[Federal Register Volume 63, Number 136 (Thursday, July 16, 1998)]
[Notices]
[Pages 38414-38415]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-17944]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Health Care Financing Administration
Privacy Act of 1974; Report of Altered Systems
AGENCY: Department of Health and Human Services (HHS), Health Care
Financing Administration (HCFA).
ACTION: Notice of the global addition of three new routine uses to
designated HCFA Systems of Records.
-----------------------------------------------------------------------
SUMMARY: HCFA is adding three additional routine uses to the Systems of
Records specified in Appendix A. These routine uses will permit HCFA to
disclose individual-specific information for the purpose of combating
fraud or abuse in the health benefit programs administered by HCFA and
for other compatible purposes. These new routine uses will permit HCFA
to make disclosures as follows: (1) To a HCFA contractor, including but
not necessarily limited to fiscal intermediaries and carriers under
title XVIII of the Social Security Act, to administer some aspect of a
HCFA-administered health benefits program, or to a grantee of a HCFA-
administered grant program, which program is or could be affected by
fraud or abuse, for the purpose of preventing, deterring, discovering,
detecting, investigating, examining, prosecuting, suing with respect
to, defending against, correcting, remedying, or otherwise combating
such fraud or abuse in such program; (2) To another Federal agency or
to an instrumentality of any governmental jurisdiction within or under
the control of the United States, including any state or local
government agency, for the purpose of preventing, deterring,
discovering, detecting, investigating, examining, prosecuting, suing
with respect to, defending against, correcting, remedying, or otherwise
combating fraud or abuse in a health benefits program funded in whole
or in part by Federal funds; and, (3) To any entity that makes payment
for or oversees the administration of health care services, for the
purpose of preventing, deterring, discovering, detecting,
investigating, examining, prosecuting, suing with respect to, defending
against, correcting, remedying, or otherwise combating fraud or abuse
against such entity or the program or services administered by such
entity, subject to certain conditions.
EFFECTIVE DATES: HCFA filed an altered system report with the Chairman
of the Committee on Government Reform and Oversight of the House of
Representatives, the Chairman of the Committee on Governmental Affairs
of the Senate, and the Administrator, Office of Information and
Regulatory Affairs, Office of Management and Budget (OMB), on June 29,
1998. The proposed new routine uses will become effective 40 days from
the date the altered system report is submitted to Congress and to OMB
or 30 days from the publication of this notice, whichever is later.
ADDRESSES: The public should address comments to Phillip L. Brown,
Director, Division of Freedom of Information and Privacy Office, C2-26-
21, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. Comments
received will be available for review at this location by appointment,
Monday through Friday 9 a.m.-3 p.m., eastern time zone.
FOR FURTHER INFORMATION CONTACT: Mr. Nelson Berry, Director, Division
of Data Liaison and Distribution, Office of Information Services, HCFA,
N3-13-15, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. His
telephone number is (410) 786-0182.
SUPPLEMENTARY INFORMATION: We are publishing this notice to inform the
public of our intent to add three routine uses under which HCFA may
release information without the consent of the individual to whom such
information pertains in order to prevent, deter, discover, detect,
investigate, examine, prosecute, sue with respect to, defend against,
correct, remedy, or otherwise combat fraud or abuse in the programs
HCFA administers. Each proposed disclosure of information under these
routine uses will be evaluated to ensure that the disclosure is legally
permissible, including but not limited to ensuring that the purpose of
the disclosure is compatible with the purpose for which the information
was collected. Also, HCFA will require each prospective recipient of
such information to agree in writing to certain conditions to ensure
the continuing confidentiality of the information. More specifically,
as a condition of each disclosure under these routine uses, HCFA will:
(a) Determine that no other Federal statute specifically prohibits
disclosure of the information;
(b) Determine that the use or disclosure does not violate legal
limitations under which the information was provided, collected, or
obtained;
(c) Determine that the purpose for which the disclosure is to be
made;
(1) Cannot reasonably be accomplished unless the information is
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect on or the
risk to the privacy of the individual(s) that additional exposure of
the record(s) might bring;
(3) There is a reasonable probability that the purpose of the
disclosure will be accomplished;
(d) Require the recipient of the information to:
[[Page 38415]]
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized access, use or disclosure of the
record or any part thereof. The physical safeguards shall provide a
level of security that is at least the equivalent of the level of
security contemplated in OMB Circular No. A-130 (revised), Appendix
III--Security of Federal Automated Information Systems which sets forth
guidelines for security plans for automated information systems in
Federal agencies;
(2) Remove or destroy the information that allows the subject
individual(s) to be identified at the earliest time at which removal or
destruction can be accomplished consistent with the purpose of the
request;
(3) Refrain from using or disclosing the information for any
purpose other than the stated purpose under which the information was
disclosed;
(4) Make no further use or disclosure of the information except:
(i) To prevent or address an emergency directly affecting the
health or safety of an individual;
(ii) For use on another project under the same conditions, provided
HCFA has authorized the additional use(s) in writing; and,
(iii) When required by law;
(e) Secure a written statement or agreement from the prospective
recipient of the information whereby the prospective recipient attests
to an understanding of and willingness to abide by the foregoing
provisions and any additional provisions that HCFA deems appropriate in
the particular circumstances; and,
(f) Determine whether the disclosure constitutes a computer
``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the
disclosure is determined to be a computer ``matching program,'' the
procedures for matching agreements as contained in 5 U.S.C. 552a(o)
must be followed.
The new routine uses established by this notice are to be
considered as the next three numbers following the existing enumerated
routine uses in each of the individual systems of records being
affected as listed in Appendix A. These new routine uses read as
follows:
(1) To a HCFA contractor, including but not necessarily limited to
fiscal intermediaries and carriers under title XVIII of the Social
Security Act, to administer some aspect of a HCFA-administered health
benefits program, or to a grantee of a HCFA-administered grant program,
which program is or could be affected by fraud or abuse, for the
purpose of preventing, deterring, discovering, detecting,
investigating, examining, prosecuting, suing with respect to, defending
against, correcting, remedying, or otherwise combating such fraud or
abuse in such programs.
(2) To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States, including any state or local government agency, for the purpose
of preventing, deterring, discovering, detecting, investigating,
examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating fraud or abuse in a
health benefits program funded in whole or in part by Federal funds.
(3) To any entity that makes payment for, or oversees the
administration of, health care services, for the purpose of preventing,
deterring, discovering, detecting, investigating, examining,
prosecuting, suing with respect to, defending against, correcting,
remedying, or otherwise combating fraud or abuse against such entity or
the program or services administered by such entity, provided:
(a) Such entity enters into an agreement with HCFA to share
knowledge and information regarding actual or potential fraudulent or
abusive practices or activities regarding the delivery or receipt of
health care services, or regarding securing payment or reimbursement
for health care services, or any practice or activity that, if directed
toward a HCFA-administered program, might reasonably be construed as
actually or potentially fraudulent or abusive;
(b) Such entity does, on a regular basis, or at such times as HCFA
may request, fully and freely share such knowledge and information with
HCFA, or as directed by HCFA, with HCFA's contractors; and,
(c) HCFA determines that it may reasonably conclude that the
knowledge or information it has received or is likely to receive from
such entity could lead to preventing, deterring, discovering,
detecting, investigating, examining, prosecuting, suing with respect
to, defending against, correcting, remedying, or otherwise combating
fraud or abuse in the Medicare, Medicaid, or other health benefits
program administered by HCFA or funded in whole or in part by Federal
funds.
These proposed new routine uses are consistent with the relevant
provisions of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
Because these proposed routine uses will significantly alter the
systems of records listed in Appendix A, we are preparing a report of
altered system of records under 5 U.S.C. 552a(r).
Dated: June 29, 1998.
Nancy-Ann Min DeParle,
Administrator, Health Care Financing Administration.
Appendix A
09-70-0005 National Claims History (NCH), HHS/HCFA/BDMS
09-70-0040 Health Care Financing Administration Organ Transplant
Data File, HS/HCFA/BDMS
09-70-0501 Carrier Medicare Claims Records, HHS/HCFA/BPO
09-70-0503 Intermediary Medicare Claims Records, HHS/HCFA/BPO
09-70-0505 Supplemental Medical Insurance (SMI) Accounting
Collection and Enrollment System (SPACE), HHS/HCFA/BPO
09-70-0516 Medicare Physician Supplier Master File, HHS/HCFA/BPO
09-70-0518 Medicare Clinic Physician Supplier Master File, HHS/
HCFA/BPO
09-70-0520 End Stage Renal Disease (ESRD) Program Management and
Medical Information System (PMMIS), HHS/HCFA/BDMS
09-70-0524 Intern and Resident Information System, HHS/HCFA/BPO
09-70-0525 Medicare Physician Identification and Eligibility System
(MPIES), HHS/HCFA/BPO
09-70-0526 Common Working File (CWF), HHS/HCFA/BPO
09-70-0527 HCFA Utilization Review Investigatory Files, HHS/HCFA/
BPO
09-70-0529 Medicare Supplier Identification File, HHS/HCFA/BPO
09-70-1511 Physical Therapists in Independent Practice
(Individuals), HHS/HCFA/HSQB
09-70-2003 HCFA Program Integrity/Program Validation Case Files
HHS/HCFA/BPO
09-70-2006 Income and Eligibility Verification for Medicaid
Eligibility Quality Control (MEQC) Review, HHS/HCFA
09-70-4001 Group Health Plan (GHP) System, HHS/HCFA/OMC
09-70-4003 Medicare HMO/CMP Beneficiary Reconsideration System
(MBRS), HHS/HCFA/OMC
09-70-6001 Medicaid Statistical Information System (MSIS), HHS/
HCFA/BDMS
[FR Doc. 98-17944 Filed 7-15-98; 8:45 am]
BILLING CODE 4120-03-P