Access Is Not The Same As Control. Welcome to Issue #80

Share this post on:

Access Is Not The Same As Control

Data rights means access. Data sovereignty means control.

Executive Brief

Twenty-five years ago, government procurement officers faced a problem. They wanted to buy sustainable buildings. They had no objective way to compare bids.

Every contractor claimed to be green. Every proposal used the same marketing language. Without a standard, procurement defaulted to price and promises.

The U.S. Green Building Council solved the problem by creating LEED. Clear standard. Independent third-party scoring. Meaningful tier differentiation. A system designed to evolve as the industry matured.

A procurement officer could simplify specify, “Your proposal must meet a LEED gold standard in order to bid.”

LEED changed construction practice because it changed procurement behavior. Contractors who wanted government work had to earn the designation. The designation was awarded by USGBC, not by builders. What a building actually did across every category mattered more than its best feature.

The same problem exists in pharmacy benefits. Plan sponsors want fiduciary-aligned contracts. They have no objective way to compare bids. Every PBM claims transparency. Every proposal uses the same language.

The Nautilus Data Sovereignty Index (DSI) applies the LEED pattern to PBM contracts.

Why Data Sovereignty

Data rights means you can access your data. Data sovereignty means you can control it.

Without complete, accurate, usable data, you can’t confirm pricing, verify rebates, or prove the formulary is driving participants to the lowest net cost drug. Data is the foundation that makes every other protection enforceable.

The DSI addresses a first principle of benefit design: Can you get the right drug to the right participant at the right price. And prove it?

What Most Contracts Get Wrong

A good overall fiduciary alignment score on a PBM Contract X-Ray tells you the contract is sound on balance. It does not necessarily tell you whether your plan controls its own data, its own audits, its own formulary, and its own money.

Those protections live in a handful of specific provisions. Average them into a single grade and the weak ones disappear.

The DSI exists to stop that disappearing act.

How the DSI Works

DSI looks at five provisions. Each one carries a floor. A contract earns a designation only when every floor clears.

The tiers build on the Contract X-Ray fiduciary alignment score as a base and rise from there:

wo conditions, both required. A strong overall score can’t paper over one weak provision. A single clean provision can’t lift a thin contract.

The design borrows from LEED: a building earns its rating by what it actually does across every category, not by its best feature.

What the Contracts Show

We applied the five DSI floors to every contract in the Nautilus Contract X-Ray reference database. The set covers 55 scored contracts across roughly two dozen PBMs.

Counting each PBM’s best result: 6 of 23 PBMs earn a designation. Four Gold. One Silver. One Bronze.

The other 17 fall short of even Bronze.

Six in twenty-three medaled. The rest off the podium. That is the state of data sovereignty in the contracts we see.

The shortfall is structural, not cosmetic. Among the contracts that miss a designation, most fail four or all five floors at once. These are not contracts a single redline brings into compliance. They are contracts built on a different premise about who controls the data and the dollars.

The Pattern Underneath the Number

Business model predicts the result.

No traditional spread-pricing contract in the database earned any designation.

Every contract that qualified came from a pass-through, fiduciary-aligned model. The structure a PBM starts from shapes what its contracts protect.

The market has moved furthest on rebates. Three in five contracts clear the rebate floor, the strongest showing of the five dimensions. Audit rights, conflict-of-interest neutrality, and lowest net cost lag far behind.

Rebate transparency has become table stakes. Control over your data and your audits has not.

A high overall grade offers no shortcut. Three contracts in the database score Fair or better overall and still miss a designation, including one that rates Good overall yet fails on audit rights and neutrality. The headline number looked fine. The protections underneath did not.

Three Design Choices That Carry Over

DSI is structured after LEED because the pattern works.

  • Independent third-party scoring. LEED is awarded by the U.S. Green Building Council, not by builders. DSI is awarded by Nautilus Health Institute, not by PBMs. Independence is the foundation of the designation’s credibility.
  • Meaningful tier differentiation. LEED has Certified, Silver, Gold, and Platinum. DSI has Bronze, Silver, and Gold. Both reject binary pass-fail framing. A Silver-rated contract is genuinely different from a Bronze-rated contract.
  • Designed to evolve over time. LEED has tightened its criteria across versions as the industry has matured. DSI is built with the same expectation. What earns Gold today may be the floor for Silver in a future version.

Like LEED, DSI rewards demonstrated contract structure rather than aspirational marketing claims. The designation is earned through what the PBM has agreed to in writing, not what is said in pitch materials.

What to Do First Thing Monday

  1. Submit your contract for scoring. Email support@nautilushealth.org.
  2. Check the five floors. A contract can score Fair overall and still miss a designation. The headline number is not the protection.
  3. Look at the business model. No traditional spread-pricing contract in the database has earned any designation. Structure predicts outcome.

In Closing

Standards emerge when procurement needs them.

LEED exists because government wanted sustainable buildings and had no way to compare bids. DSI exists because plan sponsors want fiduciary-aligned contracts and face the same problem.

Six of twenty-three PBMs earn a designation. The other seventeen fall short of even Bronze. That gap is the market opportunity for sponsors who know what to ask for, and the accountability gap for PBMs who have not yet built contracts that protect data sovereignty.

The designation is a starting point. Bronze to Silver. Silver to Gold. The path is visible. The question is whether you’ll walk it.


Here’s to clearer thinking, stronger plans, and better outcomes for the people who rely on us.

All the best,

P.S. Next week: Provision by provision. What the five DSI dimensions measure, why each one matters, and what fiduciary-grade language looks like for data ownership, audit rights, and lowest net cost.

Subscribe & Share

🔗 Subscribe: Was this newsletter forwarded to you? Signup to receive The Health Plan Compliance Advantage every Monday.

📤 Share: Know someone reviewing a PBM contract? Forward this issue.

💸 SPECIAL OFFER: Newsletter subscribers receive 10% off any Validation Institute service. Use code FIDUCIARY10 at checkout.

────────────────────────────────────────

Don’t be a bystander. Change the status quo and reap the benefits of The Health Plan Compliance Advantage. Schedule an introductory call with us.

Share this post on: