[Federal Register Volume 69, Number 65 (Monday, April 5, 2004)]
[Notices]
[Pages 17671-17673]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-7623]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Medicare & Medicaid Services


Privacy Act of 1974; Computer Matching Program (Match No. 2003-
05)

AGENCY: Centers for Medicare & Medicaid Services (CMS), Department of 
Health and Human Services (HHS).

ACTION: Notice of Computer Matching Program (CMP).

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, this notice announces the establishment of a CMP that 
CMS plans to conduct with the Illinois Department of Public Aid (IDPA). 
We have provided background information about the proposed matching 
program in the SUPPLEMENTARY INFORMATION section below. Although the 
Privacy Act requires only that CMS provide an

[[Page 17672]]

opportunity for interested persons to comment on the proposed matching 
program, CMS invites comments on all portions of this notice. See 
EFFECTIVE DATES section below for comment period.

EFFECTIVE DATES: CMS filed a report of the CMP with the Chair of the 
House Committee on Government Reform and Oversight, the Chair of the 
Senate Committee on Governmental Affairs, and the Administrator, Office 
of Information and Regulatory Affairs, Office of Management and Budget 
(OMB) on March 23, 2004. We will not disclose any information under a 
matching agreement until 40 days after filing a report to OMB and 
Congress or 30 days after publication. We may defer implementation of 
this matching program if we receive comments that persuade us to defer 
implementation.

ADDRESSES: The public should address comments to: Director, Division of 
Privacy Compliance Data Development (DPCDD), Enterprise Databases 
Group, Office of Information Services, CMS, Mail stop N2-04-27, 7500 
Security Boulevard, Baltimore, Maryland 21244-1850. Comments received 
will be available for review at this location, by appointment, during 
regular business hours, Monday through Friday from 9 a.m.-3 p.m., 
eastern daylight time.

FOR FURTHER INFORMATION CONTACT: Mike McElliott, Government Task 
Leader, Centers for Medicare & Medicaid Services, Division of Medicare 
Financial Management, Program Integrity Branch, 233 N. Michigan Avenue, 
6th Floor, Chicago, Illinois 60601. The telephone number is (312) 353-
1754 and e-mail is [email protected].

SUPPLEMENTARY INFORMATION:

I. Description of the Matching Program

A. General

    The Computer Matching and Privacy Protection Act of 1988 (Pub. L. 
100-503), amended the Privacy Act (5 U.S.C. 552a) by describing the 
manner in which computer matching involving Federal agencies could be 
performed and adding certain protections for individuals applying for 
and receiving Federal benefits.
    Section 7201 of the Omnibus Budget Reconciliation Act of 1990 (Pub. 
L. 100-508) further amended the Privacy Act regarding protections for 
such individuals. The Privacy Act, as amended, regulates the use of 
computer matching by Federal agencies when records in a system of 
records are matched with other Federal, state, or local government 
records. It requires Federal agencies involved in computer matching 
programs to:
    1. Negotiate written agreements with the other agencies 
participating in the matching programs;
    2. Obtain the Data Integrity Board approval of the match 
agreements;
    3. Furnish detailed reports about matching programs to Congress and 
OMB;
    4. Notify applicants and beneficiaries that the records are subject 
to matching; and,
    5. Verify match findings before reducing, suspending, terminating, 
or denying an individual's benefits or payments.

B. CMS Computer Matches Subject to the Privacy Act

    CMS has taken action to ensure that all CMPs that this Agency 
participates in comply with the requirements of the Privacy Act of 
1974, as amended.

    Dated: March 23, 2004.
Dennis Smith,
Acting Administrator, Centers for Medicare & Medicaid Services.
Computer Match No. 2003-05

NAME:
    ``Computer Matching Agreement Between the Centers for Medicare & 
Medicaid Services (CMS) and the Illinois Department of Public Aid 
(IDPA) for Disclosure of Medicare and Medicaid Information.''

SECURITY CLASSIFICATION:
    Level Three Privacy Act Sensitive.

PARTICIPATING AGENCIES:
    Centers for Medicare & Medicaid Services, and Illinois Department 
of Public Aid.

AUTHORITY FOR CONDUCTING MATCHING PROGRAM:
    This CMA is executed to comply with the Privacy Act of 1974 (Title 
5 United States Code (U.S.C.) 552a), (as amended by Public Law (Pub. 
L.) 100-503, the Computer Matching and Privacy Protection Act (CMPPA) 
of 1988), the Office of Management and Budget (OMB) Circular A-130, 
titled ``Management of Federal Information Resources'' at 65 Federal 
Register (FR) 77677 (December 12, 2000), and OMB guidelines pertaining 
to computer matching at 54 FR 25818 (June 19, 1989).
    This Agreement provides for information matching fully consistent 
with the authority of the Secretary of the Department of Health and 
Human Services (Secretary). Section 1816 of the Social Security Act 
(the Act) permits the Secretary to contract with fiscal intermediaries 
to ``make such audits of the records of providers as may be necessary 
to ensure that proper payments are made under this part,'' and to 
``perform such other functions as are necessary to carry out this 
subsection'' (42 U.S.C. 1395h(a)).
    Section 1842 of the Act provides that the Secretary may contract 
with entities known as carriers to ``make such audits of the records of 
providers of services as may be necessary to assure that proper 
payments are made'' (42 U.S.C. 1395u(a)(1)(C)); ``assist in the 
application of safeguards against unnecessary utilization of services 
furnished by providers of services and other persons to individuals 
entitled to benefits'' (42 U.S.C. 1395u(a)(2)(B)); and ``to otherwise 
assist * * * in discharging administrative duties necessary to carry 
out the purposes of this part'' (42 U.S.C. 1395u(a)(4)).
    Furthermore, Sec.  1874(b) of the Act authorizes the Secretary to 
contract with any person, agency, or institution to secure on a 
reimbursable basis such special data, actuarial information, and other 
information as may be necessary in the carrying out of his functions 
under this title (42 U.S.C. 1395kk(b)).
    Section 1893 of the Act establishes the Medicare Integrity Program, 
under which the Secretary may contract with eligible entities to 
conduct a variety of program safeguard activities, including fraud 
review employing equipment and software technologies that surpass the 
existing capabilities of Fiscal Intermediaries and carriers (42 U.S.C. 
1395ddd). The contracting entities are called Program Safeguards 
Contractors (PSC).
    IDPA is charged with the administration of the Medicaid program in 
Illinois and is the single state agency for such purpose (Illinois 
Public Aid Code (ILPAC) 305 Illinois Combined Statutes (ILCS) 5/5-1 et 
seq.). IDPA may act as an agent or representative of the Federal 
government for any purpose in furtherance of IDPA's function or 
administration of the Federal funds granted to the state. ILPAC 305 
ILCS 5/1-1 et seq. In Illinois, the Medical Assistance Program provides 
qualifying individuals with health care related remedial or preventive 
services, including both Medicaid services and services authorized 
under state law that are not provided under Federal law (ILPAC 305 ILCS 
5/5-1 et seq.).
    IDPA 's disclosure of the Medicaid/IDPA data pursuant to this 
agreement is for purposes directly connected with the administration of 
the Medicaid program, in compliance with Illinois Public Aid Code 
sections 11-9 and 12-13.1 (305 ILCS 5/11-9 and 5/12-13.1). Those

[[Page 17673]]

purposes are the detection, prosecution and deterrence of F&A in the 
Medicaid program.

PURPOSE(S) OF THE MATCHING PROGRAM:
    The purpose of this agreement is to establish the conditions, 
safeguards, and procedures under which the Centers for Medicare & 
Medicaid Services (CMS) will conduct a computer matching program with 
the Illinois Department of Public Aid (IDPA) to study claims, billing, 
and eligibility information to detect suspected instances of Medicare 
and Medicaid fraud and abuse (F&A) in the State of Illinois. CMS and 
IDPA will provide a CMS contractor (hereinafter referred to as the 
``Custodian'') with Medicare and Medicaid records pertaining to 
eligibility, claims, and billing which the Custodian will match in 
order to merge the information into a single database. Utilizing fraud 
detection software, the information will then be used to identify 
patterns of aberrant practices requiring further investigation. The 
following are examples of the type of aberrant practices that may 
constitute F&A by practitioners, providers, and suppliers in the State 
of Illinois expected to be identified in this matching program: (1) 
Billing for provisions of more than 24 hours of services in one day, 
(2) providing treatment and services in ways more statistically 
significant than similar practitioner groups, and (3) up-coding and 
billing for services more expensive than those actually performed.

CATEGORIES OF RECORDS AND INDIVIDUALS COVERED BY THE MATCH:
    This CMP will enhance the ability of CMS and IDPA to detect F&A by 
matching claims data, eligibility, and practitioner, provider, and 
supplier enrollment records of Medicare beneficiaries, practitioners, 
providers, and suppliers in the State of Illinois against records of 
Medicaid recipients, practitioners, providers, and suppliers in the 
State of Illinois.

DESCRIPTION OF RECORDS TO BE USED IN THE MATCHING PROGRAM:
    The data for CMS are maintained in the following Systems of 
Records: National Claims History (NCH), System No. 09-70-0005 was most 
recently published in the Federal Register, at 67 FR 57015 (September 
6, 2002). NCH contains records needed to facilitate obtaining Medicare 
utilization review data that can be used to study the operation and 
effectiveness of the Medicare program. Matched data will be released to 
IDPA pursuant to the routine use as set forth in the system notice.
    Carrier Medicare Claims Record, System No. 09-70-0501 published in 
the Federal Register at 67 FR 54428 (August 22, 2002). Matched data 
will be released to IDPA pursuant to the routine use as set forth in 
the system notice.
    Enrollment Database, System No. 09-70-0502 (formerly known as the 
Health Insurance Master Record) published at 67 FR 3203 (January 23, 
2002). Matched data will be released to IDPA pursuant to the routine 
use set forth in the system notice.
    Intermediary Medicare Claims Record, System No. 09-70-0503 
published in the Federal Register at 67 FR 65982 (October 29, 2002). 
Matched data will be released to IDPA pursuant to the routine use as 
set forth in the system notice.
    Unique Physician/Provider Identification Number (formerly known as 
the Medicare Physician Identification and Eligibility System), System 
No. 09-70-0525, was most recently published in the Federal Register at 
53 FR 50584 (Dec 16, 1988). Matched data will be released to IDPA 
pursuant to the routine use as set forth in the system notice.
    Medicare Supplier Identification File, System No. 09-70-0530 was 
most recently published in the Federal Register, at 67 FR 48184 (July 
23, 2002). Matched data will be released to IDPA pursuant to the 
routine use as set forth in the system notice.
    Medicare Beneficiary Database, System No. 09-70-0536 published in 
the Federal Register at 67 FR 63392 (December 6, 2001). Matched data 
will be released to IDPA pursuant to the routine use as set forth in 
the system notice.
    Medicaid data are maintained within the IDPA Medical Data 
Warehouse. The warehouse includes claims history, beneficiary 
eligibility and identification data, and provider eligibility and 
identification data. IDPA may change file formats after giving 
reasonable notice to the Custodian.

INCLUSIVE DATES OF THE MATCH:
    The CMP shall become effective no sooner, than 40 days after the 
report of the Matching Program is sent to OMB and Congress, or 30 days 
after publication in the Federal Register, which ever is later. The 
matching program will continue for 18 months from the effective date 
and may be extended for an additional 12 months thereafter, if certain 
conditions are met.

[FR Doc. 04-7623 Filed 4-2-04; 8:45 am]
BILLING CODE 4120-03-P