CMS has issued a final rule regarding the release and use of standardized extracts of Medicare claims data for qualified entities to measure the performance of providers and suppliers, as mandated by the ACA. Specifically, the rule explains how entities can become qualified by CMS to receive standardized extracts of Medicare Parts A, B, and D claims data and the criteria qualified entities must follow to protect the privacy of Medicare beneficiaries. CMS will evaluate whether an organization is eligible to receive data based on their qualifications in three areas: organizational and governance capabilities (including the ability to accurately calculate quality, efficiency, effectiveness, and resource use measures from claims data); the addition of claims data from other sources; and data privacy and security practices. According to CMS, the final rule improves the June 8, 2011 proposed rule by, among other things: clarifying that qualified entities do not need to be composed of a single legal entity (an applicant may contract with other entities to meet the eligibility criteria); making data less costly for qualified entities (reducing estimated average first year costs from $200,000 to $40,000); giving qualified organizations more flexibility in their use of Medicare data to create performance reports (allowing clinical data to be used in addition to claims data and reducing restrictions on performance measures); and extending the time period for health care providers to confidentially review and appeal performance reports before they become public from 30 to 60 days. The rule is effective January 6, 2012.