[Federal Register Volume 74, Number 127 (Monday, July 6, 2009)]
[Notices]
[Pages 31967-31968]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-15803]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers For Medicare & Medicaid Services

[CMS Computer Match No. 2009-05; HHS Computer Match No. 0603]


Privacy Act of 1974

AGENCY: Department of Health and Human Services (HHS), Centers for 
Medicare & Medicaid Services (CMS).

ACTION: Notice of Computer Matching Program (CMP).

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, this notice announces the establishment of a CMP that 
CMS plans to conduct with various Participating States. We have 
provided information about the matching program in the ``Supplementary 
Information'' section below. The Privacy Act provides an opportunity 
for interested persons to comment on the matching program. We may defer 
implementation of this matching program if we receive comments that 
persuade us to defer implementation. See ``Effective Dates'' section 
below for comment period.

DATES: Effective Dates: CMS filed a report of the CMP with the Chair of 
the House Committee on Oversight and Government Reform, the Chair of 
the Senate Committee on Homeland Security and Governmental Affairs, and 
the Administrator, Office of Information and Regulatory Affairs, Office 
of Management and Budget (OMB) on < DATE . We will not 
disclose any information under a matching agreement until 40 days after 
filing a report to OMB and Congress or 30 days after publication in the 
Federal Register, whichever is later. We may defer implementation of 
this matching program if we receive comments that persuade us to defer 
implementation.

ADDRESSES: The public should address comments to: CMS Privacy Officer, 
Division of Privacy Compliance, Enterprise Architecture and Strategy 
Group, Office of Information Services, CMS, Mail-stop N2-04-27, 7500 
Security Boulevard, Baltimore, Maryland 21244-1850. Comments received 
will be available for review at this location, by appointment, during 
regular business hours, Monday through Friday from 9 a.m.-3 p.m., 
eastern daylight time.

FOR FURTHER INFORMATION CONTACT: Lourdes Grindal Miller, Health 
Insurance Specialist, Program Integrity Group, Office of Financial 
Management, CMS, Mail-stop C3-02-16, 7500 Security Boulevard, 
Baltimore, Maryland 21244-1850. The telephone number is 410-786-1022 
and e-mail is [email protected].

SUPPLEMENTARY INFORMATION:

Description of the Matching Program

A. General

    The Computer Matching and Privacy Protection Act of 1988 (Public 
Law (Pub. L.) 100-503), amended the Privacy Act (5 U.S.C. 552a) by 
describing the manner in which computer matching involving Federal 
agencies could be performed and adding certain protections for 
individuals applying for and receiving Federal benefits.
    Section 7201 of the Omnibus Budget Reconciliation Act of 1990 (Pub. 
L. 101-508) further amended the Privacy Act regarding protections for 
such individuals. The Privacy Act, as amended, regulates the use of 
computer matching by Federal agencies when records in a system of 
records are matched with other Federal, state, or local government 
records. It requires Federal agencies involved in computer matching 
programs to: Negotiate written agreements with the other agencies 
participating in the matching programs;
    Obtain the Data Integrity Board approval of the match agreements; 
Furnish detailed reports about matching programs to Congress and OMB; 
Notify applicants and beneficiaries that the records are subject to 
matching; and, Verify match findings before reducing, suspending, 
terminating, or denying an individual's benefits or payments.

B. CMS Computer Matches Subject to the Privacy Act

    CMS has taken action to ensure that all CMPs that this Agency 
participates in comply with the requirements of the Privacy Act of 
1974, as amended.

    Dated: June 22, 2009.
Michelle Snyder,
Deputy Chief Operating Officer, Centers for Medicare & Medicaid 
Services.
CMS Computer Match No. 2009-05; HHS Computer Match No. 0603

NAME:
    ``Computer Matching Agreement (CMA) Between the Centers for 
Medicare & Medicaid Services (CMS) and Participating States for the 
Disclosure of Medicare and Medicaid Information.''

SECURITY CLASSIFICATION:
    Level Three Privacy Act Sensitive

PARTICIPATING AGENCIES:
    The Centers for Medicare & Medicaid Services (CMS) All 
Participating States,

[[Page 31968]]

the District of Columbia, and the territories of Guam, Puerto Rico, 
American Samoa, and the Virgin Islands.

AUTHORITY FOR CONDUCTING MATCHING PROGRAM:
    This CMA is executed to comply with the Privacy Act of 1974 (Title 
5 United States Code (U.S.C.) Sec.  552a), as amended, (as amended by 
Pub. L. 100-503, the Computer Matching and Privacy Protection Act 
(CMPPA) of 1988), the Office of Management and Budget (OMB) Circular A-
130, titled ``Management of Federal Information Resources'' at 65 
Federal Register (FR) 77677 (December 12, 2000), 61 FR 6435 (February 
20, 1996), and OMB guidelines pertaining to computer matching at 54 FR 
25818 (June 19, 1989).
    This Agreement provides for information matching fully consistent 
with the authority of the Secretary of the Department of Health and 
Human Services (HHS) (the Secretary). Sections 1816 and 1842 of the 
Social Security Act (the Act) permits the Secretary to make audits of 
the records of providers as necessary to insure that proper payments 
are made, to assist in the application of safeguards against 
unnecessary utilization of services furnished by providers of services 
and other persons to individuals entitled to benefits, and to perform 
other functions as are necessary (Pub. L. 108-173 Sec.  911, amending 
Title XVIII, Sec.  1874A (42 U.S.C. 1395kk-1).
    Section 1857 of the Act provides that the Secretary, or any person 
or organization designated by the Secretary shall have the right to 
``inspect or otherwise evaluate (i) the quality, appropriateness, and 
timeliness of services performed under the contract'' (42 U.S.C. 1395w-
27(d) (2) (A)); and ``audit and inspect any books and records of [a 
Medicare Advantage] organization that pertain to services performed or 
determinations of amounts payable under the contract.'' (42 U.S.C. 
1395w-27(d) (2) (B)).
    Furthermore, Sec.  1874(b) of the Act authorizes the Secretary to 
``contract with any person, agency, or institution to secure on a 
reimbursable basis such special data, actuarial information, and other 
information as may be necessary in the carrying out of his functions 
under Subchapter XVIII.'' (42 U.S.C. 1395kk (b).)
    Section 1893 of the Act establishes the Medicare Integrity Program, 
under which the Secretary may contract with eligible entities to 
conduct a variety of program safeguard activities, including fraud 
review employing equipment and software technologies that surpass 
existing capabilities (42 U.S.C. 1395ddd)). These entities are called 
Program Safeguards Contractors (PSC) and Medicare Drug Integrity 
Contractors (MEDIC).
    Pursuant to the applicable state statutes and guidelines for the 
Participating State charged with the administration of the Medicaid 
program, disclosure of the Medicaid data pursuant to this Agreement is 
for purposes directly connected with the administration of the Medicaid 
program, in compliance with 42 CFR 431.300 through 431.307. Those 
purposes include the detection, prosecution, and deterrence of FW&A in 
the Medicaid program. (See state signature page for the legal authority 
for each specific state.)
    CMS would cite to 45 CFR 164.501 (definition of ``Health Oversight 
Agency'') and 45 CFR 164.512(d) as bases under which it believes 
Participating States may make the contemplated disclosures of Medicaid 
data to CMS' contractor. It would also note that under sec. 
6034(g)(1)(B) of the Deficit Reduction Act (Pub. L. 109-171; 42 U.S.C. 
1395ddd(g)(1)(B)), CMS is required to disclose certain data and 
statistical information collected by the Medi-Medi program to States 
and other named parties. This data can then be used by each receiving 
state's own FW&A programs.

PURPOSE(S) OF THE MATCHING PROGRAM:
    The purpose of this Agreement is to establish the conditions, 
safeguards, and procedures under which the Centers for Medicare & 
Medicaid Services (CMS) will conduct a computer matching program with 
Participating States to study claims, billing, and eligibility 
information to detect suspected instances of fraud, waste and abuse 
(FW&A). To support the health oversight activities of CMS, CMS and the 
Participating State will provide a CMS contractor (hereinafter referred 
to as the ``Custodian'') with Medicare and Medicaid records pertaining 
to eligibility, claims, and billing information, which the Custodian 
will match. Utilizing fraud detection software, the information will 
then be used to identify patterns of aberrant practices and abnormal 
patterns requiring further investigation. Aberrant practices and 
abnormal patterns identified in this matching program that constitute 
FW&A will involve individuals who are practitioners, providers and 
suppliers of services, Medicare beneficiaries, Medicaid recipients, and 
other individuals whose information may be maintained in the records. 
Furthermore, Sec.  6034(g)(1)(B) of the Deficit Reduction Act (DRA), 
Public Law 109-171; 42 U.S.C. 1395ddd(g)(1)(B) provides for the 
disclosure of certain information that will be derived from these CMS 
health oversight activities to ``States (including a Medicaid fraud and 
abuse control unit described in Sec.  1903(q)'' of the Social Security 
Act (SSA). Participating states will therefore receive information from 
CMS for use in their own FW&A programs.

CATEGORIES OF RECORDS AND INDIVIDUALS COVERED BY THE MATCH:
    This computer matching program (CMP) will enhance the ability of 
CMS and Participating States to detect FW&A by matching claims data, 
eligibility, and practitioner, provider, and supplier enrollment 
records of Medicare beneficiaries, practitioners, providers, and 
suppliers in the Participating State against records of Medicaid 
recipients, practitioners, providers, and suppliers in the 
Participating State.

DESCRIPTION OF RECORDS TO BE USED IN THE MATCHING PROGRAM:
    One Program Integrity Data Repository (ODR), System No. 09-70-0568 
was published at 71 FR 64530 (November 2, 2006).
    Medicare Integrated Data Repository (IDR), System No. 09-70-0571 
was published at 71 FR 74915 (December 13, 2006).
    The records files that will be made available for this matching 
program by the Participating State include utilization, entitlement, 
and provider records.

INCLUSIVE DATES OF THE MATCH:
    The CMP shall become effective 40 days after the report of the 
matching program is sent to OMB and Congress, or 30 days after 
publication in the Federal Register, whichever is later. The matching 
program will continue for 18 months from the effective date and may be 
extended for an additional 12 months thereafter, if certain conditions 
are met.
[FR Doc. E9-15803 Filed 7-2-09; 8:45 am]
BILLING CODE 4120-03-P