[Federal Register Volume 63, Number 136 (Thursday, July 16, 1998)] [Notices] [Pages 38414-38415] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 98-17944] ----------------------------------------------------------------------- DEPARTMENT OF HEALTH AND HUMAN SERVICES Health Care Financing Administration Privacy Act of 1974; Report of Altered Systems AGENCY: Department of Health and Human Services (HHS), Health Care Financing Administration (HCFA). ACTION: Notice of the global addition of three new routine uses to designated HCFA Systems of Records. ----------------------------------------------------------------------- SUMMARY: HCFA is adding three additional routine uses to the Systems of Records specified in Appendix A. These routine uses will permit HCFA to disclose individual-specific information for the purpose of combating fraud or abuse in the health benefit programs administered by HCFA and for other compatible purposes. These new routine uses will permit HCFA to make disclosures as follows: (1) To a HCFA contractor, including but not necessarily limited to fiscal intermediaries and carriers under title XVIII of the Social Security Act, to administer some aspect of a HCFA-administered health benefits program, or to a grantee of a HCFA- administered grant program, which program is or could be affected by fraud or abuse, for the purpose of preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise combating such fraud or abuse in such program; (2) To another Federal agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States, including any state or local government agency, for the purpose of preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise combating fraud or abuse in a health benefits program funded in whole or in part by Federal funds; and, (3) To any entity that makes payment for or oversees the administration of health care services, for the purpose of preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise combating fraud or abuse against such entity or the program or services administered by such entity, subject to certain conditions. EFFECTIVE DATES: HCFA filed an altered system report with the Chairman of the Committee on Government Reform and Oversight of the House of Representatives, the Chairman of the Committee on Governmental Affairs of the Senate, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB), on June 29, 1998. The proposed new routine uses will become effective 40 days from the date the altered system report is submitted to Congress and to OMB or 30 days from the publication of this notice, whichever is later. ADDRESSES: The public should address comments to Phillip L. Brown, Director, Division of Freedom of Information and Privacy Office, C2-26- 21, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. Comments received will be available for review at this location by appointment, Monday through Friday 9 a.m.-3 p.m., eastern time zone. FOR FURTHER INFORMATION CONTACT: Mr. Nelson Berry, Director, Division of Data Liaison and Distribution, Office of Information Services, HCFA, N3-13-15, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. His telephone number is (410) 786-0182. SUPPLEMENTARY INFORMATION: We are publishing this notice to inform the public of our intent to add three routine uses under which HCFA may release information without the consent of the individual to whom such information pertains in order to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud or abuse in the programs HCFA administers. Each proposed disclosure of information under these routine uses will be evaluated to ensure that the disclosure is legally permissible, including but not limited to ensuring that the purpose of the disclosure is compatible with the purpose for which the information was collected. Also, HCFA will require each prospective recipient of such information to agree in writing to certain conditions to ensure the continuing confidentiality of the information. More specifically, as a condition of each disclosure under these routine uses, HCFA will: (a) Determine that no other Federal statute specifically prohibits disclosure of the information; (b) Determine that the use or disclosure does not violate legal limitations under which the information was provided, collected, or obtained; (c) Determine that the purpose for which the disclosure is to be made; (1) Cannot reasonably be accomplished unless the information is provided in individually identifiable form; (2) Is of sufficient importance to warrant the effect on or the risk to the privacy of the individual(s) that additional exposure of the record(s) might bring; (3) There is a reasonable probability that the purpose of the disclosure will be accomplished; (d) Require the recipient of the information to: [[Page 38415]] (1) Establish reasonable administrative, technical, and physical safeguards to prevent unauthorized access, use or disclosure of the record or any part thereof. The physical safeguards shall provide a level of security that is at least the equivalent of the level of security contemplated in OMB Circular No. A-130 (revised), Appendix III--Security of Federal Automated Information Systems which sets forth guidelines for security plans for automated information systems in Federal agencies; (2) Remove or destroy the information that allows the subject individual(s) to be identified at the earliest time at which removal or destruction can be accomplished consistent with the purpose of the request; (3) Refrain from using or disclosing the information for any purpose other than the stated purpose under which the information was disclosed; (4) Make no further use or disclosure of the information except: (i) To prevent or address an emergency directly affecting the health or safety of an individual; (ii) For use on another project under the same conditions, provided HCFA has authorized the additional use(s) in writing; and, (iii) When required by law; (e) Secure a written statement or agreement from the prospective recipient of the information whereby the prospective recipient attests to an understanding of and willingness to abide by the foregoing provisions and any additional provisions that HCFA deems appropriate in the particular circumstances; and, (f) Determine whether the disclosure constitutes a computer ``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the disclosure is determined to be a computer ``matching program,'' the procedures for matching agreements as contained in 5 U.S.C. 552a(o) must be followed. The new routine uses established by this notice are to be considered as the next three numbers following the existing enumerated routine uses in each of the individual systems of records being affected as listed in Appendix A. These new routine uses read as follows: (1) To a HCFA contractor, including but not necessarily limited to fiscal intermediaries and carriers under title XVIII of the Social Security Act, to administer some aspect of a HCFA-administered health benefits program, or to a grantee of a HCFA-administered grant program, which program is or could be affected by fraud or abuse, for the purpose of preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise combating such fraud or abuse in such programs. (2) To another Federal agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States, including any state or local government agency, for the purpose of preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise combating fraud or abuse in a health benefits program funded in whole or in part by Federal funds. (3) To any entity that makes payment for, or oversees the administration of, health care services, for the purpose of preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise combating fraud or abuse against such entity or the program or services administered by such entity, provided: (a) Such entity enters into an agreement with HCFA to share knowledge and information regarding actual or potential fraudulent or abusive practices or activities regarding the delivery or receipt of health care services, or regarding securing payment or reimbursement for health care services, or any practice or activity that, if directed toward a HCFA-administered program, might reasonably be construed as actually or potentially fraudulent or abusive; (b) Such entity does, on a regular basis, or at such times as HCFA may request, fully and freely share such knowledge and information with HCFA, or as directed by HCFA, with HCFA's contractors; and, (c) HCFA determines that it may reasonably conclude that the knowledge or information it has received or is likely to receive from such entity could lead to preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise combating fraud or abuse in the Medicare, Medicaid, or other health benefits program administered by HCFA or funded in whole or in part by Federal funds. These proposed new routine uses are consistent with the relevant provisions of the Privacy Act of 1974, as amended, 5 U.S.C. 552a. Because these proposed routine uses will significantly alter the systems of records listed in Appendix A, we are preparing a report of altered system of records under 5 U.S.C. 552a(r). Dated: June 29, 1998. Nancy-Ann Min DeParle, Administrator, Health Care Financing Administration. Appendix A 09-70-0005 National Claims History (NCH), HHS/HCFA/BDMS 09-70-0040 Health Care Financing Administration Organ Transplant Data File, HS/HCFA/BDMS 09-70-0501 Carrier Medicare Claims Records, HHS/HCFA/BPO 09-70-0503 Intermediary Medicare Claims Records, HHS/HCFA/BPO 09-70-0505 Supplemental Medical Insurance (SMI) Accounting Collection and Enrollment System (SPACE), HHS/HCFA/BPO 09-70-0516 Medicare Physician Supplier Master File, HHS/HCFA/BPO 09-70-0518 Medicare Clinic Physician Supplier Master File, HHS/ HCFA/BPO 09-70-0520 End Stage Renal Disease (ESRD) Program Management and Medical Information System (PMMIS), HHS/HCFA/BDMS 09-70-0524 Intern and Resident Information System, HHS/HCFA/BPO 09-70-0525 Medicare Physician Identification and Eligibility System (MPIES), HHS/HCFA/BPO 09-70-0526 Common Working File (CWF), HHS/HCFA/BPO 09-70-0527 HCFA Utilization Review Investigatory Files, HHS/HCFA/ BPO 09-70-0529 Medicare Supplier Identification File, HHS/HCFA/BPO 09-70-1511 Physical Therapists in Independent Practice (Individuals), HHS/HCFA/HSQB 09-70-2003 HCFA Program Integrity/Program Validation Case Files HHS/HCFA/BPO 09-70-2006 Income and Eligibility Verification for Medicaid Eligibility Quality Control (MEQC) Review, HHS/HCFA 09-70-4001 Group Health Plan (GHP) System, HHS/HCFA/OMC 09-70-4003 Medicare HMO/CMP Beneficiary Reconsideration System (MBRS), HHS/HCFA/OMC 09-70-6001 Medicaid Statistical Information System (MSIS), HHS/ HCFA/BDMS [FR Doc. 98-17944 Filed 7-15-98; 8:45 am] BILLING CODE 4120-03-P