[Federal Register Volume 63, Number 210 (Friday, October 30, 1998)]
[Proposed Rules]
[Pages 58341-58358]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-29147]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

Office of Inspector General

45 CFR Part 61

RIN 0991-AA98


Health Care Fraud and Abuse Data Collection Program: Reporting of 
Final Adverse Actions

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: This proposed rule would establish a new 45 CFR part 61 to 
implement the statutory requirements of section 1128E of the Social 
Security Act, as added by section 221(a) of the Health Insurance 
Portability and Accountability Act (HIPAA) of 1996. Section 221(a) of 
HIPAA specifically directed the Secretary to establish a national 
health care fraud and abuse data collection program for the reporting 
and disclosing of certain final adverse actions taken against health 
care providers, suppliers, or practitioners, and maintain a data base 
of final adverse actions taken against health care providers, suppliers 
and practitioners.

DATES: To assure consideration, public comments must be delivered to 
the address provided below by no later than 5 p.m. on December 29, 
1998.

ADDRESSES: Please mail or deliver your written comments to the 
following address: Health Resources and Services Administration, Bureau 
of Health Professions, Division of Quality Assurance, Room 8A-55, 
Attention: OIG-46-P, 5600 Fishers Lane, Rockville, Maryland 20857.
    Because of staffing and resource limitations, we cannot accept 
comments by facsimile (FAX) transmission. In commenting, please refer 
to file code OIG-46-P.

FOR FURTHER INFORMATION CONTACT: Thomas C. Croft, (301) 443-2300, 
Director, Division of Quality Assurance/BHPr/HRSA.

SUPPLEMENTARY INFORMATION:

I. Background

The National Practitioner Data Bank

    The National Practitioner Data Bank (NPDB) was established under 
the Health Care Quality Improvement Act (HCQIA) of 1986, as amended (42 
U.S.C. 11101). The NPDB contains adverse licensure action reports on 
physician and dentists (including revocations, suspensions, reprimands, 
censures, probations and surrenders for quality purposes); adverse 
clinical privilege actions against physicians and dentists; adverse 
professional society membership actions against physicians and 
dentists; and medical malpractice payments made on all health care 
practitioners. Groups that have access to this data system include 
hospitals, other health care entities that conduct peer review and 
provide or arrange for care, State Boards of Medical or Dental 
examiners and other health care practitioner State boards. Individual 
practitioners are able to self-query. The reporting of information 
under the NPDB is limited to medical malpractice payers, State 
licensing medical boards and dental examiners, professional societies 
with formal peer review and hospitals and health care entities.

Establishment of the Healthcare Integrity and Protection Data Bank

    The Health Insurance Portability and Accountability Act (HIPAA) of 
1996, Public Law 104-191, requires the Secretary, acting through the 
Office of Inspector General (OIG) and the United States Attorney 
General, to establish a new health care fraud and abuse control program 
to combat health care fraud and abuse (see section 1128C of the Act, as 
enacted by section 201(a) of HIPAA). Among the major steps in this 
program is the establishment of a national data bank to receive and 
disclose certain final adverse actions against health care providers, 
suppliers, or practitioners (see section 1128C(a)(1)(E) of the Act). 
The data bank is specifically provided for by section 1128E of the Act 
(added by section 221(a) of HIPAA), which directs the Secretary to 
maintain a data base of such final adverse actions. Final adverse 
actions include: (1) civil judgments against a health care provider, 
supplier, or practitioner in Federal or State court related to the 
delivery of a health care item or service; (2) Federal or State 
criminal convictions against a health care provider, supplier, or 
practitioner related to the delivery of a health care item or service; 
(3) actions by Federal or State agencies responsible for the licensing 
and certification of health care providers, suppliers, or 
practitioners; (4) exclusion of a health care provider, supplier, or 
practitioner from participation in Federal or State health care 
programs; and (5) any other adjudicated actions or decisions that the 
Secretary establishes by regulations. Settlements in which no findings 
or admissions of liability have been made will be excluded from 
reporting. However, any final adverse action that emanates from such 
settlements and consent judgments, and that would otherwise be 
reportable under the statute, is to be reported to the data bank. Final 
adverse actions are to be reported, regardless of whether such actions 
are being appealed by the subject of the report (see section 
1128E(b)(2)(C) of the Act). Groups that have access to this new data 
bank system include Federal and State government agencies; health 
plans; and self queries from health care suppliers, providers and 
practitioners. Reporting is limited to the same groups that have access 
to the information.
    The range of reportable final adverse actions specified in the 
statute clearly indicates that Congress intended a broad interpretation 
of the terms ``health care fraud and abuse.'' For purposes of the 
statute, we believe all reportable final adverse actions include 
actions related to provider, supplier and practitioner practices that 
are inconsistent with

[[Page 58342]]

accepted sound fiscal, business or medical practices, directly or 
indirectly, resulting in: (1) unnecessary costs to the program; (2) 
improper payment; (3) services that fail to meet professionally 
recognized standards of care or that are medically unnecessary; or (4) 
adverse patient outcomes, failure to provide covered or needed care in 
violation of contractual arrangements, or delays in diagnosis or 
treatment. The statute also requires the Secretary to implement the 
national health care fraud and abuse data collection program in such a 
manner as to avoid duplication with the reporting requirements 
established for the NPDB. This proposed rulemaking is intended to 
establish such a fraud and abuse data bank, to be known as the 
Healthcare Integrity and Protection Data Bank (HIPDB).

Coordination and Distinctions Between the HIPDB and the NPDB

    With regard to the importation of State licensing board actions 
reported to the NPDB prior to the enactment of HIPAA, we intend to 
include in the HIPDB only such NPDB information about licensing actions 
which were effective on or after August 21, 1996. In accordance with 
the statute, the reporter responsible for reporting adverse actions to 
the HIPDB and the NPDB will only be asked to submit the report one 
time. The system is being designed to sort the appropriate actions into 
the HIPDB, NPDB, or both. The system is being configured to account for 
the statutory differences in the type of actions and groups eligible to 
query the two data banks.
    The NPDB does not collect information on Federal criminal 
convictions and medicare and Medicaid exclusions, except to the extent 
that they lead to State licensing board, medical malpractice payment or 
privilege restriction actions. Further, while civil judgments included 
in the NPDB would be those that resulted in malpractice payments, the 
HIPDB explicitly does not include medical malpractice civil judgments. 
As a result, these items will not be part of the NPDB data to be 
imported into the HIPDB.

Data Elements To Be Reported to the HIPDB

    Section 1128E(b)(2) of the Act cites a number of required elements 
or types of data that must be reported to the HIPDB. These elements 
include: (1) the name of the individual or entity; (2) a taxpayer 
identification number; (3) the name of any affiliated or associated 
health care entity; (4) the nature of the final adverse action, and 
whether the action is on appeal; (5) a description of the acts or 
omissions, and injuries, upon which a final adverse action is based; 
and (6) any other additional information deemed appropriate by the 
Secretary.
    With respect to this last element, we are exercising this 
discretion and are proposing to add additional reportable data 
elements. The additional elements reflect much of the information that 
is already routinely collected by the Federal and State reporting 
agencies. Therefore, in adding these elements, the Secretary believes 
this does not impose any additional burden on State government agencies 
and health plans. Furthermore, the Secretary is protecting health care 
providers, suppliers and practitioners from being erroneously 
identified without imposing additional gathering burdens on reporters 
of information. The addition of this information also will serve to: 
(1) recognize the multiple purposes to which eligible users will apply 
the data, such as licensing decisions by professional licensing boards, 
credentialing and contracting decisions by health plans, and 
investigation by law enforcement agencies, investigative units and 
health plan special investigative units of health care fraud 
perpetrators and schemes; (2) maximize the accuracy of a match between 
the names of queried practitioners, providers, or suppliers and 
existing reports in the HIPDB; (3) provide access to information about 
health care fraud and abuse activities nationwide by promoting 
efficient coordination of investigative efforts among insurers and law 
enforcement agencies; (4) support the intent of the statute to address 
issues related to fraud and abuse, including quality of health care and 
patient safety; and (5) prevent the erroneous reporting and identifying 
of health care providers, suppliers and practitioners. Through this 
proposed rulemaking, we are specifically seeking the views of Federal 
and State officials and of health plans about whether the proposed 
information collection requirements will be necessary for the proper 
performance of the HIPDB system. In addition, we are soliciting 
comments as to whether the proposed data elements set forth in this 
rule will be useful in preventing fraud and abuse and in improving the 
quality of patient care.

Immunity Provisions Under the HIPDB

    Immunity provisions in section 1128E(e) of the Act protect 
individuals and entities from being held liable in civil actions for 
reports made to the HIPDB unless they have knowledge of the falsity of 
the information contained in the report. The statute provides similar 
immunity to the Department in maintaining the HIPDB. We are 
interpreting the term ``knowledge of falsity'' to require actual 
knowledge of falsity by the submitting entity.

II. Provisions of the Proposed Rule

    These proposed regulations would implement the requirements for 
reporting of specific data elements to, and procedures for obtaining 
information from, the HIPDB (and are applicable to Federal and State 
government agencies and health plans). Set forth below is a brief 
description of the major provisions of the proposed rule, including, 
among other things, proposed definitions for certain terms associated 
with the HIPDB, a discussion of the specific reporting requirements and 
when such information must be reported, the fees applicable to requests 
for information, the issues of the confidentiality of information, and 
how to dispute the accuracy of information in the HIPDB.

1. Definitions

    These proposed regulations would expand on previous regulatory 
definitions and clarify aspects of definitions set forth in the 
statute. Congress intended that the HIPDB play a significant role in 
reducing public and private health care expenditures that result in 
health care fraud and abuse, by alerting system users to previous 
relevant adverse actions. Therefore, we believe that the reportable 
range of activities and the individuals and entities that engage in 
them should as broadly as possible capture the portion of expenditures 
lost each year to fraud and abuse. Towards this end, this proposed rule 
sets forth definitions for certain terms that may appear more expansive 
than some previous regulatory definitions. One such example would 
include the definitions of health care provider and supplier. While 
definitions of these terms existed in other Departmental regulations, 
we believe it is significant that Congress chose not to use those 
definitions. In fact, earlier versions of section 1128E of the Act 
contained some of these previous definitions, but deleted them from the 
final statute. The absence of these references strongly suggests that 
Congress intended that these terms be developed based on the breadth of 
health care expenditures in mind when applied to the HIPDB program. We 
believe these expanded definitions are fully consistent with 
congressional intent and accurately reflect the range of subjects and 
activities currently considered by government agencies and health plans 
in fraud and abuse prevention efforts. This proposed rule

[[Page 58343]]

also, in certain instances, clarifies existing statutory definitions. 
These clarifications merely provide additional examples of the scope of 
the definitions, but do not go beyond the range that Congress intended.
    As a result, in Sec. 61.3 of these regulations, we are proposing 
the inclusion of the following definition of terms--
A. Affiliated or Associated
    The term ``affiliated or associated'' would include, but would not 
be limited to, health care entities such as organizations, 
associations, corporations, or partnerships that are affiliated or 
associated with a subject of a final adverse action. It also would 
include a professional corporation or other business entity composed of 
a single individual. For example, if the subject is an individual, the 
affiliated or associated health care entities would include, among 
other things, the subject's employer, businesses owned or managed by 
the subject, partnerships, memberships in health maintenance 
organizations or health care networks, or institutions granting the 
subject clinical privileges. If the subject is an entity, its 
affiliated or associated entities would include parent corporations, 
subsidiaries, and joint ventures, among other things. We believe that 
this definition supports congressional intent to enable authorized 
users who are conducting fraud and abuse investigations to identify 
other business affiliations through which the subject may have 
committed other acts of wrongdoing and to aid with subject 
identification. Inclusion of an entity in this category by a reporter 
would in no way imply that the entity was a party to the act(s) or 
omission(s) that led to a reportable final adverse action.
B. Government Agency
    The definition of the term ``government agency'' is set forth in 
accordance with section 1128E(g)(3) of the Act, and would serve to set 
out the range of government agencies that are required to report to, 
and authorized to receive information from, the HIPDB. For purposes of 
these regulations, the term ``government agency'' would include, but 
would not be limited to: (1) the Department of Justice; (2) the 
Department of Health and Human Services; (3) any other Federal or State 
agency that either administers or provides payment for the delivery of 
health care services ( including, but not limited to, the Department of 
Defense and the Department of Veterans Affairs); (4) State law 
enforcement agencies; (5) State Medicaid Fraud Control Units; and (6) 
other Federal or State agencies responsible for the licensing and 
certification of health care providers, suppliers, or licensed health 
care practitioners. Examples of such State agencies include Departments 
of Professional Regulation, Health, Social Services (including State 
Survey and Certification and Medicaid Single State agencies), Commerce, 
and Insurance.
    We believe there are two key aspects each State may need to 
consider with respect to the data: who will report such information and 
how the information will be reported to the data bank. First, with 
respect to who is to report, we invite comments from States delineating 
specific agencies that are responsible for the licensing and 
certification of health care providers, suppliers and practitioners 
that will be subject to the section 1128E reporting requirements. In 
addition, we invite comments identifying the specific State law 
enforcement agencies that will be responsible for reporting to the 
HIPDB.
    Second, we also recognize the States' prerogative in determining 
the manner in which they will report. For example, one option may be 
that States may elect to have one centralized point for reporting, or 
elect to have multiple agencies (including, at their option, 
municipalities, county agencies and local law enforcement agencies such 
as District and County attorneys ) report independently to the HIPDB. 
Another option for reducing the reporting burden of State licensing and 
certification boards would be to have their respective professional 
organizations serve as their authorized agents for reporting to the 
HIPDB. It has been brought to our attention that similar data reports 
are being provided to the professional organizations. The ability to 
report the same information one time through a designated authorized 
agent would streamline State reporting. We believe this would be an 
acceptable option for meeting reporting obligations of State boards and 
is raised for consideration when meeting their reporting obligations to 
the HIPDB. We invite comments from each State regarding the manner in 
which it intends to report to the HIPDB.
C. Health Care Provider and Health Care Supplier
    The statute does not define the terms ``health care provider'' and 
``health care supplier'' for purposes of this data bank. Since there is 
considerable overlap in the roles of practitioners, providers and 
suppliers (e.g., a skilled nursing facility is an institutional 
provider, but also can be a supplier of health care items and 
equipment), we believe that these terms--as well as the term 
``practitioner'' defined below--are not intended to describe distinct, 
mutually exclusive categories nor are the examples provided in this 
section intended to be exhaustive. We believe that these overlapping 
roles do not necessarily represent the categories in which subjects' 
information will be collected, maintained and disseminated in the 
HIPDB.
    Accordingly, in keeping with congressional intent that the 
Department coordinate this program closely with the NPDB, we would 
define the term ``health care provider'' to mean (1) a provider of 
services as defined in section 1861(u) of the Act; (2) any health care 
entity (including a health maintenance organization (HMO), preferred 
provider organization, ambulatory care clinic and group medical 
practice) that provides health care services and follows a formal peer 
review process for the purpose of furthering quality health care; and 
(3) and any other health care entity that, directly or through 
contracts, provides health care services. That definition encompasses 
institutional providers such as hospitals, home health care agencies, 
skilled nursing facilities, and comprehensive outpatient rehabilitation 
facilities.
    ``Health care supplier'' would be defined as a provider of medical 
and other health care services, as described in section 1861(s) of the 
Act, and would include Medicare facilities and practitioners as well as 
medical equipment suppliers (including clinical laboratories, certain 
licensed or certified health care practitioners, and suppliers of 
durable medical equipment). In addition, to ensure that this definition 
captures other entities that may be the subject of health care fraud 
investigations by the State or Federal Government or health plans, this 
term would further include any individual or entity, other than a 
provider, who furnishes or provides access to health care services, 
supplies, items or ancillary services (including, but not limited to, 
durable medical equipment suppliers and manufacturers of health care 
related items; pharmaceutical suppliers and manufacturers; health 
record services, such as medical, dental and other patient records; 
health data suppliers; and billing and transportation service 
suppliers), and any individual or entity under contract to provide 
health care supplies, items or ancillary services, and any group, 
organization or company providing health benefits whether directly, or 
indirectly through insurance, reimbursements or otherwise. The term 
``health care

[[Page 58344]]

supplier'' also would include, but would not be limited to, insurance 
producers, such as agents, brokers, solicitors, consultants and 
reinsurance intermediaries; insurance companies; self-insured 
employers; and health care purchasing groups or entities.
    This definition of ``health care supplier'' reflects congressional 
intent that the Government not pay for items and services of 
untrustworthy individuals and entities, regardless of whether the 
individual or entity is paid by the programs directly or whether the 
items and services are reimbursed indirectly through claims of a direct 
provider. Individuals and entities that provide such indirect services 
have a significant impact on the cost and quality of health care, and 
have been the subject of final adverse actions related to health care 
fraud and abuse.
D. Health Plan
    The definition of the term ``health plan'' in section 1128E of the 
Act is not meant to be exclusive or exhaustive. Rather, by using the 
word ``includes,'' the statutory definition contemplates that 
additional entities may be recognized as ``health plans'' if they meet 
the basic definition of ``providing health benefits.'' Thus, health 
plans may include those plans funded by Federal and State governments, 
including Medicare, Medicaid, the Department of Defense, the Department 
of Veterans Affairs, the Federal Employees Health benefits Plan of the 
Office of Personnel Management, and the Bureau of Indian Affairs 
programs. Under these regulations, the term ``health plan'' would be 
defined as a plan, program or organization that provides health 
benefits, whether directly or through insurance, reimbursement or 
otherwise. The term would include, but would not be limited to: (1) a 
policy of health insurance; (2) a contract of a service benefit 
organization; (3) a membership agreement with an HMO or other prepaid 
health plan; (4) a plan, program or agreement established, maintained 
or made available by an employer or group of employers, a practitioner, 
provider or supplier group, third-party administrator, integrated 
health care delivery system, employee welfare association, public 
service group or organization, or professional association; and (5) an 
insurance company, insurance service, self-insured employer or 
insurance organization which is licensed to engage in the business of 
selling health care insurance in a State and which is subject to State 
law which regulates health insurance. We have added the word 
``organization'' to the description of the term ``health plan'' since 
health plans are generally offered by organizations, and we believe 
that Congress intended those organizations to be users of the HIPDB. In 
addition, credential reviews and fraud investigations are often 
conducted at the corporate level by organizations offering and managing 
managed care plans or other health benefit plans or services.
    We also are including in this definition additional examples of 
other health plans which reflect both the wide variety of health 
benefit plans that are currently offered and the wide range of 
organizations that provide them. These examples include employers or 
other organizations that provide health care benefits for their 
employees or members, provider/supplier/practitioner groups that offer 
health care benefit plans under contract with an organization, and 
organizations that sell health care insurance. We invite public comment 
on the inclusion of additional examples in this listing for purposes of 
clarification and guidance.
    In addition, to more clearly define this term, we are including two 
clarifying phrases in the regulatory definition. First, we would add 
the word ``reimbursement'' to the description of the methods by which 
health plans provide benefits. For example, some employers directly 
reimburse employees for their health care expenditures through a 
voucher system. We also propose including the phrase ``but is not 
limited to'' to the description of types of arrangements included in 
the definition. We believe that this clarification of the statutory 
language is important to ensure that, as arrangements and mechanisms 
used by health plans to provide health care benefits evolve, they will 
not be excluded by the language in the definition.
E. Licensed Health Care Practitioner, Licensed Practitioner, and 
Practitioner
    While section 1128E of the Act refers to the terms health care 
``provider, practitioner or supplier'' as the subject of reports to the 
HIPDB, the statute only provides a definition of ``practitioner.'' We 
are proposing to define ``practitioner'' consistent with section 
1128E(g)(2) of the Act. As a result, for purposes of these regulations, 
with respect to a State, a ``licensed health care practitioner,'' a 
``licensed practitioner'' or ``practitioner'' would mean an individual 
who is licensed or otherwise authorized by the State to provide health 
care services (or any individual who, without authority, holds himself 
or herself out to be so licensed or authorized). This definition 
includes, but is not limited to, physicians, nurses, chiropractors, 
podiatrists, emergency medical technicians, physical therapists, 
pharmacists, clinical psychologists, acupuncturists, dieticians, aides, 
and licensed or certified alternative medicine practitioners such as 
homeopaths and naturopaths.
F. Other Adjudicated Actions or Decisions
    We are including a definition to clarify the types of ``other 
adjudicated actions or decisions'' that Congress authorized the 
Department to collect under section 1128E(g)(A)(v) of the Act. We 
believe that this term should encompass actions that are consistent 
with the characteristics of the specific final adverse actions already 
listed in the statute. Accordingly, the term ``other adjudicated 
actions or decisions'' would refer to an official action taken by a 
Federal or State governmental agency or health plan against a health 
care provider, supplier, or practitioner based on acts or omissions 
that affect, or could significantly affect, the delivery of a health 
care item or service. For example, an official action taken by a 
Federal or State governmental agency includes, but is not limited to, a 
personnel-related action such as suspensions without pay, reductions in 
pay, reductions in grade, terminations or other comparable actions. A 
hallmark of any valid adjudicated action or decision is the existence 
of a due process mechanism. In general, if an ``adjudicated action or 
decision'' follows an agency's established administrative procedures 
(which ensure due process is available to the subject of the final 
adverse action), it would qualify as a reportable action under this 
definition. For health plans that are not government entities, an 
action taken following adequate notice and hearing requirements that 
meet the standards of due process set out in section 412(b) of the 
HCQIA (42 U.S.C. 11112(b)) also would qualify as a reportable action 
under this definition. Under section 412(b) of HCQIA, the procedure 
should involve provision (or voluntary waiver by the subject) of the 
notice of the proposed action, notice of a hearing, and conduct of the 
hearing. The fact that a subject elects not to use the due process 
mechanism provided by the authority bringing the action is immaterial, 
as long as such a process is available to the subject before the 
adjudicated action or decision is made final.
    In these regulations, the word ``adjudicated'' is not viewed as a 
restriction that limits these actions only to those resulting from a 
governmental

[[Page 58345]]

judicial process. Rather, the word implies that in order for an action 
or decision to be reportable it must adhere to basic guidelines of due 
process. Examples of ``other adjudicated actions or decisions'' include 
administrative agency sanctions and clinical privilege actions.
    We believe that any final adverse action included in accordance 
with this language must be final, have been subject to adjudication, 
and be related to delivery of a health care item or service. We also 
believe that the inclusion of actions taken against a practitioner's 
clinical privileges, including those taken by health plans, should be 
included if they meet the above tests. Discussions with health plan 
representatives, and examination of reporting patterns by health plans 
to the NPDB, indicate that health plans do take final actions against a 
practitioner's clinical privileges which meet these three criteria. It 
should be noted that final adverse actions taken against clinical 
privileges must result from acts of commission or omission related to 
professional competence or professional conduct. Matters unrelated to 
the professional competence or professional conduct of a health care 
practitioner resulting in a final adverse action against clinical 
privileges should not be reported to the HIPDB. We believe that in the 
absence of statutory language regarding the definition of 
``adjudicated,'' this interpretation recognizes the evolving mechanisms 
by which final adverse actions are taken by reporting entities, such as 
State agencies and health plans, to protect the public against health 
care fraud and abuse. Moreover, it recognizes the substantial shift in 
care from inpatient facilities to the outpatient arena and the 
concomitant shift in the meaning of ``clinical privileges'' from that 
associated with inpatient care, to that associated with outpatient 
care, especially in the managed care setting.
    In addition to proposing these definitions in Sec. 61.3, we also 
have contemplated including a definition for the term ``health care 
abuse.'' The statute does not define this term, and we are electing not 
to define the term at this time. The range of reportable final adverse 
actions specified in the statute suggests that the Congress intended a 
broad interpretation of ``health care abuse.'' There is wide variation 
in the term's meaning within the law enforcement and health care 
communities. For the purposes of this statute, we believe ``health care 
abuse'' relates to provider, supplier and practitioner practices that 
are inconsistent with accepted sound fiscal, business or medical 
practices which directly or indirectly may result in (1) unnecessary 
costs to the program; (2) improper payment; (3) services that fail to 
meet professionally recognized standards of care or are medically 
unnecessary; or (4) services that directly or indirectly result in 
adverse patient outcomes or delays in appropriate diagnosis or 
treatment. We believe health care abuse also would include verbal, 
sexual, physical or mental abuse, corporal punishment, involuntary 
seclusion or patient neglect, or misappropriation of patient property 
or funds. We specifically invite comments on whether a definition of 
the term ``health care abuse'' should be included in the regulations 
and, if so, what definition would most clearly capture the range of 
reportable final adverse actions specified by Congress.
    For health plans that are not government entities, an action taken 
following adequate notice and hearing requirements that meet the 
standards of due process set out in section 412(b) of the HCQIA also 
would qualify as a reportable action under this definition. Under 
section 412(b) of the HCQIA, the procedure should involve provision (or 
voluntary waiver by the subject) of notice of the proposed action, 
notice of a hearing and conduct of the hearing.

2. When Information Must be Reported

    The statute requires that Federal and State government agencies and 
health plans report final adverse actions ``regularly but not less 
often than monthly.'' Because an exclusion or licensing action may be 
effectuated at a later date than when the action is actually taken, we 
are proposing giving maximum flexibility to agencies in reporting final 
adverse actions in a timely manner. According, we are proposing in 
Sec. 61.5 that information be submitted to the HIPDB within 30 calendar 
days from (1) the date the final adverse action was taken, (2) the date 
when the reporting entity became aware of the final adverse action, or 
(3) by the close of the entity's next monthly reporting cycle, 
whichever is later. To capture any differing dates, the date of the 
final adverse action was taken, its effective date and duration would 
all be contained in the information reported to the HIPDB to be set 
forth in our discussion of the specific reporting requirements in 
proposed Secs. 61.7, 61.8, 61.9, 61.10 and 61.11 below.
    We acknowledge that reporters currently may not be able to provide 
all of the proposed data elements. We are proposing to set forth in 
Secs. 61.7, 61.8, 61.9, 61.10, and 61.11 a list of mandatory data 
elements. In addition, in these sections, we also would list data 
elements that should be reported to the data bank when known.
    It should be noted, however, that the statute requires the 
reporting and disclosure of Social Security numbers and Federal 
Employer Identification numbers. Specifically, section 1128E(b)(2)(A) 
of the Act mandates that Federal and State government agencies and 
health care plans collect and report Social Security numbers and 
Federal Employer Identification numbers for the purposes of reporting 
to the HIPDB. As a result, the Secretary intends to request Social 
Security numbers and Federal Employer Identification numbers for all 
reporters and queriers requiring explicit matching of specific names to 
HIPDB adverse action reports. We recognize the possibility that 
providing these identifiers for purposes of requesting information may 
present a burden for some classes of users. However, the collection of 
Social Security numbers and Federal Employer Identification numbers 
will provide a greater confidence level in the system's matching 
algorithm of health care providers, suppliers and practitioners. It 
also will maximize the system's ability to prevent the erroneous 
reporting and disclosure of health care providers, suppliers and 
practitioners. The proper matching of individuals based on personal 
identifiers, such as Social Security numbers, strengthens the State's 
ability to detect individuals who move from State to State without 
disclosure or discovery of previous damaging performance.

3. Reporting Errors, Omissions, Revisions and Actions on Appeal

    Section 1128E (c)(2) of the Act requires that each government 
agency and health plan report corrections to information previously 
submitted to the HIPDB in such form and manner as the Secretary 
prescribes by regulation. Accordingly, the HIPDB has been designed to 
comply with the statutory requirements and the Department's principles 
of fair information practice. In proposed Sec. 61.6 of these 
regulations, we are indicating that if any errors or omissions in the 
final adverse action are discovered after the information has been 
reported, the person or entity that reported such information must send 
an addition or correction to the HIPDB within 60 calendar days of the 
discovery. Any revision to the action or to appeal status must 
similarly be reported within 30 calendar days after the reporting 
entity learns of such revision. In turn, as indicated above, each 
subject of a report will receive a copy when it is entered into the 
HIPDB

[[Page 58346]]

and a copy of all revisions and corrections to the report. It should be 
noted that this is not an opportunity for the subjects to request 
readjudication of their cases; it is only for the reporting entity to 
correct any errors or omissions in the information.

4. Reporting Licensure Actions Taken by Federal or State Licensing and 
Certification Agencies

    Under section 1128E(g)(1)(A)(iii) of the Act, Federal and State 
licensing and certification agencies must report to the HIPDB all of 
the following final adverse actions that are taken against a health 
care provider, supplier, or practitioner--
    (1) Formal or official actions, such as revocation or suspension of 
a license (and the length of any such suspension), reprimand, censure, 
or probation;
    (2) Any other loss of the license or the right to apply for, or 
renew, a license of the provider, supplier, or practitioner, whether by 
operation of law, voluntary surrender, non-renewability, or otherwise; 
and
    (3) Any other negative action or finding by such Federal or State 
agency that is publicly available information.
    Proposed Sec. 61.7 is intended to address these reporting licensure 
actions taken by Federal and State licensing and certification 
agencies. In Sec. 61.7, the phrase ``other negative action or finding'' 
by a Federal or State licensing and certification authority would mean 
any action or finding that is publicly available and rendered by a 
licensing or certification authority. These actions or findings 
include, but are not limited to, imposition of civil money penalties 
(CMPs) and administrative fines, limitations on the scope of practice, 
injunctions and forfeitures.
    This definition also would include final adverse actions occurring 
in conjunction with settlements in which no findings or admissions of 
liability have been made, and that would otherwise be reportable under 
the statute. By defining ``other negative action or finding'' in this 
way, we believe that Federal or State licensing and certification 
authorities will accommodate State to State variation when determining 
adverse actions in reporting negative actions or findings to the HIPDB, 
provided that those actions or findings are available publicly.
    The statute specifically requires reporting of a health care 
provider, supplier or practitioner who voluntarily surrenders a license 
or certification. Based on extensive discussions with various State 
agencies, we have been advised that voluntary surrender and non-renewal 
of licensure and provider participation agreements are used as means to 
exclude questionable health care providers, suppliers and practitioners 
from participating in Federal and State health care programs. These 
voluntary surrenders and non-renewal actions result in allowing health 
care providers, suppliers or practitioners to move from State to State 
without detection. Therefore, for reporting purposes, the term 
``voluntary surrender'' is defined to include a surrender made after a 
notification of investigation or a formal official request by Federal 
or State licensing or certification authorities for a health care 
provider, supplier or practitioner to surrender the license or 
certification (including certification agreements or contracts for 
participation in Federal or State health care programs). The definition 
also includes those instances where a health care provider, supplier or 
practitioner voluntarily surrenders a license or certification 
(including program participation agreements or contracts) in exchange 
for a decision by the licensing or certification authority to cease an 
investigation or similar proceeding, or in return for not conducting an 
investigation or proceeding, or in lieu of a disciplinary action. We 
are seeking guidance and public comment on the frequency of such 
actions taken in lieu of sanctions, as well as the utility of such 
information to eligible queriers of the HIPDB.
    We recognize that many voluntary surrenders are not a result of the 
type of adverse action that are intended for inclusion in the HIPDB. 
Therefore, we are proposing that voluntary surrenders and licensure 
non-renewals due to nonpayment of licensure fees, changes to inactive 
status and retirements be excluded from reporting to the HIPDB unless 
they are taken in combination with one or more of the circumstances 
listed above, in which case they would be reportable.
    In addition, we note that the NPDB currently receives adverse 
action reports on sanction and disciplinary actions concerning 
physicians and dentists related to professional competence or conduct. 
Under section 1128E of the Act, however, the only limitation on a 
reportable disciplinary action is that it must be a formal or official 
action; it need not be specifically related to professional competence 
or conduct. The Department recognizes that licensure actions reported 
by Boards of Medical and Dental Examiners concerning physicians and 
dentists in the NPDB overlap with the reportable actions under this 
statute. Therefore, we are proposing to implement this section in a 
manner to avoid duplication with the reporting requirements established 
for the NPDB under the HCQIA. Consistent with congressional intent, we 
will ensure that the reports required under both Acts will only be 
required to be reported once.

5. Reporting Federal or State Criminal Convictions Related to the 
Delivery of a Health Care Item or Service

    Under section 1128E(g)(i)(A)(ii) of the Act, Federal and State law 
enforcement and investigative agencies must report criminal convictions 
against health care providers, suppliers, or practitioners. Because the 
statute requires that a criminal conviction must be related to the 
delivery of a health care item or service to be reportable, we believe 
that the congressional intent is to limit the types of convictions 
reported to the HIPDB. Thus, under proposed Sec. 61.8, we are 
indicating that criminal convictions unrelated to the delivery of 
health care items or services would not be reported under this section.

6. Reporting of Civil Judgments in Federal or State Court Related to 
the Delivery of a Health Care Item or Service

    In accordance with section 1128E(g)(1)(A)(i) of the Act, proposed 
Sec. 61.9 would indicate that Federal and State law enforcement and 
investigative agencies, and health plans must report civil judgments 
related to the delivery of a health care item or service (except those 
resulting from medical malpractice) against health care providers, 
suppliers or practitioners. Civil judgments must be entered or approved 
by a Federal or State court. This reporting requirement does not 
include Consent Judgments that have been agreed upon and entered to 
provide security for civil settlements in which there was no finding or 
admission of liability.

7. Reporting Exclusion From Participation in Federal or State Health 
Care Programs

    Proposed Sec. 61.10, in accordance with section 1128E(g)(1)(A)(iv) 
of the Act, states that the Office of Inspector General (OIG) must 
report health care providers, suppliers or practitioners excluded from 
participating in Federal or State health care programs. This includes 
exclusions that were made in a matter in which there also was a 
settlement that is not reported because no findings or admissions of 
liability had been made.

8. Reporting Other Adjudicated Actions or Decisions

    Proposed Sec. 61.11 would address the reporting of other 
adjudicated actions or

[[Page 58347]]

decisions. Although not specifically required by the statute, we 
believe that ``any other adjudicated actions or decisions'' should 
relate to the delivery of a health care item or service, as do criminal 
convictions and civil judgments collected under the statute. In 
addition, we are proposing in this section that a due process mechanism 
is available with all adjudicated actions or decisions. Examples of an 
adjudicated action or decision would include, but would not be limited 
to, orders by an administrative law judge, CMPs and assessments, 
revocations, debarments or other restrictions from participating in 
Federal or State government contracts or programs, liquidation, 
dissolution, license cancellation, or revocations or limitations on 
clinical privileges or staff privileges by a health plan. We believe 
that this definition encompasses actions that are consistent with the 
characteristics of the specific final adverse actions already defined 
by statute.

9. Fees Applicable to Requests for Information

    Section 61.13 proposes fees that would apply to all requests for 
information from the HIPDB. However, for purposes of verification and 
dispute resolution, the HIPDB does intend to provide a copy--
automatically, without a request and free of charge--of every record to 
the health care provider, supplier or practitioner who is the subject 
of the report. The Act exempts Federal agencies from these fees.
    The fees to be charged would be based on the full costs of 
operating the database, as authorized in section 1128E(d)(2) of the 
Act; criteria for assessing fees would be based on the guidelines set 
forth in OMB Circular A-25. These costs would encompass all direct and 
indirect costs of disclosure and of providing such information, 
including but not limited to, (1) direct and indirect personnel costs; 
(2) physical overhead, consulting, and other indirect costs; (3) agency 
management and supervisory costs; and (4) costs of enforcement, 
collection, research, establishment, regulations and guidance. For 
maximum efficiency, we intend for the HIPDB to be an all-electronic 
system, with all fees collected through the most cost-effective methods 
(such as credit card and electronic funds transfer).
    While these regulations are intended to set forth the criteria for 
establishing the fees and the procedures for establishing and 
collecting fees, the actual amounts of the fees will be published in 
periodic notices issued by the Department in the Federal Register.

10. Confidentiality of HIPDB Information

    Proposed Sec. 61.14 addresses the confidentiality requirements that 
would apply to all information obtained from the HIPDB. We believe that 
these confidentiality requirements are clearly specified in sections 
1128E(b)(3) and (d)(1) and 1128C(a)(3)(B)(ii) of the Act. Specifically, 
section 1128E(b)(3) of the Act requires the Secretary to protect the 
privacy of individuals receiving health care services when determining 
what information is required. Section 1128E(d)(1) of the Act provides 
that information in the HIPDB will be available to Federal and State 
government agencies and health plans. Section 1128C(a)(3)(B)(ii) of the 
Act requires the Secretary to assure that HIPDB information is provided 
and utilized in a manner that appropriately protects the 
confidentiality of the information. As a result, we are proposing that 
information from this system be confidential and disclosed only for the 
purpose for which it was provided. Appropriate uses of the information 
would include the prevention of fraud and abuse activities and 
improving the quality of patient care.
    We believe that this proposed provision does not go beyond the 
requirements set forth in the Act. The requirements would not prevent 
an authorized user from sharing information from the HIPDB within the 
entity that requested it, as long as the information is used solely for 
the purpose for which it was provided. However, in accordance with 
section 1128E(b)(3) of the Act, information obtained by a government 
contractor, e.g., a Medicare carrier, an intermediary or auditor, may 
only be used in the furtherance of its contractual responsibilities and 
in conformity with protecting the identity of individuals receiving 
health care services.
    We recognize that this data bank is subject to the Privacy Act (5 
U.S.C. 552a), which protects the privacy of individually identifiable 
records held by a Federal agency that relate to the subject of the 
final adverse action. We will publish a notice for public comment for 
purposes of establishing a Privacy Act exception for the HIPDB. We are 
not including in the data bank any individually identifiable patient 
records.

11. How To Dispute the Accuracy of HIPDB Information

    Section 61.15 of these proposed regulations sets forth the 
procedures for submitting a statement, filing a dispute, and revising 
disputed information in a previously submitted report. The subject may 
dispute only the factual accuracy of the information contained in the 
HIPDB report concerning the individual or entity. We note that the 
Secretary will not review issues regarding the merits of the case, or 
the due process that the subject received. The dispute process affords 
the subject an opportunity to bring relevant factual information, 
including reversals of criminal convictions by an appeals court, to the 
attention of the reporter. If the reporter does not revise the 
information, the subject can request in writing, within 60 calendar 
days after receipt of the report, that the Secretary review the matter. 
After such review, the Secretary can remove the dispute status, correct 
the information, leave the information unchanged, void the report from 
the HIPDB or add a statement to the record for reports that are not 
voided. This dispute process is consistent with that for the NPDB.

12. Sanctions for Failure To Report

    In addition to addressing the provisions from section 221(a) of 
Public Law 104-191, we also are proposing to incorporate into these 
regulations the new CMP sanctions provision for failure to report 
information to the data bank, as set forth in section 4331 of Public 
Law 105-33, the Balanced Budget Act of 1997. As a result, in 
Secs. 61.9(d) and 61.11(d) we are indicating that any health plan that 
fails to report information on a final adverse action that is required 
to be reported will be subject to a CMP of not more than $25,000 for 
each such adverse action not reported. Such penalty would be imposed 
and collected in the same manner as CMPs under section 1128A(a) of the 
Act. We also intend to amend 42 CFR part 1003 in separate rulemaking to 
reflect this new CMP authority.

III. Implementation Schedule

    Implementation of these regulations will be incremental and will 
begin by first including the following actions: (1) final adverse 
licensure actions taken against health care practitioners by Federal or 
State agencies responsible for the licensing and certification of such 
practitioners; (2) Federal criminal convictions and civil judgments 
related to the delivery of health care items or services against health 
care providers, suppliers or practitioners; and (3) exclusions of 
health care providers, suppliers or practitioners from participation in 
Federal and State health care programs. This phased-in process does not 
exempt reporters from collecting and maintaining information

[[Page 58348]]

required under the statute as of August 21, 1996. It also affords the 
reporter an opportunity to internally develop a mechanism for 
collecting all mandatory data elements. The Department will announce 
through issuance of notice(s) in the Federal Register a schedule when 
reporters are to begin reporting to, and when information will be 
available from, the HIPDB. Reporters to both the HIPDB and the NPDB 
will not be required to report their actions separately to each data 
bank. A revised reporting form will be used to accommodate both 
systems, thus only requiring one report of each action that is 
reportable to both the HIPDB and the NPDB when this form is approved by 
the Office of Management and Budget in accordance with the Paperwork 
Reduction Act of 1995.
    All final adverse action information as of August 21, 1996 will be 
reported to the HIPDB.

IV. Regulatory Impact Statement

Executive Order 12866, the Unfunded Mandates Reform Act and the 
Regulatory Flexibility Act

    The Office of Management and Budget (OMB) has reviewed this 
proposed rule in accordance with the provisions of Executive Order 
12866 and the Regulatory Flexibility Act (5 U.S.C. 601-612), and has 
determined that it does not meet the criteria for a significant 
regulatory action. Executive Order 12866 directs agencies to assess all 
costs and benefits of available regulatory alternatives and, when 
rulemaking is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health, safety, distributive and equity effects). The Unfunded Mandates 
Reform Act, Public Law 104-4, requires that agencies prepare an 
assessment of anticipated costs and benefits on any rulemaking that may 
result in an annual expenditure by State, local or tribal government, 
or by the private sector of $100 million or more. In addition, under 
the Regulatory Flexibility Act, if a rule has a significant economic 
effect on a substantial number of small entities, the Secretary must 
specifically consider the economic effect of a rule on small entities 
and analyze regulatory options that could lessen the impact of the 
rule.
    Executive Order 12866 requires that all regulations reflect 
consideration of alternatives, costs, benefits, incentives, equity, and 
available information. Regulations must meet certain standards, such as 
avoiding unnecessary burden. Regulations that are ``significant'' 
because of cost, adverse effects on the economy, inconsistency with 
other agency actions, effects on the budget, or novel legal or policy 
issues, require special analysis. We believe that the resources 
required to implement the requirements in these regulations would be 
minimal. Consistent with the statute, these proposed regulations 
identify certain data elements for reporting that are mandatory and 
specify other discretionary data elements for reporting. Many of the 
mandatory and discretionary data elements being set forth in this 
proposed rulemaking are already collected and maintained on a routine 
basis for a variety of purposes, and should not result in additional 
costs or in new and significant burdens on reporting entities. In 
consultation with States, the Department has been made aware that 
States routinely collect and maintain much of this information and are 
already reporting information on health care practitioners to the NPDB. 
Many licensing boards also routinely collect and report much of this 
information to national organizations such as the National Council of 
State Boards of Nursing, Federation of Chiropractic Licensing Boards, 
American Association of State Social Work Boards, Federation of State 
Medical Boards and the Association of State and Provincial Psychology 
Boards. In addition, State Survey and Certification agencies also are 
required to report adverse information to HCFA on certain health care 
providers, suppliers and practitioners. Additionally, on a continuous 
basis, the OIG routinely collects and maintains sanction data on health 
care providers, suppliers and practitioners excluded from government 
health care programs. Since we recognize that some classes of reporters 
may not collect or maintain the full array of data elements 
contemplated for inclusion into the data bank (e.g., names of 
affiliated or associated health care entities, or a DEA registration 
number), we are classifying certain data elements to be reported when 
known. We intend not to impose new or added burdens on reporters and 
are proposing to give reporters the option of omitting certain 
discretionary data elements that they do not maintain or to which they 
do not have access.
    We have determined that this proposed rulemaking would not meet the 
criteria for a major rule, as defined by Executive Order 12866. As 
indicated above, these proposed regulations are designed to establish 
procedures for reporting to and releasing from the HIPDB, information 
on health care providers, suppliers or practitioners against whom final 
adverse actions have been taken. According to the National District 
Attorneys Association, the annual number of criminal convictions is 
approximately 13 per State and civil judgments are approximately 9 per 
State each year. Based on the reporting patterns of health plans to the 
NPDB, we also believe that less than 0.1 percent (19) of the estimated 
20,000 health plans will report to the HIPDB each year. As such, we do 
not anticipate that the data collection process will have a significant 
impact on State government agencies and health plans, and we believe 
that this rule would not have a major effect on the economy or on 
Federal and State expenditures.
    Additionally, in accordance with the Unfunded Mandates Reform Act 
of 1995, we have determined the only costs (which we believe will not 
be significant) would include the ability to transmit the information 
electronically (e.g., Internet service) and additional staff hours 
needed to transmit the information. While we do not have sufficient 
information at this time to provide estimates of the number of State 
agencies impacted, the State licensing and certification agencies have 
estimated that the initial start-up cost will be $5,000 per State 
licensing and certification agency ($5,000 per State licensing and 
certification agency  x  216 State agencies=$1,080,000). The Department 
estimates that the initial start-up cost will be less than $100 per 
health plan ($100 per health plan  x  20,000 health plans=$2,000,000). 
Section 221(a) of HIPAA intends that the Federal government will not 
incur any costs for the operation and maintenance of the HIPDB; user 
fees are intended to cover the full costs of the HIPDB. For the reasons 
stated above, the Department has determined that this rule does not 
impose any mandates on State, local or tribal governments, or the 
private sector that will result in an annual expenditure of $100 
million or more, and that a full analysis under the Act is not 
necessary.
    In addition, in accordance with the Regulatory Flexibility Act of 
1980 (RFA), and the Small Business Regulatory Enforcement Act of 1996, 
which amended the RFA, we are required to determine if this rule will 
have a significant economic effect on a substantial number of small 
entities and, if so, to identify regulatory options that could lessen 
the impact. For purposes of this rule, we have defined small entities 
as nonprofit organizations and local government agencies; individuals 
and States are not included in this definition of small entities. 
Although the statute does not specify local government agencies as 
reporters,

[[Page 58349]]

we also have given States the option to decide the manner in which they 
will report, i.e., having one centralized point for reporting or having 
multiple agencies such as municipalities and local government agencies 
(including District and County attorneys) report independently to the 
HIPDB. If States elect to have multiple agencies reporting 
independently to the HIPDB, we have determined that both the burden and 
costs associated with reporting to the HIPDB will be minimal. According 
to the National District Attorneys Association, there are approximately 
2,700 District Attorneys throughout the country and, as indicated 
above, there are approximately 13 criminal convictions per State each 
year related to health care violations and 9 civil judgments per State 
each year related to health care violations. Based on discussions with 
health plans and examination of reporting patterns of health plans to 
the NPDB, we also believe that less than 0.1 percent (19) of the 
estimated 20,000 health plans will report to the HIPDB each year. As a 
result, we have determined that this rule would affect less than 100 
nonprofit and local government agencies overall. Thus, the Secretary 
certifies that these proposed regulations would not have a significant 
impact on a substantial number of small entities.

Paperwork Reduction Act

    This proposed rule contains information collection requirements 
necessitating clearance by OMB. As required by the Paperwork Reduction 
Act (PRA) of 1995 (44 U.S.C. 3507(d)), the Department has submitted a 
copy of this proposed rule to OMB for its review of these information 
collection requirements.
    Collection of Information: The Healthcare Integrity and Protection 
Data Bank for Final Adverse Information on Health Care Providers, 
Suppliers and Practitioners.
    Description: Information collected under Secs. 61.6, 61.7, 61.8, 
61.9, 61.11, 61.12 and 61.15 of this proposed rule would be used by 
authorized parties, specified in the proposed rule, to prevent health 
care fraud and abuse activities and to improve the quality of patient 
care.
    Description of Respondents: Federal and State government agencies 
and health plans. The reports from Federal agencies are not subject to 
the PRA.
    Estimated Annual Reporting: The Department estimates that the 
public reporting burden for this proposed rule is 132,733 hours.
    The estimated annual reporting and querying burden is as follows:

----------------------------------------------------------------------------------------------------------------
                                                                                     Hours per
           Section No.               Number of     Responses per       Total         response      Total burden
                                    respondents      respond't       responses         (min)           hours
----------------------------------------------------------------------------------------------------------------
Sec.  61.6, Errors & Omissions..       \1\ 1,200               1           1,200              25             500
Sec.  61.6, Revisions/Appeal
 Status.........................       \1\ 1,000               1           1,000              75           1,250
Sec.  61.7:
    Licensure Actions:
     Disclosure by State
     Licensing Boards...........       \2\ 1,836               3           5,500              75           6,875
    Reporting by State Licensing
     Authorities................             216           25.46           5,500              15           1,375
Sec.  61.8, Criminal Convictions          \3\ 54              13             700              75             875
Sec.  61.9, Civil Judgments.....          \4\ 62               8             500              75             625
Sec.  61.11, Other Adjudicated
 Action or Decision.............          \5\ 66              12             800              75           1,000
Sec.  61.12:
    Queries.....................       \6\ 5,601             201       1,127,512               5          93,959
    Self-queries................          60,000               1          60,000              25          25,000
    Entity verification.........       \7\ 5,000               1           5,000              10             833
    Entity update...............             250               1             250               5              20
Sec.  61.12, Authorized agent
 designation \8\................             100               1             100              10              16
Sec.  61.12, Authorized agent
 designation update.............               5               1               5               5            0.42
Sec.  61.15:
    Disputed Reports &
     Secretarial Review
    Initial Request.............         \9\ 750               1             750              10             125
    Request for Secretarial
     Review.....................              37               1              37             480             296
                                 -------------------------------------------------------------------------------
    Total.......................          76,177                       1,208,854                        132,749
----------------------------------------------------------------------------------------------------------------
\1\ Section 61.6 requires each government agency or health plan that reports information to the HIPDB to ensure
  the accuracy of the information. If there are any errors or omissions to the reports previously submitted to
  the HIPDB, the individual or entity that submitted the report to the HIPDB is also responsible for making the
  necessary correction or revision to the original report. If there is any revision to the action or the action
  is on appeal, the individual or entity that submitted the original report to the HIPDB is also responsible for
  reporting revisions and whether the action is on appeal. Based on corrections and revisions made to
  information contained in the NPDB, we have estimated that a total of 1,200 respondents will need to correct
  their reports each year and that a total of 1,000 respondents will need to revise actions originally reported,
  or to report whether an action is on appeal each year. Based on experience with the NPDB, a correction is
  expected to take 25 minutes to complete and submit. A revision is expected to take somewhat longer (75
  minutes) because it involves completing a new report form rather that just correcting the individual items
  that are in error.
\2\ Section 61.7 requires Federal and State agencies responsible for the licensing and certification of health
  care providers, suppliers and practitioners to report all disciplinary licensure actions to the HIPDB.
  Therefore, we estimate that approximately 34 State licensing boards in each State will report to the State
  licensing and certification authorities (54 States and territories  x  34 licensing boards/per State = 1,836
  State licensing and certification boards), and the State licensing and certification authorities (4 per State)
  will be responsible for reporting information to the HIPDB (54 States and territories  x  4 State licensing
  and certification authorities/per State = 216 State licensing and certification authorities). We estimate that
  5,500 reports will be submitted directly to the HIPDB each year, for an average of 25 reports per State
  licensing and certification authority and 3 reports per State licensing board. Since disciplinary licensure
  actions by State licensing authorities in the NPDB overlap with this statute, this estimate does not include
  the licensure actions that will be reported directly to the NPDB and transmitted from there to the HIPDB. The
  estimates include only those actions which are reported solely to the HIPDB, such as actions taken against
  certain health care providers and suppliers. The HIPDB will use similar forms and procedures for reporting as
  the NPDB. As a result, we estimate that it will take a State licensing board 75 minutes to complete and submit
  an initial report. We also estimate that it will take a State licensing and certification authority 15 minutes
  to verify the accuracy and completeness of the information contained in the initial report before
  electronically submitting the information to the HIPDB.
\3\ Section 61.8 requires Federal and State prosecutors and investigative agencies to report criminal
  convictions related to the delivery of a health care item or service. Based on the number of health care
  providers, suppliers and practitioners convicted by the Federal government, we estimate that there will be an
  approximate total of 700 State criminal convictions reported to the HIPDB each year, for an average of 13
  convictions per State. Based on experience with the NPDB, we estimate that it will take 75 minutes to complete
  and submit each report.

[[Page 58350]]

\4\ Section 61.9 requires Federal and State attorneys and investigative agencies and health care plans to report
  civil judgments against health care providers, suppliers and practitioners related to the delivery of a health
  care item or service. We estimate that there will be an approximate total of 500 civil judgments each year
  that will be reported by the 54 States Attorneys and an estimated 8 health plans, for a total of 62 reporters.
  Based on experience with the NPDB, we estimate that it will take 75 minutes to complete and submit each
  report.
\5\ Section 61.11 requires Federal and State governmental agencies and health plans to report any adjudicated
  action or decision related to the delivery of a health care item or service against health care providers,
  suppliers and practitioners. We estimate that there will be an approximate total of 800 other adjudicated
  actions or decision reports submitted to the HIPDB each year by 54 State governmental agencies and an
  estimated 12 health plans, for a total of 66 reporters. Based on experience with the NPDB, we estimate that it
  will take 75 minutes to complete and submit each report.
\6\ Certain queriers have access to both the NPDB and the HIPDB. When these entities query one data bank, they
  will automatically receive reports from both. The Department estimates that there will be 1,127,512 queries
  submitted to the HIPDB per year on health care providers, suppliers and practitioners, including an estimated
  60,000 self-queries. These estimates include only queries submitted directly to the HIPDB; it does not include
  those transferred from the NPDB. The estimates of burden per response are based on experience with similar
  querying of the NPDB.
\7\ To access the HIPDB, entities are required to certify that they meet section 1128E reporting and querying
  requirements by completing an Entity Registration form and submitting it to the HIPDB. The information
  collected on this form provides the HIPDB with essential information concerning the entity, such as name,
  address and entity type. Eligible entities, such as State licensing agencies or certain managed care
  organizations, that have access to both the NPDB and the HIPDB have already registered for the NPDB and are
  not required to register separately for the HIPDB. Entities eligible to access only the HIPDB must complete
  and submit the Entity Registration form. We estimate that it will take an entity 10 minutes to complete and
  submit the Entity Registration form to the HIPDB. If there are any changes in the entity's name, address,
  telephone, entity type designation, or query and report point of contact, the entity representative must
  update the information on the Entity Information Update form and submit it to the HIPDB. Of the 5,000 new
  registrants, we estimate 250 entities (5 percent of all new registrants) will need to update their
  organization's information each year.
\8\ An eligible entity may elect to have an outside organization query or report to the HIPDB on its behalf.
  This organization is referred to as an authorized agent. Before an authorized agent acts on behalf of an
  entity, the eligible entity must complete and submit an Agent Designation form to the HIPDB Help Line. The
  information collected on this form provides the HIPDB with essential information concerning the agent, such as
  name address and telephone number. We estimate that 100 entities (2 percent of all new registrants) will elect
  an authorized agent to query or report to the HIPDB on their behalf. We estimate that it will take an entity
  10 minutes to complete and submit the Agent Designation form to the HIPDB. Any changes to the authorized agent
  designation, such as routing of responses to queries or termination of an authorized agent, the eligible
  entity must update the information on the Agent Designation Update form and submit it to the HIPDB. We
  estimate that five of the 100 eligible entities will need to update their agent's information each year.
\9\ Section 61.15 describes the process to be followed by a health care provider, supplier or practitioner in
  disputing the factual accuracy of information in a report and requesting Secretarial review of the disputed
  report. Based on experience with the NPDB, we estimate that 750 (10 percent of all new reports) will be
  entered into the ``disputed status.'' We estimate that it will take a health care provider, supplier or
  practitioner 10 minutes to notify the HIPDB to enter the report into ``disputed status.'' Of the 750 disputed
  reports, we estimate that only 37 reports (5 percent) will be forwarded to the Secretary for review. We
  estimate that it will take a health care provider, supplier or practitioner 8 hours to describe in writing
  which facts are in dispute and to gather supporting documentation related to the dispute.

    Forms to be used in the day-to-day management of the HIPDB would 
include the following:

--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                                        Hrs. per      Total
                          Form name                               No. of     Respon per     Total       respon.       burden     Wage rate    Total cost
                                                                 respond      respond      respons       (min)        hours
--------------------------------------------------------------------------------------------------------------------------------------------------------
Account Discrepancy..........................................        2,000            1        2,000            5          166         $ 15       $2,490
Electronic Funds Transfer Authorization......................          850            1          850            5           70           15        1,050
Entity Reactivation..........................................          500            1          500            5           41           15          615
                                                              ------------------------------------------------------------------------------------------
    Total....................................................        3,350  ...........        3,350  ...........          277  ...........       $4,155
--------------------------------------------------------------------------------------------------------------------------------------------------------

    Request for Comment: In accordance with the requirement of section 
3506(c)(2)(A) of the PRA for opportunity for public comment on proposed 
data collection projects, comments are invited on: (1) whether the 
proposed collection of information is necessary for the proper 
performance of the functions of the Department, including whether the 
information will have practical utility; (2) the accuracy of the 
Department's estimate of the burden of the proposed collection of 
information; (3) ways to enhance the quality, utility, and clarity of 
the information to be collected; and (4) ways to minimize the burden of 
the collection of information on respondents, including through the use 
of automated collection techniques or other forms of information 
technology.
    Written comments and recommendations concerning the proposed 
information collection requirements should be sent to: Allison Herron 
Eydt, Human Resources and Housing Branch, Office of Management and 
Budget, New Executive Office Building, Room 10235, Washington, D.C. 
20503. The OMB is required to make a decision concerning the collection 
of information contained in these proposed regulations between 30 and 
60 days after publication of this document in the Federal Register. 
Therefore, a comment to OMB is best assured of having its full effect 
if OMB receives it within 30 days of publication. This does not affect 
the deadline for the public to comment to the Department on the 
proposed regulations.

V. Public Inspection of Comments and Response to Comments

    Comments will be available for public inspection November 13, 1998 
in Room 2A-44, Parklawn Building, Health Resources and Services 
Administration, Bureau of Health Professions, Division of Quality 
Assurance at 5600 Fishers Lane, Rockville, Maryland, on Monday through 
Friday of each week (Federal holidays excepted) between the hours of 
10:00 a.m. and 2:00 p.m., (301) 443-2300.
    Because of the large number of items of correspondence we normally 
receive on Federal Register documents published for comment, we are not 
able to acknowledge or respond to them individually. We will consider 
all comments we receive by the date and time specified in the DATES 
section of this preamble, and will respond to the

[[Page 58351]]

comments in the preamble of the final rule.

List of Subjects in 45 CFR Part 61

    Health professions, Hospitals, Home health care agencies, Skilled 
nursing facilities, Durable medical equipment suppliers and 
manufacturers, Billing and transportation services, Health maintenance 
organizations, Health care insurers, Pharmaceutical suppliers and 
manufacturers, Reporting and recordkeeping requirements.

    Accordingly, a new 45 CFR part 61 would be added as set forth 
below:

PART 61--HEALTHCARE INTEGRITY AND PROTECTION DATA BANK FOR FINAL 
ADVERSE INFORMATION ON HEALTH CARE PROVIDERS, SUPPLIERS AND 
PRACTITIONERS

Subpart A--General Provisions

Sec.
61.1  The Healthcare Integrity and Protection Data Bank.
61.2  Applicability of these regulations.
61.3  Definitions.

Subpart B--Reporting of Information

61.4  How information must be reported.
61.5  When information must be reported.
61.6  Reporting errors, omissions, revisions, or whether an action 
is on appeal.
61.7  Reporting licensure actions taken by Federal or State 
licensing and certification agencies.
61.8  Reporting Federal or State criminal convictions related to the 
delivery of a health care item or service.
61.9  Reporting civil judgments related to the delivery of a health 
care item or service.
61.10  Reporting exclusion from participation in Federal or State 
health care programs.
61.11  Reporting other adjudicated actions or decisions.

Subpart C--Disclosure of Information by the Healthcare Integrity and 
Protection Data Bank

61.12  Requesting information from the Healthcare Integrity and 
Protection Data Bank.
61.13  Fees applicable to requests for information.
61.14  Confidentiality of Healthcare Integrity and Protection Data 
Bank information.
61.15  How to dispute the accuracy of Healthcare Integrity and 
Protection Data Bank information.

    Authority: 42 U.S.C. 1320a-7e.

Subpart A--General Provisions


Sec. 61.1  The Healthcare Integrity and Protection Data Bank.

    (a) Section 1128E of the Social Security Act (the Act) authorizes 
the Secretary of Health and Human Services (the Secretary) to implement 
a national health care fraud and abuse data collection program for the 
reporting and disclosing of certain final adverse actions taken against 
health care providers, suppliers, or practitioners. Section 1128E of 
the Act also directs the Secretary to maintain a database of final 
adverse actions taken against health care providers, suppliers, or 
practitioners. This data bank will be known as the Healthcare Integrity 
and Protection Data Bank (HIPDB). Settlements in which no findings or 
admissions of liability have been made will be excluded from being 
reported. However, any final adverse action that emanates from such 
settlements, and that would otherwise be reportable under the statute, 
will be reported to the HIPDB.
    (b) Section 1128E of the Act also requires the Secretary to 
implement the HIPDB in such a manner as to avoid duplication with the 
reporting requirements established for the National Practitioner Data 
Bank (NPDB). In accordance with the statute, the reporter responsible 
for reporting the final adverse actions to both the HIPDB and the NPDB 
will be required to submit only one report, provided that reporting is 
made through the Department's consolidated reporting mechanism that 
will sort the appropriate actions into the HIPDB, NPDB or both.
    (c) These regulations set forth the reporting and disclosure 
requirements for the HIPDB.


Sec. 61.2  Applicability of these regulations.

    The regulations in this part establish reporting requirements 
applicable to Federal and State government agencies and to health 
plans, as the terms are defined under Sec. 61.3 of this part.


Sec. 61.3  Definitions.

    Act means the Social Security Act.
    Affiliated or associated means health care entities with which a 
subject of a final adverse action has a business or professional 
relationship. This includes, but is not limited to, organizations, 
associations, corporations, or partnerships. It also includes a 
professional corporation or other business entity composed of a single 
individual.
    Any other negative action or finding by a Federal or State 
licensing and certification agency means any action or finding that is 
a matter of public record and rendered by a licensing or certification 
authority, including but not limited to, imposition of civil money 
penalties and administrative fines, limitations on the scope of 
practice, liquidations, injunctions, forfeitures, and criminal 
convictions and civil judgments which, under that State's laws, are 
reportable to that State's boards or agencies which license or certify 
health care practitioners, providers or suppliers. This definition also 
includes final adverse actions (such as civil money penalties and 
administrative fees that occur in conjunction with settlements) in 
which no findings or admissions of liability have been made, and that 
would otherwise be reportable under the statute.
    Civil judgment means a court-ordered action rendered in a Federal 
or State court proceeding, other than a criminal proceeding. This 
reporting requirement does not include consent judgments that have been 
agreed upon and entered to provide security for civil settlements in 
which there was no finding or admission of liability.
    Clinical privileges includes, as appropriate to the organization, 
privileges, membership on the medical staff and other circumstances 
pertaining to the furnishing of medical care under which a physician, 
dentist or other licensed health care practitioner is permitted to 
furnish such care by a health plan or by a Federal or State agency that 
either administers or provides payment for the delivery of health care 
services.
    Criminal conviction means a conviction as described in section 
1128(i) of the Act.
    Exclusion means a temporary or permanent debarment of an individual 
or entity from participation in any Federal or State health-related 
program, and that items or services furnished by such person or entity 
will not be reimbursed under any Federal or State health-related 
program.
    Government agency includes, but is not limited to--
    (1) The U.S. Department of Justice;
    (2) The U.S Department of Health and Human Services;
    (3) Any other Federal agency that either administers or provides 
payment for the delivery of health care services, including, but not 
limited to the U.S. Department of Defense and the U.S. Department of 
Veterans Affairs;
    (4) State law enforcement agencies, which include States Attorneys 
General;
    (5) State Medicaid Fraud Control Units; and
    (6) Federal or State agencies responsible for the licensing and 
certification of health care providers, suppliers or licensed health 
care practitioners. Examples of such State agencies include Departments 
of Professional Regulation, Health, Social Services (including State 
Survey and Certification and Medicaid Single State agencies), Commerce 
and Insurance.

[[Page 58352]]

    Health care fraud means fraud as defined in section 241 of the 
Health Insurance Portability and Accountability Act (HIPAA) of 1996, 
Public Law 104-191.
    Health care provider means a provider of services as defined in 
section 1861(u) of the Act; any health care entity (including a health 
maintenance organization, preferred provider organization or group 
medical practice) that provides health care services and follows a 
formal peer review process for the purpose of furthering quality health 
care; or any other health care entity that, directly or through 
contracts, provides health care services.
    Health care supplier means a provider of medical and other health 
care services as described in section 1861(s) of the Act; or any 
individual or entity, other than a provider, who furnishes or provides 
access to health care services, supplies, items or ancillary services 
(including, but not limited to, durable medical equipment suppliers and 
manufacturers of health care related items, pharmaceutical suppliers 
and manufacturers, health record services such as medical, dental and 
patient records, health data suppliers, and billing and transportation 
service suppliers). The term also includes any individual or entity 
under contract to provide such supplies, items or ancillary services, 
and any group, organization or company providing health benefits 
whether directly, or indirectly through insurance, reimbursements or 
otherwise, (including but not limited to, insurance producers such as 
agents, brokers, solicitors, consultants and reinsurance 
intermediaries, insurance companies, self-insured employers and health 
care purchasing groups or entities).
    Health plan means a plan, program or organization that provides 
health benefits, whether directly, through insurance, reimbursement or 
otherwise, and includes but is not limited to--
    (1) A policy of health insurance;
    (2) A contract of a service benefit organization;
    (3) A membership agreement with a health maintenance organization 
or other prepaid health plan;
    (4) A plan, program, or agreement established, maintained or made 
available by an employer or group of employers, a practitioner, 
provider or supplier group, third party administrator, integrated 
health care delivery system, employee welfare association, public 
service group or organization or professional association; and
    (5) An insurance company, insurance service or insurance 
organization that is licensed to engage in the business of selling 
health care insurance in a State and which is subject to State law 
which regulates health insurance.
    Licensed health care practitioner, licensed practitioner, or 
practitioner mean, with respect to a State, an individual who is 
licensed or otherwise authorized by the State to provide health care 
services (or any individual who, without authority, holds himself or 
herself out to be so licensed or authorized).
    Other adjudicated actions or decisions means an official action 
taken by a Federal or State governmental agency or health plan against 
a health care provider, supplier or practitioner based on acts or 
omissions that affect or could significantly affect the delivery or 
payment of a health care item or service. For example, an official 
action taken by a Federal or State governmental agency includes, but is 
not limited to, a personnel-related action such as suspensions without 
pay, reductions in pay, reductions in grade, terminations or other 
comparable actions. A hallmark of any valid adjudicated action or 
decision is the existence of a due process mechanism. In general, if an 
``adjudicated action or decision'' follows an agency's established 
administrative procedures (which ensure that due process is available 
to the subject of the final adverse action), it would qualify as a 
reportable action under this definition. For health plans that are not 
government entities, an action taken following adequate notice and 
hearing requirement that meets the standards of due process set out in 
section 412(b) of the HCQIA (42 U.S.C. 11112(b)) also would qualify as 
a reportable action under this definition. The fact that the subject 
elects not to use the due process mechanism provided by the authority 
bringing the action is immaterial, as long as such a process is 
available to the subject before the adjudicated action or decision is 
made final.
    Secretary means the Secretary of Health and Human Services and any 
other officer or employee of the Department of Health and Human 
Services to whom the authority involved has been delegated.
    State means any of the fifty States, the District of Columbia, the 
Commonwealth of Puerto Rico, the Virgin Islands and Guam.

Subpart B--Reporting of Information


Sec. 61.4  How information must be reported.

    Information must be reported to the HIPDB as required under 
Secs. 61.6, 61.7, 61.8, 61.9, 61.10 and 61.11 of this part in such form 
and manner as the Secretary may prescribe.


Sec. 61.5  When information must be reported.

    (a) Information required under Secs. 61.7, 61.8, 61.9, 61.10 and 
61.11 of this part must be submitted to the HIPDB within 30 calendar 
days from the date the final adverse action was taken; the date when 
the reporting entity became aware of the final adverse action; or by 
the close of the entity's next monthly reporting cycle, whichever is 
later.
    (b) The date of the final adverse action was taken, its effective 
date and duration would be contained in the information reported to the 
HIPDB under Secs. 61.7, 61.8, 61.9, 61.10 and 61.11 of this part.


Sec. 61.6  Reporting errors, omissions, revisions or whether an action 
is on appeal.

    (a) If errors or omissions are found after information has been 
reported, the reporter must send an addition or correction to the 
HIPDB. This is an opportunity only for the subjects to request the 
reporting entity to correct any errors or omissions in the information, 
and not for requests for readjudication of their cases.
    (b) A reporter that reports information on licensure, exclusion, 
criminal convictions, civil or administrative judgments, or adjudicated 
actions or decisions under Secs. 61.7, 61.8, 61.9, 61.10 or 61.11 of 
this part also must report any revision of the action originally 
reported. Revisions include reversal of a criminal conviction, reversal 
of a judgment or other adjudicated decisions or whether the action is 
on appeal, and reinstatement of a license.
    (c) The subject will receive a copy of all reports, including 
revisions and corrections to the report.
    (d) Upon receipt of a report, the subject--
    (1) Can accept the report as written;
    (2) May provide a statement to the HIPDB, either directly or 
through a designated representative, that will permanently append the 
report (The statement should be limited to 2,000 characters and will be 
included in the record. The HIPDB will distribute the statement to 
queriers (where identifiable), the reporting entity and the subject of 
the report. The HIPDB will not edit the statement; only the subject 
can, upon request, make changes to the statement.); or
    (3) May follow the dispute process in accordance with Sec. 61.15 of 
this part.

[[Page 58353]]

Sec. 61.7  Reporting licensure actions taken by Federal and State 
licensing and certification agencies.

    (a) What actions must be reported. Federal and State licensing and 
certification agencies must report to the HIPDB the following final 
adverse actions that are taken against a health care provider, supplier 
or practitioner (regardless of whether the final adverse actions are 
the subject of a pending appeal)--
    (1) Formal or official actions, such as revocation or suspension of 
a license (and the length of any such suspension), reprimand, censure 
or probation;
    (2) Any other loss of the license or the right to apply for, or 
renew, a license of the provider, supplier, or practitioner, whether by 
operation of law, voluntary surrender (including certification 
agreements or contracts for participation in Federal or State health 
care programs), non-renewability (excluding those due to nonpayment of 
fees, retirement, or change to inactive status) or otherwise; and
    (3) Any other negative action or finding by such Federal or State 
agency that is publicly available information.
    (b) Information to be reported on individuals. (1) Federal or State 
licensing and certification agencies must report the following 
information concerning a practitioner who is the subject of a final 
adverse action (regardless of whether the final adverse actions are the 
subject of a pending appeal)--
    (i) Name;
    (ii) Social Security number, and Federal Employer Identification 
number for individuals who possess one;
    (iii) Sex;
    (iv) Date of birth;
    (v) Occupation;
    (vi) Organization name and type;
    (vii) Primary work address;
    (viii) Name of each professional school attended and year of 
graduation;
    (ix) With respect to professional license, certification or 
registration, the license, certification or registration number, the 
field of licensure, certification or registration and the name(s) of 
the State or Territory in which the license, certification or 
registration is held;
    (x) Physician specialty, if applicable;
    (xi) National Provider Identifier (NPI), when issued by the Health 
Care Financing Administration (HCFA);
    (xii) A description of the acts or omissions or other reasons for 
the action taken;
    (xiii) A description of the action, if applicable, the date the 
action was taken, its effective date and duration, the amount of any 
monetary penalty, and whether the action is on appeal;
    (xiv) Classification of the action in accordance with a reporting 
code adopted by the Secretary;
    (xv) Name and address of the reporting entity, and the name of the 
agency taking the action;
    (xvi) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity; and
    (xvii) Name(s) of any health care entity with which the subject is 
affiliated or associated.
    (2) Federal and State licensing and certification agencies should 
report, when known, the following concerning a practitioner who is the 
subject of a final adverse action--
    (i) Other name(s) used;
    (ii) If deceased, date of death;
    (iii) Home address;
    (iv) Federal license, certification or registration number(s) (such 
as a Drug Enforcement Administration (DEA) registration number and 
Medicare provider number(s));
    (v) Type(s) of any health care entity with which the subject is 
affiliated or associated;
    (vi) Address of each associated or affiliated health care entity;
    (vii) NPI of each associated or affiliated health care entity, when 
issued by HCFA; and
    (viii) Nature of subject's relationship to each associated or 
affiliated health care entity.
    (c) Information that must be reported on organizations. (1) Federal 
or State licensing and certification agencies must report the following 
information concerning a provider or supplier who is the subject of a 
final adverse action (regardless of whether the final adverse actions 
are the subject of a pending appeal)--
    (i) Name and type of provider or supplier;
    (ii) Federal Employer Identification number, and Social Security 
number (when used as the Tax Identification number (TIN));
    (iii) The provider's or supplier's address;
    (iv) The provider's or supplier's license, certification, or 
registration number(s) and name(s) of the State or Territory in which 
the license, certification or registration is held (the license number 
against which the action is taken should be specified);
    (v) NPI, when issued by HCFA;
    (vi) A description of the acts or omissions or other reason for the 
action;
    (vii) A description of the action, if applicable, the date the 
action was taken, its effective date and duration, the amount of any 
monetary penalty, and whether the action is on appeal;
    (viii) Classification of the action in accordance with a reporting 
code adopted by the Secretary;
    (ix) Name and address of the reporting entity, and the name of the 
agency taking the action;
    (x) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity; and
    (xi) Name(s) of any health care entity with which the subject is 
affiliated or associated.
    (2) Federal and State licensing and certification agencies should 
report, when known, the following information concerning a provider or 
supplier who is the subject of a final adverse action (regardless of 
whether the final adverse actions are the subject of a pending 
appeal)--
    (i) Federal license, certification or registration number(s) (such 
as a DEA registration number, Medicare provider number(s), Clinical 
Laboratory Improvement Act (CLIA) number);
    (ii) Type(s) of any health care entity with which the subject is 
affiliated or associated;
    (iii) Address of each associated or affiliated health care entity;
    (iv) NPI of each affiliated or associated health care entity, when 
issued by HCFA;
    (v) Nature of subject's relationship to each associated or 
affiliated health care entity; and
    (vi) Total amount of monetary penalties and fines.
    (d) Sanctions for failure to report. The Secretary will provide for 
publication of a public report that identifies those Government 
agencies that have failed to report information on adverse actions as 
required to be reported under this section.


Sec. 61.8  Reporting Federal or State criminal convictions related to 
the delivery of a health care item or service.

    (a) Who must report. Federal and State prosecutors, including law 
enforcement and investigative agencies, must report criminal 
convictions against health care providers, suppliers and practitioners 
related to the delivery of a health care item or service.
    (b) Information to be reported on individuals. (1) Entities 
described in paragraph (a) of this section must report the following 
information--
    (i) With respect to the individual who is the subject of a criminal 
conviction--
    (A) Full name;
    (B) Social Security number, and Federal Employer Identification 
number for individuals who possess one;
    (C) Date of birth;
    (D) Sex;

[[Page 58354]]

    (E) Occupation;
    (F) Organization name and type;
    (G) Primary work address;
    (H) NPI, when issued by HCFA;
    (I) Court or judicial venue in which the action was taken;
    (J) Docket or court file number;
    (K) Name of primary prosecuting agency;
    (L) Prosecuting agency's case number;
    (M) Length of incarceration, detention, probation, community 
service or other sentence;
    (N) Amount of any monetary penalties, judgment, restitution or 
other order;
    (O) Date of sentence;
    (P) Description of acts or omissions and injuries upon which the 
action was based;
    (Q) Nature of the final adverse action and whether such action is 
on appeal;
    (R) Name(s) of affiliated or associated health care entities; and
    (S) Statutory offenses and count(s), and
    (ii) With respect to the reporting entity--
    (A) Name and address of the reporting entity and its file number 
concerning the subject; and
    (B) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity.
    (2) Entities described in paragraph (a) of this section should 
report, when known, the following information--
    (i) With respect to the individual who is the subject of a criminal 
conviction--
    (A) Other name(s) used;
    (B) Home address;
    (C) Physician specialty;
    (D) Medicare provider number(s);
    (E) Medicaid provider number(s) and State(s);
    (F) DEA registration number(s);
    (G) Federal Bureau of Investigation (FBI) number;
    (H) Name of each professional school attended and year of 
graduation; and
    (I) With respect to each professional license, certification or 
registration, the license, certification or registration number, the 
field of licensure, certification or registration, and the name(s) of 
the State or Territory in which the license, certification or 
registration is held, if known;
    (ii) With respect to health care entities (if known) with which the 
subject of the criminal conviction is affiliated or associated--
    (A) Type(s) of affiliated or associated health care entities;
    (B) Address of each associated or affiliated health care entity;
    (C) NPI of each associated or affiliated health care entity, when 
issued by HCFA; and
    (D) Nature of subject's relationship to each associated or 
affiliated health care entity; and
    (iii) With respect to the action--
    (A) Investigative agencies involved; and
    (B) Investigative agencies' case or file number.
    (c) Information to be reported on organizations. (1) Entities 
described in paragraph (a) of this section must report the following 
information--
    (i) With respect to the organization that is the subject of a 
criminal conviction--
    (A) Entity's legal name;
    (B) Name entity is doing business as;
    (C) Business address;
    (D) Federal Employer Identification number, and Social Security 
number (when used as the TIN);
    (E) NPI when issued by the HCFA;
    (F) Type of entity;
    (G) Court or judicial venue in which the action was taken;
    (H) Docket or court file number;
    (I) Name of primary prosecuting agency;
    (J) Prosecuting agency's case number;
    (K) Length of sentence (e.g., for probation);
    (L) Amount of any monetary penalty, judgment, restitution, or other 
orders;
    (M) Date of sentence;
    (N) Description of acts or omissions and injuries upon which the 
action was based;
    (O) Nature of the final adverse action and whether such action is 
on appeal;
    (P) Name(s) of affiliated or associated health care entities; and
    (Q) Statutory offenses and count(s), and
    (ii) With respect to the reporting entity--
    (A) Name and address of the reporting entity and its file number 
concerning the subject; and
    (B) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity.
    (2) Entities described in paragraph (a) of this section should 
report, when known, the following information--
    (i) With respect to the organization that is the subject of a 
criminal conviction--
    (A) Medicare provider number(s);
    (B) Medicaid provider number(s) and State(s);
    (C) DEA registration number(s);
    (D) Health care provider's or supplier's license, certification or 
registration number(s), and the name(s) of the State or Territory in 
which the license, certification or registration is held;
    (E) Names and titles of principal officers and owners;
    (F) Investigative agencies involved; and
    (G) Investigative agencies' case or file number; and
    (ii) With respect to any health care entities (if known) with which 
the subject of the criminal conviction is affiliated or associated--
    (A) Type(s) of affiliated or associated health care entities;
    (B) Address of each associated or affiliated health care entity;
    (C) NPI of each associated or affiliated health care entity, when 
issued by HCFA; and
    (D) Nature of subject's relationship to each associated or 
affiliated health care entity.
    (d) Sanctions for failure to report. The Secretary will provide for 
publication of a public report that identifies those Government 
agencies that have failed to report information on adverse actions as 
required to be reported under this section.


Sec. 61.9  Reporting civil judgments related to the delivery of a 
health care item or service.

    (a) Who must report. Federal and States Attorneys, investigative 
agencies and health plans must report civil judgments against health 
care providers, suppliers or practitioners related to the delivery of a 
health care item or service (regardless of whether the civil judgment 
is the subject of a pending appeal), with the exception of those 
resulting from medical malpractice.
    (b) Information to be reported on individuals. (1) Entities 
described in paragraph (a) of this section must report the following 
information--
    (i) With respect to the individual who is the subject of a 
judgment--
    (A) Full name;
    (B) Social Security number, and Federal Employer Identification 
number for individuals who possess one;
    (C) Date of birth;
    (D) Sex;
    (E) Occupation;
    (F) Organization name and type;
    (G) Primary work address;
    (H) NPI, when issued by HCFA;
    (I) Court or judicial venue in which the action was taken;
    (J) Docket or court file number;
    (K) Name of primary prosecuting agency or civil plaintiff;
    (L) Prosecuting agency's case number;
    (M) Date of judgment;
    (N) Amount of any monetary penalty, judgment, restitution, or other 
orders;
    (O) Description of acts or omissions and injuries upon which the 
action was based;
    (P) Nature of final adverse action and whether such action is on 
appeal;
    (Q) Name(s) of affiliated or associated health care entities; and

[[Page 58355]]

    (R) Statutory offenses and count(s), and
    (ii) With respect to the reporting entity--
    (A) Name and address of the reporting entity and its file number 
concerning the subject; and
    (B) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity.
    (2) Entities described in paragraph (a) of this section should 
report, when known, the following information--
    (i) With respect to the individual who is the subject of a 
judgment--
    (A) Physician specialty, if applicable;
    (B) Other name(s) used;
    (C) Home address;
    (D) Medicare provider number(s);
    (E) Medicaid provider number(s) and State(s);
    (F) DEA registration number(s);
    (G) FBI number;
    (H) Name of each professional school attended and year of 
graduation;
    (I) With respect to each professional license, certification or 
registration, the license, certification, or registration number, the 
field of licensure, certification, or registration, and the name(s) of 
the State or Territory in which the license, certification or 
registration is held;
    (J) Investigative agencies involved; and
    (K) Investigative agencies' case or file number; and
    (ii) With respect to any health care entities (if known) with which 
the subject of the judgment is affiliated or associated--
    (A) Type(s) of affiliated or associated health care entities;
    (B) Address of each associated or affiliated health care entity;
    (C) NPI of each associated or affiliated health care entity, when 
issued by HCFA; and
    (D) Nature of subject's relationship to each associated or 
affiliated health care entity.
    (c) Information to be reported on organizations. (1) Entities 
described in paragraph (a) of this section must report the following 
information--
    (i) With respect to the organization that is the subject of a 
judgment--
    (A) Entity's legal name, if known;
    (B) Name entity is doing business as;
    (C) Business address;
    (D) Federal Employer Identification number, and Social Security 
number (when used as the TIN);
    (E) NPI, when issued by HCFA;
    (F) Type of entity;
    (G) Court or judicial venue in which the action was taken;
    (H) Docket or court file number;
    (I) Name of primary prosecuting agency or civil plaintiff;
    (J) Prosecuting agency's case number;
    (K) Date of judgment;
    (L) Amount of any monetary penalty, judgment, restitution or other 
orders;
    (M) Description of acts or omissions and injuries upon which the 
action was based;
    (N) Nature of final adverse action and whether such action is on 
appeal;
    (O) Name(s) of affiliated or associated health care entities; and
    (P) Statutory offenses and count(s), and
    (ii) With respect to the reporting entity--
    (A) Name and address of the reporting entity and its file number 
concerning the subject; and
    (B) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity.
    (2) Entities described in paragraph (a) of this section should 
report, when known, the following information--
    (i) With respect to the organization that is the subject of a 
judgment--
    (A) Medicare provider number(s);
    (B) Medicaid provider number(s) and State(s);
    (C) DEA registration number(s);
    (D) Health care provider or supplier license, certification or 
registration number, and the name(s) of the State or Territory in which 
the license, certification or registration is held;
    (E) Names and titles of principal officers and owners;
    (F) Investigative agencies involved; and
    (G) Investigative agencies' case or file number; and
    (ii) With respect to any health care entities (if known) with which 
the subject of the judgment is affiliated or associated--
    (A) Type(s) of affiliated or associated health care entities;
    (B) Address of each associated or affiliated health care entity;
    (C) NPI of each associated or affiliated health care entity, when 
issued by HCFA; and
    (D) Nature of subject's relationship to each associated or 
affiliated health care entity.
    (d) Sanctions for failure to report. Any health plan that fails to 
report information on an adverse action required to be reported under 
this section will be subject to a civil money penalty (CMP) of not more 
than $25,000 for each such adverse action not reported. Such penalty 
will be imposed and collected in the same manner as CMPs under 
subsection (a) of section 1128A of the Act. The Secretary will provide 
for publication of a public report that identifies those Government 
agencies that have failed to report information on adverse actions as 
required to be reported under this section.


Sec. 61.10  Reporting exclusion from participation in Federal or State 
health care programs.

    (a) Who must report. Federal and State government agencies must 
report health care providers, suppliers or practitioners excluded from 
participating in Federal or State health care programs, including 
exclusions that were made in a matter in which there was also a 
settlement that is not reported because no findings or admissions of 
liability have been made (regardless of whether the exclusion is the 
subject of a pending appeal) .
    (b) Information to be reported on individuals. (1) The entity 
described in paragraph (a) of the section must report the following 
information--
    (i) Name;
    (ii) Social Security number, and Federal Employer Identification 
number for individuals who possess one;
    (iii) Date of birth;
    (iv) Sex;
    (v) Occupation;
    (vi) Primary work address;
    (vii) Organization name and type;
    (viii ) NPI, when issued by HCFA;
    (ix) Professional school and year of graduation;
    (x) With respect to each professional license, certification or 
registration, the license, certification or registration number, the 
field of licensure, certification or registration, and the name(s) of 
the State or Territory in which the license, certification or 
registration is held;
    (xi) Description of the action, the date the action was taken, its 
effective date and duration, and whether the action is on appeal;
    (xii) Classification of the action in accordance with a reporting 
code adopted by the Secretary;
    (xiii) Description of acts or omissions, and injuries, upon which 
the action was based;
    (xiv) Name and address of the reporting entity, and the name of the 
agency taking the action;
    (xv) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity; and
    (xvi) Name(s) of any health care entity with which the subject is 
affiliated or associated.
    (2) The entity described in paragraph (a) of this section should 
report, when known, the following information--

[[Page 58356]]

    (i) Other name(s) used;
    (ii) Home address;
    (iii) Physician specialty;
    (iv) Federal license, certification or registration number(s) (such 
as a DEA registration number, Medicare provider number(s));
    (v) Type(s) of any health care entity with which the subject is 
affiliated or associated;
    (vi) Address of each associated or affiliated health care entity;
    (vii) NPI of each associated or affiliated health care entity, when 
issued by HCFA; and
    (viii) Nature of subject's relationship to each associated or 
affiliated health care entity.
    (c) Information to be reported on organizations. (1) An entity 
described in paragraph (a) of this section must report the following 
information for a health care provider or supplier--
    (i) Name and type of provider or supplier;
    (ii) Federal Employer Identification number, and Social Security 
number (when used as the TIN);
    (iii) NPI, when issued by HCFA;
    (iv) The provider's or supplier's address;
    (v) The provider's or supplier's license, certification or 
registration number(s) and the name of the State or Territory in which 
the license, certification or registration is held (the license number 
against which the action is taken should be specified);
    (vi) Description of the acts or omissions or other reason for the 
action;
    (vii) Classification of the action in accordance with a reporting 
code adopted by the Secretary;
    (viii) Description of the action, the date the action was taken, 
its effective date and duration;
    (ix) Name and address of the reporting entity, and the name of the 
agency taking the action;
    (x) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity; and
    (xi) Name(s) of any health care entity with which the subject is 
affiliated or associated.
    (2) An entity described in paragraph (a) of this section should 
report, when known, the following information for a health care 
provider or supplier--
    (i) Federal license, certification or registration number(s) (such 
as a DEA registration number, Medicare provider number(s), CLIA 
number);
    (ii) Type(s) of any health care entity with which the subject is 
affiliated or associated;
    (iii) Address of each associated or affiliated health care entity;
    (iv) NPI of each associated or affiliated health care entity, when 
issued by HCFA; and
    (v) Nature of subject's relationship to each associated or 
affiliated health care entity.
    (d) Sanctions for failure to report. The Secretary will provide for 
publication of a public report that identifies those Government 
agencies that have failed to report information on adverse actions as 
required to be reported under this section.


Sec. 61.11  Reporting other adjudicated actions or decisions.

    (a) Who must report. Federal and State governmental agencies and 
health plans must report other adjudicated actions or decisions related 
to the delivery of a health care item or service against health care 
providers, suppliers and practitioners (regardless of whether the other 
adjudicated actions or decisions are subject to a pending appeal).
    (b) Information to be reported on individuals. (1) Entities 
described in paragraph (a) of this section must report the following 
information on individuals--
    (i) Name;
    (ii) Social Security number, and Federal Employer Identification 
number for individuals who possess one;
    (iii) Sex;
    (iv) Date of birth;
    (v) Occupation;
    (vi) Primary work address;
    (vii) Organization name and type;
    (viii) Name of each professional school attended and year of 
graduation;
    (ix) With respect to each professional license, certification or 
registration, the license, certification or registration number, the 
field of licensure, certification or registration, and the name of the 
State or Territory in which the license, certification or registration 
is held;
    (x) NPI, when issued by HCFA;
    (xi) Description of the acts or omissions or other reason for the 
action;
    (xii) Classification of the action in accordance with a reporting 
code adopted by the Secretary;
    (xiii) Description of the action, date the action was taken, its 
effective date and duration, amount of any monetary penalty, and 
whether the action is on appeal;
    (xiv) Name and address of the reporting entity, and the name of the 
agency taking the action;
    (xv) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity; and
    (xvi) Name(s) of any health care entities with which the subject is 
affiliated or associated.
    (2) Entities described in paragraph (a) of this section should 
report, when known, the following information on individuals--
    (i) Other name(s) used;
    (ii) Home address;
    (iii) Physician specialty;
    (iv) Federal license, certification or registration number(s) (such 
as a DEA registration number, Medicare provider number(s));
    (v) Type(s) of any health care entity with which the subject is 
affiliated or associated;
    (vi) Address of each associated or affiliated health care entity;
    (vii) NPI of each associated or affiliated health care entity, when 
issued by HCFA; and
    (viii) Nature of subject's relationship to each associated or 
affiliated health care entity.
    (c) Information to be reported on organizations. (1) Entities 
described in paragraph (a) of this section must report the following 
information on organizations--
    (i) Name and type of provider or supplier;
    (ii) Federal Employer Identification number, and Social Security 
number (when used as the TIN);
    (iii) The provider's or supplier's address;
    (iv) NPI, when issued by HCFA;
    (v) The provider's or supplier's license, certification or 
registration number(s) and the name of the State or Territory in which 
the license, certification or registration is held (the license number 
against which the action is taken should be specified);
    (vi) Description of the acts or omissions or other reason for the 
action;
    (vii) Description of action, date the action was taken, its 
effective date and duration, and amount of any monetary penalty;
    (viii) Classification of the action in accordance with a reporting 
code adopted by the Secretary;
    (ix) Name and address of reporting entity, and the name of the 
agency taking the action;
    (x) The name, title, and telephone number of the responsible 
official submitting a report on behalf of the reporting entity; and
    (xi) Name(s) of any health care entities with which the subject is 
affiliated or associated.
    (2) Entities described in paragraph (a) of this section should 
report, when known, the following information on organizations--
    (i) Federal license, certification or registration number(s) (such 
as a DEA

[[Page 58357]]

registration number, Medicare provider number(s), CLIA number);
    (ii) Type(s) of any health care entity with which the subject is 
affiliated or associated;
    (iii) Address of each associated or affiliated health care entity, 
if known;
    (iv) NPI of each associated or affiliated health care entity, when 
issued by HCFA;
    (v) Nature of subject's relationship to each associated or 
affiliated health care entity; and
    (vi) Name and titles of principal officers and owners.
    (d) Sanctions for failure to report. Any health plan that fails to 
report information on an adverse action required to be reported under 
this section will be subject to a CMP of not more than $25,000 for each 
such adverse action not reported. Such penalty will be imposed and 
collected in the same manner as CMPs under section 1128A(a) of the Act. 
The Secretary will provide for publication of a public report that 
identifies those Government agencies that have failed to report 
information on adverse actions as required to be reported under this 
section.

Subpart C--Disclosure of Information by the Healthcare Integrity 
and Protection Data Bank


Sec. 61.12  Requesting information from the Healthcare Integrity and 
Protection Data Bank.

    (a) Who may request information and what information may be 
available. Information in the HIPDB will be available, upon request, to 
the following persons or entities, or their authorized agents--
    (1) Federal and State government agencies;
    (2) Health plans;
    (3) A health care practitioner, provider, or supplier requesting 
information concerning himself, herself or itself; and
    (4) A person or entity who requests aggregate information, which 
does not permit the identification of any particular patient, health 
care provider, supplier or practitioner. (For example, researchers can 
use the aggregate information to identify the total number of 
practitioners excluded from the Medicare and Medicaid programs. 
Similarly, health plans can use aggregate information to develop 
outcome measures in their efforts to monitor and improve quality care.)
    (b) Procedures for obtaining HIPDB information. Eligible persons 
and entities may obtain information from the HIPDB by submitting a 
request in such form and manner as the Secretary may prescribe. These 
requests are subject to fees set forth in Sec. 61.13 of this part. The 
HIPDB will comply with the Department's principles of fair information 
practice by providing each subject of a report with a copy when the 
report is entered into the HIPDB.


Sec. 61.13  Fees applicable to requests for information.

    (a) Policy on fees. The fees described in this section apply to all 
requests for information from the HIPDB. However, for purposes of 
verification and dispute resolution, the HIPDB will provide a copy--
automatically, without a request and free of charge--of every record to 
the health care provider, supplier or practitioner who is the subject 
of the report. The fees are authorized by section 1128E(d)(2) of the 
Act, and they reflect the full costs of operating the database. The 
actual fees will be announced by the Secretary in periodic notices in 
the Federal Register.
    (b) Criteria for determining the fee. The amount of each fee will 
be determined based on the following criteria--
    (1) Direct and indirect personnel costs;
    (2) Physical overhead, consulting, and other indirect costs 
including rent and depreciation on land, buildings and equipment;
    (3) Agency management and supervisory costs;
    (4) Costs of enforcement, research and establishment of regulations 
and guidance;
    (5) Use of electronic data processing equipment to collect and 
maintain information--the actual cost of the service, including 
computer search time, runs and printouts; and
    (6) Any other direct or indirect costs related to the provision of 
services.
    (c) Assessing and collecting fees. The Secretary will announce 
through periodic notice in the Federal Register the method of payment 
of fees. In determining these methods, the Secretary will consider 
efficiency, effectiveness and convenience for users and for the 
Department. Methods may include credit card, electronic funds transfer 
and other methods of electronic payment.


Sec. 61.14  Confidentiality of Healthcare Integrity and Protection Data 
Bank information.

    Information reported to the HIPDB is considered confidential and 
will not be disclosed outside the Department, except as specified in 
Secs. 61.12 and 61.15 of this part. Persons and entities receiving 
information from the HIPDB, either directly or from another party, must 
use it solely with respect to the purpose for which it was provided. 
Nothing in this paragraph will prevent the disclosure of information by 
a party from its own files used to create such reports where disclosure 
is otherwise authorized under applicable State or Federal law.


Sec. 61.15  How to dispute the accuracy of Healthcare Integrity and 
Protection Data Bank information.

    (a) Who may dispute the HIPDB information. The HIPDB will routinely 
mail or transmit electronically to the subject a copy of the report 
filed in the HIPDB. The subject of the report or a designated 
representative may dispute the accuracy of a report concerning himself, 
herself or itself within 60 calendar days of receipt of the report.
    (b) Procedures for disputing a report with the reporting entity. 
(1) If the subject disagrees with the reported information, the subject 
must request, in writing within 60 calendar days of receipt of the 
report, that the HIPDB enter the report into ``disputed status.''
    (2) The HIPDB will send the report, with a notation that the report 
has been placed in ``disputed status,'' to queriers (where 
identifiable), the reporting entity and the subject of the report.
    (3) The subject must attempt to enter into discussion with the 
reporting entity to resolve the dispute. If the reporting entity 
revises the information originally submitted to the HIPDB, the HIPDB 
will notify the subject and all entities to whom reports have been sent 
that the original information has been revised. If the reporting entity 
does not revise the reported information, the subject may request that 
the Secretary review the report for accuracy.
    (c) Procedures for requesting a Secretarial review. (1) The subject 
must request, in writing, that the Secretary of the Department review 
the report for accuracy. The subject must return this request to the 
HIPDB along with appropriate materials that support the subject's 
position. The Secretary will only review the accuracy of the reported 
information, and will not consider the merits or appropriateness of the 
action or the due process that the subject received.
    (2) After the review, if the Secretary--
    (i) Concludes that the information is accurate and reportable to 
the HIPDB, the Secretary will inform the subject and the HIPDB of the 
determination. The Secretary will include a brief statement 
(Secretarial Statement) in the report that describes the basis for the 
decision. The report will be removed from ``disputed status.'' The 
HIPDB will

[[Page 58358]]

distribute the corrected report and statement(s) to previous queriers 
(where identifiable), the reporting entity and the subject of the 
report.
    (ii) Concludes that the information contained in the report is 
inaccurate, the Secretary will inform the subject of the determination 
and direct the HIPDB or the reporting entity to revise the report. The 
Secretary will include a brief statement (Secretarial Statement) in the 
report describing the findings. The HIPDB will distribute the corrected 
report and statement (s) to previous queriers (where identifiable), the 
reporting entity and the subject of the report.
    (iii) Determines that the disputed issues are outside the scope of 
the Department's review, the Secretary will inform the subject and the 
HIPDB of the determination. The Secretary will include a brief 
statement (Secretarial Statement) in the report describing the 
findings. The report will be removed from ``disputed status.'' The 
HIPDB will distribute the report and the statement(s) to previous 
queriers (where identifiable), the reporting entity and the subject of 
the report.
    (iv) Determines that the adverse action was not reportable and 
therefore should be removed from the HIPDB, the Secretary will inform 
the subject and direct the HIPDB to void the report.
    The HIPDB will distribute a notice to previous queriers (where 
identifiable), the reporting entity and the subject of the report that 
the report has been voided.

    Dated: April 10, 1998.
June Gibbs Brown,
Inspector General.

    Approved: June 9, 1998.
Donna E. Shalala,
Secretary.
[FR Doc. 98-29147 Filed 10-29-98; 8:45 am]
BILLING CODE 4160-15-P