[Federal Register Volume 66, Number 164 (Thursday, August 23, 2001)]
[Notices]
[Pages 44347-44349]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-21283]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES


Office of Emergency Preparedness; Privacy Act of 1974; Report of 
New System: National Disaster Claims Processing System

AGENCY: Office of the Secretary, Office of Public Health and Science, 
Office of Emergency Preparedness, DHHS.

ACTION: Notification of a new system of records subject to the Privacy 
Act of 1974.

-----------------------------------------------------------------------

SUMMARY: The Office of Emergency Preparedness (OEP), Department of 
Health and Human Services is responsible for the National Disaster 
Medical System (NDMS). The system includes hospitals that have agreed 
to provide medical services, when authorized, to victims of disasters 
in return for predetermined levels of reimbursement. OEP plans to 
provide this reimbursement by procuring stand-by claims processing and 
associated services should the NDMS hospital system be activated.
    In accordance with the requirements of the Privacy Act, OEP is 
publishing a notice of the establishment of a National Disaster Claims 
Processing System that will provide stand-by claims processing and 
associated services should the NDMS hospital system be activated. The 
new system will collect limited data from individuals utilizing the 
NDMS as a result of illness or injury resulting from a disaster. Data 
on individuals will be submitted by NDMS hospitals and will include 
personal information, such as name, phone number (home phone number may 
be provided), address (home address may be provided), ethnic group, and 
medical information including laboratory tests performed, diagnosis, 
treatment provided, and other medical information required for 
appropriate reimbursement to the healthcare provider.

DATES: OEP invites interested persons to submit comments on the 
proposed new system on or before October 2, 2001.

ADDRESSES: Please address comments to the OEP Privacy Act Officer. 
Office of Emergency Preparedness, 12300 Twinbrook Parkway, Suite 360, 
Rockville, Maryland 20852. Comments will be made available for public 
inspection at the above address during normal business hours, 8:30 
a.m.-5:00 p.m. by prior appointment only.

FOR FURTHER INFORMATION CONTACT: Chief, National Disaster Medical 
System Branch, Office of Emergency Preparedness, 12300 Twinbrook 
Parkway, Suite 360, Rockville, MD 20857.

    Dated: August 17, 2001.
Robert F. Knouss,
Director Office of Emergency Preparedness.

Report of Proposed New Privacy Act System of Records

    System Number: 09-90-0039.
    System Name: National Disaster Claims Processing System.

A. System Purpose and Background

Background
    The Department of Health and Human Services (HHS) is the primary 
federal agency for health, medical and health-related social services 
under the Federal Response Plan. HHS provides for medical, mental 
health and other human services to victims of catastrophic disasters. 
The HHS Office of Emergency preparedness (OEP) is the office 
responsible for responding to requests for federal medical assistance 
for all national catastrophic disasters both natural and man-made.
    OEP leads the National Disaster Medical System (NDMS) a partnership 
of four federal agencies--HHS, the Departments of Defense, Veterans 
Affairs and the Federal Emergency Management Agency. The NDMS was 
established in 1984 and has three components: direct medical care, 
patient movement, and definitive medical care. The definitive medical 
care is provided by hospitals that are part of the NDMS and agree to 
provide this service on an as needed basis. In order to provide 
expeditious processing and adjudication of medical claims from licensed 
providers and facilities arising from the treatment of disaster 
victims, a contractor for OEP will collect and process claims data, 
with OEP subsequently paying the claim.
System Purpose
    The National Disaster Claims Processing System will justify and 
document reimbursement payments for services provided in connection to 
the NDMS. In order to provide this service and process claims, the 
contractor must collect data on individuals that includes Name, Social 
Security Number, Address, Dates of Care, Diagnostic Related Group/
Current Procedure Terminology (DRG/CPT), Provider Name, Provider 
Address, Health Insurance Portability and Accountability Act (HIPAA) 
Provider Number, Amount Billed, Amount Allowed, Other Insurance 
Payment, and amount to be paid. In addition information from the 
providing hospital including the Employer Identification Number (EIN) 
and information for submitting electronic payment will be

[[Page 44348]]

collected. The information collected is the minimal amount required to 
process and adjudicate claims from the providing hospitals.

B. Specific Authority

    Authority for reimbursement of NDMS hospitals is found in 42 U.S.C. 
243(c)(1). This provision authorizes the Secretary to develop and take 
such measures as necessary to implement a plan under which resources of 
the Public Health Service may effectively be used to meet health 
emergencies or problems resulting from disasters.

C. Probable Effects of Disclosure of Information

    The records in this system are of a sensitive nature and are 
necessary for the processing and adjudication of medical care claims 
submitted by licensed providers and facilities as part of an NDMS 
response to a disaster. The information collected would include Name, 
Age, Sex, Address, and Medical Diagnostic information related only to 
injuries or conditions resulting from, or exacerbated by a disaster. 
Except as permitted by the Privacy Act or in accordance with the 
routine uses established for this system, the information on file will 
be utilized only for the purpose for which the file was created. Access 
to the system is restricted so as to protect the rights of individuals 
involved.

D. Safeguards

    1. Authorized Users: Only HHS personnel or HHS contract personnel 
whose duties require the use of the system may access the data. In 
addition, such HHS personnel or contractors are advised that the 
information is confidential and the criminal sanctions for unauthorized 
disclosure of private information may be applied.
    2. Physical Safeguards: Physical paper records are stored in locked 
file cabinets or secured areas.
    3. Procedural Safeguards: Employees who maintain records in the 
system are instructed to grant regular access only to authorized users. 
Data stored in computers are accessed through the use of passwords 
known only to authorized personnel. Contractors who use records in this 
system are instructed to make no further disclosure of the records 
except as authorized by the system manager and permitted by the Privacy 
Act. Privacy Act language is in contracts related to this system.
    4. These safeguards will be implemented in compliance with the 
standards of Guidelines: Chapter 45-10 and 45-13 of the HHS General 
Administration Manual; and the HHS Automated Information Systems 
Security Program Handbook (part 6 of the HHS Information Resources 
Management Manual).

E. Routine Use Compatibility

    The Privacy Act allows us to disclose information without an 
individual's consent if the information is to be used for a purpose, 
which is compatible with the purpose(s) for which the information was 
collected. Any such compatible use of data is known as a ``routine 
use''. We are proposing to establish the following routine use 
disclosures of information, which will be maintained in the system:
    1. Disclosure may be made to a Member of Congress or to a 
congressional staff member in response to inquiry of the congressional 
office made at the written request of the constituent about whom the 
record is maintained.
    Beneficiaries as well as providers sometimes request the help of a 
Member of Congress in resolving some issue relating to a matter before 
the Public Health Service (PHS). The Member of Congress then writes to 
PHS, and PHS must be able to provide sufficient information to be 
responsive to the inquiry.
    2. To the Department of Justice (DOJ), court or adjudicatory body 
when:
    a. The agency or any component thereof; or
    b. Any employee of the agency in his or her official capacity; or
    c. Any employee of the agency in his or her official capacity where 
the DOJ has agreed to represent employee; or
    d. The United States Government;
    Is a party to litigation or has an interest in such litigation, and 
by careful review; PHS determines that the records are both relevant 
and necessary to the litigation and the use of such records by the DOJ, 
court, or adjudicatory body is therefore deemed by the agency to be a 
purpose that is compatible with the purpose for which the agency 
collected the records.
    Whenever PHS is involved in litigation, or occasionally when 
another party is involved in litigation and PHS' policies or operations 
could be affected by the outcome of the litigation, PHS would be able 
to disclose information to the DOJ, court, or adjudicatory body 
involved. A determination would be made in each instance that, under 
the circumstances involved, the purposes served by the use of the 
information in the particular litigation is compatible with a purpose 
for which PHS collects the information.
    3. To agency contractors who have been engaged by the agency to 
assist in the performance of a service related to this system of 
records and who need to have access to the records in order to perform 
the activity. Recipients shall be required to comply with the 
requirements of the Privacy Act of 1974, as amended, pursuant to 5 
U.S.C. 552a(m).
    The PHS occasionally contracts out certain of its functions when 
this could contribute to effective and efficient operations. PHS must 
be able to give a contractor whatever information is necessary for the 
contractor to fulfill its duties. In these situations, safeguards are 
provided in the contract prohibiting the contractor from using or 
disclosing the information for any purpose other than that described in 
the contract and to return or destroy all information at the completion 
of the contract.

F. Supporting Documentation

    1. Proposed System Notice: Advance copies of the proposed system 
notice are attached.
    2. HHS Rules: No change in agency rules is required as a result of 
the establishment of this system of records.
    3. Exemptions Requested: No exemptions from the provisions of the 
Privacy Act are requested.
    4. Computer Matching Notice: This new system will not involve any 
computer matching program, therefore, no public notice of computer 
matching has been prepared
Proposed System Notice
National Disaster Claims Processing System

SYSTEM NUMBER:
    09-90-0039

SYSTEM NAME:
    NATIONAL DISASTER CLAIMS PROCESSING SYSTEM

SYSTEM CLASSIFICATION:
    None

SYSTEM LOCATION:
    Office of Emergency Preparedness (OEP), 12300 Twinbrook Parkway, 
Rockville, MD 20852.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals requiring definitive medical care at an NDMS hospital 
as the result of a medical condition caused by, or exacerbated by, a 
natural or technical disaster, or a terrorist act.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Medical claims data will be in uniform claim forms accepted by the 
Health Care Financing Administration (HCFA) for institutional and non-
institutional claims. Records will

[[Page 44349]]

include: Beneficiaries Name, Social Security Number, Address, Dates of 
Care, DRG/CPT, Provider Name, Provider Address, HIPAA Provider Number, 
Amount Billed, Amount Allowed, Other Insurance Payment, and Amount to 
be paid. In addition information from the providing hospital including 
the Employer Identification Number (EIN) and information for submitting 
electronic payment will be collected.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority for maintaining this system of records is from 42 
U.S.C. 243(c)(1).

PURPOSE:
    To justify and document reimbursement payments for services 
provided in connection with the National Disaster Medical System 
(NDMS).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USE:
    1.To a Congressional Office from the records of an individual in 
response to an inquiry made from the Congressional Office made at the 
request of that individual.
    2. To the Department of Justice (DOJ), court or other tribunal, or 
to another party before such tribunal, when:
    a. HHS or any component thereof; or
    b. Any HHS employee in his or her official capacity; or
    c. Any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS where it is authorized to do so) has 
agreed to represent employee; or
    d. The United States or any Agency thereof, where HHS determines 
that the litigation is likely to affect HHS or any of it's components; 
is a party to litigation or has an interest in such litigation, and HHS 
determines that the use of such records by the Department of Justice, 
the tribunal, or other party is relevant and necessary to the 
litigation and would help in the effective representation of the 
governmental party, however, that in each case, HHS determines that 
each disclosure is compatible with the purpose for which the records 
were collected.
    3. To a contractor for the purpose of collating, analyzing, 
aggregating, or otherwise refining or processing records in this 
system, or for developing, modifying, and/or manipulating it with 
automatic data processing (ADP) software. Data would also be available 
to users incidental to consultation, programming, operation, user 
assistance, or maintenance for an ADP or telecommunications system 
containing or supporting records in the system.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Paper and computer form.

RETRIEVABILITY:
    Information will be retrieved by beneficiary's name; and may be 
sorted by medical diagnosis, geographical area, or medical provider.

SAFEGUARDS:
    1. Authorized Users: Only HHS personnel or HHS contract personnel 
whose duties require the use of the system may access the data. In 
addition, such HHS personnel or contractors are advised that the 
information is confidential and the criminal sanctions for unauthorized 
disclosure of private information may be applied.
    2. Physical Safeguards: Physical paper records are stored in locked 
files cabinets or secured areas.
    3. Procedural Safeguards: Employees who maintain records in the 
system are instructed to grant access only to authorized users. Data 
stored in computers are accessed through the use of passwords known 
only to authorized personnel. Contractors who use records in this 
system are instructed to make no further disclosure of the records 
except as authorized by the system manager and permitted by the Privacy 
Act. Privacy Act language is in contracts related to this system.
    4. Implementation Guidelines: HHS Chapter 45-13 of the General 
Administration Manual, ``Safeguarding Records Contained in Systems of 
Records and the HHS Automated Information Systems Security Program 
Handbook, Information Resources Management Manual.''

RETENTION AND DISPOSAL:
    Disposition of records is according to the National Archives and 
Records Administration (NARA) guidelines, as set forth in the Office of 
Emergency Preparedness Records Management Manual.

SYSTEM MANAGER(S) AND ADDRESS(ES):
    Chief, National Disaster Medical System Branch, Office of Emergency 
Preparedness, 12300 Twinbrook Parkway, Suite 360, Rockville, Maryland 
20852.

NOTIFICATION PROCEDURE:
    Inquiries and requests for system records should be addressed to 
the system manager at the address indicated above. The requestor must 
specify the name, address, and health insurance number.

RECORD ACCESS PROCEDURES:
    Same as notification procedures. Requesters should also reasonably 
specify the record contents being sought. These procedures are in 
accordance with HHS Regulations at 45 CFR 5b.5(a)(2) and 45 CFR 5b.6

CONTESTING RECORD PROCEDURES:
    Contact the system manager named above and reasonably identify the 
record and specify the information to be contested. State the reason 
for contesting the record (e.g., why it is inaccurate, irrelevant, 
incomplete, or not current), the corrective action being sought, and 
give any supporting justification. (These procedures are in accordance 
with HHS Regulations 45 CFR 5b.7.)

RECORD SOURCE CATEGORIES:
    Information contained in these records will be obtained from NDMS 
hospitals seeking reimbursement for treatment provided to disaster 
victims.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
[FR Doc. 01-21283 Filed 8-22-01; 8:45 am]
BILLING CODE 4150-28-P