[Federal Register Volume 66, Number 164 (Thursday, August 23, 2001)]
[Notices]
[Pages 44347-44349]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-21283]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of Emergency Preparedness; Privacy Act of 1974; Report of
New System: National Disaster Claims Processing System
AGENCY: Office of the Secretary, Office of Public Health and Science,
Office of Emergency Preparedness, DHHS.
ACTION: Notification of a new system of records subject to the Privacy
Act of 1974.
-----------------------------------------------------------------------
SUMMARY: The Office of Emergency Preparedness (OEP), Department of
Health and Human Services is responsible for the National Disaster
Medical System (NDMS). The system includes hospitals that have agreed
to provide medical services, when authorized, to victims of disasters
in return for predetermined levels of reimbursement. OEP plans to
provide this reimbursement by procuring stand-by claims processing and
associated services should the NDMS hospital system be activated.
In accordance with the requirements of the Privacy Act, OEP is
publishing a notice of the establishment of a National Disaster Claims
Processing System that will provide stand-by claims processing and
associated services should the NDMS hospital system be activated. The
new system will collect limited data from individuals utilizing the
NDMS as a result of illness or injury resulting from a disaster. Data
on individuals will be submitted by NDMS hospitals and will include
personal information, such as name, phone number (home phone number may
be provided), address (home address may be provided), ethnic group, and
medical information including laboratory tests performed, diagnosis,
treatment provided, and other medical information required for
appropriate reimbursement to the healthcare provider.
DATES: OEP invites interested persons to submit comments on the
proposed new system on or before October 2, 2001.
ADDRESSES: Please address comments to the OEP Privacy Act Officer.
Office of Emergency Preparedness, 12300 Twinbrook Parkway, Suite 360,
Rockville, Maryland 20852. Comments will be made available for public
inspection at the above address during normal business hours, 8:30
a.m.-5:00 p.m. by prior appointment only.
FOR FURTHER INFORMATION CONTACT: Chief, National Disaster Medical
System Branch, Office of Emergency Preparedness, 12300 Twinbrook
Parkway, Suite 360, Rockville, MD 20857.
Dated: August 17, 2001.
Robert F. Knouss,
Director Office of Emergency Preparedness.
Report of Proposed New Privacy Act System of Records
System Number: 09-90-0039.
System Name: National Disaster Claims Processing System.
A. System Purpose and Background
Background
The Department of Health and Human Services (HHS) is the primary
federal agency for health, medical and health-related social services
under the Federal Response Plan. HHS provides for medical, mental
health and other human services to victims of catastrophic disasters.
The HHS Office of Emergency preparedness (OEP) is the office
responsible for responding to requests for federal medical assistance
for all national catastrophic disasters both natural and man-made.
OEP leads the National Disaster Medical System (NDMS) a partnership
of four federal agencies--HHS, the Departments of Defense, Veterans
Affairs and the Federal Emergency Management Agency. The NDMS was
established in 1984 and has three components: direct medical care,
patient movement, and definitive medical care. The definitive medical
care is provided by hospitals that are part of the NDMS and agree to
provide this service on an as needed basis. In order to provide
expeditious processing and adjudication of medical claims from licensed
providers and facilities arising from the treatment of disaster
victims, a contractor for OEP will collect and process claims data,
with OEP subsequently paying the claim.
System Purpose
The National Disaster Claims Processing System will justify and
document reimbursement payments for services provided in connection to
the NDMS. In order to provide this service and process claims, the
contractor must collect data on individuals that includes Name, Social
Security Number, Address, Dates of Care, Diagnostic Related Group/
Current Procedure Terminology (DRG/CPT), Provider Name, Provider
Address, Health Insurance Portability and Accountability Act (HIPAA)
Provider Number, Amount Billed, Amount Allowed, Other Insurance
Payment, and amount to be paid. In addition information from the
providing hospital including the Employer Identification Number (EIN)
and information for submitting electronic payment will be
[[Page 44348]]
collected. The information collected is the minimal amount required to
process and adjudicate claims from the providing hospitals.
B. Specific Authority
Authority for reimbursement of NDMS hospitals is found in 42 U.S.C.
243(c)(1). This provision authorizes the Secretary to develop and take
such measures as necessary to implement a plan under which resources of
the Public Health Service may effectively be used to meet health
emergencies or problems resulting from disasters.
C. Probable Effects of Disclosure of Information
The records in this system are of a sensitive nature and are
necessary for the processing and adjudication of medical care claims
submitted by licensed providers and facilities as part of an NDMS
response to a disaster. The information collected would include Name,
Age, Sex, Address, and Medical Diagnostic information related only to
injuries or conditions resulting from, or exacerbated by a disaster.
Except as permitted by the Privacy Act or in accordance with the
routine uses established for this system, the information on file will
be utilized only for the purpose for which the file was created. Access
to the system is restricted so as to protect the rights of individuals
involved.
D. Safeguards
1. Authorized Users: Only HHS personnel or HHS contract personnel
whose duties require the use of the system may access the data. In
addition, such HHS personnel or contractors are advised that the
information is confidential and the criminal sanctions for unauthorized
disclosure of private information may be applied.
2. Physical Safeguards: Physical paper records are stored in locked
file cabinets or secured areas.
3. Procedural Safeguards: Employees who maintain records in the
system are instructed to grant regular access only to authorized users.
Data stored in computers are accessed through the use of passwords
known only to authorized personnel. Contractors who use records in this
system are instructed to make no further disclosure of the records
except as authorized by the system manager and permitted by the Privacy
Act. Privacy Act language is in contracts related to this system.
4. These safeguards will be implemented in compliance with the
standards of Guidelines: Chapter 45-10 and 45-13 of the HHS General
Administration Manual; and the HHS Automated Information Systems
Security Program Handbook (part 6 of the HHS Information Resources
Management Manual).
E. Routine Use Compatibility
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose,
which is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use''. We are proposing to establish the following routine use
disclosures of information, which will be maintained in the system:
1. Disclosure may be made to a Member of Congress or to a
congressional staff member in response to inquiry of the congressional
office made at the written request of the constituent about whom the
record is maintained.
Beneficiaries as well as providers sometimes request the help of a
Member of Congress in resolving some issue relating to a matter before
the Public Health Service (PHS). The Member of Congress then writes to
PHS, and PHS must be able to provide sufficient information to be
responsive to the inquiry.
2. To the Department of Justice (DOJ), court or adjudicatory body
when:
a. The agency or any component thereof; or
b. Any employee of the agency in his or her official capacity; or
c. Any employee of the agency in his or her official capacity where
the DOJ has agreed to represent employee; or
d. The United States Government;
Is a party to litigation or has an interest in such litigation, and
by careful review; PHS determines that the records are both relevant
and necessary to the litigation and the use of such records by the DOJ,
court, or adjudicatory body is therefore deemed by the agency to be a
purpose that is compatible with the purpose for which the agency
collected the records.
Whenever PHS is involved in litigation, or occasionally when
another party is involved in litigation and PHS' policies or operations
could be affected by the outcome of the litigation, PHS would be able
to disclose information to the DOJ, court, or adjudicatory body
involved. A determination would be made in each instance that, under
the circumstances involved, the purposes served by the use of the
information in the particular litigation is compatible with a purpose
for which PHS collects the information.
3. To agency contractors who have been engaged by the agency to
assist in the performance of a service related to this system of
records and who need to have access to the records in order to perform
the activity. Recipients shall be required to comply with the
requirements of the Privacy Act of 1974, as amended, pursuant to 5
U.S.C. 552a(m).
The PHS occasionally contracts out certain of its functions when
this could contribute to effective and efficient operations. PHS must
be able to give a contractor whatever information is necessary for the
contractor to fulfill its duties. In these situations, safeguards are
provided in the contract prohibiting the contractor from using or
disclosing the information for any purpose other than that described in
the contract and to return or destroy all information at the completion
of the contract.
F. Supporting Documentation
1. Proposed System Notice: Advance copies of the proposed system
notice are attached.
2. HHS Rules: No change in agency rules is required as a result of
the establishment of this system of records.
3. Exemptions Requested: No exemptions from the provisions of the
Privacy Act are requested.
4. Computer Matching Notice: This new system will not involve any
computer matching program, therefore, no public notice of computer
matching has been prepared
Proposed System Notice
National Disaster Claims Processing System
SYSTEM NUMBER:
09-90-0039
SYSTEM NAME:
NATIONAL DISASTER CLAIMS PROCESSING SYSTEM
SYSTEM CLASSIFICATION:
None
SYSTEM LOCATION:
Office of Emergency Preparedness (OEP), 12300 Twinbrook Parkway,
Rockville, MD 20852.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals requiring definitive medical care at an NDMS hospital
as the result of a medical condition caused by, or exacerbated by, a
natural or technical disaster, or a terrorist act.
CATEGORIES OF RECORDS IN THE SYSTEM:
Medical claims data will be in uniform claim forms accepted by the
Health Care Financing Administration (HCFA) for institutional and non-
institutional claims. Records will
[[Page 44349]]
include: Beneficiaries Name, Social Security Number, Address, Dates of
Care, DRG/CPT, Provider Name, Provider Address, HIPAA Provider Number,
Amount Billed, Amount Allowed, Other Insurance Payment, and Amount to
be paid. In addition information from the providing hospital including
the Employer Identification Number (EIN) and information for submitting
electronic payment will be collected.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The authority for maintaining this system of records is from 42
U.S.C. 243(c)(1).
PURPOSE:
To justify and document reimbursement payments for services
provided in connection with the National Disaster Medical System
(NDMS).
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USE:
1.To a Congressional Office from the records of an individual in
response to an inquiry made from the Congressional Office made at the
request of that individual.
2. To the Department of Justice (DOJ), court or other tribunal, or
to another party before such tribunal, when:
a. HHS or any component thereof; or
b. Any HHS employee in his or her official capacity; or
c. Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS where it is authorized to do so) has
agreed to represent employee; or
d. The United States or any Agency thereof, where HHS determines
that the litigation is likely to affect HHS or any of it's components;
is a party to litigation or has an interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the tribunal, or other party is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, however, that in each case, HHS determines that
each disclosure is compatible with the purpose for which the records
were collected.
3. To a contractor for the purpose of collating, analyzing,
aggregating, or otherwise refining or processing records in this
system, or for developing, modifying, and/or manipulating it with
automatic data processing (ADP) software. Data would also be available
to users incidental to consultation, programming, operation, user
assistance, or maintenance for an ADP or telecommunications system
containing or supporting records in the system.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Paper and computer form.
RETRIEVABILITY:
Information will be retrieved by beneficiary's name; and may be
sorted by medical diagnosis, geographical area, or medical provider.
SAFEGUARDS:
1. Authorized Users: Only HHS personnel or HHS contract personnel
whose duties require the use of the system may access the data. In
addition, such HHS personnel or contractors are advised that the
information is confidential and the criminal sanctions for unauthorized
disclosure of private information may be applied.
2. Physical Safeguards: Physical paper records are stored in locked
files cabinets or secured areas.
3. Procedural Safeguards: Employees who maintain records in the
system are instructed to grant access only to authorized users. Data
stored in computers are accessed through the use of passwords known
only to authorized personnel. Contractors who use records in this
system are instructed to make no further disclosure of the records
except as authorized by the system manager and permitted by the Privacy
Act. Privacy Act language is in contracts related to this system.
4. Implementation Guidelines: HHS Chapter 45-13 of the General
Administration Manual, ``Safeguarding Records Contained in Systems of
Records and the HHS Automated Information Systems Security Program
Handbook, Information Resources Management Manual.''
RETENTION AND DISPOSAL:
Disposition of records is according to the National Archives and
Records Administration (NARA) guidelines, as set forth in the Office of
Emergency Preparedness Records Management Manual.
SYSTEM MANAGER(S) AND ADDRESS(ES):
Chief, National Disaster Medical System Branch, Office of Emergency
Preparedness, 12300 Twinbrook Parkway, Suite 360, Rockville, Maryland
20852.
NOTIFICATION PROCEDURE:
Inquiries and requests for system records should be addressed to
the system manager at the address indicated above. The requestor must
specify the name, address, and health insurance number.
RECORD ACCESS PROCEDURES:
Same as notification procedures. Requesters should also reasonably
specify the record contents being sought. These procedures are in
accordance with HHS Regulations at 45 CFR 5b.5(a)(2) and 45 CFR 5b.6
CONTESTING RECORD PROCEDURES:
Contact the system manager named above and reasonably identify the
record and specify the information to be contested. State the reason
for contesting the record (e.g., why it is inaccurate, irrelevant,
incomplete, or not current), the corrective action being sought, and
give any supporting justification. (These procedures are in accordance
with HHS Regulations 45 CFR 5b.7.)
RECORD SOURCE CATEGORIES:
Information contained in these records will be obtained from NDMS
hospitals seeking reimbursement for treatment provided to disaster
victims.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
None.
[FR Doc. 01-21283 Filed 8-22-01; 8:45 am]
BILLING CODE 4150-28-P