[Federal Register Volume 70, Number 246 (Friday, December 23, 2005)]
[Rules and Regulations]
[Pages 76199-76208]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-24389]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Medicare and Medicaid Services

42 CFR Part 484

[CMS-3006-F]
RIN 0938-AJ10


Medicare and Medicaid Programs: Reporting Outcome and Assessment 
Information Set Data as Part of the Conditions of Participation for 
Home Health Agencies

AGENCY: Centers for Medicare and Medicaid Services (CMS), HHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This final rule makes revisions in response to public comments 
received on the January 25, 1999 interim final rule with comment period 
(64 FR 3748). The interim final rule requires electronic reporting of 
data from the Outcome and Assessment Information Set as a Condition of 
Participation for home health agencies.

DATES: Effective Dates: This final rule is effective on June 21, 2006.

FOR FURTHER INFORMATION CONTACT: Rebecca Donnay (410) 786-1428, 
Patricia Sevast (410) 786-8135, Steve Miller (410) 786-6656.

SUPPLEMENTARY INFORMATION:

I. Background

A. General Legislative Background

    Home health services are furnished to Medicare beneficiaries under 
the Hospital Insurance (Part A) and Supplemental Medical Insurance 
(Part B) benefits of the Medicare program, and are described in section 
1861(m) of the Social Security Act (the Act). These services must be 
furnished by, or under arrangement with, a home health agency (HHA) 
that participates in the Medicare program, and must be provided on a 
visiting basis in the beneficiary's home.
    Section 1861(o) of the Act specifies certain requirements that an 
HHA must meet to participate in the Medicare program. In particular, 
section 1861(o)(6) of the Act provides that an HHA must meet the 
Conditions of Participation (CoPs) specified in section 1891(a) of the 
Act, and any other CoPs that we find necessary in the interest of the 
health and safety of HHA patients. Section 1861(o)(8) of the Act 
provides that an HHA must meet additional requirements that the 
Secretary finds necessary for the effective and efficient operation of 
the home health program.
    Section 1891 of the Act sets forth many of the conditions that HHAs 
must meet to participate in the Medicare program. Specifically, section 
1891(a) of the Act establishes requirements for HHAs with respect to 
patient rights, home health aide training and competency, and 
compliance with applicable Federal, State, and local laws. Under 
section 1891 of the Act, we are responsible for assuring that the CoPs, 
and their enforcement, are adequate to protect the health and safety of 
all individuals under the care of an HHA and to promote the effective 
and efficient use of Medicare funds.
    Under the authority of sections 1861(o), 1871, and 1891 of the Act, 
we have established in regulations the requirements that an HHA must 
meet to participate in Medicare. These requirements are set forth at 42 
CFR part 484, Home Health Services. The CoPs apply to an HHA as an 
entity and the services furnished to all individuals under the care of 
the HHA, unless a condition is specifically limited to Medicare 
beneficiaries. Existing regulations in Sec.  440.70(d) specify that 
HHAs participating in the Medicaid program must also meet the Medicare 
CoPs.
    In accordance with sections 1864 and 1891(c) of the Act, State 
agencies generally conduct surveys of HHAs to determine whether they 
are complying with the CoPs. Section 1864 of the Act authorizes the use 
of State agencies to determine providers' compliance with the CoPs. 
Responsibilities of States in ensuring compliance with the CoPs are set 
forth at 42 CFR part 488, Survey, Certification, and Enforcement 
Procedures.

B. Legislation and Related Regulations

    Section 1861(o) of the Act, as amended by section 4603 of the 
Balanced Budget Act of 1997 (BBA) (Pub. L. 105-33), enacted on August 
5, 1997, requires us to establish a Home Health Prospective Payment 
System (HHPPS) for services on or after October 1, 1999. Section 5101 
of the Omnibus Consolidated and Emergency Supplemental Appropriations 
Act for 1999 (OCESAA) (Pub. L. 105-277), enacted on October 21, 1998, 
delayed the implementation date of the HHPPS until October 1, 2000.
    In order to implement the prospective payment system, it was 
necessary that we have data from HHAs to develop a reliable case-mix 
adjustor system. Section 4602 of the BBA provided that, for cost 
reporting periods beginning on or after October 1, 1997, we may require 
HHAs to submit additional information that we consider necessary for 
the development of a reliable case-mix system. The Outcome and 
Assessment Information Set (OASIS), the assessment instrument developed 
to measure patient health care outcomes in HHAs, is also a vehicle 
through which information is collected and used for the case-mix 
system.
    Thus, to facilitate the implementation of the prospective payment 
system and to gather data to be used to evaluate and develop plans to 
improve outcomes of care in HHAs, we published two regulations in the 
Federal Register on January 25, 1999. The final rule, Comprehensive 
Assessment and Use of the OASIS as Part of the Conditions of 
Participation for Home Health Agencies (64 FR 3764), requires that HHAs 
complete a comprehensive assessment for each patient, and that they 
incorporate the OASIS into their current patient assessment process. In 
addition, we published an interim final rule with comment period to 
require HHAs to electronically report data from the OASIS to the State 
survey agency, or other entity designated by us (64 FR 3748).
    The June 18, 1999, notice (64 FR 32984) in the Federal Register 
entitled ``Mandatory Use, Collection, Encoding, and Transmission of 
Outcome and Assessment Information Set (OASIS) for Home Health Agencies 
(HHAs)'', announced the effective dates for the mandatory use, 
collection, encoding, and transmission of OASIS data for all Medicare/
Medicaid patients receiving skilled services. This notice also 
described the development of a new OASIS System of Records (SOR). We 
indicated that for patients receiving only personal care services, 
regardless of payer source, requirements for OASIS and the transmission 
of those data would be delayed until further notice. In addition, the 
notice announced that for non-Medicare/non-Medicaid

[[Page 76200]]

patients receiving skilled services, there would be no encoding and 
transmission of OASIS data until further notice.
    Until recently, HHAs were required by Sec.  484.55 to perform a 
comprehensive assessment on non-Medicare/non-Medicaid patients 
receiving skilled services using OASIS even though they were not 
required to encode and transmit OASIS data collected on these patients. 
Section 704 of the Medicare Prescription Drug, Improvement, and 
Modernization Act of 2003 (MMA), enacted on December 8, 2003 (Pub. L. 
108-173), however, temporarily suspended the collection of OASIS data 
on an HHA's non-Medicare/non-Medicaid patients required by Sec.  484.55 
until we reported to the Congress how OASIS information on non-
Medicare/non-Medicaid patients was and could be used by large HHAs, 
including the value of collecting OASIS information by small HHAs 
compared to the administrative burden. We are also required by the MMA 
to publish final regulations regarding the collection and use of OASIS 
information. On December 11, 2003, we issued a survey and certification 
memorandum (S&C-04-12) instructing State survey agencies (SAs) that: 
(1) Effective December 8, 2003, and until further notice, SAs must not 
cite any deficiency for an HHA's failure to include the OASIS data set 
as part of the patient-specific, comprehensive assessment for non-
Medicare/non-Medicaid patients otherwise required by Sec.  484.55; and 
(2) any pending survey findings related to an HHA's omission to collect 
OASIS data on non-Medicare/non-Medicaid patients will be suspended.
    After the January 25, 1999, and June 18, 1999, Federal Register 
publications, we expected that HHAs would incorporate the OASIS data 
set into their own agency assessment process, and that all patients 
receiving skilled services from Medicare-approved HHAs would be 
assessed at certain times, incorporating the specified OASIS data 
items. HHAs would encode and transmit OASIS data to the State agency, 
and HHAs would use the validation feedback reports, data management 
system reports, the Outcome-based Quality Monitoring (OBQM) reports, 
and the Outcome-based Quality Improvement (OBQI) reports generated by 
the State for agency improvement.
    Since the effective date of the OASIS requirements, HHAs nationwide 
have been actively working to meet these goals. State OASIS Educational 
Coordinators (OECs) report that most HHAs have successfully 
incorporated the OASIS data set into their own agency assessment 
process and have trained their own staff in implementing OASIS. HHAs 
are assessing Medicare and Medicaid patients receiving skilled care, 
and are encoding and transmitting these assessments to the State 
agency. In most cases, HHAs are using the OASIS State system feedback 
reports to improve data collection and submission. Most clinicians and 
other agency staff have developed skills for tasks associated with 
OASIS data collection, data entry, and transmission. By using the many 
resources we have made available to providers (for example, State-
sponsored training, Home Assessment Validation Entry (HAVEN), telephone 
and e-mail help lines, comprehensive User's Manuals, and the CMS OASIS 
Web page) agencies have, for the most part, successfully implemented 
OASIS.
    An analysis of OASIS data in the CMS national repository shows that 
nearly all of the HHAs expected to submit OASIS data have done so. Over 
56.4 million assessments have been submitted by HHAs from every State 
since August 1999. Currently, the State survey and certification 
agencies are contacting HHAs that have not submitted OASIS data and are 
initiating standard monitoring and enforcement procedures.
    Over the next several years, home health agencies are encouraged to 
take steps toward the adoption of electronic medical records (EMRs) 
that will allow for reporting of clinical quality data from the 
electronic record directly to a CMS data repository. CMS intends to 
begin working toward creating measures specifications and a system or 
mechanism, or both, that will accept the data directly. The Department 
is presently working cooperatively with other Federal agencies in the 
development of Federal health architecture data standards. CMS 
encourages home health agencies that are developing systems to conform 
them to both industry standards and any Federal health architecture 
data standards, and to ensure that they would capture the data 
necessary for quality health measures. Ideally, such systems will also 
provide point-of-care decision support that enables high levels of 
performance on the measures. Home health agencies using EMRs to produce 
data on quality measures will be held to the same performance 
expectations as home health agencies not using EMRs. We are exploring 
requirements for the submission of electronically produced data and 
other options to encourage the submission of such data.

II. Provisions of the Interim Final Rule With Comment Period and 
Discussion of Public Comments

    In the January 25, 1999, interim final rule with comment period (64 
FR 3749), we generally mandated that all HHAs participating in Medicare 
and Medicaid (including managed care organizations providing home 
health services to Medicare and Medicaid beneficiaries) report their 
OASIS data to the database we established within each State via 
electronic transmission. The interim final rule required State agencies 
and the CMS OASIS contractors to maintain OASIS databases according to 
our specifications. To ensure confidentiality of individual patient-
identifiable data collected for OASIS databases, we set forth 
requirements for State agencies, CMS OASIS contractors, and HHAs 
regarding the release of this information. We received approximately 
200 public comments on the interim final rule (64 FR 3748), which we 
address below.

A. Section 484.11, Condition of Participation: Release of Patient-
Identifiable OASIS Information

    At Sec.  484.11, Condition of Participation: Release of Patient-
Identifiable OASIS Information, we require that the HHA, or an agent 
acting on behalf of the HHA, ensure the confidentiality of all patient-
identifiable information contained in the clinical record and may not 
release patient-identifiable OASIS information to the public. We also 
specify that an agent acting on behalf of the HHA, in accordance with a 
written contract between the HHA and the agent, may not use or disclose 
the information. The agent may use or disclose data only to the extent 
that the HHA itself is permitted to do so.
    Comment: Many commenters were concerned about the confidential 
nature of OASIS data that are transmitted and questioned how we will 
ensure the protection of collected and reported patient-identifiable 
information.
    Response: Confidentiality of medical information is not a new 
requirement. Health information, by its very nature is sensitive and 
private. Because the privacy of patient-identifiable information is one 
of our major priorities we have taken exhaustive steps to ensure the 
privacy of this information by making the provision a condition of 
participation to emphasize its seriousness. We endeavor to ensure that 
access to an agency's OASIS data (hard copy or electronic data) is 
adequately controlled by the HHA. Under this requirement, the HHA must 
ensure the confidentiality of all patient-

[[Page 76201]]

identifiable OASIS information contained in the clinical records, and 
may not release it for any reason other than for its intended purpose 
in conducting the business of the agency. As with any other medical 
information maintained by the agency, HHAs must have policies and 
procedures governing the confidentiality of OASIS data. In addition, we 
note that HHAs that are covered entities must comply with the 
requirements of the Privacy and Security Rules issued under the Health 
Insurance Portability and Accountability Act of 1996 (HIPPA).
    Ensuring confidentiality of OASIS data includes mechanisms such as 
having policies and procedures for assigning and maintaining 
passwords--that must be kept secure--for access to HAVEN and for 
transmitting OASIS data to the State agency. This CoP also allows HHAs 
to choose to encode and transmit OASIS data to the State agency itself, 
or to contract with an outside entity (agent or vendor) to fulfill 
these requirements. Experience indicates that there are a number of 
secure methods that can be used to send OASIS data to vendors. Some 
examples of secure methods are to use a courier service, the United 
States Postal Service, or fax. However, use of fax transmissions must 
comply with section 2202.16 of the State Operations Manual, which 
provides guidelines for fax transmission of OASIS data.
    Agents or vendors acting on behalf of the HHA, such as a data entry 
and submission vendor, are bound by the same confidentiality rules as 
the HHA. OASIS data must be used only as a matter of agency business. 
As such, a written contract must be in place that, among other things, 
defines the nature of agency business with regard to OASIS data. 
Violations that compromise data confidentiality by an entity that is 
contracted with the HHA are the responsibility of the HHA, and will 
constitute a condition-level finding of non-compliance.
    Once the HHA data reach the State agency, there are additional 
safeguards in place to protect the confidentiality of the OASIS data. 
The HHA OASIS system is designed to conform to applicable law and 
policy governing the privacy and security of Federal automated 
information systems. These include, but are not limited to: The Privacy 
Act of 1974, Computer Security Act of 1987, the Paperwork Reduction Act 
of 1995, the Health Insurance Portability and Accountability Act of 
1996 (HIPAA), the Clinger-Cohen Act of 1996, the Federal Information 
Security Management Act of 2002, the Department's Privacy and Security 
Rules, and OMB Circular A-130 (revised), Appendix III, ``Security of 
Federal Automated Information Resources.'' We have prepared a 
comprehensive system security plan as required by the OMB Circular. 
This plan conforms fully to guidance issued by the National Institute 
for Standards and Technology (NIST) in NIST Special Publication 800-18, 
``Guide for Developing Security Plans for Information Technology 
Systems.''
    Some of the specific methods that we are using to ensure the 
security of the HHA OASIS system and the information within it are 
described below.
    We have safeguards for authorized users and monitors these users to 
ensure against excessive or unauthorized use. Personnel having access 
to the system have been trained in the Privacy Act and systems security 
requirements. Employees who maintain records in the system are 
instructed not to release any data until the intended recipient agrees 
to implement appropriate administrative, technical, procedural, and 
physical safeguards sufficient to protect the confidentiality of the 
data and to prevent unauthorized access to the data.
    In addition, we have physical safeguards in place to reduce the 
exposure of computer records and, thus, achieve an optimum level of 
protection and security for the HHA OASIS system. For computerized 
records, we have established safeguards in accordance with HHS 
standards and NIST guidelines; for example, security codes will be 
used, permitting access to authorized personnel exclusively. System 
security procedures are established in accordance with HHS, Information 
Resource Management Circular 10, HHS Information Systems 
Security Program Policy of December 15, 2004; CMS Information Systems 
Security Policy, Standards and Guidelines; and OMB Circular No. A-130 
(revised) Appendix III.
    Comment: One commenter was particularly concerned about patients' 
social security numbers. The commenter stated that social security 
numbers should not be used as an identifier for medical records stored 
by the government. Other commenters were concerned about reporting 
information collected from the OASIS that pertains to a patient's 
psychological profile and lifestyle.
    Response: We have endeavored to put many physical, technical, and 
procedural safeguards in place to protect health information. Only 
those individuals with a legitimate need for this information will be 
allowed to have access. States and HHAs must take similar precautions. 
The transmission of all identifiable health information will be secure 
at all times if it is transmitted according to the requirements 
outlined in this final rule, which strictly controls access to prevent 
any unauthorized use. In addition, health information (including OASIS) 
is encoded and transmitted from providers to State agencies over closed 
loop telephone lines. In July 2000, in response to industry concerns, 
we made available the Medicare data communication network (MDCN) 
communications link from each HHA to its respective State health agency 
to allow the HHAs to submit OASIS data and retrieve reports. The MDCN, 
both hardware and software, allows direct dial-up access to the State 
agency by each registered MDCN user in each HHA. This supersedes use of 
the current dial-up connection process, which previously was the only 
way HHAs could submit OASIS data and retrieve reports. This new system 
allows each HHA to control all aspects of encoding, submitting, and 
receiving reports according to its policy and promotes a higher level 
of personal security with individual user IDs. There will be no 
additional cost to the HHA for the use of this dial-up service. 
Multiple users in an agency will be able to access the State agency 
with individual MDCN user IDs. In order to verify that the person 
trying to access the information is authorized, several safeguards are 
in place. For example, in the OASIS State system, a person must enter a 
user ID and password at three different checkpoints before access is 
permitted. There is no ``back door'' into the system that would allow 
unauthorized or illegal access.
    Comment: A few commenters suggested that we eliminate OASIS 
questions that solicit sensitive financial information on patients, and 
remove the requirement for information to be reported to CMS.
    Response: We believe commenters were referring to OASIS item M0160, 
``Financial Factors.'' We have never required the collection or 
transmission of OASIS item M0160. In addition, we established a 
Regulations Reform Advisory Committee to further reduce regulatory 
burden. As a result of earlier recommendations from that committee, we 
have eliminated this item from the OASIS instrument. In addition to the 
OASIS item related to financial factors, we have also eliminated the 
following items from the OASIS instrument: M0310, ``Structural 
Barriers'; M0320, ``Safety Hazards'; M0330, ``Sanitation Hazards'; and 
M0600, ``Patient Behaviors.'' Earlier versions of HAVEN (5.0 and 
earlier) currently allow

[[Page 76202]]

encoding of these items for HHA use, but will automatically prevent 
transmission at the source. As part of the assessment process, HHAs may 
continue to collect the information. However, if HHAs transmit the 
information, it will not be stored in the State's system.

B. Section 484.20, Condition of Participation: Reporting OASIS 
Information

    In Sec.  484.20, Condition of Participation: Reporting OASIS 
Information, we require HHAs to report to CMS OASIS data collected on 
all patients. This requirement applies to all patients except prepartum 
and postpartum patients, patients under the age of 18, patients not 
receiving skilled health care services, and non-Medicare/non-Medicaid 
patients. As stated above, on June 18, 1999, we published a notice (64 
FR 32984) that delayed the applicability of the collection requirements 
to patients receiving only personal care services and delayed the 
requirement to encode and report collected OASIS data on non-Medicare/
non-Medicaid patients until further notice. Currently, the policy to 
delay the applicability of the collection requirements to patients 
receiving only personal care services and to delay the requirement to 
encode and report collected OASIS data on non-Medicare/non-Medicaid 
patients remains in effect. There is also a temporary suspension on the 
collection of OASIS data on non-Medicare/non-Medicaid patients 
effective December 8, 2003, under section 704 of the Medicare 
Prescription Drug, Improvement and Modernization Act of 2003 (Pub L. 
108-173) (MMA).
General Comments on Reporting OASIS Data
    We received several comments in support of our efforts to collect 
and report OASIS data for the purpose of tracking the quality of 
patient outcomes.
    Comment: One commenter stated that many nurses, because of the 
substantial demands of their jobs, have not been able to devote 
sufficient time to assessing a patient's health care needs, 
compromising the quality of the care provided. The commenter believes 
that OASIS enables nurses to more thoroughly assess their patients' 
needs. The commenter also stated that OASIS is ``the best thing created 
by CMS.'' The commenter also noted that OASIS data could indicate that 
some patients actually need home care and may also reveal abuses of the 
Medicare program.
    Response: We appreciate the positive comment. In addition to using 
OASIS to develop the HHPPS, in the quality measurement and improvement 
system, and in the Survey and Certification program, we plan to use 
OASIS to support our program integrity efforts as we administer the 
Medicare program.
    Comment: Several commenters supported the principle of having HHAs 
collect and report OASIS data for quality outcome measurement and 
stated that they were looking forward to using the data. Commenters 
believed that OASIS would have positive results in identifying 
standards of care industry-wide, in addition to offering State-specific 
information concerning the care patients received. Other commenters 
stated that the industry has many questions regarding OASIS and its use 
and asked that we continue to provide clear and precise guidelines for 
OASIS reporting requirements.
    Response: We appreciate the endorsement and support for OASIS, and 
we believe that OASIS data will assist HHAs in improving the quality of 
their services. We recognize that agencies may continue to require 
guidance on collecting and reporting OASIS information. Therefore, we 
will continue to provide guidance and updated information to HHAs via 
state-sponsored training, telephone, and e-mail help lines and by 
posting relevant information on our Web site.
    Comment: One commenter acknowledged the usefulness of OASIS outcome 
data for both HHAs and CMS but questioned the connection between CMS 
obtaining data and translating those data into useable information to 
improve care.
    Response: We appreciate the supportive comments. Since April 1999, 
HHAs have collected, encoded, and reported OASIS information. The 
reports generated from the information are outcome-based and used for 
quality improvement. For some time, these Outcome Based Quality 
Improvement and Outcome Based Quality Monitoring (OBQI/OBQM) reports 
have been used for comparative analyses. These reports are shared with 
HHAs for use in their quality monitoring and improvement activities.
    For example, through a contract with the Center for Health Services 
Research, University of Colorado, we implemented the Medicare Home 
Health Quality Assurance (MEQA) demonstration to determine the 
feasibility of, and establish the methodology for, implementing OBQI 
programs in HHAs. Under the demonstration, 50 HHAs nationwide collected 
OASIS data at regular intervals for all adult patients. We computed 
outcome measures using OASIS data and provided risk-adjusted outcome 
reports for specific patient conditions (focused reports) and for all 
adult patients (global reports). We provided instruction to HHAs in 
using outcome reports to target areas for improvement or reinforcement. 
We implemented and monitored a plan of action for behavioral change 
while using yearly outcome reports to determine if targeted outcomes 
improved. Data from the reports during the MEQA demonstration indicate 
that there has been a 25 percent rate of reduction in hospitalizations 
over the length of the demonstration and 80 percent of participating 
HHAs experienced a significant improvement in targeted outcomes.
    In the Home Health Outcome Based Quality Improvement (HH-OBQI) 
System Pilot Project, five Quality Improvement Organizations (QIOs) 
found similar levels of improvement in targeted outcomes to those 
levels experienced in the MEQA demonstration. The pilot project tasked 
QIOs in five States (Maryland, Michigan, New York, Rhode Island, and 
Virginia) with helping HHAs nationwide to identify opportunities to use 
the quality reports for improvement of home health quality of care for 
Medicare beneficiaries. These five QIOs serve as a coordinating body to 
oversee the establishment of a national HH OBQI System for home health 
care. The five QIOs, using OASIS outcome reports and their own analysis 
of OASIS data, the five QIOs distribute information and guidance to all 
other QIOs participating in the HH OBQI System. The other QIOs, in 
turn, provide education, consultation, and other technical assistance 
to HHAs in developing and managing outcome-based, continuous quality 
improvement programs.
    Comment: Several commenters stated that OASIS should only be used 
for Medicare patients, so as not to destroy its usefulness for the 
HHPPS. Commenters were concerned that the quality of OASIS data would 
be adversely affected if collected and reported on patients from such 
diverse programs as Medicare, Medicaid, Medicaid waiver patients, and 
non-Medicare/non-Medicaid patients.
    Several commenters specifically stated that OASIS should be re-
evaluated for Medicaid patients, patients under Medicaid Home and 
Community-Based Waiver programs, and patients receiving ``personal-
care-only'' services. One commenter stated the belief that the OASIS 
demonstration projects did not include patients receiving personal-
care-only services. A few commenters suggested that we limit OASIS 
reporting to only a core set of

[[Page 76203]]

data elements needed for the development of the HHPPS.
    Response: We received many comments regarding the application of 
OASIS to HHA populations. Collecting OASIS data on all patients for 
quality and assessment purposes does not affect the integrity of the 
HHPPS. Limiting reported OASIS data only to items under consideration 
for HHPPS will harm the integrity and risk adjustment of quality 
indicators (as discussed in the July 3, 2000 final rule for HHPPS) and 
eliminate the ability to evaluate the effects of HHPPS on quality or to 
improve HHPPS over time.
    With regard to the quality of OASIS data, the intent of OASIS is to 
ensure that HHA patients are receiving quality care. However, we 
recognize the assessment needs for patients requiring personal-care-
only services may be different than for patients who require skilled 
services, such as nursing and rehabilitative therapy. To address these 
concerns and further research the issues, we have delayed the 
requirement for agencies to use OASIS for the personal-care-only 
population until further notice. We published the notice of the delay 
(64 FR 32984) on June 18, 1999. We are continuing this delay until we 
determine an appropriate balance between the advantages of collecting 
OASIS data from this population of patients and the reported burdens on 
providers.
    In addition, MMA, which was enacted on December 8, 2003, 
temporarily suspends the collection of OASIS data on an HHA's non-
Medicare/non-Medicaid patients until further notice. HHAs may continue 
to incorporate OASIS items into their patient-specific, comprehensive 
assessment of non-Medicare/non-Medicaid patients for their own use but 
are no longer required to do so.
    The inclusion of Medicaid waiver patients in the collection and 
reporting of OASIS data is a decision that may be made by individual 
States. Medicare-approved HHAs must report OASIS data for all other 
patients (that is, other than the previously discussed exceptions, and 
those for whom collection is delayed). The requirements governing who 
may provide services under waiver programs are left to each state's 
discretion. We do not require Medicaid waiver patients to be served by 
Medicare-approved HHAs, and States may choose providers that do not 
meet Medicare requirements (including the collection and reporting of 
OASIS data) to furnish services to individuals in State waiver 
programs.
    Comment: Many commenters asked that we clarify our policy 
concerning a patient's refusal to answer a question. Commenters were 
concerned that agencies would be penalized if a patient refused to 
answer an OASIS question and stated that because of the patient's 
refusal, there would be no OASIS information to be reported to us.
    Response: There is no Federal requirement that an HHA deny services 
to a home health patient if the patient refuses to allow clinicians to 
conduct a comprehensive assessment, refuses to answer any question 
during the comprehensive assessment, or refuses to allow the release of 
any information from the comprehensive assessment to us. However, for 
Medicare and Medicaid patients, the collection and transmission of 
OASIS data is required to meet the home health CoPs and for payment.
    Doctors, nurses, and therapists are trained to do assessments of 
their patients as part of their routine care whether the patient is 
cooperative or not. Patient assessments are critical for providers to 
know if patients' needs are being met or if their health conditions are 
improving. It is important to understand that HHAs will continue to 
perform comprehensive assessments of their uncooperative clients. OASIS 
is a standardized data format for nurses and other home health 
professionals for assessing patients' needs, developing the appropriate 
plan of care, assessing that care over the course of treatment, and 
learning how to improve the quality of care over time. While patients 
may refuse to answer a direct question (or indeed, may provide an 
inaccurate or a misleading response), clinicians are taught to assess 
patients to the best of their ability. However, State surveyors are 
obligated to assess the HHA's performance of its data collection 
responsibilities. If an agency has an unusually high rate of patients 
refusing to answer assessment questions, it may warrant a review of the 
process the HHA is using to conduct assessments.
    An HHA will have the opportunity to respond to any deficiencies 
cited by the surveyor in the HHA's plan of correction. CMS and its 
agents (State survey agencies) expect HHAs to comply with these 
regulations and will work with agencies to achieve compliance. We 
expect agencies to make a good faith effort to use OASIS. During 
initial implementation, which lasted until the end of 1999, we did not 
cite deficiencies unless an HHA was doing nothing to comply with the 
OASIS collection and reporting requirements. Beginning in 2000, we 
shifted from a more ``global'' approach of determining overall 
compliance to a more specific consideration of each requirement. Now 
each OASIS requirement is reviewed for compliance exactly as it is 
written, in the same manner as all other existing home health 
requirements. We took this action because proper OASIS data collection 
and reporting has payment and quality implications.
1. Section 484.20(a), Standard: Encoding and Transmitting OASIS Data
    We have revised Sec.  484.20(a) to require HHAs to encode and 
electronically transmit to the State agency or CMS OASIS contractor 
accurate and complete OASIS data for each applicable agency patient 
within 30 calendar days from the date the assessment was completed 
(that is, the date entered at OASIS item M0090). We have removed the 
``lock'' requirement that appeared at Sec.  484.20(c)(1) to allow HHAs 
the option of making corrections to OASIS data at any time without edit 
warnings. Since HHAs will now be able to make corrections to 
transmitted OASIS data at any time, we determined that there is no 
compelling reason to require HHAs to encode OASIS data within a 
specific timeframe. Therefore, we are no longer requiring HHAs to 
encode OASIS data within 7 days of completing an OASIS data set. 
Instead, HHAs will have 30 calendar days from the date the assessment 
was completed to both encode and transmit completed OASIS data to the 
State agency or CMS OASIS contractor. In other words, once the 
qualified clinical staff member has collected the OASIS data set at the 
time specified in Sec.  484.55, HHAs may take up to 30 calendar days 
after collection to: (1) Enter it into their computer systems using the 
Home Assessment Validation Entry (HAVEN) software or the vendor 
software meeting our data submission specifications; (2) electronically 
transmit the accurate, complete, and encoded data to the State agency 
or CMS OASIS contractor; and (3) establish HHA policy which will be in 
compliance with the instructions within the OASIS Implementation Manual 
Chapter 1, page 1.4, which require that HHAs develop ``policies and 
procedures establishing the necessary data entry and transmission 
mechanisms and, very importantly, develop and maintain appropriate data 
quality monitoring activities.''
    The changes in Sec.  484.20(a) do not alter the need for HHAs to 
ensure that the data items on the patients clinical record match the 
encoded data that are sent to the State (see OASIS Implementation 
Manual, Chapter 12, pages 12.1 and 12.2). HHAs must also continue to 
conduct data quality audits on a routine basis as outlined in the

[[Page 76204]]

OASIS Implementation Manual, Chapter 12, pages 12.1 and 12.2.
    Currently, OBQI/OBQM reports are available 2 months after 
submission of completed assessments. However, many HHAs are requesting 
that the OBQI/OBQM reports be more timely. Now that we are requiring 
HHAs to both encode and transmit completed OASIS data within 30 
calendar days, we expect the reports to be available 30 days sooner. 
Currently, 50 percent of the HHAs transmit OASIS assessments by the 
16th day after completion, and the majority of HHAs (75 percent) 
transmit assessments by the 30th day after completion. HHAs must 
continue to comply at all times with requirements for safeguarding the 
confidentiality of patient-identifiable information.
    Comment: Several commenters were concerned about the resources 
required to encode and transmit OASIS data. One commenter stated that 
the increased time to complete data entry adds to difficulties in 
meeting the 7-day encoding requirement. Another commenter suggested 
that the requirement be extended to 14 days, especially for rural 
providers.
    Response: After reviewing comments, we agree with commenters' 
concerns about the 7-day time frame for encoding. Therefore, we will 
allow HHAs 30 calendar days after the assessment is completed to encode 
and transmit OASIS data items. We have revised this timeframe based on 
industry concerns and the need to confirm the accuracy of their data. 
We believe this revised timeframe will be less burdensome for HHAs. 
These 30 calendar days are in addition to the time frames currently 
allowed for collection of the OASIS items set forth at Sec.  484.55. We 
are providing the revised timeframe of 30 calendar days for agencies to 
encode their OASIS data, resolve any outstanding data collection 
issues, and transmit the accurate and completed OASIS data. We assigned 
time frames that we believe best represent a balance between efficient, 
timely data collection and entry, and the burden placed on the HHA. As 
this process evolves, we will continue to explore techniques to make 
the reporting process as efficient as possible.
2. Section 484.20(b), Standard: Accuracy of Encoded OASIS Data
    Section 484.20(b) requires that the encoded OASIS data accurately 
reflect the patient's status at the time of the assessment. Before 
transmission, the HHA must ensure that data items on its own collection 
record match the encoded data that are sent to the State. We expect 
HHAs to devise a method to track this process that includes comparison 
of data collected at the time of the assessment to data entered after 
the initial assessment. We expect agencies to use their validation 
reports to confirm proper data submission or to identify areas for 
improving data submission.
    Comment: Several commenters expressed concern that we did not 
include time spent calling the professionals responsible for the 
assessment to obtain clarification of assessment data if there are 
errors found during encoding in our estimate of the costs associated 
with OASIS reporting. Commenters also stated that a registered nurse or 
other full-time employee would need to manage the paper work and 
computerization of OASIS.
    Response: We agree with commenters that HHAs may need to designate 
a staff person to coordinate the OASIS data collection and reporting 
systems. The burden estimate took this into account in the January 25, 
1999 final rule (64 FR 3748). Some agencies may be able to assign these 
duties to current staff, while others may decide they need to hire 
additional personnel, at the HHA's discretion. This person could have a 
clinical or computer background.
3. Section 484.20(c), Standard: Transmittal of OASIS Data
    In existing Sec.  484.20(c)(1), we required HHAs to electronically 
transmit to the State agency or CMS OASIS contractor accurate, 
completed, encoded, and locked OASIS data for each applicable patient 
at least monthly. Now that we are combining the requirement to 
electronically transmit OASIS data with the requirement to encode OASIS 
data in Sec.  484.20(a) and removing the ``lock'' requirement, we have 
removed existing Sec.  484.20(c)(1) and redesignated Sec.  484.20(c)(2) 
through Sec.  484.20(c)(4) as Sec.  484.20(c)(1) through Sec.  
484.20(c)(3), respectively.
    Newly designated Sec.  484.20(c)(1) requires HHAs to transmit the 
OASIS data in a format that meets the data format standard specified at 
Sec.  484.20(d). Newly designated Sec.  484.20(c)(2) requires HHAs to 
transmit successfully test data to the State agency or CMS OASIS 
contractor. Newly designated Sec.  484.20(c)(3) requires HHAs to 
transmit data using electronic communications protocols as directed by 
us. As of July 1, 2000, those HHAs that are required to submit OASIS 
data for submission and interim reports must do so via the MDCN, which 
replaces the previous dial-up connection for submission and interim 
reports. In January 2004, we started requiring HHAs to use a CMS-
assigned branch identification number (where applicable) to identify 
branch-specific OASIS assessment information in a uniform fashion 
nationwide. This process is described below.
    During the development stage of OASIS implementation, the National 
Association for Home Care (NAHC), engaged in a series of 
teleconferences with its member HHAs to solicit suggestions about OASIS 
data entry software. HHAs proposed that the outcome reports be made 
available at the branch level, rather than limited to data that 
represent the agency as a whole. NAHC transmitted its concerns to us, 
and, in response, we agreed to create a field in the HAVEN data entry 
software to allow HHAs to enter a self-defined number that identifies 
the assessment information sent to the State agency by a branch office.
    An analysis of OASIS data submitted by HHAs to State agencies 
nationwide, from the period July 1999 to January 2000, shows that 1.8 
million of the 4 million assessments submitted included identifying 
information for branches. We were encouraged that so many HHAs wanted 
to identify assessment information submitted by their branches. 
Subsequently, we determined that assignment of unique branch 
identification numbers would facilitate HHAs' ability to receive 
outcome reports specific to their branches.
    Providing HHAs with the outcome reports specific to their branches 
will help both the State agency and HHAs to monitor the quality of care 
being furnished to branch patients. The State agency, after reviewing 
the specific branch outcome reports, will be better able to target 
scarce survey resources when conducting HHA surveys. Branch-specific 
information will also allow the parent HHA to use its own objective 
performance criteria to assess and improve patient services, outcomes, 
and satisfaction at the branch level.
    As a result of input from the home health industry, we revised the 
OASIS data set to accommodate branch identifications. The new items 
developed are: (M0014) Branch State and (M0016) Branch ID. The State in 
which the branch is located is the two-letter postal service 
abbreviation where the agency branch is located. For the Branch ID, 
rather than continuing to allow HHAs to enter a self-defined number 
that identifies the assessment information that the branch sent to the 
State agency, we have standardized the identification numbering system 
for HHA branches to ensure that these assessments will be linked to the 
proper branch. This national numbering system links each branch number 
to the parent HHA provider number by numbering

[[Page 76205]]

each branch with the same Federally assigned provider number as the 
parent with two modifications. There is a ``Q'' between the State code 
and four-digit provider designation plus three more digits for a 10-
character branch identifier. The last three digits allows us to assign 
up to 999 branches to one parent HHA with branch identification numbers 
being used only once. If an HHA branch closes, we will terminate its 
unique branch identification number and will not re-use it to identify 
another branch of that HHA or subunit. For example, an HHA in a state 
has three branches. The parent agency's Medicare provider number is 
017001. The branches are assigned the branch identification numbers 
01Q7001001, 01Q7001002, and 01Q7001003. We have made a corresponding 
revision to the regulation text by adding a new paragraph Sec.  
484.20(c)(4).
    On the OASIS B-1 (10/1998) data set, which we used to implement 
OASIS data collection and reporting initially, the fields ``Branch 
State'' and ``Branch ID'' are optional. On the December 2002 version of 
the OASIS B-1 data set, which is being used for OASIS collection and 
reporting as of January 1, 2004, ``Branch ID'' is required for 
submission of all assessment records completed by a branch. We expect 
HHA branches to place their CMS-assigned branch identification number 
on each OASIS assessment at M0016, and subsequently encode and transmit 
the assessment to the State agency. We have added the requirement to 
include branch identification numbers in Sec.  484.20(c)(4).
    Comment: One commenter was concerned that HHA branch offices are 
not allowed to transmit their own OASIS data to the State. The 
commenter stated that the interim final rule is silent regarding this 
policy, but according to our Web site, branch offices are required to 
deliver OASIS assessment data to the parent for transmission to the 
State agency. The commenter stated that this practice would generate 
mistakes, thus compromising OASIS data. The commenter suggested that 
HHA branch offices be allowed to transmit their own OASIS data via a 
dial-up connection to the State agency using the same OASIS ID code and 
password as the parent agency.
    Response: The HAVEN data entry software was originally designed for 
single submission by the parent HHA for security reasons. The State 
survey agency assigned one specific user identification and password to 
each parent HHA in the State. Moreover, the previous data management 
program could not accommodate separate user identification numbers and 
passwords to all existing HHA branches. Based on industry concerns, and 
in response to their needs to permit submission by branches, we 
installed in each HHA, a communication link to the State agency for 
submission of OASIS and the retrieval of reports. The MDCN was 
installed in all HHAs in July 2000, to allow direct dial-up access to 
the State agency by each registered MDCN user in each HHA. This was a 
change to the previous system, which allowed the dial-up connection to 
be used only for submission of OASIS data and retrieval of reports. 
There was no additional charge to the HHA for the use of this MDCN 
dial-up service. Multiple users in an agency, including branch users, 
are now able to access the State agency with individual MDCN user IDs. 
This system allows the branch to control all aspects of encoding, 
submission, and receiving reports, according to the parent HHA policy, 
and promotes a higher level of personal security with the assignment of 
individual user IDs.
    We have begun to assign identification numbers to every existing 
branch of a parent HHA and subunit. The identification system has been 
implemented nationally and uniquely identifies every branch of every 
HHA certified to participate in the Medicare home health program. It 
also links the parent to the branch. Having a system to identify 
branches gives us the capability of associating survey results with 
individual HHA branches. Also, by including the branch identification 
number on OASIS assessments, we will have the capability of developing 
outcome reports that will help HHAs differentiate and monitor the 
quality of care delivered by their agencies down to the HHA branch 
level.
4. Section 484.20(d), Standard: Data Format
    At Sec.  484.20(d), we specify that HHAs must encode and transmit 
data using the software available from CMS or software that conforms to 
CMS standard electronic record layout, edit specifications, and data 
dictionaries and includes OASIS data items specified in Sec.  
484.55(e). To meet the data format requirements, HHAs may use the HAVEN 
software developed by CMS, or use other vendors' software if it 
conforms to our standardized electronic record formats, edit 
specifications, data dictionaries, and can pass [CMS-defined] 
standardized edits. The HAVEN software is made available to all HHAs 
free of charge, either via download from the Internet or by requesting 
a compact disc (CD). Agencies can call the HAVEN help line at 1-877-
201-4721 to order a HAVEN CD and/or to ask any other HAVEN-related 
questions they may have.
    The required OASIS data set is available at all times on our Web 
site located at http://www.cms.hhs.gov/oasis. HHAs may access the Web 
site and download the required OASIS data set for each data collection 
time point. HHAs may also obtain hard copies of the OASIS data set from 
the National Technical Information Service (NTIS) at 1-800-553-6847.
    Comment: Several commenters stated that the HAVEN computer screen 
is extremely slow and that HHA staff spend time waiting for screen 
response. The commenter believes that the slowness of the software 
directly relates to an increase in agency cost. One commenter stated 
that while HAVEN is free, it does not meet the needs of every agency, 
nor can every agency access the Internet. This commenter also stated 
that some agencies are opting to scan the hard copy assessments, 
because it is more cost effective. However, the commenter stated that 
HAVEN does not allow for scanning. One commenter stated that their 
agency convened a taskforce to prepare for OASIS. The taskforce 
recommended that the agency not use CMS HAVEN software because the 
software did not have the ability to track outcomes internally.
    Response: HAVEN is a tool designed solely for entering, creating, 
and maintaining OASIS data files for transmission to the State survey 
agency. HAVEN is not a tool for developing outcome reports. Rather, the 
files created by HAVEN are part of the process that we use to develop 
these reports. Outcome reports will be available to all agencies, free 
of charge. HHAs can electronically access the OBQI/OBQM reports in a 
manner similar to the submission process.
    While HAVEN will operate on older systems, we continue to recommend 
that agencies use a computer system compatible with the current 
industry standard. We have always cautioned that HAVEN may not perform 
as well on older computer systems as it would if run on a newer or more 
powerful system. Finally, some of the slowness may be due to multiple 
simultaneous users. Newer versions of HAVEN are released to accommodate 
multiple simultaneous use. Although we provide HAVEN as a tool to 
assist agencies in complying with the requirements, agencies may use 
vendors' products or develop software that meets their own unique needs 
in addition to meeting OASIS regulatory requirements. Vendor products, 
however, must meet our

[[Page 76206]]

minimum data, format, and transmission specifications.
    Comment: One commenter suggested the need to enter the same data 
multiple times was a flaw in the software that could be reduced if HHAs 
allowed software vendors to interface, or to map data entry so that one 
entry would satisfy both data sets.
    Response: We believe the commenter may be referring to the 
situation that requires duplicate entry into an HHA's original claims 
and assessment software, and then re-entry of the same data into the 
HAVEN software. Since HAVEN software is available free of charge, our 
experience is that vendors of the original claims and assessment 
software are now incorporating the HAVEN software into their own 
software so that duplicate entry will no longer occur.
    In addition, we implemented the patient tracking sheet (PTS) for 
HHAs nationwide on December 16, 2002. With implementation of the PTS, 
HHAs no longer need to re-enter the information from 18 common patient 
demographic items collected at the start of care and on subsequent 
assessments. These items only need to be updated as appropriate.

C. Section 488.68,State Agency Responsibilities for OASIS Collection 
and Database Requirements

    Under section 1891(b) of the Act, we must assure that processes are 
in place to protect the health and safety of individuals under the care 
of an HHA and to promote the effective and efficient use of public 
moneys. Section 1864 of the Act authorizes the use of State agencies to 
determine a provider's compliance with the CoPs. State responsibilities 
for ensuring compliance with the CoPs are set forth in part 488, and 
entitled ``Survey, Certification, and Enforcement Procedures.'' We did 
not receive any public comments on this section. Nevertheless, we have 
summarized the provisions of Sec.  488.68 as set forth in the January 
25, 1999, interim final rule below.
    In accordance with the provisions referenced above, we added a new 
Sec.  488.68, State agency responsibilities for OASIS collection and 
data base requirements. This section provides that the overall 
responsibility for fulfilling requirements to operate and maintain the 
OASIS system rests with the State agency or other entity that we 
designate. The State may delegate this responsibility to the State 
agency, another State component, or enter into an agreement with a 
private entity to operate the system, or we may contract with an entity 
directly, if the State is unable or unwilling to perform these 
operations. If the State system is operated by an entity other than the 
State agency, the State must ensure that it has suitable access to this 
system to fully support all OASIS-driven functions required of it (for 
example, outcome-based quality improvement reports and survey-specific 
data).
1. Section 488.68(a), Establish and Maintain the OASIS Data Base
    In Sec.  488.68(a), we require that the State agency or other 
entity that we designate must use a standard system developed or 
approved to collect, store, and analyze CMS data generated by OASIS. To 
meet this requirement, we are using the system developed to compile the 
Minimum Data Set (MDS) assessments (the CMS standard State system), 
which has already been procured, installed, and utilized. As part of 
the survey responsibilities, Sec.  488.68(a) also provides that States 
will be responsible for basic system management responsibilities, such 
as hardware and software maintenance, system backup, and monitoring the 
status of the database.
    We also set forth requirements that States must meet if they seek 
modification of the standard State system. Specifically, State agencies 
must obtain our approval before modifying any parts of the system. The 
State agency or CMS OASIS contractor may not modify any aspect of the 
standard State system that pertains to the standard CMS-approved OASIS 
data items, standard CMS-approved record formats and validation edits, 
and standard CMS-approved agency encoding and transmission methods. It 
also cannot maintain patient data on the system that we do not require 
to be reported on the OASIS State system.
2. Section 488.68(b), Analyze and Edit OASIS Data
    In Sec.  488.68(b), we provide that the State agency or CMS OASIS 
contractor is responsible for analyzing and preparing OASIS data for us 
to retrieve. Upon receipt of data from an HHA, we require that the 
State agency or CMS OASIS contractor edit the data as specified by us, 
and ensure that the HHA resolves errors within the time limits we 
specify.
    We also require that the State agency or CMS OASIS contractor 
analyze the data and generate outcome reports as we specify. In 
addition to the responsibility for generating outcome reports, the 
State system issues validation reports once OASIS data are received in 
the system, to provide feedback to HHAs as to whether the OASIS data 
they sent has been accepted or rejected, and if rejected, the reasons 
why.
3. Section 488.68(c), Ensure Accuracy of OASIS Data
    In Sec.  488.68(c), we require the State agency to review an HHA's 
records to verify that the records are consistent with the OASIS data 
reported to the State agency or CMS OASIS contractor as part of the 
survey process. In keeping with Sec.  484.20(b), which requires that 
HHAs' encoded OASIS data accurately reflect the patient's status at the 
time the information is collected, we expect that HHAs will develop a 
means to ensure that the data input into the computer and transmitted 
to the State agency or CMS OASIS contractor reflects the data collected 
by the appropriate skilled professionals. We expect HHAs to devise a 
method to track this process, which should include the comparison of 
data collected at the time of the assessment to data entered after 
assessment. We expect HHAs to use the validation reports created by the 
State agencies to confirm proper data submission or to identify areas 
for improving data submission. We suggest that HHAs retain final 
validation reports for about 12 months, or until the next OBQI report 
is available.
4. Section 488.68(d), Restrict Access to OASIS Data
    To secure and control access to patient-identifiable information, 
in Sec.  488.68(d) we require that the State agency or CMS OASIS 
contractor be responsible for restricting the access to OASIS data. 
Specifically, we require that the State agency or CMS OASIS contractor 
must assure that access to data is restricted to the State agency 
component that conducts surveys for purposes related to this function, 
except for the transmission of data and reports to us and to other 
entities only when authorized by us.
    We also specify that patient-identifiable OASIS data may not be 
released to the public by the State agency or CMS OASIS contractor 
except to the extent it is permitted under the Privacy Act of 1974 and 
the HHS Privacy Rule, 45 CFR Parts 160 and 164. In the June 18, 1999 
SOR (64 FR 32992), and subsequently revised notice published December 
27, 2001 (66 FR 66903), we outlined the provisions governing the 
disclosure of the information we collect. Consistent with the 
provisions in those notices, the State agency or CMS OASIS contractor 
is not permitted to release patient-identifiable information to the 
public but may release provider-specific aggregated data that do not 
contain individual patient identifiers.

[[Page 76207]]

5. Section 488.68(e), Provide Training and Technical Support for HHAs
    In Sec.  488.68(e), we require the State agency or CMS OASIS 
contractor to provide training and technical support for HHAs. 
Specifically, we require training on the administration and integration 
of the OASIS data set into the HHA's own assessment process. We also 
specify that the State agency is responsible for instructing each HHA 
on the use of software to encode and transmit OASIS data.
    The State agency staff (or contractors) who operate the CMS 
standard system will provide training as needed to designated HHA staff 
on the use of the software that we provide. In a similar manner, we 
will continue to provide standardized instructions for using the free 
software and submitting information on our website. The designated 
trainer in the HHA should train HHA staff responsible for collecting 
OASIS information, as needed, using a standard training curriculum and 
manual, which we provide. A User's Manual is available electronically 
on our website and is available in hard copy from the National 
Technical Information Service by calling 1-800-553-6847.

III. Provisions of the Final Rule

    In this final rule, we are adopting the provisions as set forth in 
the interim final rule with comment period with the following 
revisions:
     We have revised the standard in Sec.  484.20(a), Encoding 
and transmitting OASIS data, to allow 30 days from the date the 
assessment is completed for the agency to encode and submit OASIS data.
     We have removed the requirement in Sec.  484.20(c)(1), 
which required HHAs to electronically transmit accurate, completed, 
encoded, and locked OASIS data for each patient to the State agency or 
CMS OASIS contractor at least monthly. This removes the ``lock'' 
requirement, which was required at implementation. Experience has 
indicated that the lock function is no longer necessary.
     We have redesignated the requirement in Sec.  484.20(c)(2) 
as Sec.  484.20(c)(1). This requirement provides that OASIS data must 
be transmitted in a format that meets the data format standard 
specified in Sec.  484.20(d).
     We have redesignated the data submission requirement at 
Sec.  484.20(c)(3) as Sec.  484.20(c)(2) and have removed the reference 
to a specific time frame of March 26, 1999 to April 26, 1999. When the 
January 25, 1999, interim final rule was published, we assumed that no 
agencies were reporting OASIS information, and all would need to 
establish connectivity via a test transmission to the State agency 
before submission of the required data. Now that we are beyond the 
effective date when all existing agencies were expected to transmit 
required data, a test transmission is only required when an HHA that is 
not currently Medicare-approved applies for approval. As such, we 
expect that HHA to meet all of the Medicare home health CoPs, including 
demonstrating that it is collecting and can transmit OASIS data, before 
receiving its Medicare approval. States will work with agencies on a 
case-by-case basis to issue a temporary user identification number and 
password for the new HHA to demonstrate compliance.
     We have redesignated the requirement in Sec.  484.20(c)(4) 
as Sec.  484.20(c)(3). This requirement provides that HHAs must 
transmit data using electronic communications software that provides a 
direct telephone connection from the HHA to the State agency or CMS 
OASIS contractor.
     We have added a new paragraph Sec.  484.20(c)(4) to 
include the CMS-assigned branch identification number as applicable.

IV. Collection of Information Requirements

    The information collection requirements contained in Sec.  484.20 
of this document are subject to the PRA; however, these information 
collection requirements are currently approved under OMB control number 
0938-0761 ``Medicare and Medicaid Programs Use of the OASIS as Part of 
the CoPs for HHAs,'' with a current expiration date of June 30, 2006. 
The currently approved collection authorizes HHAs to collect and 
transmit OASIS data.

V. Regulatory Impact Statement

    We have examined the impact of this rule as required by Executive 
Order 12866 (September 1993, Regulatory Planning and Review), the 
Regulatory Flexibility Act (RFA) (September 19, 1980, Pub. L. 96-354), 
section 1102(b) of the Social Security Act, the Unfunded Mandates 
Reform Act of 1995 (Pub. L. 104-4), and Executive Order 13132.
    Executive Order 12866 directs agencies to assess all costs and 
benefits of available regulatory alternatives and, if regulation is 
necessary, to select regulatory approaches that maximize net benefits 
(including potential economic, environmental, public health and safety 
effects, distributive impacts, and equity). A regulatory impact 
analysis (RIA) must be prepared for major rules with economically 
significant effects ($100 million or more in any 1 year). This rule 
does not reach the economic threshold and thus is not considered a 
major rule.
    The RFA requires agencies to analyze options for regulatory relief 
of small businesses. For purposes of the RFA, small entities include 
small businesses, nonprofit organizations, and government agencies. 
Most hospitals and most other providers and suppliers are small 
entities, either by nonprofit status or by having revenues of $6 
million to $29 million in any 1 year. Individuals and States are not 
included in the definition of a small entity. We are not preparing an 
analysis for the RFA because we have determined that this rule will not 
have a significant economic impact on a substantial number of small 
entities.
    In addition, section 1102(b) of the Act requires us to prepare a 
regulatory impact analysis if a rule may have a significant impact on 
the operations of a substantial number of small rural hospitals. This 
analysis must conform to the provisions of section 603 of the RFA. For 
purposes of section 1102(b) of the Act, we define a small rural 
hospital as a hospital that is located outside of a Metropolitan 
Statistical Area and has fewer than 100 beds. We are not preparing an 
analysis for section 1102(b) of the Act because we have determined that 
this rule will not have a significant impact on the operations of a 
substantial number of small rural hospitals.
    Section 202 of the Unfunded Mandates Reform Act of 1995 also 
requires that agencies assess anticipated costs and benefits before 
issuing any rule that may result in expenditure in any 1 year by State, 
local, or tribal governments, in the aggregate, or by the private 
sector, of $110 million. This rule will have no consequential effect on 
the governments mentioned or on the private sector.
    Executive Order 13132 establishes certain requirements that an 
agency must meet when it promulgates a proposed rule (and subsequent 
final rule) that imposes substantial direct requirement costs on State 
and local governments, preempts State law, or otherwise has federalism 
implications. Since this regulation does not impose any costs on State 
or local governments, the requirements of E.O. 13132 are not 
applicable.
    In accordance with the provisions of Executive Order 12866, this 
regulation was reviewed by the Office of Management and Budget.

[[Page 76208]]

List of Subjects in 42 CFR Part 484

    Health facilities, Health Professions, Medicare, Reporting and 
Recordkeeping Requirements.


0
For reasons set forth in the preamble, CMS amends 42 CFR part 484 as 
follows:

PART 484--HOME HEALTH SERVICES

0
1. The authority citation for part 484 continues to read as follows:

    Authority: Secs. 1102 and 1871 of the Social Security Act (42 
U.S.C. 1302 and 1395(hh)).

Subpart B--Administration

0
2. Section 484.20 is amended by revising paragraphs (a) and (c) to read 
as follows:


Sec.  484.20  Condition of participation: Reporting OASIS information.

* * * * *
    (a) Standard: Encoding and transmitting OASIS data. An HHA must 
encode and electronically transmit each completed OASIS assessment to 
the State agency or the CMS OASIS contractor, regarding each 
beneficiary with respect to which such information is required to be 
transmitted (as determined by the Secretary), within 30 days of 
completing the assessment of the beneficiary.
* * * * *
    (c) Standard: Transmittal of OASIS data. An HHA must--
    (1) For all completed assessments, transmit OASIS data in a format 
that meets the requirements of paragraph (d) of this section.
    (2) Successfully transmit test data to the State agency or CMS 
OASIS contractor.
    (3) Transmit data using electronics communications software that 
provides a direct telephone connection from the HHA to the State agency 
or CMS OASIS contractor.
    (4) Transmit data that includes the CMS-assigned branch 
identification number, as applicable.
* * * * *
(Catalog of Federal Domestic Assistance Program No. 93.773, 
Medicare--Hospital Insurance; and Program No. 93.778, Medical 
Assistance Program)

    Dated: May 20, 2005.
Mark B. McClellan,
Administrator, Centers for Medicare & Medicaid Services.
    Approved: September 12, 2005.
Michael O. Leavitt,
Secretary.
[FR Doc. 05-24389 Filed 12-22-05; 8:45 am]
BILLING CODE 4121-01-P