[Federal Register Volume 72, Number 101 (Friday, May 25, 2007)]
[Proposed Rules]
[Pages 29289-29292]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-10143]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

45 CFR Part 5b

[CMS-0029-P]
RIN 0938-A069


Exemption of Certain Systems of Records Under the Privacy Act

AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: This proposed rule would exempt the four system of records 
from subsections (c)(3), (d)(1) through (d)(4), (e)(4)(G) and (H), and 
(f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(2): The Automated 
Survey Processing Environment (ASPEN) Complaint/Incidents Tracking 
System (``ACTS''), HHS/CMS, System No. 09-70-0565; the Health Insurance 
Portability and Accountability Act (HIPAA) Information Tracking System 
(``HITS''), HHS/CMS, System No. 09-70-0544; the Organ Procurement 
Organizations System (``OPOS''), HHS/CMS, System No. 09-70-0575; and 
the Fraud Investigation Database (``FID''), HHS/CMS, System No. 09-70-
0527.

DATES: To be assured consideration, comments must be received at one of 
the addresses provided below, no later than 5 p.m. on July 24, 2007.

ADDRESSES: In commenting, please refer to file code CMS-0029-P. Because 
of staff and resource limitations, we cannot accept comments by 
facsimile (Fax) transmission.
    You may submit comments in one of four ways (no duplicates, 
please):
    1. Electronically. You may submit electronic comments on specific 
issues in this regulation to http://www.cms.hhs.gov/eRulemaking. Click 
on the link ``Submit electronic comments on CMS regulations with an 
open comment period.'' (Attachments should be in Microsoft Word, 
WordPerfect, or Excel; however, we prefer Microsoft Word.)
    2. By regular mail. You may mail written comments (one original and 
two copies) to the following address Only: Centers for Medicare & 
Medicaid Services, Department of Health and Human Services, Attention: 
CMS-0029-P, P.O. Box 8017, Baltimore, MD 21244-8017.
    Please allow sufficient time for mailed comments to be received 
before the close of the comment period.
    3. By express or overnight mail. You may send written comments (one 
original and two copies) to the following address Only: Centers for 
Medicare & Medicaid Services, Department of Health and Human Services, 
Attention: CMS-0029-P, Mail Stop C4-26-05,

[[Page 29290]]

 7500 Security Boulevard, Baltimore, MD 21244-1850.
    4. By hand or courier. If you prefer, you may deliver (by hand or 
courier) your written comments (one original and two copies) before the 
close of the comment period to one of the following addresses. If you 
intend to deliver your comments to the Baltimore address, please call 
telephone number (410) 786-7195 in advance to schedule your arrival 
with one of our staff members. Room 445-G, Hubert H. Humphrey Building, 
200 Independence Avenue, SW., Washington, DC 20201; or 7500 Security 
Boulevard, Baltimore, MD 21244-1850.
    (Because access to the interior of the HHH Building is not readily 
available to persons without Federal Government identification, 
commenters are encouraged to leave their comments in the CMS drop slots 
located in the main lobby of the building. A stamp-in clock is 
available for persons wishing to retain a proof of filing by stamping 
in and retaining an extra copy of the comments being filed.)
    Comments mailed to the addresses indicated as appropriate for hand 
or courier delivery may be delayed and received after the comment 
period.

FOR FURTHER INFORMATION CONTACT: Katherine Brewer, (410) 786-7235.

SUPPLEMENTARY INFORMATION: 
    Submitting Comments: We welcome comments from the public on all 
issues set forth in this rule to assist us in fully considering issues 
and developing policies. You can assist us by referencing the file code 
CMS-0029-P and the specific ``issue identifier'' that precedes the 
section on which you choose to comment.
    Inspection of Public Comments: All comments received before the 
close of the comment period are available for viewing by the public, 
including any personally identifiable or confidential business 
information that is included in a comment. We post all comments 
received before the close of the comment period on the following Web 
site as soon as possible after they have been received: http://www.cms.hhs.gov/eRulemaking. Click on the link ``Electronic Comments on 
CMS Regulations'' on that Web site to view public comments.
    Comments received timely will also be available for public 
inspection as they are received, generally beginning approximately 3 
weeks after publication of a document, at the headquarters of the 
Centers for Medicare & Medicaid Services, 7500 Security Boulevard, 
Baltimore, Maryland 21244, Monday through Friday of each week from 8:30 
a.m. to 4 p.m. To schedule an appointment to view public comments, 
phone 1-800-743-3951.

I. Background

    The four SORs that are the subject of this proposed rule are as 
follows:

A. The Automated Survey Processing Environment Complaints/Incidents 
Tracking System (``ACTS''), HHS/CMS, System No. 09-70-0565.

    In the May 23, 2006 Federal Register (71 FR 29643), we published a 
notice of a modified or altered SOR titled Automated Survey Processing 
Environment (ASPEN) Complaint/Incidents Tracking System (``ACTS''), 
HHS/CMS, System No. 09-70-0565. ACTS is a Windows-based program whose 
primary purpose is to track and process complaints and incidents 
reported against health care facilities regulated by CMS and State 
agencies. These facilities include Clinical Laboratory Improvement 
Amendment (CLIA)-certified laboratories, skilled nursing facilities 
(SNFs), nursing facilities, hospitals, home health agencies, end stage 
renal disease (ESRD) facilities, hospices, rural health clinics, 
comprehensive outpatient rehabilitation facilities (CORFs), outpatient 
physical therapy services, community mental health centers, ambulatory 
surgical centers, suppliers of portable x-ray services, and 
intermediate care facilities for persons with mental retardation. ACTS 
is designed to manage all operations associated with complaint and 
incident tracking and processing, from initial intake and investigation 
through the final disposition.

B. The Health Insurance Portability and Accountability Act (HIPAA) 
Information Tracking System (``HITS''), HHS/CMS, System No. 09-70-0544.

    In the July 6, 2005 issue of the Federal Register (70 FR 38944), we 
published a notice of a new SOR titled Health Insurance Portability and 
Accountability Act (HIPAA) Information Tracking System (``HITS''), HHS/
CMS, System No. 09-70-0544. In general, HITS consists of an electronic 
repository of information, documents, and supplementary paper document 
files. HITS' purpose is to store the results of all of our 
investigations, to determine if there were violations as charged in the 
original complaint, to investigate complaints that appear to be in 
violation of the Transactions and Code Sets, Security, and Unique 
Identifier provisions of HIPAA, to refer violations to law enforcement 
entities as necessary, and to maintain and retrieve records of the 
results of the complaint investigations.
    Investigative files maintained in HITS are received either as 
electronic documents or as paper records that are compiled for law 
enforcement purposes.

C. The Organ Procurement Organizations System (``OPOS''), HHS/CMS, 
System No. 09-70-0575.

    In the May 22, 2006 issue of the Federal Register (71 FR 29336), we 
published a notice of a new SOR titled Organ Procurement Organizations 
System (``OPOS''), HHS/CMS, System No. 09-70-0575. OPOS is a Windows-
based program whose purpose is to track and process complaints and 
incidents reported against Organ Procurement Organizations. Section 701 
of the Organ Procurement Organization System Certification Act of 2000 
(Pub. L. 106-505) gave us the authority to collect and maintain 
individually identifiable information pertaining to complaint 
allegations filed by a complainant, beneficiary, or provider of 
services against Organ Procurement Organizations; this information 
includes information gathered during all aspects of an investigation, 
including initial complaints, findings, results, disposition, and 
relevant correspondence.

D. The Fraud Investigation Database (``FID''), HHS/CMS, System No. 09-
70-0527

    In the October 28, 2002 Federal Register (70 FR 65795), we 
published a notice of a modified or altered system of records (SOR) 
that changed the name of a SOR entitled ``CMS Utilization Review 
Investigatory Files, System No. 09-70-0527'' to be the ``CMS Fraud 
Investigation Database (FID).'' The FID system contains the name, work 
address, work phone number, social security number, Unique Provider 
Identification Number (UPIN), and other identifying demographics of 
individuals alleged to have violated provisions of the Social Security 
Act (``the Act'') related to Medicare, Medicaid, HMO/Managed Care, and 
the Children's Health Insurance Program. The FID system also contains 
the contact information and other identifying demographics of 
individuals alleged to have violated other criminal or civil statutes 
connected with the Act and the Act's programs. Here, individuals are 
persons alleged to have abused the Act's programs. (For example, an 
individual could be a person alleged to have rendered unnecessary 
services to Medicare beneficiaries or Medicaid recipients, over-used 
services, or engaged in improper billing.) They are

[[Page 29291]]

persons whose activities have provided a substantial basis for criminal 
or civil prosecution, or who are identified as defendants in criminal 
prosecution cases.

II. Provisions of the Proposed Rule

    We propose to exempt the ACTS, HITS, OPOS, and FIS systems of 
records from subsection (c)(3), (d)(1) through (d)(4), (e)(4)(G) and 
(H), and (f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(2). These 
exemptions apply only to the extent that information in a record is 
subject to exemption pursuant to 5 U.S.C. 552a(k)(2). The ACTS, HITS, 
OPOS, and FIS systems of records are exempted from the following 
subsections for the reasons set forth below:
     Subsection (c)(3). CMS investigative files are records 
that we compile for law enforcement purposes. In the course of 
investigations, we often have a need to obtain confidential information 
involving individuals other than the individual who is the subject of 
the file. In these cases, it is necessary for us to preserve the 
confidentiality of the information to avoid unwarranted invasions of 
personal privacy and to assure recipients of Federal financial 
assistance that this information will be kept confidential. This 
assurance is often central to resolving disputes concerning access by 
CMS to the recipient's records, and is necessary to facilitate prompt 
and effective completion of investigations. Disclosure of confidential 
information to the subject individual could impede ongoing 
investigations, invade the personal privacy of individuals, reveal the 
identities of confidential sources, or otherwise impair our ability to 
conduct investigations.
     Subsections (d)(1) through (d)(4). CMS investigative files 
are records that we compile for law enforcement purposes. In the course 
of investigations, we often have a need to obtain confidential 
information involving individuals other than the individual who is the 
subject of the file. In these cases, it is necessary for us to preserve 
the confidentiality of the information to avoid unwarranted invasions 
of personal privacy and to assure recipients of Federal financial 
assistance that this information will be kept confidential. This 
assurance is often central to resolving disputes concerning access by 
CMS to the recipient's records, and is necessary to facilitate prompt 
and effective completion of investigations. Unrestricted disclosure of 
confidential information in CMS files could impede ongoing 
investigations, invade the personal privacy of individuals, reveal the 
identities of confidential sources, or otherwise impair our ability to 
conduct investigations.
     Subsection (e)(4)(G). CMS investigative files are records 
that we compile for law enforcement purposes. In the course of 
investigations, we often have a need to obtain confidential information 
involving individuals other than the individual who is the subject of 
the file. In these cases, it is necessary for us to preserve the 
confidentiality of the information to avoid unwarranted invasions of 
personal privacy and to assure recipients of Federal financial 
assistance that this information will be kept confidential. This 
assurance is often central to resolving disputes concerning access by 
CMS to the recipient's records, and is necessary to facilitate prompt 
and effective completion of investigations. Notification of existence 
of CMS investigative files could impede ongoing investigations, invade 
the personal privacy of individuals, reveal the identities of 
confidential sources, or otherwise impair our ability to conduct 
investigations.
     From subsection (e)(4)(H). CMS investigative files are 
records that we compile for law enforcement purposes. In the course of 
investigations, we often have a need to obtain confidential information 
involving individuals other than the individual who is the subject of 
the file. In these cases, it is necessary for us to preserve the 
confidentiality of the information to avoid unwarranted invasions of 
personal privacy and to assure recipients of Federal financial 
assistance that this information will be kept confidential. This 
assurance is often central to resolving disputes concerning access by 
CMS to the recipient's records, and is necessary to facilitate prompt 
and effective completion of investigations. Access and correction by 
subject individuals to CMS files could impede ongoing investigations, 
invade the personal privacy of individuals, reveal the identities of 
confidential sources, or otherwise impair our ability to conduct 
investigations.
     Subsection (f). CMS investigative files are records that 
we compile for law enforcement purposes. In the course of 
investigations, we often have a need to obtain confidential information 
involving individuals other than the individual who is the subject of 
the file. In these cases, it is necessary for us to preserve the 
confidentiality of the information to avoid unwarranted invasions of 
personal privacy and to assure recipients of Federal financial 
assistance that this information will be kept confidential. This 
assurance is often central to resolving disputes concerning access by 
CMS to the recipient's records, and is necessary to facilitate prompt 
and effective completion of investigations. Unrestricted disclosure of 
confidential information in CMS files to subject individuals could 
impede ongoing investigations, invade the personal privacy of 
individuals, reveal the identities of confidential sources, or 
otherwise impair our ability to conduct investigations.
    Accordingly, this proposed rule would amend 45 CFR 5b.11(b)(2)(ii) 
of the Privacy Act regulations by--
     Adding a new paragraph (H) that exempts investigative 
materials compiled for law enforcement purposes from ACTS;
     Adding a new paragraph (I) that exempts investigative 
materials compiled for law enforcement purposes from HITS;
     Adding a new paragraph (J) that exempts investigative 
materials compiled for law enforcement purposes from OPOS; and
     Adding a new paragraph (K) that exempts investigative 
materials compiled for law enforcement purposes from FID.
    We request public comment on these proposed exemptions.

III. Collection of Information Requirements

    This proposed rule does not impose any information collection or 
recordkeeping requirements. Consequently, it need not be reviewed by 
the Office of Management and Budget under the authority of the 
Paperwork Reduction Act of 1995.

IV. Response to Comments

    Because of the large number of public comments we normally receive 
on Federal Register documents, we are not able to acknowledge or 
respond to them individually. We will consider all comments we receive 
by the date and time specified in the DATES section of this preamble, 
and, when we proceed with a subsequent document, we will respond to the 
comments in the preamble to that document.

V. Regulatory Impact Statement

    We have examined the impact of this rule as required by Executive 
Order 12866 (September 1993, Regulatory Planning and Review), the 
Regulatory Flexibility Act (RFA) (September 19, 1980, Pub. L. 96-354), 
section 1102(b) of the Social Security Act, the Unfunded Mandates 
Reform Act of 1995 (Pub. L. 104-4), and Executive Order 13132.

[[Page 29292]]

    Executive Order 12866 directs agencies to assess all costs and 
benefits of available regulatory alternatives and, if regulation is 
necessary, to select regulatory approaches that maximize net benefits 
(including potential economic, environmental, public health and safety 
effects, distributive impacts, and equity). A regulatory impact 
analysis (RIA) must be prepared for major rules with economically 
significant effects ($100 million or more in any 1 year). This rule 
does not reach the economic threshold and thus is not considered a 
major rule.
    The RFA requires agencies to analyze options for regulatory relief 
of small businesses. For purposes of the RFA, small entities include 
small businesses, nonprofit organizations, and small governmental 
jurisdictions. Most hospitals and most other providers and suppliers 
are small entities, either by nonprofit status or by having revenues of 
$6 million to $29 million in any 1 year. Individuals and States are not 
included in the definition of a small entity. We are not preparing an 
analysis for the RFA because we have determined that this rule will not 
have a significant economic impact on a substantial number of small 
entities.
    In addition, section 1102(b) of the Act requires us to prepare a 
regulatory impact analysis if a rule may have a significant impact on 
the operations of a substantial number of small rural hospitals. This 
analysis must conform to the provisions of section 603 of the RFA. For 
purposes of section 1102(b) of the Act, we define a small rural 
hospital as a hospital that is located outside of a Metropolitan 
Statistical Area and has fewer than 100 beds. We are not preparing an 
analysis for section 1102(b) of the Act because we have determined that 
this rule will not have a significant impact on the operations of a 
substantial number of small rural hospitals.
    Section 202 of the Unfunded Mandates Reform Act of 1995 also 
requires that agencies assess anticipated costs and benefits before 
issuing any rule whose mandates require spending in any 1 year of $100 
million in 1995 dollars, updated annually for inflation. That threshold 
level is currently approximately $120 million. This rule will have no 
consequential effect on State, local, or tribal governments or on the 
private sector.
    Executive Order 13132 establishes certain requirements that an 
agency must meet when it promulgates a proposed rule (and subsequent 
final rule) that imposes substantial direct requirement costs on State 
and local governments, preempts State law, or otherwise has Federalism 
implications. Since this regulation does not impose any costs on State 
or local governments, the requirements of E.O. 13132 are not 
applicable.
    In accordance with the provisions of Executive Order 12866, this 
regulation was reviewed by the Office of Management and Budget.

List of Subjects for 45 CFR Part 5b

    Privacy.

    For the reasons set forth in the preamble, the Department of Health 
and Human Services would amend 45 CFR part 5b as set forth below:

PART 5b--PRIVACY ACT REGULATIONS

    1. The authority citation for part 5b continues to read as follows:

    Authority: 5 U.S.C. 301, 5 U.S.C. 552a.

    2. Section 5b.11 is revised by adding paragraphs (b)(2)(ii)(H), 
(I), (J), and (K) to read as follows:


Sec.  5b.11  Exempt Systems

* * * * *
    (b) * * *
    (2) * * *
    (ii) * * *
    (H) Investigative materials compiled for law enforcement purposes 
from the Automated Survey Processing Environment (ASPEN) Complaints/
Incidents Tracking System (``ACTS''), HHS/CMS.
    (I) Investigative materials compiled for law enforcement purposes 
from the Health Insurance Portability and Accountability Act (HIPAA) 
Information Tracking System (``HITS''), HHS/CMS.
    (J) Investigative materials compiled for law enforcement purposes 
from the Organ Procurement Organizations System (``OPOS''), HHS/CMS.
    (K) Investigative materials compiled for law enforcement purposes 
from the CMS Fraud Investigation Database (``FID''), HHS/CMS.
* * * * *

    Authority: 5 U.S.C. 552a.

    Dated: September 29, 2006.
Mark B. McClellan,
Administrator, Centers for Medicare & Medicaid Services.
    Approved: January 26, 2007.
Michael O. Leavitt,
Secretary.

    Editorial Note: This document was received at the Office of the 
Federal Register on Tuesday, May 22, 2007.

 [FR Doc. E7-10143 Filed 5-24-07; 8:45 am]
BILLING CODE 4120-01-P