[Federal Register Volume 63, Number 136 (Thursday, July 16, 1998)]
[Notices]
[Pages 38414-38415]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-17944]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Health Care Financing Administration


Privacy Act of 1974; Report of Altered Systems

AGENCY: Department of Health and Human Services (HHS), Health Care 
Financing Administration (HCFA).

ACTION: Notice of the global addition of three new routine uses to 
designated HCFA Systems of Records.

-----------------------------------------------------------------------

SUMMARY: HCFA is adding three additional routine uses to the Systems of 
Records specified in Appendix A. These routine uses will permit HCFA to 
disclose individual-specific information for the purpose of combating 
fraud or abuse in the health benefit programs administered by HCFA and 
for other compatible purposes. These new routine uses will permit HCFA 
to make disclosures as follows: (1) To a HCFA contractor, including but 
not necessarily limited to fiscal intermediaries and carriers under 
title XVIII of the Social Security Act, to administer some aspect of a 
HCFA-administered health benefits program, or to a grantee of a HCFA-
administered grant program, which program is or could be affected by 
fraud or abuse, for the purpose of preventing, deterring, discovering, 
detecting, investigating, examining, prosecuting, suing with respect 
to, defending against, correcting, remedying, or otherwise combating 
such fraud or abuse in such program; (2) To another Federal agency or 
to an instrumentality of any governmental jurisdiction within or under 
the control of the United States, including any state or local 
government agency, for the purpose of preventing, deterring, 
discovering, detecting, investigating, examining, prosecuting, suing 
with respect to, defending against, correcting, remedying, or otherwise 
combating fraud or abuse in a health benefits program funded in whole 
or in part by Federal funds; and, (3) To any entity that makes payment 
for or oversees the administration of health care services, for the 
purpose of preventing, deterring, discovering, detecting, 
investigating, examining, prosecuting, suing with respect to, defending 
against, correcting, remedying, or otherwise combating fraud or abuse 
against such entity or the program or services administered by such 
entity, subject to certain conditions.

EFFECTIVE DATES: HCFA filed an altered system report with the Chairman 
of the Committee on Government Reform and Oversight of the House of 
Representatives, the Chairman of the Committee on Governmental Affairs 
of the Senate, and the Administrator, Office of Information and 
Regulatory Affairs, Office of Management and Budget (OMB), on June 29, 
1998. The proposed new routine uses will become effective 40 days from 
the date the altered system report is submitted to Congress and to OMB 
or 30 days from the publication of this notice, whichever is later.

ADDRESSES: The public should address comments to Phillip L. Brown, 
Director, Division of Freedom of Information and Privacy Office, C2-26-
21, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. Comments 
received will be available for review at this location by appointment, 
Monday through Friday 9 a.m.-3 p.m., eastern time zone.

FOR FURTHER INFORMATION CONTACT: Mr. Nelson Berry, Director, Division 
of Data Liaison and Distribution, Office of Information Services, HCFA, 
N3-13-15, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. His 
telephone number is (410) 786-0182.

SUPPLEMENTARY INFORMATION: We are publishing this notice to inform the 
public of our intent to add three routine uses under which HCFA may 
release information without the consent of the individual to whom such 
information pertains in order to prevent, deter, discover, detect, 
investigate, examine, prosecute, sue with respect to, defend against, 
correct, remedy, or otherwise combat fraud or abuse in the programs 
HCFA administers. Each proposed disclosure of information under these 
routine uses will be evaluated to ensure that the disclosure is legally 
permissible, including but not limited to ensuring that the purpose of 
the disclosure is compatible with the purpose for which the information 
was collected. Also, HCFA will require each prospective recipient of 
such information to agree in writing to certain conditions to ensure 
the continuing confidentiality of the information. More specifically, 
as a condition of each disclosure under these routine uses, HCFA will:
    (a) Determine that no other Federal statute specifically prohibits 
disclosure of the information;
    (b) Determine that the use or disclosure does not violate legal 
limitations under which the information was provided, collected, or 
obtained;
    (c) Determine that the purpose for which the disclosure is to be 
made;
    (1) Cannot reasonably be accomplished unless the information is 
provided in individually identifiable form;
    (2) Is of sufficient importance to warrant the effect on or the 
risk to the privacy of the individual(s) that additional exposure of 
the record(s) might bring;
    (3) There is a reasonable probability that the purpose of the 
disclosure will be accomplished;
    (d) Require the recipient of the information to:

[[Page 38415]]

    (1) Establish reasonable administrative, technical, and physical 
safeguards to prevent unauthorized access, use or disclosure of the 
record or any part thereof. The physical safeguards shall provide a 
level of security that is at least the equivalent of the level of 
security contemplated in OMB Circular No. A-130 (revised), Appendix 
III--Security of Federal Automated Information Systems which sets forth 
guidelines for security plans for automated information systems in 
Federal agencies;
    (2) Remove or destroy the information that allows the subject 
individual(s) to be identified at the earliest time at which removal or 
destruction can be accomplished consistent with the purpose of the 
request;
    (3) Refrain from using or disclosing the information for any 
purpose other than the stated purpose under which the information was 
disclosed;
    (4) Make no further use or disclosure of the information except:
    (i) To prevent or address an emergency directly affecting the 
health or safety of an individual;
    (ii) For use on another project under the same conditions, provided 
HCFA has authorized the additional use(s) in writing; and,
    (iii) When required by law;
    (e) Secure a written statement or agreement from the prospective 
recipient of the information whereby the prospective recipient attests 
to an understanding of and willingness to abide by the foregoing 
provisions and any additional provisions that HCFA deems appropriate in 
the particular circumstances; and,
    (f) Determine whether the disclosure constitutes a computer 
``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the 
disclosure is determined to be a computer ``matching program,'' the 
procedures for matching agreements as contained in 5 U.S.C. 552a(o) 
must be followed.
    The new routine uses established by this notice are to be 
considered as the next three numbers following the existing enumerated 
routine uses in each of the individual systems of records being 
affected as listed in Appendix A. These new routine uses read as 
follows:
    (1) To a HCFA contractor, including but not necessarily limited to 
fiscal intermediaries and carriers under title XVIII of the Social 
Security Act, to administer some aspect of a HCFA-administered health 
benefits program, or to a grantee of a HCFA-administered grant program, 
which program is or could be affected by fraud or abuse, for the 
purpose of preventing, deterring, discovering, detecting, 
investigating, examining, prosecuting, suing with respect to, defending 
against, correcting, remedying, or otherwise combating such fraud or 
abuse in such programs.
    (2) To another Federal agency or to an instrumentality of any 
governmental jurisdiction within or under the control of the United 
States, including any state or local government agency, for the purpose 
of preventing, deterring, discovering, detecting, investigating, 
examining, prosecuting, suing with respect to, defending against, 
correcting, remedying, or otherwise combating fraud or abuse in a 
health benefits program funded in whole or in part by Federal funds.
    (3) To any entity that makes payment for, or oversees the 
administration of, health care services, for the purpose of preventing, 
deterring, discovering, detecting, investigating, examining, 
prosecuting, suing with respect to, defending against, correcting, 
remedying, or otherwise combating fraud or abuse against such entity or 
the program or services administered by such entity, provided:
    (a) Such entity enters into an agreement with HCFA to share 
knowledge and information regarding actual or potential fraudulent or 
abusive practices or activities regarding the delivery or receipt of 
health care services, or regarding securing payment or reimbursement 
for health care services, or any practice or activity that, if directed 
toward a HCFA-administered program, might reasonably be construed as 
actually or potentially fraudulent or abusive;
    (b) Such entity does, on a regular basis, or at such times as HCFA 
may request, fully and freely share such knowledge and information with 
HCFA, or as directed by HCFA, with HCFA's contractors; and,
    (c) HCFA determines that it may reasonably conclude that the 
knowledge or information it has received or is likely to receive from 
such entity could lead to preventing, deterring, discovering, 
detecting, investigating, examining, prosecuting, suing with respect 
to, defending against, correcting, remedying, or otherwise combating 
fraud or abuse in the Medicare, Medicaid, or other health benefits 
program administered by HCFA or funded in whole or in part by Federal 
funds.
    These proposed new routine uses are consistent with the relevant 
provisions of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
    Because these proposed routine uses will significantly alter the 
systems of records listed in Appendix A, we are preparing a report of 
altered system of records under 5 U.S.C. 552a(r).

    Dated: June 29, 1998.
Nancy-Ann Min DeParle,
Administrator, Health Care Financing Administration.

Appendix A

09-70-0005  National Claims History (NCH), HHS/HCFA/BDMS
09-70-0040  Health Care Financing Administration Organ Transplant 
Data File, HS/HCFA/BDMS
09-70-0501  Carrier Medicare Claims Records, HHS/HCFA/BPO
09-70-0503  Intermediary Medicare Claims Records, HHS/HCFA/BPO
09-70-0505  Supplemental Medical Insurance (SMI) Accounting 
Collection and Enrollment System (SPACE), HHS/HCFA/BPO
09-70-0516  Medicare Physician Supplier Master File, HHS/HCFA/BPO
09-70-0518  Medicare Clinic Physician Supplier Master File, HHS/
HCFA/BPO
09-70-0520  End Stage Renal Disease (ESRD) Program Management and 
Medical Information System (PMMIS), HHS/HCFA/BDMS
09-70-0524  Intern and Resident Information System, HHS/HCFA/BPO
09-70-0525  Medicare Physician Identification and Eligibility System 
(MPIES), HHS/HCFA/BPO
09-70-0526  Common Working File (CWF), HHS/HCFA/BPO
09-70-0527  HCFA Utilization Review Investigatory Files, HHS/HCFA/
BPO
09-70-0529  Medicare Supplier Identification File, HHS/HCFA/BPO
09-70-1511  Physical Therapists in Independent Practice 
(Individuals), HHS/HCFA/HSQB
09-70-2003  HCFA Program Integrity/Program Validation Case Files 
HHS/HCFA/BPO
09-70-2006  Income and Eligibility Verification for Medicaid 
Eligibility Quality Control (MEQC) Review, HHS/HCFA
09-70-4001  Group Health Plan (GHP) System, HHS/HCFA/OMC
09-70-4003  Medicare HMO/CMP Beneficiary Reconsideration System 
(MBRS), HHS/HCFA/OMC
09-70-6001  Medicaid Statistical Information System (MSIS), HHS/
HCFA/BDMS

[FR Doc. 98-17944 Filed 7-15-98; 8:45 am]
BILLING CODE 4120-03-P