate where automatic credit for delegation to other entities that are NCQA Accredited for LTSS is possible, which reduces the burden of delegated oversight.

Call to Action:

• The need for LTSS Distinction is on the rise! Contact MHR for consultation, training, or tools on LTSS before the start of your look-back period! We have been working with the LTSS standards for several years with clients and some of the consultants have also conducted many NCQA surveys for CM-LTSS or as Distinction for Health Plan accreditation.
• Review MHR’s other blogs on LTSS.

Align Your Processes for LTSS Service Authorizations & Notifications with NCQA’s New Elements 

NCQA Accreditation for LTSS is in High Demand 

MHR follows a quality review process for all blogs. This blog was written with expert input from Erin Kafieh, RN. Read more about Erin and our other consultants at ManagedHealthcareResources.com/About Our Consultants.  

MHR: Driving healthcare quality one NCQA accreditation at a time 

#NCQA