[Federal Register Volume 69, Number 182 (Tuesday, September 21, 2004)]
[Rules and Regulations]
[Pages 56364-56367]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-21204]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

Office of Inspector General

45 CFR Part 61

RIN 0991-AB31


Health Care Fraud and Abuse Data Collection Program: Technical 
Revisions to Healthcare Integrity and Protection Data Bank Data 
Collection Activities

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The rule finalizes technical changes to the Healthcare 
Integrity and Protection Data Bank (HIPDB) data collection reporting 
requirements by clarifying the types of personal numeric identifiers 
that may be reported to the data bank in connection with adverse 
actions. The rule clarifies that in lieu of a Social Security Number 
(SSN), an individual taxpayer identification number (ITIN) may be 
reported to the data bank when, in those limited

[[Page 56365]]

situations, an individual does not have an SSN.

DATES: The regulations amending 45 CFR part 61 became effective on July 
19, 2004.

FOR FURTHER INFORMATION CONTACT: Joel Schaer, Office of External 
Affairs, (202) 619-0089.

SUPPLEMENTARY INFORMATION: 

I. Background

A. The Healthcare Integrity and Protection Data Bank (HIPDB)

    Section 221(a) of the Health Insurance Portability and 
Accountability Act (HIPAA) of 1996, Public Law 104-91, required the 
Department, acting through the Office of Inspector General, to 
establish a health care fraud and abuse control program to combat 
health care fraud and abuse (section 1128C of the Social Security Act 
(the Act)). Among the major steps in this program has been the 
establishment of a national data bank to receive and disclose certain 
final adverse actions against health care providers, suppliers, or 
practitioners, as required by section 1128E of the Act, in accordance 
with section 221(a) of HIPAA. The data bank, known as the Healthcare 
Integrity and Protection Data Bank (HIPDB), is designed to collect and 
disseminate the following types of information regarding final adverse 
actions: (1) Civil judgments against health care providers, suppliers, 
or practitioners in Federal or State court that are related to the 
delivery of a health care item or service; (2) Federal or State 
criminal convictions against a health care provider, supplier, or 
practitioner related to the delivery of a health care item or service; 
(3) final adverse actions by Federal or State agencies responsible for 
the licensing and certification of health care providers, suppliers, or 
practitioners; (4) exclusion of a health care provider, supplier, or 
practitioner from participation in Federal or State health care 
programs; and (5) any other adjudicated actions or decisions that the 
Secretary establishes by regulation.
1. Data Elements To Be Reported to the HIPDB
    Section 1128E(b)(2) of the Act cited a number of required elements 
or types of data that must be reported to the HIPDB. These elements 
include: (1) The name of the individual or entity; (2) a taxpayer 
identification number; (3) the name of any affiliated or associated 
health care entity; (4) the nature of the final adverse action and 
whether the action is on appeal; (5) a description of the acts or 
omissions, or injuries, upon which a final adverse action is based; and 
(6) any other additional information deemed appropriate by the 
Secretary. With respect to this last element, we have exercised this 
discretion to add additional reportable data elements reflecting much 
of the information that is already routinely collected by the Federal 
and State reporting agencies.
    Final regulations implementing the HIPDB were published in the 
Federal Register on October 26, 1999 (64 FR 57740). In those final 
regulations, for an individual (1) who is the subject of a civil 
judgment or criminal conviction related to the delivery of a health 
care item or service; or (2) who is the subject of a licensure action 
taken by Federal or State licensing and certification agencies, an 
adjudicated action or decision, or an individual excluded from 
participation in a Federal or State health care program, the current 
HIPDB systems of records contain, among other things, the individual's 
full name, other names used (if known), and his or her SSN. We 
specifically indicated that use of personal identifiers, such as SSNs 
and Federal Employer Identification Numbers (FEINs), in the collection 
and reporting to the HIPDB:
     Provides explicit matching of specific adverse action 
reports to and from the data bank;
     Provides a greater confidence level in the system's 
matching algorithm and maximizes the system's ability to prevent the 
erroneous reporting and disclosure of health care providers, suppliers 
and practitioners; and
     Strengthens States' ability to detect individuals who move 
from State to State without disclosure or discovery of previous 
damaging performance.
    However, in addressing the list of ``mandatory'' data elements that 
must be reported to the data bank in connection with adverse actions, 
the final regulations inadvertently omitted reference to the reporting 
of an ITIN to the data bank when, in those limited situations, an 
individual does not have an SSN.
2. Tax Identification Numbers as Defined by the Internal Revenue Code
    As indicated above, HIPAA requires ``the name and TIN (as defined 
in section 7701(a)(41) of the Internal Revenue Code (IRC) of 1986) of 
any health care provider, supplier, or practitioner who is the subject 
of a final adverse action'' to be reported to the data bank. Section 
7701(a)(41) of the IRC does not specifically define TIN, but instead 
refers to section 6109 of the Code. Section 6109(d) states that an 
individual's SSN is the tax identifying number for an individual, 
except as otherwise specified in regulations by the Secretary of the 
Treasury. In turn, the Department of the Treasury regulations set forth 
at 26 CFR 301.6109-l(a)(ii)(B) provide for the issuance of an ITIN for 
individuals who are not eligible for an SSN.

C. Technical Revisions to 45 CFR Part 61

    The HIPDB regulations at 45 CFR part 61 required the SSN on reports 
of adverse actions on individuals. Although the SSN meets the statutory 
requirement of a TIN, we believed that the inclusion of the ITIN, which 
is also a TIN, is consistent with the statutory requirements of HIPAA. 
Most reportable final adverse actions are taken against individual 
health care practitioners who are permitted to work in the United 
States. Non-citizens in the United States with permission to work are 
eligible for SSNs. However, we had become aware that there are non-
citizens who do not have permission to work in the United States, but 
who do have ITINs assigned by the Internal Revenue Service (IRS) for 
tax purposes \1\ and hold valid State health care licenses. One example 
would be a foreign physician who does not practice in the United 
States, but desires to have a State license as a qualification of his 
or her ability to practice medicine. We believed that there may be very 
limited incidences where reportable adverse actions, particularly 
licensing actions, may be taken against these health care 
practitioners, such as an adverse licensing action taken by a medical 
licensing authority in a foreign country that is then reported to a 
State medical licensing board which then revokes the State medical 
license of the foreign physician. However, if the physician does not 
have a SSN, the State medical licensing authority is currently unable 
to report the action. We believed that the revision of the HIPDB 
regulations to include the collection of the ITIN for individuals who 
do not have SSNs, but have been assigned an ITIN, would enable the data 
bank to receive reports that it could not receive.
---------------------------------------------------------------------------

    \1\ These individuals can use previously IRS assigned ITINs, 
although they cannot qualify for an ITIN solely for licensing 
purposes.
---------------------------------------------------------------------------

II. Summary of Provisions of the Interim Final Rule With Comment Period

    In order to allow for the collection and dissemination of all 
appropriate information to and from the data bank, on June 17, 2004, we 
published in the Federal Register (69 FR 33866) an interim final rule 
with comment period that revised Sec. Sec.  61.7, 61.8, and 61.10 of

[[Page 56366]]

the HIPDB regulations at 45 CFR part 61 to indicate that for the 
reporting of (1) licensure actions taken by Federal and State licensing 
and certification agencies, (2) Federal or State criminal convictions 
related to the delivery of a health care item or service, or (3) 
exclusions from participation in Federal or State health care programs:
     If the subject is an individual, entities must report 
either the SSN or ITIN;
     If the subject is an organization, entities must report 
the FEIN, or SSN or ITIN when used by the subject as a TIN; and
     If the subject is an organization, entities should report, 
if known, any FEINs, SSNs or ITINs used.
    These revisions in the interim final rule also allowed the 
reporting of ITINs, by reference, to the reports required in Sec. Sec.  
61.9 and 61.11.
    In addition, the interim final rule noted that while the inclusion 
of a SSN or ITIN was a necessary reporting element in reporting adverse 
actions to the HIPDB, the Social Security Administration and the 
Internal Revenue Service are not required to assign a SSN or an ITIN, 
respectively, to those individuals who do not otherwise qualify for 
such identification numbers.

III. Analysis of and Responses to Public Comments

    We received no public comments in response to the June 17, 2004 
interim final rule.

IV. Provisions of the Final Regulations

    The provisions of this final rule are identical to the provisions 
of the June 17, 2004 interim final rule.

V. Regulatory Impact Statement

A. Regulatory Analysis

    We have examined the impacts of this technical rule revision as 
required by Executive Order 12866, the Regulatory Flexibility Act (RFA) 
of 1980, the Unfunded Mandates Reform Act of 1995, and Executive Order 
13132.
1. Executive Order 12866
    Executive Order 12866 directs agencies to assess all costs and 
benefits of available regulatory alternatives and, if regulations are 
necessary, to select regulatory approaches that maximize net benefits 
(including potential economic, environmental, public health, and safety 
effects; distributive impacts; and equity). A regulatory impact 
analysis must be prepared for major rules with economically significant 
effects ($100 million or more in any given year). This is not a major 
rule as defined at 5 U.S.C. 804(2), and it is not economically 
significant since this technical revision will not have a significant 
effect on program expenditures and there will be no additional 
substantive cost through codification of this change. Specifically, the 
revisions to 45 CFR part 61 set forth in this rule are technical in 
nature and are designed to further clarify statutory requirements. The 
economic effect of these revisions will impact only those limited few 
individuals or organizations that are that subject of an adverse action 
reportable to the data bank. As such, we believe that the aggregate 
economic impact of this technical revision to the regulations will be 
minimal and have no appreciable effect on the economy or on Federal or 
State expenditures.
2. Regulatory Flexibility Act
    The RFA and the Small Business Regulatory Enforcement and Fairness 
Act of 1996, which amended the RFA, require agencies to analyze options 
for regulatory relief of small businesses. For purposes of the RFA, 
small entities include small businesses, nonprofit organizations, and 
government agencies. Most providers are considered to be small entities 
by having revenues of $6 million to $29 million or less in any one 
year. For purposes of the RFA, most physicians and suppliers are 
considered to be small entities. In addition, section 1102(b) of the 
Social Security Act requires us to prepare a regulatory impact analysis 
if a rule may have a significant impact on the operations of a 
substantial number of small rural providers. This analysis must conform 
to the provisions of section 604 of the RFA.
    We anticipate that the number of individuals who do not have 
permission to work in the United States but who have ITINs, who hold 
valid State health care licenses, and who will be the subject of a 
report to the HIPDB will be minimal. Even in those very limited 
incidences where reportable adverse actions, such as licensing actions, 
may be taken against a health care practitioner, we believe that the 
aggregate economic impact of this technical revision will be minimal 
since it is the nature of the conduct and not the size or type of the 
entity that would result in the violation and the need to report the 
adverse action to the HIPDB. As a result, we have concluded that this 
technical rule should not have a significant impact on the operations 
of a substantial number of small or rural providers, and that a 
regulatory flexibility analysis is not required for this rulemaking.
3. Unfunded Mandates Reform Act
    Section 202 of the Unfunded Mandates Reform Act of 1995 (Pub. L. 
104-4) also requires that agencies assess anticipated costs and 
benefits before issuing any rule that may result in expenditure in any 
one year by State, local, or tribal governments, in the aggregate, or 
by the private sector, of $110 million. As indicated, these technical 
revisions comport with statutory intent and clarify the legal 
authorities for reporting information to the data bank against those 
who have acted improperly against the Federal and State health care 
programs. As a result, we believe that there are no significant costs 
associated with these revisions that would impose any mandates on 
State, local, or tribal governments, or the private sector that will 
result in an expenditure of $110 million or more (adjusted for 
inflation) in any given year, and that a full analysis under the 
Unfunded Mandates Reform Act is not necessary.
4. Executive Order 13132
    Executive Order 13132, Federalism, establishes certain requirements 
that an agency must meet when it promulgates a rule that imposes 
substantial direct requirements or costs on State and local 
governments, preempts State law, or otherwise has Federalism 
implications. In reviewing this rule under the threshold criteria of 
Executive Order 13132, we have determined that this rule will not 
significantly affect the rights, roles, and responsibilities of State 
or local governments.

B. Paperwork Reduction Act

    The provisions of this rulemaking impose no express new reporting 
or recordkeeping requirements on reporting entities. As indicated, this 
additional reportable data element reflects information that is already 
routinely collected by the Federal and State reporting agencies on 
health care providers, suppliers and practitioners, and imposes no new 
reporting burden beyond the data element fields already approved by 
0MB.

List of Subjects in 45 CFR Part 61

    Billing and transportation services, Durable medical equipment 
suppliers and manufacturers, Health care insurers, Health maintenance 
organizations, Health professions, Home health care agencies, 
Hospitals, Penalties, Pharmaceutical suppliers and manufacturers, 
Privacy, Reporting and recordkeeping requirements, Skilled nursing 
facilities.

[[Page 56367]]

PART 61--HEALTHCARE INTEGRITY AND PROTECTION DATA BANK FOR FINAL 
ADVERSE INFORMATION ON HEALTH CARE PROVIDERS, SUPPLIERS AND 
PRACTITIONERS

0
Accordingly, the interim final rule with comment period amending 45 CFR 
part 61, which was published on June 17, 2004 in the Federal Register 
at 69 FR 33866-33869 is adopted as a final rule without change.

    Dated: August 23, 2004.
Lewis Morris,
Chief Counsel to the Inspector General.
    Approved: September 15, 2004.
Tommy G. Thompson,
Secretary.
[FR Doc. 04-21204 Filed 9-20-04; 8:45 am]
BILLING CODE 4152-01-P