[Federal Register Volume 64, Number 206 (Tuesday, October 26, 1999)]
[Proposed Rules]
[Pages 57619-57620]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-27587]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary
Office of Inspector General

45 CFR Part 5b

RIN 0991-AA99


Privacy Act; Exempt Record System

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: This proposed rule would exempt the new system of records, the 
Healthcare Integrity and Protection Data Bank (HIPDB), from certain 
provisions of the Privacy Act (5 U.S.C. 552a). The establishment of the 
HIPDB is required by section 1128E of the Social Security Act (the 
Act), as added by section 221(a) of the Health Insurance Portability 
and Accountability Act (HIPAA) of 1996. Section 1128E of the Act 
directed the Secretary to establish a national health care fraud and 
abuse data collection program for the reporting and disclosing of 
certain final adverse actions taken against health care providers, 
suppliers or practitioners, and to maintain a data base of final 
adverse actions taken against health care providers, suppliers and 
practitioners. The new HIPDB system of records is being established by 
separate Federal Register notice. The proposed exemption being set 
forth in this rule would apply to investigative materials compiled for 
law enforcement purposes in anticipation of civil or criminal 
proceedings. This rule specifically seeks public comments on the 
proposed exemption.

DATES: To assure consideration, public comments must be delivered to 
the address provided below by no later than 5 p.m. on November 26, 
1999.

ADDRESSES: Please mail or deliver your written comments to the 
following address: Department of Health and Human Services, Office of 
Inspector General, 330 Independence Avenue, SW, Room 5246, Attention: 
OIG-60-P, Washington, DC 20201.
    Because of staffing and resource limitations, we cannot accept 
comments by facsimile (FAX) transmission. In commenting, please refer 
to file code OIG-60-P.

FOR FURTHER INFORMATION CONTACT: Rick Burguieres, Investigative Policy 
and Information Management Staff, Office of Investigations, (202) 205-
5200.

SUPPLEMENTARY INFORMATION: The Health Insurance Portability and 
Accountability Act (HIPAA) of 1996, Public Law 104-191, requires the 
Secretary, acting through the Office of Inspector General (OIG) and the 
United States Attorney General, to establish a new health care fraud 
and abuse control program to combat health care fraud and abuse (see 
section 1128C of the Act, as enacted by section 201(a) of HIPAA). Among 
the major steps in this program is the establishment of a national data 
bank to receive and disclose certain final adverse actions against 
health care providers, suppliers, or practitioners (see section 
1128C(a)(1)(E) of the Act). The establishment of the data bank is 
required by section 1128E of the Act (added by section 221(a) of 
HIPAA), which directs the Secretary to maintain a data base of such 
final adverse actions. Final adverse actions include: (1) Civil 
judgments against a health care provider, supplier, or practitioner in 
Federal or State court related to the delivery of a health care item or 
service; (2) Federal or State criminal convictions against a health 
care provider, supplier, or practitioner related to the delivery of a 
health care item or service; (3) actions by Federal or State agencies 
responsible for the licensing and certification of health care 
providers, suppliers, or practitioners; (4) exclusion of a health care 
provider, supplier, or practitioner from participation in Federal or 
State health care programs; and (5) any other adjudicated actions or 
decisions that the Secretary establishes by regulations. Settlements in 
which no findings or admissions of liability have been made will be 
excluded from reporting. However, any final adverse action that 
emanates from such settlements, and that would otherwise be reportable 
under the statute, is to be reported to the data bank. Final adverse 
actions are to be reported, regardless of whether such actions are 
being appealed by the subject of the report (see section 1128E(b)(2)(C) 
of the Act).

[[Page 57620]]

    Groups that have access to this new data bank system include 
Federal and State government agencies; health plans; and self queries 
from health care suppliers, providers and practitioners. Reporting is 
limited to the same groups that have access to the information. One of 
the primary purposes of these data will be use of this information by a 
Federal or State government agency charged with the responsibility of 
investigating or prosecuting a case where there is an indication of a 
violation or potential violation of law, whether civil, criminal or 
regulatory in nature. The information in this system may also be used 
in the preparation for a trial or hearing for such violation.
    Specifically, this proposed rule would exempt this new records 
system from certain provisions of the Privacy Act.1 This 
exemption is intended to protect, from release to the record subject, 
information on law enforcement queries to the data bank. It would also 
exempt the data bank from Privacy Act access and amendment procedures 
in order to establish access and amendment procedures in the HIPDB 
regulations.
---------------------------------------------------------------------------

    \1\ Subsections (c)(3), (d)(1)-(4), and (e)(4)(G) and (H) of the 
Privacy Act, in accordance with 5 U.S.C. 522a(k)(2) and 45 CFR 
5b.11(b)(ii)(F).
---------------------------------------------------------------------------

    While subjects will have access to information on all other queries 
to the data bank, disclosure of law enforcement queries could 
compromise ongoing investigation activities. The premature disclosure 
of the existence of a law enforcement activity to an outside party (who 
may also be the subject of the investigation) could lead to, among 
other things, the destruction or alteration of evidence and the 
tampering with witnesses.
    Record subjects are guaranteed access to, and correction rights 
for, substantive information reported to the HIPDB. The procedures, set 
out in 45 CFR part 61, use the Privacy Act access and correction 
procedures as a basic framework while, at the same time, providing 
significant additional rights (such as automatic notification to the 
record subject of any report filed with the data bank). Data bank 
subjects also have broader rights on HIPDB correction procedures, 
including the right to file a statement of disagreement as soon as a 
report is filed with the data bank.

Regulatory Impact Statement

    The Office of Management and Budget has reviewed this proposed rule 
in accordance with the provisions of Executive Order 12866 and the 
Regulatory Flexibility Act (5 U.S.C. 601-612), and has determined that 
it does not meet the criteria for a significant regulatory action. 
Executive Order 12866 directs agencies to assess all costs and benefits 
of available regulatory alternatives and, when rulemaking is necessary, 
to select regulatory approaches that maximize net benefits, including 
potential economic, environmental, public health, safety distributive 
and equity effects. In addition, under the Small Business Enforcement 
Act (SBEA) of 1996, if a rule has a significant economic effect on a 
substantial number of small businesses, the Secretary must specifically 
consider the economic effect of a rule on small business entities and 
analyze regulatory options that could lessen the impact of the rule. 
The Secretary has reviewed this proposed exemption in accordance with 
the provisions of the SBEA, and certifies that this proposed exemption 
will not have a significant impact on a substantial number of small 
entities. Specifically, as indicated above, while the reports of 
adverse actions to the HIPDB will be known to the subjects of the 
records in the data bank, the access and use of such information by law 
enforcement agencies would not be known to the subjects of the records. 
As a result, we believe that disclosure of this information could 
compromise ongoing law enforcement activities.

Public Inspection of Comments and Response to Comments

    Comments will be available for public inspection November 9, 1999, 
in Room 5518, Office of Counsel to the Inspector General, at 330 
Independence Avenue, SW, Washington, DC on Monday through Friday of 
each week (Federal holidays excepted) between the hours of 9 a.m. and 4 
p.m., (202) 619-0089.
    Because of the large number of items of correspondence we normally 
receive on Federal Register documents published for comment, we are not 
able to acknowledge or respond to them individually. We will consider 
all comments we receive by the date and time specified in the DATES 
section of this preamble, and will respond to the comments in the 
preamble of the final rule.

List of Subjects in 5 CFR Part 5b

    Privacy.

    Accordingly, the Department's Privacy Act regulations at 45 CFR 
part 5b would be amended follows:

PART 5b--[AMENDED]

    Part 5b would be amended as follows:

    1. The authority citation for part 5b would continue to read as 
follows:

    Authority: 5 U.S.C. 301, 5 U.S.C. 552a.

    2. Section 5b.11 would be amended by adding a new paragraph 
(b)(2)(ii)(F) to read as follows:


Sec. 5b. 11  Exempt systems.

* * * * *
    (b) Specific systems of records exempt. * * *
    (2) * * *
    (ii) * * *
    (F) The Healthcare Integrity and Protection Data Bank (HIPDB) of 
the Office of Inspector General. (See Sec. 61.15 of this title for 
access and correction rights under the HIPDB by subjects of the Data 
Bank.)
* * * * *
    Dated: June 3, 1999.
June Gibbs Brown,
Inspector General.

    Approved: July 2, 1999.
 Donna E. Shalala,
Secretary.
[FR Doc. 99-27587 Filed 10-25-99; 8:45 am]
BILLING CODE 4160-15-P