[Federal Register Volume 75, Number 18 (Thursday, January 28, 2010)]
[Rules and Regulations]
[Pages 4656-4682]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-1514]



[[Page 4655]]

-----------------------------------------------------------------------

Part III





Department of Health and Human Services





-----------------------------------------------------------------------



Health Resources and Services Administration



-----------------------------------------------------------------------



45 CFR Part 60



National Practitioner Data Bank for Adverse Information on Physicians 
and Other Health Care Practitioners: Reporting on Adverse and Negative 
Actions; Final Rule

  Federal Register / Vol. 75, No. 18 / Thursday, January 28, 2010 / 
Rules and Regulations  

[[Page 4656]]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Health Resources and Services Administration

45 CFR Part 60

RIN 0906-AA57


National Practitioner Data Bank for Adverse Information on 
Physicians and Other Health Care Practitioners: Reporting on Adverse 
and Negative Actions

AGENCY: Health Resources and Services Administration (HRSA), HHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This final rule revises existing regulations under sections 
401 through 432 of the Health Care Quality Improvement Act of 1986, 
governing the National Practitioner Data Bank for Adverse Information 
on Physicians and Other Health Care Practitioners, to incorporate 
statutory requirements under section 1921 of the Social Security Act, 
as amended by section 5(b) of the Medicare and Medicaid Patient and 
Program Protection Act of 1987 (MMPPPA), and as amended by the Omnibus 
Budget Reconciliation Act of 1990 (OBRA).
    The MMPPPA, along with certain additional provisions in the OBRA, 
was designed to protect program beneficiaries from unfit health care 
practitioners, and otherwise improve the anti-fraud provisions of 
Medicare and State health care programs. Section 1921, the statutory 
authority upon which this regulatory action is based, requires each 
State to adopt a system of reporting to the Secretary of Health and 
Human Services (the Secretary) certain adverse licensure actions taken 
against health care practitioners and health care entities licensed or 
otherwise authorized by a State (or a political subdivision thereof) to 
provide health care services. It also requires each State to report any 
negative actions or findings that a State licensing authority, peer 
review organization, or private accreditation entity has concluded 
against a health care practitioner or health care entity.

DATES: This rule is effective March 1, 2010.

FOR FURTHER INFORMATION CONTACT: Mr. Darryl Gray, Director, Division of 
Practitioner Data Banks, Bureau of Health Professions, Health Resources 
and Services Administration (HRSA), Parklawn Building, 5600 Fishers 
Lane, Room 8-103, Rockville, MD 20857; telephone number: (301) 443-
2300.

SUPPLEMENTARY INFORMATION:

I. Background

A. The Health Care Quality Improvement Act of 1986

    The National Practitioner Data Bank (NPDB) was established by the 
Health Care Quality Improvement Act (HCQIA) of 1986, as amended (42 
U.S.C. 11101 et seq.). The NPDB contains reports of adverse licensure 
actions against physicians and dentists (including revocations, 
suspensions, reprimands, censures, probations, and surrenders for 
quality of care purposes only); adverse clinical privilege actions 
against physicians and dentists; adverse professional society 
membership actions against physicians and dentists; Drug Enforcement 
Administration (DEA) adverse actions; Department of Health and Human 
Services (HHS), Office of the Inspector General (OIG) Medicare and 
Medicaid exclusions; and medical malpractice payments made for the 
benefit of any health care practitioner. Groups that have access to 
this information include hospitals, other health care entities that 
conduct peer review and provide health care services, State Medical or 
Dental Boards and other health care practitioner State boards. 
Individual practitioners can self-query. The reporting of information 
under the NPDB is limited to medical malpractice payers, State Medical 
and Dental Boards, DEA, HHS OIG, professional societies with formal 
peer review, and hospitals and other health care entities (such as 
health maintenance organizations).

B. Section 1921 of the Social Security Act

    On March 21, 2006, the Health Resources and Services Administration 
published a proposed rule in the Federal Register (71 FR 14135) 
designed to implement section 1921 of the Social Security Act (herein 
referred to as section 1921), as amended by section 5(b) of the MMPPPA, 
and as amended by the OBRA. Section 1921 expands the scope of the NPDB. 
Section 1921 requires each State to adopt a system of reporting to the 
Secretary certain adverse licensure actions taken against health care 
practitioners and health care entities by any authority of the State 
responsible for the licensing of such practitioners or entities. It 
also requires each State to report any negative action or finding that 
a State licensing authority, a peer review organization, or a private 
accreditation entity has finalized against a health care practitioner 
or entity.
    Groups that have access to this information include all 
organizations eligible to query the NPDB under the HCQIA (hospitals, 
other health care entities that conduct peer review and provide health 
care services, State Medical or Dental Boards and other health care 
practitioner State boards), other State licensing authorities, agencies 
administering Federal health care programs, including private entities 
administering such programs under contract, State agencies 
administering or supervising the administration of State health care 
programs, State Medicaid Fraud Control Units, and certain law 
enforcement agencies, and utilization and quality control peer review 
organizations (referred to as QIOs) as defined in Part B of title XI of 
the Social Security Act and appropriate entities with contracts under 
section 1154(a)(4)(C) of the Social Security Act. Individual health 
care practitioners and entities can self-query. The reporting of 
information under section 1921 is limited to State licensing and 
certification authorities, peer review organizations, and private 
accreditation entities. Section 1921 requires the Secretary to provide 
for the maximum appropriate coordination in the implementation of its 
reporting requirements with those of section 422 of the HCQIA.

C. Section 1128E of the Social Security Act

    The reporting requirements of both section 422 of the HCQIA and 
section 1921 overlap with the requirements under section 1128E of the 
Social Security Act (herein referred to as section 1128E), as added by 
section 221(a) of the Health Insurance Portability and Accountability 
Act of 1996, Public Law 104-191. Section 1128E directs the Secretary to 
establish and maintain a national health care fraud and abuse data 
collection program for the reporting and disclosing of certain final 
adverse actions taken against health care providers, suppliers or 
practitioners. The statute requires the Secretary to avoid duplicating 
the reporting requirements established for the NPDB. This data bank is 
known as the Healthcare Integrity and Protection Data Bank (HIPDB). The 
HIPDB began collecting reports in November 1999 concerning actions 
taken on or after August 21, 1996.

D. Distinctions Between the NPDB and the HIPDB

    Although section 422 of the HCQIA and sections 1921 and 1128E have 
overlapping components, they have unique elements, including 
differences

[[Page 4657]]

in types of reportable adverse actions as well as differences in types 
of individuals or entities with access to the information. For example, 
private-sector hospitals have access to information reported under the 
HCQIA and section 1921, but not under section 1128E. The two tables 
below illustrate the similarities and differences among the HCQIA, 
section 1921, and section 1128E. Table 1, Description of Statutory 
Provisions, summarizes the specific provisions of each of the three 
statutes. Table 2, Description of Data Banks, compares the HIPDB with 
the NPDB (as expanded by section 1921).
    Section 1921 expands State reporting of licensure actions taken 
against physicians and dentists to the NPDB. This expansion matches the 
State reporting requirements to the HIPDB under section 1128E. 
Currently, the HCQIA limits NPDB reporting by medical and dental 
licensing authorities only to those adverse actions related to 
professional competence or professional conduct, but these authorities 
must report all actions to the HIPDB. The change will make the 
reporting of adverse actions by all State licensure and certification 
authorities nearly identical for both the NPDB and HIPDB. No current 
NPDB reporting requirements will be changed for hospitals, other health 
care entities, professional societies, DEA, HHS OIG, or medical 
malpractice payers.
BILLING CODE 4165-15-P

[[Page 4658]]

[GRAPHIC] [TIFF OMITTED] TR28JA10.000


[[Page 4659]]


[GRAPHIC] [TIFF OMITTED] TR28JA10.001

BILLING CODE 4165-15-C

[[Page 4660]]

E. Maximum Coordination Between the NPDB and the HIPDB

    Section 1921 requires the Secretary to provide for the maximum 
appropriate coordination in the implementation of its reporting 
requirements with those of section 422 of the HCQIA. The Secretary is 
implementing these regulations in a manner to avoid the need for an 
entity that must report information to both the NPDB and the HIPDB to 
file two reports. We have made significant efforts to develop these 
regulations in a manner that minimizes the burden on reporters. 
Therefore, reporters responsible for reporting the final adverse 
actions to both the NPDB and HIPDB will be required only to submit one 
report per action, provided that reporting is made through the 
Department's Web-based system that will sort the appropriate actions 
into the HIPDB, the NPDB or both. The required adjustments to the 
reporting system are made easier because both Data Banks are operated 
through a consolidated electronic system. For consistency and clarity, 
we have made minor edits to the regulations. For example, we replaced 
references to ``the Data Bank'' with ``the NPDB'' throughout the 
regulations, and modified references to types of report subjects who 
may dispute the accuracy of a report to include health care entities.

II. Summary of the Proposed Rule

    The proposed regulations published on March 21, 2006, were 
developed to revise existing NPDB regulations at 45 CFR part 60 by 
adding section 1921 requirements for reporting of specific data 
elements to and procedures for obtaining this information from the 
NPDB. Certain sections of the existing NPDB regulations are consistent 
with section 1921 requirements. Specifically, the following provisions 
apply to NPDB and the section 1921 component of NPDB: (1) The 
provisions in Sec.  60.6, pertaining to reporting errors, omissions, 
and revisions to an action previously reported to the NPDB; (2) the 
confidentiality provisions in the redesignated Sec.  60.15 (formerly 
Sec.  60.13); and (3) the provisions in the redesignated Sec.  60.16 
(formerly Sec.  60.14), regarding procedures for disputing the accuracy 
of information in the NPDB. The significant section 1921 additions are 
described below and are listed according to the sections of the 
regulations that they affect.
     Sec.  60.3 Definitions.
    In the proposed rule, we set forth definitions for the statutory 
terms ``formal proceeding,'' ``negative action or finding,'' ``peer 
review organization,'' ``private accreditation entity,'' ``Quality 
Improvement Organization,'' and ``voluntary surrender.'' Because of the 
statutory distinctions between peer review organizations and QIOs and 
differences in the missions of those organizations, we proposed to 
exclude QIOs from the definition of the term ``peer review 
organization.'' We also proposed definitions for certain terms 
established in HIPDB regulations to enhance coordination between the 
NPDB and the HIPDB in areas where overlapping requirements exist. These 
terms are ``affiliated or associated,'' ``organization name,'' and 
``organization type.''
     Sec.  60.5 When information must be reported.
    The proposed regulations sought to amend this section of the 
existing NPDB regulations by:
    1. Revising the introductory text of this section to include 
references to the newly added Sec. Sec.  60.9 and 60.10 and 
redesignated Sec.  60.11;
    2. Revising paragraph (b), ``Licensure Actions (Sec.  60.8 and 
Sec.  60.9),'' to refer specifically to the State Board of Medical 
Examiners and to clarify the requirements made in new Sec.  60.9;
    3. Revising the reference to ``Sec.  60.9'' in the title and the 
third sentence of paragraph (d) to read ``Sec.  60.11;'' and
    4. Adding a new paragraph, ``Negative Action or Finding (Sec.  
60.10),'' to provide a new category of actions that are to be reported 
in accordance with section 1921.
     Sec.  60.7 Reporting medical malpractice payments.
    We revised paragraph (c) of this section to link the potential 
civil money penalty for each violation of the NPDB's confidentiality 
provisions to the amount set in 42 CFR 1003.103(c), which establishes 
the amount of a civil money penalty that may be imposed by the 
Inspector General for such a violation. Currently this section 
authorizes a civil money penalty of up to $11,000 for each violation.
     Sec.  60.8 Reporting licensure actions taken by Boards of 
Medical Examiners.
    For consistency with reporting requirements for States in the newly 
proposed Sec.  60.9, we proposed to revise paragraph (b)(10) of this 
section to require the reporting of the description of an action taken 
by a Board to include the duration of a non-permanent action.
     Sec.  60.9 Reporting licensure actions taken by States. 
(New)
    We proposed to redesignate the current Sec.  60.9 as Sec.  60.11, 
and add a new Sec.  60.9 to implement the reporting requirements of 
section 1921. In proposed Sec.  60.9, we addressed the reporting of 
licensure actions taken by State licensing authorities resulting from a 
formal proceeding. We proposed to include any formal or official 
proceeding held before the authority, organization or entity taking the 
action to provide maximum flexibility.
    Section 1921 specifically requires the reporting of a health care 
practitioner who, or entity that, voluntarily surrenders a license. 
Based on extensive discussions with various State licensing 
authorities, we have been advised that the voluntary surrender and non-
renewal of licensure are used by Federal and State health care programs 
as a means to exclude questionable health care practitioners and 
entities from participation. These voluntary surrenders and non-renewal 
actions, if not reported to the NPDB, would result in allowing health 
care practitioners or entities to move from State-to-State without 
detection. We also recognize that many voluntary surrenders are not a 
result of the types of adverse actions that are intended for inclusion 
in the NPDB. Therefore, we proposed that voluntary surrenders and 
licensure non-renewals due to non-payment of licensure fees, changes to 
inactive status, and retirements be excluded from reporting to the NPDB 
unless they are taken in combination with a revocation, suspension, 
reprimand, censure, or probation, in which case they would be 
reportable.
    We proposed defining the phrase ``any negative action or finding'' 
by a State licensing authority to mean any action or finding that is 
publicly available and rendered by a licensing or certification 
authority. The definition excluded administrative fines or citations, 
and corrective action plans, unless they are: (1) Connected to the 
delivery of health care services and (2) taken in conjunction with 
other licensure or certification actions.
    Reportable actions, by statute, must be based on the result of 
formal proceedings. Thus, events unrelated to such proceedings would be 
excluded.
    We also proposed a list of ``mandatory'' data elements, as well as 
other data elements that should be reported to the NPDB ``if known.''
     Sec.  60.10 Reporting negative actions or findings taken 
by peer review organizations or private accreditation entities. (New)
    We proposed to redesignate the current Sec.  60.10 as Sec.  60.12 
and add a new Sec.  60.10 to implement the reporting requirements of 
section 1921. Under this provision, each State is required to adopt a 
system of reporting to the NPDB any negative action or finding that a 
peer review organization or private accreditation entity has concluded

[[Page 4661]]

against a health care practitioner or health care entity (both as 
defined in Sec.  60.3), respectively.
    With respect to reporting by private accreditation entities, we 
proposed that private accreditation entities be required to report 
determinations of less than full accreditation that indicate a 
substantial risk to the safety of a patient or patients or quality of 
health care services.
    We also proposed peer review organizations be required to report 
any recommendation to sanction a practitioner.
     Sec.  60.13 Requesting information from the NPDB. 
[Redesignated]
    Under the statute, section 1921 data would be released for the 
purpose of determining the fitness of an individual to provide health 
care services and to protect the health and safety of individuals 
receiving health care through programs administered by the requesting 
entities, as well as to protect the fiscal integrity of these programs. 
We proposed to redesignate the current Sec.  60.11 as Sec.  60.13 and 
revise the redesignated Sec.  60.13, paragraph (a), entitled, ``Who may 
request information and what information may be available,'' to clarify 
to whom information in the NPDB and section 1921 would be made 
available. Information reported under Sec. Sec.  60.7, 60.8 and 60.11 
is available only to those entities that have access to the information 
under the HCQIA (e.g., hospitals and other health care entities, and 
State licensing boards). Information reported under Sec. Sec.  60.9 and 
60.10 is available to organizations authorized to receive section 1921 
information, which includes all organizations eligible to query the 
NPDB under the HCQIA and new organizations specified in section 1921 
(e.g., Federal and State health care programs, law enforcement 
agencies, and QIOs).
     Sec.  60.14 Fees applicable to requests for information. 
[Redesignated]
    We proposed to redesignate the current Sec.  60.12 as Sec.  60.14 
and to revise redesignated Sec.  60.14. Section 1921 expands the scope 
of the NPDB by permitting additional entities to query regarding 
adverse licensure actions and certain other negative actions or 
findings. As provided in the annual HHS Appropriations Acts, the 
Department's authority for charging user fees (in addition to the basic 
authority) under section 427(b)(4) of the HCQIA applies to all requests 
for information from the NPDB and is set in amounts sufficient to cover 
the full costs of operating the NPDB. Additionally, we made technical 
changes to this section in order to comply with Office of Management 
and Budget (OMB) Circular A-25 governing the Federal policy regarding 
fees assessed for government services.
     Sec.  60.15 Confidentiality of NPDB. [Redesignated]
    In accordance with 42 CFR 1003.103(c), the Department's OIG has 
raised the CMP for each violation of the NPDB's confidentiality 
provisions from up to $10,000 to up to $11,000. Therefore, we proposed 
to revise paragraph (b) to reflect this change.

III. Summary and Response to Public Comments

    The proposed rule set forth a 60-day public comment period, ending 
May 22, 2006. HRSA received 33 public comments from State licensing 
authorities and their associations; associations representing 
physicians, dentists and other health care practitioners; associations 
representing health insurers; hospitals, other health care entities, 
and their associations; private accreditation organizations; private 
citizens; and private attorneys. Based on review of the statute and the 
assessment of public comments received, we believe the final 
regulations to implement section 1921 fully and adequately balance the 
Department's concerns with those expressed by the commenting public.
    Set forth below is an overview of the various comments and 
recommendations received and our responses to those concerns. In the 
preamble of the proposed rule, we requested comments concerning two 
specific areas. The first area concerned QIOs and peer review 
organizations. We asked for comments related to our proposed exemption 
of QIOs from reporting under section 1921, the proposed definition of a 
peer review organization, potential reportable events by peer review 
organizations and their relationships with other entities, the public 
or private status of peer review organizations, and the types of 
practitioners and entities they review. The second area concerned 
private accreditation entities and any potential limitations on their 
abilities to report under section 1921. The comments addressing these 
specific issues are included in the appropriate sections of the 
regulations below. Section IV of this preamble sets forth a summary of 
the specific revisions and clarifications to be made to the final 
regulations as a result of those comments.

A. Section-by-Section Analysis of Issues

The National Practitioner Data Bank (Sec.  60.1)
    Comment: We received several comments that addressed the 
distinctions among the HCQIA, section 1921 and section 1128E. 
Commenters expressed difficulty understanding the specific reporting 
requirements, access to the information authorized by section 1921, and 
the additional changes that would occur under section 1921.
    Response: The distinctions among the HCQIA, section 1921, and 
section 1128E are found in Table 1, Description of Statutory 
Provisions, in the preamble. Section 1921 will not increase the 
reporting burden on State licensing authorities because these entities 
currently report adverse actions to the NPDB and/or the HIPDB. 
Specifically, the HCQIA requires the reporting of licensure actions 
based on professional conduct or competence only against physicians and 
dentists, whereas sections 1921 and 1128E require the reporting of all 
licensure actions taken against all health care practitioners. Also, 
sections 1921 and 1128E require the reporting of adverse licensure 
actions taken against certain health care organizations. Existing NPDB 
reporting requirements for hospitals, other health care entities, 
professional societies, and medical malpractice payers are not affected 
by section 1921.
    Entities that are eligible to query the NPDB will continue to query 
as they always have and will gain access to additional information 
under section 1921. New queriers, such as government health care 
programs and law enforcement agencies, that gain access to the NPDB 
through section 1921 eligibility (i.e., queriers who did not already 
have NPDB eligibility), will only have access to information reported 
under section 1921. These new queriers will not have access to the NPDB 
information reported under the HCQIA. Most of these new section 1921 
queriers already have access to HIPDB information. Currently, private-
sector hospitals do not have access to HIPDB information, which 
includes adverse licensure actions taken against health care 
practitioners other than physicians and dentists, as well as licensure 
actions taken against physicians and dentists that are not related to 
professional competence or conduct. Under section 1921, private-sector 
hospitals will have access to all licensure actions taken against 
health care practitioners, including physicians and dentists.
Applicability of These Regulations (Sec.  60.2)
    Comment: We received several comments supporting the NPDB's 
expansion under section 1921, particularly with respect to collecting 
licensure actions on all health care practitioners. However, we also 
received

[[Page 4662]]

several comments expressing concern over NPDB's expansion under section 
1921 to collect actions taken against health care entities. Citing the 
wording of the statute's first paragraph, which refers to peer review 
organizations and private accreditation entities reviewing the services 
provided by health care practitioners, one commenter questioned NPDB's 
authority to collect peer review and accreditation organization actions 
taken against health care entities. Other commenters questioned the 
authority of the NPDB to collect any type of action taken against 
health care entities because the NPDB was originally authorized to 
collect actions taken against health care practitioners only. These 
commenters also questioned the value of collecting reports on health 
care entities.
    Response: In 1987, Congress authorized the Secretary to collect 
adverse actions taken by licensing agencies against health care 
practitioners and health care entities in the MMPPPA. In 1990, Congress 
expanded this requirement through OBRA to include reporting of negative 
actions and findings by peer review organizations, and private 
accreditation entities. The statute, as amended, requires the 
collection of information from formal proceedings ``concluded against a 
health care practitioner or entity [emphasis added] by any authority of 
the State * * * responsible for the licensing of health care 
practitioners (or any peer review organization or private accreditation 
entity reviewing the services provided by heath care practitioners) or 
entities.''
    Second, section 1921(a)(1)(D) of the Social Security Act requires 
the collection of ``any negative action or finding by such authority, 
organization, or entity regarding the practitioner or entity.'' This 
language clearly indicates that the action taken by the licensing 
authority, peer review organization or private accreditation entity may 
be against a health care practitioner or health care entity.
    Finally, private accreditation entities, which are not operated by 
a unit of State or Federal government, accredit health care facilities, 
not individuals. Therefore, while their work may include reviewing the 
services provided by health care practitioners, these entities 
ultimately make determinations about health care facilities' 
qualifications and their ability to provide quality health care.
    While the statute clearly authorizes the Secretary to collect 
actions taken against health care practitioners and health care 
entities, the proposed rule limited reporting of peer review 
organization actions or findings to those against health care 
practitioners only--not health care entities. We made this decision 
because it is our understanding that peer review organizations are 
primarily involved with evaluating the quality of patient care 
practices or services ordered or performed by health care 
practitioners. Peer review organizations under section 1921 would only 
be evaluating the performance of health care practitioners and not the 
specific performance of a health care facility. In addition, it is the 
health care facility that would be contracting with the peer review 
organization, so we do not believe the peer review organization would 
be in a position to recommend a sanction against the facility with 
which it contracts. Reporting by a peer review organization is limited 
to the discovery of practices by an individual physician, dentist or 
other practitioner that are so serious that they warrant a sanction 
recommendation by the peer review organization to the appropriate 
health care facility or other authority.
    Comment: Several commenters stated that information required to be 
reported by section 1921 is not reflective of the quality of health 
care provided by health care practitioners. One commenter expressed 
concern over the professional and economic impact of having a report in 
the NPDB.
    Response: Section 1921 does not limit reporting to only those 
actions judged by the reporting entity to be based on the quality of 
the health care services provided. The statute requires the reporting 
of specified actions that result from formal proceedings. The NPDB is a 
national repository of actions taken by mandated reporters. We 
understand that there may be a professional or economic impact as a 
result of an action taken against a health care practitioner who, or 
entity that, is reported to the NPDB. However, the NPDB is primarily an 
alert or flagging system. The information in the NPDB is intended to be 
used as a resource to assist authorized queriers in conducting an 
extensive independent investigation of the qualifications of a health 
care practitioner or entity. The NPDB is simply a conduit for 
information on actions taken and reported by authorized entities.
    Comment: Two commenters stated that before the section 1921 
regulations are implemented, HRSA should fully implement the 
recommendations from the Government Accountability Office's (GAO) 2000 
report on the NPDB titled, ``National Practitioner Data Bank: Major 
Improvements Are Needed to Enhance Data Bank's Reliability.''
    Response: The implementation of section 1921 is the final action 
needed to fully implement the recommendations from the GAO's 2000 
report. By the end of 2004, HRSA had satisfactorily addressed the GAO's 
recommendations with the exception of including the adverse licensure 
actions taken against nurses and other non-physicians healthcare 
practitioners.
Definitions (Sec.  60.3)
    Comment: We received two comments requesting clarification of 
current NPDB definitions. One commenter stated that the definition of 
the term ``physician'' should include doctors of podiatric medicine, 
and the other requested clarification of the term ``health care 
entity'' as used in these regulations.
    Response: The terms ``physician'' and ``health care entity'' are 
defined under the HCQIA and are clarified in existing NPDB regulations 
in Sec.  60.3. A doctor of podiatric medicine is not included in the 
term ``physician,'' which is defined by statute as a doctor of medicine 
or osteopathy legally authorized to practice medicine or surgery by a 
State (or who, without authority, holds himself or herself out to be so 
authorized), but is considered a ``health care practitioner.'' Section 
1921 requires the Secretary to provide the maximum appropriate 
coordination with the HCQIA when implementing this statute. Therefore, 
we have an obligation to be consistent with existing definitions and 
are unable to make the requested change.
    Throughout these regulations, we use the terms ``health care 
practitioners, physicians, dentists and entities'' to describe the full 
range of subjects of a section 1921 report. Our approach to describing 
section 1921 report subjects differs slightly from the statutory 
language of section 1921 ``health care practitioners and entities.'' We 
adopted this approach because we relied on existing NPDB definitions. 
These existing definitions, however, do not work seamlessly with each 
section 1921 provision. The existing NPDB definition of ``health care 
practitioner'' specifically excludes physicians and dentists, which are 
defined separately. We, therefore, refer throughout these regulations 
to ``health care practitioners, physicians, and dentists'' to remedy 
this difference between the HCQIA and section 1921.
    We use the current NPDB definition of ``health care entity'' to 
define the range of organizations that may be subjects of a report 
under section 1921. This definition, however, is used in the HCQIA to 
specify certain organizations that are authorized to report and receive 
information under the HCQIA. The current definition includes hospitals 
and other health care entities that provide health care services and

[[Page 4663]]

perform formal peer review activities for the purpose of furthering 
quality health care. The definition, however, also includes 
professional societies that conduct formal peer review activities for 
the purpose of furthering quality health care. We do not believe that 
professional societies fit the definition of subjects of section 1921 
reports, and, for the following reasons, we do not intend to collect 
actions against professional societies under this statute. First, 
section 1921(a)(1)(A) through (C) requires the reporting of any adverse 
action taken by a licensing authority, any dismissals or closures of 
licensing proceedings, or any other loss of a license. To our 
knowledge, licensing authorities do not license, nor do they take 
licensure actions against, professional societies. Therefore, we do not 
expect any licensure reports on professional societies. Second, section 
1921(a)(1)(D) requires the reporting of any negative action or finding 
by a licensing authority, peer review organization or private 
accreditation entity. Under section 1921, private accreditation 
entities, by definition, evaluate the quality of health care services 
provided by a health care entity, measure the health care entity's 
performance, assign that entity a level of accreditation, conduct 
periodic reviews of the quality of health care provided by the entity, 
and report to the NPDB certain final determinations that affect the 
entity's accreditation status. We are unaware of any professional 
societies that directly provide health care services and that would 
contract with a private accreditation entity to perform these defined 
functions. Current NPDB guidance defines a professional society as a 
membership association of physicians, dentists, or other health care 
practitioners that follows a formal peer review process for the purpose 
of furthering quality health care. Therefore, we do not believe that 
professional societies could be the subjects of private accreditation 
entity reports. Because only health care practitioners, physicians, and 
dentists will be the subjects of peer review organization reports, 
professional societies will not be the subjects of these section 1921 
reports either.
1. Formal Proceeding
    Comment: Three commenters expressed concern over the broad nature 
of the definition of formal proceeding. These commenters stated that 
the definition gives too much discretion and not enough guidance to 
reporting entities; does not differentiate between informal and formal 
proceedings; will generate large volumes of report information with 
little value; and, will be difficult to enforce.
    Response: While HRSA crafted the proposed definition of ``formal 
proceeding'' to allow the different types of reporters the maximum 
flexibility in determining the processes they will follow in conducting 
their proceedings, we agree that the current definition is too broad 
and should provide more guidance. As a result, we changed the 
definition of ``formal proceeding'' to include proceedings that are 
taken by entities or organizations that maintain defined rules, 
policies, or procedures for such proceedings. We believe this 
definition of ``formal proceeding'' provides reporters with enough 
information to be able to distinguish between informal and formal 
proceedings. In determining whether a process is formal, we are only 
concerned with the presence of defined rules, policies or procedures 
and not whether the rules, policies and procedures have been strictly 
adhered to. To the extent disputes arise regarding whether a process is 
formal (for instance during the Secretarial Review process), the NPDB 
will not generally examine whether the defined rules, policies or 
procedures have been followed.
    Comment: Two commenters asked why the due process requirements for 
a ``formal peer review process'' under 42 U.S.C. 11112 do not apply to 
adverse actions reported under section 1921. We received other comments 
requesting that we include a due process provision in the ``formal 
proceeding'' definition. These commenters stated that the proposed 
definition does not ensure due process protections for health care 
practitioners reported under section 1921.
    Response: The provision under 42 U.S.C. 11112 cited by several 
commenters refers to due process standards for professional review 
activities undertaken at a hospital or other health care entity. 
Hospital and other health care entity professional review activities 
must meet these standards if the entities wish to avail themselves of 
the Federal liability protections described in 42 U.S.C. 11111. These 
standards do not affect the NPDB reporting requirements. Therefore, it 
is consistent for these standards not to apply to section 1921 
reporting requirements.
    While the professional review provisions under 42 U.S.C. 11111 do 
not apply to section 1921, as several commenters noted, licensing 
agencies operating under State law must provide due process protections 
for those they regulate. Therefore, it is the formal proceedings 
conducted by private accreditation and peer review organizations that 
appear to be of greatest concern. To address this concern, we have 
modified the definitions of ``peer review organization'' and ``private 
accreditation entity'' to include provisions regarding the presence of 
due process mechanisms. If a peer review organization or private 
accreditation entity does not make due process available, the entity 
does not meet the respective definition. As stated earlier, the NPDB is 
concerned only with the presence of due process mechanisms, i.e., 
defined rules, policies or procedures and not whether the rules, 
policies and procedures have been strictly adhered to.
    Comment: One commenter requested that HRSA modify the definition of 
formal proceeding to include proceedings ``taken at the request of'' a 
State licensing or certification authority, peer review organization or 
private accreditation entity.
    Response: Section 1921 does not include the authority to collect 
actions taken or findings made by organizations or bodies other than 
those specified in the statute.
2. Negative Action or Finding
    We received 20 comments concerning the definition of negative 
action or finding by a State licensing authority, peer review 
organization, or private accreditation entity. We organized these 
comments according to the reporting requirements of the three sections 
of the definition: private accreditation organization, peer review 
organization, and State licensing authority.
    Comment: The majority of comments concerning negative actions or 
findings reported by private accreditation entities (i.e., receipt of 
less than full accreditation from a private accreditation entity that 
indicates a substantial risk to patient safety and health care quality) 
suggested the elimination or limitation of the reporting requirement 
for private accreditation entities. Several commenters stated that the 
adoption of the proposed rule would have an adverse effect on health 
care quality because it would deter facilities from participating in 
accreditation programs, which are primarily voluntary. Two commenters 
compared the role of private accreditation organizations to that of 
QIOs and supported their exemption from reporting based on the same 
rationale used to exempt QIOs. Others, citing the dynamic nature of the 
accreditation process in which preliminary or conditional decisions can 
change quickly, recommended

[[Page 4664]]

narrowing the scope of reportable actions to include only final outcome 
determinations, such as a withdrawal or termination of accreditation 
status or a denial of accreditation status. One commenter requested 
that the actions be further limited to those actions due to an 
immediate threat or harm to patients, rather than the proposed 
``substantial risk to the safety of a patient or patients or quality of 
health care services.'' In addition, this commenter suggested the 
exclusion of actions based solely on administrative determinations.
    Response: Unlike QIOs, which were not specifically named as 
reporters in section 1921, the statute clearly requires private 
accreditation entities to report. HRSA, however, agrees that the 
collaborative and continuous nature of the accreditation process could 
prove difficult for private accreditation organizations by creating a 
potential for the submission of multiple reports on a health care 
entity that is not fully compliant with the particular private 
accreditation organization standards for reasons other than a threat to 
patient safety. Therefore, we modified this part of the negative action 
or finding definition to require the reporting of final determinations 
of denial or termination of an accreditation status that indicates a 
risk to the safety of a patient(s) or quality of health care services. 
We believe limiting private accreditation organization reporting to 
these final actions would streamline the reporting process, would not 
have a negative impact on voluntary accreditation efforts, and would 
meet section 1921 reporting requirements.
    By limiting reporting to those negative actions or findings that 
indicate a risk to patient safety or quality of health care services, 
we believe we have precluded the reporting of negative actions or 
findings based solely on administrative reasons. We disagree with the 
comment to modify the definition to reporting based on immediate threat 
or harm to a patient. This language is likely to result in uneven 
interpretation and reporting by accreditation entities and would 
severely limit reporting.
    We also changed the definition to require reporting of those final 
determinations that are based on ``a risk'' to patient safety as 
opposed to ``a substantial risk'' to ensure more uniform understanding 
and reporting of these actions as well as more consistent enforcement 
of the reporting requirement.
    Comment: With respect to negative actions or findings reported by 
private accreditation entities, one commenter expressed concern that 
reporting by private accreditation entities to the NPDB would undermine 
physician self-governance by reporting physician infractions unrelated 
to medical competence.
    Response: Under section 1921, private accreditation entities would 
only report final actions related to the accreditation of health care 
entities. Physicians, dentists, and other health care practitioners 
would not be subjects of these reports.
    Comment: Nine organizations raised concerns about the requirement 
for peer review organizations to report any negative actions or 
findings to the NPDB under section 1921. Several commenters stated that 
requiring the peer review committee to report sanctions would have a 
chilling effect on the peer review process in a hospital. The 
commenters stated that the peer review conducted by a hospital or 
professional society peer review committee is a confidential process 
and that these committees should be exempt from reporting under section 
1921. Another commenter stated that professional societies are not peer 
review organizations. One commenter stated that peer review 
organization reporting would not have an effect on the hospital peer 
review process.
    Response: Section 1921 requires the reporting of ``any negative 
action or finding'' by a peer review organization. Therefore, it would 
be inappropriate to exclude the reporting of ``any negative action or 
finding'' by peer review organizations. For purposes of section 1921 
reporting, the term ``peer review organization'' does not include the 
internal peer review committees of hospitals, professional societies, 
or other health care entities as defined in the current NPDB 
regulations. Peer review organizations are separate from the internal 
peer review committees of hospitals and professional societies. 
According to the definition, a peer review organization is an 
``organization'' whose primary purpose is to evaluate the quality of 
patient care and services against objective criteria that define 
acceptable and adequate practice through an evaluation by a sufficient 
number of health care practitioners to ensure adequate peer review. 
This requires that the peer review organization be a stand-alone 
organization separate from a hospital or other health care entity.
    Comment: Several commenters recommended limiting peer review 
organization reporting to recommended sanctions that indicate a 
substantial risk to patient safety or quality of care. Other commenters 
noted that State laws require peer review organizations to report more 
serious findings to State licensing agencies, making it likely that the 
NPDB would already capture this information in a subsequent licensure 
action. One commenter stated that peer review organizations that 
contract with health care facilities do not recommend sanctions; they 
recommend improvements.
    Response: We agree that peer review organizations identify and 
recommend opportunities for practitioner improvement and generally do 
not recommend sanctions. The health care entities themselves (e.g., 
their peer review committees or boards) would use this information to 
make the decision to sanction a health care practitioner. Further, we 
believe that a sanction recommended by a peer review organization would 
occur in extremely rare instances, likely when there is an immediate 
threat to patient health or safety. Consequently, we believe that we do 
not need to modify the negative action or finding definition as 
suggested by the commenter.
    Comment: Several commenters requested that reportable actions be 
limited to final actions that are afforded due process. They stated 
that, since peer review organizations make recommendations for action 
and the recommendations may be acted upon by another agency or 
organization, peer review organizations should not be required to 
report.
    Response: We agree that peer review organizations may make 
recommendations for another entity to take an action and do not take or 
enforce actions themselves. Therefore, they do not take final actions. 
The presence of a due process mechanism, however, is a hallmark of peer 
review organizations and private accreditation entities and can provide 
greater validity to the information reported. As stated earlier, we 
addressed this concern by modifying the definition of ``peer review 
organization'' to include provisions requiring the presence of due 
process mechanisms.
    Comment: One commenter requested clarification of the term 
``sanction'' as it relates to reporting sanctions recommended by peer 
review organizations.
    Response: In the context of section 1921, a sanction is a 
recommendation by a peer review organization concerning a health care 
practitioner, physician or dentist that, if adopted by the hospital or 
health care entity, would negatively affect the status of that 
individual. For example, if a peer review organization make a 
recommendation that, if adopted, would adversely affect the clinical 
privileges of a physician, the recommended sanction would be reportable 
to the NPDB.

[[Page 4665]]

    Comment: We received a wide range of comments concerning negative 
actions or findings taken by licensing and certification authorities 
(i.e., any negative action or finding that is publicly available, 
excluding administrative fines or citations, and corrective action 
plans unless they are: (1) Connected to the delivery of health care 
services, and (2) taken in conjunction with other licensure or 
certification actions). Several commenters stated the definition was 
too broad and would generate a large volume of reports with little 
value. They recommended that the definition be limited to actions or 
findings based on patient safety and quality of care issues, or based 
on professional competence or conduct. Conversely, other commenters 
thought the definition was too restrictive, gave licensing bodies too 
much latitude in deciding what to report, and would exclude important 
information regarding a practitioner's fitness to practice. One of 
these commenters stated that licensing boards have a unique role in 
consumer protection and that HRSA should modify the definition to 
include any action taken by a licensing authority that finds a 
violation of a statute or regulation and is a matter of public record. 
Another commenter requested that we modify the definition so that 
administrative fines or citations and corrective action plans are 
reportable if they are either related to the delivery of health care 
services or taken with another reportable action.
    Response: Section 1921 states that State licensing agencies must 
report ``any negative action or finding'' without any limitation other 
than the action or finding must result from a formal proceeding. We 
agree with commenters that further limiting reporting to negative 
actions or findings based on competence or conduct, or quality of care 
issues, would create a subjective standard that unnecessarily exempts 
important information and may lead to uneven interpretation and 
reporting by licensing agencies.
    After consideration of comments suggesting that the proposed 
definition is too restrictive and describing the unique consumer 
protection role played by State boards, we modified the definition 
regarding the reporting of administrative fines or citations, and 
corrective action plans. This modification includes the collection of 
those actions or findings if they are either (1) related to the 
delivery of health care services or (2) taken with another reportable 
action. The definition in the proposed rule mandated that both 
requirements be met. While we do not wish to collect administrative 
fines and citations, or corrective action plans that are imposed for 
reasons unrelated to health care delivery (such as a fine for failing 
to notify a board of an address change in a timely fashion), we believe 
that if such an action is related to the delivery of health care 
services by a health care practitioner, physician, dentist, or health 
care entity, it should be reported. Such an action or finding should 
not have to meet the additional requirement of being taken in 
conjunction with another action. This modification to the definition 
creates a slight difference with the HIPDB definition; however, we 
believe that this change is important to ensure that meaningful actions 
are not excluded from reporting.
    We disagree that the definition gives licensing authorities too 
much latitude in deciding which actions to report, as they are 
currently required to report any negative action or finding that is 
publicly available, with the previously stated exceptions for 
administrative fines or citations, and corrective action plans. These 
fines, citations and corrective action plans are limited to those 
related to health care delivery to ensure that they are meaningful to 
queriers. It is for this same reason we disagree with the proposal to 
require reporting of all violations of statute or regulation that are a 
matter of public record. In addition, we are obligated to try to 
maintain consistency with HIPDB reporting requirements, and this 
proposed definition would create a substantial difference between 
section 1921 and HIPDB State licensure reporting requirements.
    In addition to this change in the definition, HRSA is making a 
minor grammatical change to the definition. In the proposed definition, 
we misplaced a comma. That comma should have appeared after 
``administrative fines or citations,'' rather than between those two 
terms. In the final rule, we moved the comma to its intended place.
    Comment: One commenter stated that HRSA should limit reporting of 
licensure actions to final actions.
    Response: We disagree with this comment. HRSA's interaction with 
State licensure authorities revealed that, within the operation of 
State licensure authorities, there are instances when temporary 
actions, i.e., summary or emergency limitation or restriction on 
license, are necessary to prevent imminent danger to the public. 
Temporary actions are treated differently than other actions in that 
procedural rights of the practitioner are provided following the 
action, rather than preceding it. Further, HRSA opines that the 
reporting of temporary actions is in keeping with the purpose of the 
NPDB, which is to protect the public from the threat of incompetent 
practitioners continuing to practice without disclosure or discovery of 
previous damaging or incompetent performance. In addition, the statute 
does not limit licensure actions to those that are final actions. 
Currently, licensure actions reported to the NPDB are not limited to 
final actions.
    Comment: One commenter expressed concern about whether the negative 
action or finding definition would require licensing authorities to 
report the referral of a practitioner for impairment monitoring or 
participation in a diversion program. The commenter stated that HRSA 
should either withdraw the definition or clarify that such referrals 
are ``corrective actions,'' and agreed with another commenter that 
corrective actions should only be reported when taken with another 
reportable action.
    Response: Current policy guidance for reporting NPDB and HIPDB 
licensing and certification actions specifically excludes reporting of 
agreements that impose monitoring of a practitioner for a specific 
period of time, unless such monitoring constitutes a restriction of the 
practitioner's license or is considered to be a reprimand. Since we do 
not believe that the referral of a practitioner for impairment 
monitoring or participation in a diversion program are adverse actions 
under the statute and therefore not reportable, we will continue this 
policy under section 1921. It is up to each licensing authority to 
determine whether the actions they take are ``corrective actions,'' 
which, based on the definition change mentioned previously, are 
reportable if they are publicly available and are either related to the 
delivery of health care services or taken in conjunctions with another 
reportable action.
    Comment: One commenter recommended expanding the definition to 
include negative actions ``taken at the request of'' a licensing or 
certification authority.
    Response: Section 1921 does not include the authority to collect 
actions taken or findings made by organizations or bodies other than 
those specified in the statute.
    Comment: Two commenters requested that HRSA specify what types of 
negative actions or findings, particularly what types of administrative 
penalties, should be reported under the definition of negative action 
or finding.
    Response: The type of reportable negative action or finding by a 
State licensing authority includes any action

[[Page 4666]]

or finding that is publicly available and rendered by a licensing or 
certification authority. Administrative fines or citations, and 
corrective action plans, are excluded unless they are: (1) Connected to 
the delivery of health care services or (2) taken in conjunction with 
other licensure or certification actions.
    Reportable actions, by statute, must be based on the result of 
formal proceedings and events unrelated to such proceedings would be 
excluded. The types of negative actions or findings likely will vary 
from State-to-State.
    Comment: With respect to all negative actions or findings reported 
under section 1921, one commenter requested that the Secretary limit 
all reportable negative actions and findings to those that last longer 
than 30 days. Such a restriction exists for clinical privileges actions 
reported to the NPDB under the HCQIA.
    Response: Under the HCQIA, only adverse actions against clinical 
privileges are limited to actions that last more than 30 days. This 
limitation does not apply to the other reportable actions under the 
NPDB. Consequently, section 1921 does not limit the reporting of 
negative actions or findings to any particular time period. To place a 
30-day restriction is not consistent with the statute and current NPDB 
and HIPDB reporting requirements for licensure and other actions.
3. Organization Name
    Comment: One commenter requested that HRSA clarify the nature of 
the employment organization relative to information that must be 
reported in Sec.  60.9. The commenter asked whether HRSA intended to 
collect the name of the employer at the time of the act or omission 
that led to the reported action.
    Response: This information is collected currently by both the NPDB 
and the HIPDB, and the intent is to collect the name of the employer of 
the physician, dentist, or other health care practitioner at the time 
of the act or omission that led to the reported action.
4. Peer Review Organization
    Comment: In response to our request for comments concerning peer 
review organizations, including the exemption of QIOs from reporting 
under section 1921, four commenters responded that QIOs should be 
exempt from the reporting requirements of section 1921(a)(1) based on 
the rationale provided in the NPRM. One commenter stated that if QIOs 
are, in fact, peer review organizations, they should not be exempted 
from reporting. The commenter, however, agreed that the rationale to 
exempt QIOs from reporting was reasonable. One commenter responded that 
QIOs should not be exempted from reporting, stating that if private 
accreditation organizations are required to report, then QIOs should be 
required to report as well.
    Response: Section 1921 does not specifically include QIOs in the 
peer review organization definition. Section 1921(a)(1) refers to 
reporting of proceedings by ``any peer review organization.'' Yet, 
section 1921(b)(4), when discussing who may have access to information, 
refers to ``utilization and quality control peer review organizations 
described in Part B of Title XI * * *'' (currently referred to as 
QIOs). This indicates that the earlier reference to ``any peer review 
organization'' does not refer to ``utilization and quality control peer 
review organizations'' as described in Part B of title XI.
    With respect to linking QIO reporting to private accreditation 
entity reporting, we disagree with this contention. Section 1921 
specifically requires that private accreditation entities report to the 
NPDB. The statute does not specifically require QIO reporting. In 
addition, the reporting of QIO sanction recommendations to the NPDB 
will significantly interfere with the critical mission of the QIO 
program, which focuses on maintaining collaborative relationships with 
providers and practitioners to improve the quality of health care 
services delivered to Medicare beneficiaries. Private accreditation 
entities do not have this specific mission.
    Based on these reasons and in light of the support for the QIO 
exclusion from this definition in the proposed rule, we have decided to 
maintain this exclusion in the final rule.
    Comment: Two commenters stated that the definition of ``peer review 
organization'' should be amended to include language assuring that peer 
review organizations reporting to the NPDB are those that provide due 
process to their physician participants and that a physician has had 
ample opportunity to appeal the peer review organization's findings. 
Additional provisions such as these would provide at least minimal 
assurance of the quality of information considered and the fairness of 
the fact-finding process.
    Response: We concur with these comments and have added language 
regarding the presence of due process to the definition. As stated 
earlier, while the professional review provisions under 42 U.S.C. 11111 
do not apply to section 1921, as several commenters noted, licensing 
agencies operating under State law must provide due process protections 
for those they regulate. Therefore, it is the formal proceedings 
conducted by peer review organizations and private accreditation that 
are of the greatest concern.
    To address this concern, we have modified the definitions of ``peer 
review organization'' and ``private accreditation entity'' to include 
provisions regarding the presence of due process mechanisms. If a peer 
review organization or private accreditation entity does not make due 
process available to practitioners and entities, respectively, the 
entity does not meet the definition.
    For purposes of reporting, the NPDB is only concerned with the 
presence of a due process mechanism and not whether due process has 
been strictly adhered to. To the extent disputes arise regarding 
whether due process has been provided (for instance during the 
Secretarial Review process), the NPDB will not generally examine 
whether the due process rules of any particular entity have been 
followed or the extent to which particular practitioners had access to 
such mechanisms.
    Comment: We received comments requesting that patient safety 
organizations (PSOs), as defined by the Patient Safety and Quality 
Improvement Act of 2005 (Patient Safety Act), and programs that are 
operated by payers (e.g., pay-for-performance or value-based purchasing 
programs), be excluded from the definition of peer review 
organizations. One commenter stated that the proposed rule was 
inconsistent with the Patient Safety Act and would hamper patient 
safety organization activities.
    Response: We do not feel that the rule is inconsistent with the 
Patient Safety Act nor will it hamper PSO activities. We do not believe 
that a specific exclusion from the definition of peer review 
organizations for patient safety organizations is necessary since we do 
not expect PSOs to take any reportable actions under this regulation. 
The only actions that a peer review organization must report to the 
NPDB are recommendations to sanction a health care practitioner, 
physician or dentist. By contrast, PSOs, defined in section 921(4) of 
the Public Health Service Act (42 U.S.C. 299b-21(4)), in order to 
properly carry out their mandatory patient safety activities in 
accordance with the Patient Safety Act, are to use data and reports 
they develop to ``encourage a culture of safety,'' which is understood 
to mean using the data they receive and develop into reports to create 
an environment in which errors and close calls will be readily reported 
by providers and thoroughly discussed

[[Page 4667]]

without fear of penalty or an increased risk of liability. Accordingly, 
it would be inconsistent with PSO commitments made to the Secretary 
pursuant to section 924(a) and 921(5) of the Public Health Service Act 
to make sanction recommendations regarding providers and therefore 
there would be no crossover with this regulation mandating peer review 
organization reporting responsibilities with the separate and distinct 
objectives and responsibilities of PSOs, as set forth in the Patient 
Safety Act.
    We also do not feel that an exception is appropriate for programs 
that are operated by payers. QIOs were excluded from the definition of 
peer review organization because of the statutory distinctions between 
peer review organizations and QIOs in section 1921 and differences in 
the missions of those organizations. There is no similar statutory 
distinction between peer review organizations and programs that are 
operated by payers in section 1921 and we do not feel that the mission 
of programs operated by payers justify such an exclusion as with QIOs.
5. Private Accreditation Entity
    Comment: We received two comments requesting clarification of this 
definition. One of these commenters asked HRSA to confirm that 
organizations that accredit educational programs do not meet the 
requirements of the ``private accreditation entity.'' The other 
commenter requested that organizations that accredit mammography 
screening facilities be exempted because a Federal accreditation 
program currently exists to regulate this type of accrediting 
organization.
    Response: The definition of the term ``private accreditation 
entity'' includes only those organizations that meet the requirements 
of the definition. Private accreditation entities are only required to 
report actions concerning health care entities. If a private 
accreditation entity accredits organizations other than those that meet 
the definition of the term ``health care entity,'' such as purely 
educational programs, then any actions taken against those 
organizations would not be reportable.
    Reporting information to another government agency instead of the 
NPDB does not fulfill an entity's obligations under section 1921. 
Section 1921 does not provide an exclusion from reporting to the NPDB 
for organizations that may report to other government agencies.
    Comment: One commenter stated that at least a dozen organizations 
would meet the definition of a private accreditation entity and 
requested that HRSA ensure these organizations comply equally with 
section 1921 reporting requirements.
    Response: HRSA agrees with the commenter and expects entities that 
are required to report to the NPDB will do so in accordance with 
section 1921 requirements. In addition, HRSA will monitor compliance 
with these reporting requirements as it does currently with NPDB and 
HIPDB reporting requirements.
6. Voluntary Surrender
    Comment: We received several comments concerning the voluntary 
surrender of a license and a notice of an investigation. These 
commenters raised concerns regarding the nexus between a notice of 
investigation and a subsequent voluntary license surrender to imply 
either wrongdoing or negligence. One commenter recommended that 
``notification of investigation'' be stricken from the definition of 
voluntary surrender.
    Response: The NPDB is primarily a flagging system intended to 
facilitate a comprehensive review of the credentials of a health care 
practitioner, physician, dentist or entity. An NPDB reported action 
serves to alert users that a careful review of the past actions of a 
health care practitioner, physician, dentist or entity may be prudent. 
NPDB information is intended to be used in combination with information 
from other sources, which is consistent with the prevailing credential 
verification and professional review standards within the healthcare 
delivery industry.
    We disagree with the comment requesting that voluntary surrenders 
after notification of an investigation be excluded from the voluntary 
surrender definition. In an effort to ease the reporting burden and to 
make the information contained in both the HIPDB and NPDB as useful as 
possible for queriers, HRSA has attempted to make the reporting 
requirements under the HIPDB and NPDB as uniform as possible. The 
definition of voluntary surrender is based on the definition currently 
used in the HIPDB. In addition, reporting voluntary surrenders after 
notification of investigation eliminates a loophole in which a health 
care practitioner, physician, or dentist surrenders his or her license 
to avoid possible disciplinary proceedings and a subsequent report to 
the Data Banks. If these voluntary surrenders are not reported to the 
NPDB, health care practitioners, with potentially questionable 
histories, would be able to move from state-to-state without detection. 
Therefore, HRSA has maintained the ``notification of investigation'' 
language in the final rule.
    It is important to note that the definition of the term ``voluntary 
surrender'' applies only to State licensing actions reported under 
section 1921 and does not apply to actions reported under the HCQIA. To 
avoid confusion among entities that report surrenders under the HCQIA, 
such as hospitals reporting surrenders of clinical privileges, we have 
modified this term as it appears in Sec.  60.3 of the regulations, from 
``voluntary surrender'' to ``voluntary surrender of license.''
    Comment: We received several comments supporting the exclusion of 
non-disciplinary voluntary surrenders from the proposed rule. One 
commenter requested that the reporting requirement for exclusion of 
late license renewals be more plainly stated.
    Response: A State licensing authority's determination that a health 
care practitioner, physician, or dentist or entity has voluntarily 
surrendered his, her or its license because of non-payment or belated 
payment of renewal fees would not be reportable unless the surrender 
occurred after a notification of investigation, was done in exchange 
for a decision by the licensing authority to cease an investigation, or 
otherwise satisfies the requirements of the voluntary surrender 
definition. We attempted to maintain consistency with the HIPDB 
definition of ``voluntary surrender'' and the HIPDB exclusion of non-
renewals for non-payment of fees. While there are some slight 
differences in language between the two regulations, we view these two 
definitions as containing the same requirements.
    Comment: One commenter requested clarification that a voluntary 
surrender of a license will not preclude a State licensing authority 
from continuing or initiating a disciplinary action.
    Response: A State's reporting obligations under section 1921 have 
no impact on the State's authority to continue or curtail disciplinary 
action, which is dependent upon the State's rules.
    Comment: We received several comments recommending that HRSA 
clarify the differences between ``involuntary surrenders'' and 
``voluntary surrenders.'' One commenter suggested that HRSA establish a 
clear distinction between truly voluntary license surrenders, 
involuntary license surrenders and license revocations, with separate 
definitions and reporting categories for each. The commenter urged HRSA 
to make mandatory reporting of information on all voluntary or 
involuntary surrenders and

[[Page 4668]]

non-renewals of licenses, including those occasioned by non-payment of 
licensure fees, a change to inactive status, or due to retirement.
    Response: We disagree with these comments. Section 1921 and section 
1128E both require reporting of any loss of license, including a loss 
for the reason of a voluntary surrender. During the public comment 
period for the section 1128E proposed rule, we received public comments 
concerning this same definition of voluntary surrender. Commenters, 
particularly licensing authorities, expressed concern regarding the 
volume of reports that would have to be submitted if all surrenders of 
license--including those due to retirement or non-payment of fees--were 
reportable and the value of these non-disciplinary related surrenders 
to queriers. At that time, it was determined that voluntary surrenders 
for reasons such as retirement and non-payment of licensure renewal 
fees would provide little value to Data Bank users and that such 
actions would not be collected. Distinctions between voluntary and 
involuntary surrenders have not been an issue for those reporting such 
actions to the HIPDB, and we do not think such distinctions are 
warranted at this time. To ensure consistency between section 1921 and 
HIPDB reporting requirements, we will maintain this definition of 
voluntary surrender for both Data Banks.
    Comment: One commenter expressed concern about a potential conflict 
between the reporting of a negative action or finding that under State 
law is publicly available information and a ``voluntary surrender after 
a notification of investigation or a formal official request'' to 
surrender the license. The commenter believed that many reportable 
voluntary surrenders may be based on non-public investigative 
information and, therefore, not reportable. The commenter requested 
clarification of the definition of a reportable voluntary surrender to 
include surrenders regardless of whether they are based upon a 
notification of investigation, or request, or agreement that is 
publicly available.
    Response: We believe there is no conflict between reporting a 
negative action or finding that is publicly available and a voluntary 
surrender that is based on information that is not publicly available. 
Voluntary surrenders are reportable even if the underlying reasons for 
the surrender are not public information. However, voluntary surrenders 
relating to retirement, non-payment of licensure renewal fees, and 
change to inactive status, if there is not an investigation in 
progress, are not reportable.
    We did not receive any comments on the definitions of the terms 
``affiliated or associated,'' ``organization type,'' or ``Quality 
Improvement Organization.''
How Information Must Be Reported (Sec.  60.4)
    Comment: We received several comments supporting the integration of 
the electronic reporting and querying system for the NPDB and the 
HIPDB, which enables reporting entities to submit a single adverse 
action to both Data Banks, as appropriate. One commenter, however, 
questioned the need for two systems if all of the information is 
automatically sent to both with a single query or report submission.
    Response: The NPDB and the HIPDB are separate and distinct 
repositories, with different types of reportable actions contained in 
each, as well as different sets of authorized queriers. However, this 
distinction notwithstanding, the NPDB and the HIPDB form one integrated 
system. Within this integrated system, an action reportable to both the 
NPDB, including section 1921 and the HIPDB, will only need to be 
reported once. The system will subsequently store the report according 
to the appropriate statutory authority. Additionally, an eligible 
querier that is registered to have access to information under both 
Data Banks can query for information through a single request.
When Information Must Be Reported (Sec.  60.5)
    Comment: One commenter stated the 15-day timeframe to report to a 
State is not a reasonable amount of time for reporting information. We 
also received comments expressing concern over the need to report to 
individual States rather than directly to the NPDB.
    Response: We feel that the 15-day timeframe is a reasonable amount 
of time for reporting information. Currently, health care entities have 
15 days to report actions to the Data Banks. This procedure has been in 
place since the implementation of the NPDB and we have not received 
notice of any concerns from users. Consequently, we feel it is 
appropriate to use this timeframe with section 1921. Further, since the 
development of electronic reporting technology, entities now submit 
reports directly to the NPDB using the Data Bank's electronic reporting 
system. The Data Banks' electronic reporting system enables reporting 
entities to satisfy reporting obligations to State licensing 
authorities by automatically providing a copy of the report for 
submission via mail or fax to the appropriate State Board.
    Comment: One commenter requested clarification of the penalties for 
failure to report to the NPDB.
    Response: Current regulations specify the penalties for failing to 
report information to the NPDB under the HCQIA. For State licensing 
authorities that fail to report licensing actions, Sec.  60.8 (c) 
states that ``[i]f, after notice of noncompliance and providing 
opportunity to correct noncompliance, the Secretary determines that a 
Board has failed to submit a report as required by this section, the 
Secretary will designate another qualified entity for the reporting of 
information under Sec.  60.9'' (redesignated as Sec.  60.11). There are 
no additional penalties specified under section 1921 for failure to 
report.
Reporting Errors, Omissions, and Revisions (Sec.  60.6)
    Comment: One commenter questioned how HRSA would handle reports on 
hospital subjects that changed ownership or discontinued operation or 
services. The commenter suggested that HRSA should specify how a report 
would be updated when the information is no longer meaningful given a 
change in hospital circumstances.
    Response: The Data Banks provide several methods to update 
identifying information. If the subject of a report determines that 
reported information concerning the subject is no longer accurate, the 
subject should first contact the reporting entity to request that the 
entity submit a correction report with the updated information. Also, 
the subject may provide more current information, such as a name 
change, to the Data Banks. In addition, the subject may submit a 
subject statement for the report. This statement could note the change 
in ownership or other change in status since the report was filed. 
However, reporting entities are responsible for ensuring the accuracy 
of the information contained in any report they submit.
Reporting Licensure Actions Taken by Boards of Medical Examiners (Sec.  
60.8)
    Comment: Two commenters requested that Sec. Sec.  60.8 and 60.9 of 
the NPDB regulations be revised to include other health care 
practitioners in addition to physicians and dentists. These commenters 
requested that adverse clinical privileges actions taken against other 
health care practitioners be made mandatory instead of voluntary. One 
commenter stated that the current regulations do not adequately protect 
consumers and health care facilities

[[Page 4669]]

from health care practitioners who have had actions taken against their 
licenses or clinical privileges.
    Response: As indicated in the proposed rule, the current 
regulations governing the NPDB, which are not expanded or modified by 
section 1921, are not subject to review and comment. Consequently, 
neither the reporting requirements for licensure actions taken by 
Boards of Medical Examiners under Sec.  60.8 nor the reporting 
requirements for clinical privileges under Sec.  60.9 (redesignated as 
Sec.  60.11) are not expanded or modified by section 1921 and, 
therefore, are not subject to review and comment. The reporting 
requirement of the new Sec.  60.9 (as added by section 1921) requires 
the reporting of adverse licensure actions taken against health care 
practitioners, physicians, dentists, and entities (health care 
facilities). This revision to the NPDB enhances consumer protection and 
patient safety.
Reporting Licensure Actions Taken by States (Sec.  60.9)
    Comment: Two commenters requested information about the types of 
licensure actions to be reported to the NPDB and the HIPDB. One 
commenter asked whether data elements used for reporting to the NPDB 
and the HIPDB will have the same definitions and whether the NPDB and 
HIPDB will use the same violation and action codes for reporting. 
Another asked for examples of the new types of licensure actions to be 
collected by the NPDB and also requested that nominal or ministerial 
acts or omissions not be reported.
    Response: State licensing authorities will use the same reporting 
formats, data element definitions, and code lists they currently use 
for reporting licensure actions to the HIPDB for reporting section 1921 
licensure actions. Examples of NPDB licensure actions that will be 
reportable under section 1921 that are not currently reportable under 
the HCQIA include formal or official actions, such as revocations, 
suspensions and reprimands that are not based solely on professional 
competence or conduct. Under section 1921, the NPDB also will collect 
publicly available negative actions or findings, including fines or 
citations for reasons related to the delivery of health care services 
or taken with another action. HRSA will provide additional examples of 
reportable actions in forthcoming policy guidance.
    In keeping with our commitment to maintain consistency between NPDB 
and HIPDB reporting formats, we are changing the status of the data 
element ``Amount of Monetary Penalty'' from ``if known'' to 
``mandatory'' when the reported action consists of a monetary penalty. 
This field is mandatory on the HIPDB reporting format for monetary 
penalties reported by State licensing agencies and was inadvertently 
listed as ``if known'' in the proposed rule.
    We disagree with the suggestion to exclude actions that are based 
on ``nominal or ministerial acts or omissions.'' Implementing this 
suggestion would likely lead to uneven interpretation among States and 
create a discrepancy between section 1921 and HIPDB definitions. We 
have limited the reporting of certain types of negative actions or 
findings, such as administrative fines or citations, and corrective 
action plans, to those either based on the delivery of health care 
services or taken with another action. We believe these limitations 
would ensure that meaningful actions are reported, which appears to be 
the commenter's goal, while maintaining as much consistency as possible 
with the HIPDB.
    Comment: Concerning information reported on all subjects, one 
commenter expressed uncertainty over the purpose of collecting the 
narrative description of acts or omissions. The commenter noted that, 
for purposes of flagging individuals for additional scrutiny, a 
narrative is not needed, and that it was not practical for use in 
research.
    Response: As specified in both the HCQIA and 1128E, ``a description 
of the acts or omissions or other reasons for the action'' is 
information that must be reported to the NPDB and the HIPDB. In 
instances in which the statute clearly defines a requirement, HRSA does 
not have the authority to make any modifications. In order to maintain 
consistency between the NPDB and section 1921, we have retained the 
narrative description on the reporting format for section 1921. In 
addition, we believe a narrative description adds value to a flagging 
system. The narrative description is critical to understanding the 
reasons for and importance of a particular action for subsequent 
reviewers of the report as well as the subject of the report, who has a 
right to challenge the accuracy of the report.
    Comment: One commenter urged HRSA to include, within the scope of 
the proposed regulations, a requirement for mandatory reporting of 
prescribing psychologists, including a specific NPDB data reporting 
category.
    Response: To the extent that prescribing psychologists meet the 
definition of a ``health care practitioner,'' they are subject to 
reports under section 1921.
    Comment: One commenter questioned whether a State licensing 
authority can take an action against a practitioner's license when the 
action is based on another State licensing authority determination.
    Response: Section 1921 does not supersede the ability of a State to 
take an action against a practitioner or entity. States may take 
actions for any reason permitted in their own laws and regulations.
Reporting Negative Actions or Findings Taken by Peer Review 
Organizations or Private Accreditation Entities (Sec.  60.10)
    Comment: One commenter requested that the Secretary limit 
accreditation report content to the information collected during the 
accreditation process so that accreditation entities can avoid costly 
software changes. Another commenter noted that certain accreditation 
entities post accreditation status on their Web sites, making 
additional reporting unnecessary.
    Response: HRSA disagrees with these comments. We continue to 
believe the data elements selected for inclusion under section 1921 are 
essential for users to properly identify entities that are subjects of 
reports in the Data Bank and to understand the nature of the actions 
taken against them. We believe the required information should be 
available from information contained in existing records compiled 
during the review process. The NPDB makes available an electronic 
reporting format that can be completed online at the Data Banks' secure 
Web-based reporting site. A reporting entity that makes information 
available in other public formats has not met its statutory reporting 
obligations under section 1921.
    Comment: Several commenters expressed concern about the reporting 
process. One commenter stated that it is unclear what specifically must 
be reported since the proposed rule includes discretionary and 
mandatory data elements (Sec.  60.9).
    Response: The mandatory data elements are listed in Sec.  60.9(b). 
The electronic system will not accept a report that does not include 
these data elements. Data elements to be reported ``if known'' are 
listed in Sec.  60.9(c). The inclusion of these data elements enhances 
the matching process between a query and a reported subject and 
provides additional information to aid users' understanding of the 
reported incident.
    Comment: One commenter requested that the Secretary modify the 
regulations to require private accreditation entities to report their

[[Page 4670]]

negative actions or findings to all State agencies responsible for 
licensing hospitals and health care entities.
    Response: Adopting such a reporting requirement for private 
accreditation entities is unnecessary and would be overly burdensome. 
Queriers, including State licensing authorities, will have access to 
negative actions and findings reported by accreditation entities 
through the NPDB, which is a national repository.
    Comment: Two commenters expressed concern about the reporting of a 
narrative description of the act or omission upon which the reported 
action was based. The commenters requested that HRSA provide detailed 
guidance on the type of information to be included in this narrative 
description.
    Response: A narrative description of the act(s) or omission(s) 
should contain sufficient specificity to allow a knowledgeable Data 
Bank querier to clearly understand what led to the reported action or 
finding and the seriousness of the act(s) or omission(s). Narrative 
information also should be supported by written documentation, such as 
official findings, orders or minutes. HRSA has provided examples of 
acceptable narrative descriptions on the NPDB Web site ([email protected]), along with guidance on how to write an acceptable 
narrative description and will continue to provide information as 
needed.
    Comment: One commenter expressed concern that the proposed Sec.  
60.10 does not include the requirement that the reported action must be 
the result of formal proceedings (as defined in Sec.  60.3) and 
requested that this omission be corrected in the final rule.
    Response: The requirement that an action must be the result of a 
formal proceeding was omitted in error and has been included in the 
final rule.
    Comment: One commenter asked whether a hospital would be required 
to report its own accreditation recommendations.
    Response: Section 1921 does not require hospitals or other health 
care entities to self-report accreditation recommendations. In general, 
only the entity that takes a reportable action or finding must report 
the action or finding to the NPDB. The subject of the reportable action 
does not report the action.
Requesting Information From the NPDB (Sec.  60.13) [Redesignated]
    Comment: Several commenters questioned whether a hospital is 
authorized to query on nurses and other health care practitioners who 
are employed by the hospital. They believed the proposed rule only 
authorizes hospitals to query on individuals on the medical staff or 
those who hold clinical privileges. Another commenter questioned 
whether hospitals had access to section 1921 information at all.
    Response: Section 1921 information is available to hospitals. 
Section 1921(b)(6) of the Social Security Act states that this 
information is available to ``hospitals and other health care entities 
* * * with respect to physicians or other licensed health care 
practitioners that have entered into, or may be entering into, an 
employment or affiliation relationship with, or have applied for 
clinical privileges or appointments to the medical staff of, such 
hospitals or other health care entities * * *'' The other licensed 
health care practitioners include individuals in professions such as 
nursing and physical therapy.
    Comment: Several commenters expressed concern that private 
accreditation entities are not authorized to query and receive section 
1921 information, which would support their evaluations of a health 
care entity's performance. Other commenters supported public access to 
NPDB information.
    Response: The Secretary is not authorized to provide private 
accreditation entities, other organizations, or the general public 
access to NPDB information.
    Comment: We received several comments questioning the range of law 
enforcement agencies permitted to query the NPDB under the proposed 
rule. In particular, commenters questioned the inclusion in the 
proposed rule of certain law enforcement agencies, such as the Nuclear 
Regulatory Commission and the U.S. Chief of Postal Inspector, not 
specifically included in the statute. One commenter noted that law 
enforcement access to section 1921 information would deter 
participation in quality and risk management procedures. We also 
received comments requesting that subjects of reports be informed when 
law enforcement agencies receive a copy of their report, and that law 
enforcement agencies should be required to state the purpose of their 
query and not use the NPDB to circumvent standard criminal 
investigative procedures.
    Response: Section 1921(b) of the Social Security Act authorizes the 
Secretary to release information collected under the statute to ``the 
Attorney General and such other law enforcement officials as the 
Secretary deems appropriate.'' The list provided in the proposed rule 
of agencies authorized to receive section 1921 information under these 
provisions is not considered to be exhaustive. Each of the listed 
agencies, however, meets the qualifications described in the statute. 
For example, the U.S. Chief of Postal Inspector and State law 
enforcement agencies play a major role in investigating health care 
fraud and abuse in government health care programs. The Nuclear 
Regulatory Commission enforces regulations governing the medical use of 
nuclear materials and also licenses physicians, clinical laboratories 
and hospitals to possess and use nuclear byproduct materials. These 
agencies will not have access to professional review actions or medical 
malpractice information in the NPDB, but only section 1921 reports, so 
we do not believe their access should have any impact on quality and 
risk management activities.
    Currently, all NPDB and HIPDB queriers are required to provide a 
reason for their information request on a particular subject. Also, the 
system records the name of each querying entity that has requested and 
received a copy of a report, information that is available to the 
subject of that report upon request, with the exception of queries 
submitted by law enforcement agencies to the HIPDB. Consistent with 
what was done with the HIPDB, HRSA will be seeking an exemption to 
protect from release law enforcement queries for section 1921 
information. This is necessary in order to protect the confidentiality 
and integrity of investigations by law enforcement.
Confidentiality of National Practitioner Data Bank Information (Sec.  
60.15)
    Comment: One commenter expressed concern that NPDB information may 
be misused or misinterpreted. The commenter stated that punishment for 
improper access to or use of NPDB information should be greater than 
the penalties for failing to report mandatory actions. Other commenters 
expressed concern that information may be stored in the wrong Data Bank 
and requested assurances that Data Bank information is secure.
    Response: Information reported to the NPDB is considered 
confidential and access to and use of the information is restricted. As 
stated in Sec.  60.15, ``persons who, and entities which, receive 
information from the NPDB either directly or from another party must 
use it solely with respect to the purpose for which it was provided.'' 
Both improper use of and access to the NPDB may result in a CMP of up 
to $11,000 for each violation.

[[Page 4671]]

    The NPDB and the HIPDB are required by statute to coordinate 
reporting and querying. Reported information is and will continue to be 
contained only in the legally authorized Data Bank(s) as determined by 
report content. Additionally, when the Data Banks receive a query on a 
subject, the system searches for and releases information stored in the 
NPDB and the HIPDB based on the querying entity's statutory authority 
to access that information. Eligible entities that register with the 
Data Banks must certify their authority as a reporter and querier under 
each of the relevant statutes governing the Data Banks. Authorized 
users interact with the Data Banks over a secure Web-based server that 
uses the latest technology, along with various implementation measures, 
to provide a secure environment for querying, reporting, and data 
storage. Some of these security features include firewall protection 
and encryption of transmitted data to prevent unauthorized access, as 
well as the use of unique passwords for data entry and retrieval. The 
system security plan is reviewed and updated annually to address 
changes in guidance or industry standards needed to continue providing 
secrecy and privacy for the system. In addition, every three years the 
NPDB-HIPDB is required under the Federal Information System Management 
Act (FISMA) to conduct and renew the system's Certification and 
Accreditations (C&A). The C&A process involves convening a panel of 
information technology professionals who conduct a security risk 
assessment, security test and evaluation, technical vulnerability 
assessment, and a Continuity of Operation Plan (COOP) exercise.
How To Dispute the Accuracy of National Practitioner Data Bank 
Information (Sec.  60.16)
    Comment: Several commenters raised concerns that the proposed 
regulations did not include provisions for practitioners to rebut 
information in NPDB reports. Other commenters expressed concern over 
subjects' due process rights and requested that the Secretary provide 
health care practitioners meaningful opportunities to dispute the 
accuracy of claims reported to the NPDB and require the removal of 
inaccurate reports. One of the commenters stated that a subject who 
discovered incorrect or inaccurate information in the NPDB should have 
a right to require the NPDB or the reporting entity to correct the 
error.
    Response: The NPDB currently has in place multiple levels of 
safeguards to protect and ensure the accuracy of a report. Subjects may 
dispute the accuracy of information provided in reports to the NPDB. 
These safeguards will not change under section 1921.
    Comment: One commenter stated that additional protections for 
health care practitioners other than physicians and dentists should be 
in place, such that an opportunity to dispute the accuracy of their 
information reported to the NPDB should be guaranteed before the 
information is submitted to the NPDB.
    Response: The NPDB's safeguards to protect and ensure the accuracy 
of reports apply equally to all types of practitioners. All subjects of 
a report are treated equally and fairly by the Data Banks once a report 
is submitted. We do not have the statutory authority to review the 
merits of adverse actions taken by reporting entities. We can only 
review (1) if the report is legally required or permitted to be filed, 
and (2) if the report accurately depicts the action taken and the 
reporter's basis for the action. Although we understand the comment, 
the statute is clear that the Data Bank's responsibility is to receive 
and disclose information expeditiously and in accordance with statute.

B. Other Issues Raised

1. Implementation Schedule
    Comment: We received two comments regarding the requirement to 
report all actions occurring since the enactment of section 1921. These 
commenters expressed concern about the extra burden State licensing 
agencies would face by having to report information dating back fifteen 
years and questioned the accuracy and availability of such information 
across States. One commenter questioned whether subjects of reports 
dating back to 1992 would have access to information to enable them to 
dispute reported actions, if necessary. One commenter requested that 
HRSA only require the reporting of actions taken on or after the 
publication date of the regulations.
    Response: In Sec.  60.5, the NPDB regulations state that 
information must be submitted beginning with actions occurring on or 
after January 1, 1992. However, while we recognize the commenters' 
concerns, we strongly encourage each reporter to submit actions 
occurring on or after January 1, 1992. To assist in reducing the burden 
on State licensing agencies, we will offer State agencies two options 
for submitting legacy HIPDB reports (August 21, 1996, forward) to the 
NPDB. One option is, with the States' permission, for HRSA to provide 
copies to the NPDB of all actions previously reported to the HIPDB that 
fall under the section 1921 requirements. The second option is for the 
State agencies to resubmit all legacy HIPDB reports (August 21, 1996, 
forward) to the NPDB under section 1921. We also recognize the report 
subjects' concerns regarding their ability to dispute reports of 
actions taken more than a decade ago. However, the dispute resolution 
process (Secretarial review) is available to determine whether an 
action is reportable under applicable law and regulations. The process 
also determines whether the report accurately describes the reporter's 
action and reasons for the action as stated in the reporter's decision 
documents or in a public record, such as board orders.
2. Immunity Provisions of the HCQIA
    Comment: One commenter recommended extending the immunity from 
liability protections (under 42 U.S.C. 11111) to all individuals 
reporting information concerning a health care practitioner, physician, 
dentist or entity under section 1921.
    Response: Part A of Title IV (42 U.S.C. 11111) provides that the 
professional review bodies of hospitals and other health care entities, 
and persons serving on or otherwise assisting such bodies, are offered, 
in certain circumstances, immunity from private damages in civil suits 
under Federal or State law. It does not apply to reporting licensure 
actions or medical malpractice payments under the HCQIA, nor does it 
apply to section 1921 reporting. HRSA is unable to extend this immunity 
without a statutory amendment.
3. Paperwork Reduction Act Statement
    Comment: One commenter expressed concern that section 1921 would 
create an increased burden on State licensing and certification 
agencies.
    Response: Section 1921 does not create a new reporting burden for 
State licensing authorities. State licensure reporting requirements 
under section 1921 are essentially identical to those already being 
reported under the HIPDB. Because of the Data Banks' integrated 
reporting and querying system, State licensing agencies will only need 
to submit a licensing action once. The system will subsequently store 
the report according to statutory requirements in the NPDB, the HIPDB 
or both.
    Comment: One commenter stated that peer review organizations do not 
have substantial resources and that the section 1921 reporting 
requirement would be burdensome.
    Response: Information required to be reported by peer review 
organizations

[[Page 4672]]

should be minimal. We have received comments noting that peer review 
organizations generally recommend areas of improvement and do not 
recommend sanctions (the only type of reportable event for these 
organizations). Therefore, we believe their reporting requirements will 
not be overly burdensome.
    Comment: One commenter stated that the proposed rule did not 
account for additional staff time responding to a greater volume of 
telephone calls resulting from increased access to reported State 
licensure discipline information.
    Response: The licensing actions to be reported to the NPDB under 
section 1921 have already been or are required to be reported to the 
HIPDB. It is for this reason that we do not believe the volume of 
telephone calls resulting from these reports would constitute an added 
burden to State licensing boards.
    Comment: One commenter recommended that HRSA amend the proposed 
rule to allow State licensing agencies and private accreditation 
entities that contract with and report to other Federal agencies to 
determine among themselves which agency will report to the NPDB, to 
further reduce reporting burden. This commenter expressed concern that 
section 1921 would alter its existing reporting relationship with 
another Federal agency.
    Response: Statutes governing the NPDB and the HIPDB specifically 
state who must report and what must be reported to each Data Bank. A 
State licensing authority that takes a reportable action must report 
the action to the NPDB and/or the HIPDB. The statute will not alter 
existing reporting relationships between agencies or between agencies 
and their contractors.

IV. Summary of Revisions in the Final Rule

    Based on our review and response to the array of public comments, 
and on the discretionary authority given to the Department under the 
statute, we have made the revisions to the proposed regulations 
outlined below. We believe these revisions will allow the NPDB to 
collect and disseminate information under section 1921 in an effective 
and efficient manner.

Section 60.2

     We are modifying the proposed change to the first sentence 
in Sec.  60.2 to read ``State licensing or certification authorities, 
peer review organizations, and private accreditation entities that take 
negative actions or findings against health care practitioners, 
physicians, dentists, or entities.''

Section 60.3

     We are revising the definition of the term ``formal 
proceeding'' to read as follows: Formal Proceeding means a proceeding 
held before a State licensing or certification authority, peer review 
organization, or private accreditation entity that maintains defined 
rules, policies, or procedures for such a proceeding.
     We are modifying language in the definition of the term 
``negative action or finding'' to limit the scope of actions or 
findings reported by private accreditation organizations. The sentence 
``Receipt of less than full accreditation from a private accreditation 
entity that indicates a substantial risk to the safety of a patient(s) 
or quality of health care services and includes, but is not limited to, 
denial of accreditation or non-accreditation;'' is replaced by ``A 
final determination of denial or termination of an accreditation status 
from a private accreditation entity that indicates a risk to the safety 
of a patient(s) or quality of health care services.''
     To ensure clarity of the range of reportable subjects, we 
are modifying the definition of the term ``negative action or finding'' 
to replace the sentence ``Any recommendation by a peer review 
organization to sanction a practitioner.'' to read: ``Any 
recommendation by a peer review organization to sanction a health care 
practitioner, physician, or dentist.''
     We are revising the following sentence in the definition 
of the term ``negative action or finding:'' ``This definition excludes 
administrative fines, or citations and corrective action plans, unless 
they are: (1) Connected to the delivery of health care services, and 
(2) taken in conjunction with other licensure or certification actions 
such as revocation, suspension, censure, reprimand, probation, or 
surrender.'' In this sentence, we are replacing the ``and'' in between 
``connected to the delivery of health care services'' and ``taken in 
conjunction with other licensure * * *'' with an ``or.'' Also in this 
sentence, we are deleting the ``,'' in ``administrative fines, or 
citations'' and adding a ``,'' after ``citations'' and before ``and 
corrective action plans.''
     After the first sentence in the definition of the term 
``peer review organization,'' we are adding a requirement that to 
qualify as a peer review organization for purposes of this rule, an 
organization must have due process mechanisms. This sentence reads: 
``The organization has due process mechanisms available to health care 
practitioners, physicians, and dentists.'' We also are changing the 
term ``health care practitioners'' in the first sentence to read 
``health care practitioners, physicians, or dentists.''
     We are adding a fourth element in the proposed definition 
of ``private accreditation entity'' to include an entity that ``Has due 
process mechanisms available to health care entities.'' We are also 
deleting the ``and'' at the end of the statement ``Measures a health 
care entity's performance based on a set of standards and assigns a 
level of accreditation;'' and deleting the period at the end of the 
statement ``Conducts ongoing assessments and periodic reviews of the 
quality of health care provided by a health care entity'' and replacing 
it with ``and.''
     For clarification purposes, we are changing the term 
``Voluntary surrender'' to ``Voluntary surrender of license.'' Also, in 
the first and second sentences of the definition, we are changing the 
phrase ``a health care practitioner or entity'' to read ``a health care 
practitioner, physician, dentist, or entity.''

Section 60.9

     In Sec.  60.9(a), we are changing the phrase ``a health 
care practitioner or entity (both as defined in Sec.  60.3)'' to read 
``a health care practitioner, physician, dentist, or entity (as defined 
in Sec.  60.3).''
     In Sec.  60.9(a)(2) through Sec.  60.9(a)(4), we are 
changing the phrase ``practitioner or entity'' to read ``health care 
practitioner, physician, dentist, or entity.''
     In Sec.  60.9(a)(3) we are replacing the word 
``nonpayment'' with ``non-payment.''
     We are changing the phrase ``health care practitioner'' in 
Sec. Sec.  60.9(b)(1), 60.9(b)(2), 60.9(c)(1), and Sec.  60.9(c)(2) to 
read ``health care practitioner, physician, or dentist.''
     We are deleting Sec.  60.9(c)(4)(ii), the requirement to 
report the amount of any monetary penalty resulting from the reported 
action ``if known,'' and adding that requirement to Sec.  
60.9(b)(4)(iii). This change makes the reporting of this data element 
mandatory instead of discretionary.

Section 60.10

     We are adding a third sentence to Sec.  60.10(a) to state 
that the actions taken must be as a result of formal proceedings (as 
defined in Sec.  60.3).
     In section Sec.  60.10(a), we are changing the phrase 
``health care practitioner or health care entity'' to read ``health 
care practitioner, physician, dentist, or entity.''

[[Page 4673]]

Section 60.13

     To clarify the range of subjects that may be queried on, 
we are changing the phrase ``individual health care practitioner or 
entity'' in the first sentence of paragraph (a)(2) of Sec.  60.13 to 
read: ``individual health care practitioner, physician, dentist, or 
entity.''
     We are changing the phrase ``licensing health care 
practitioners and entities'' in Sec.  60.13(a)(2)(ii) to read 
``licensing health care practitioners, physicians, dentists, and 
entities.''
     In 60.13(a)(2)(iv), we capitalized the phrase ``Medicaid 
Fraud Control Units.''

Section 60.14

     In Sec.  60.14(a), we are changing the sentence ``The 
amount of such fees will be sufficient to recover the full costs of 
operating the NPDB'' to read ``The amount of such fees will be 
sufficient to cover the full costs of operating the NPDB.'' We are 
changing the word ``recover'' to read ``cover'' for clarification.

V. Regulatory Impact Statement

A. Regulatory Analysis

    OMB has reviewed this final rule in accordance with the provisions 
of Executive Order 12866 and the Regulatory Flexibility Act of 1980 
(RFA) (5 U.S.C. 601-612), and the Small Business Regulatory Enforcement 
Act of 1996, Public Law 104-121, which amended the RFA, and has 
determined that it does not meet the criteria for an economically 
significant regulatory action. In accordance with the Unfunded Mandates 
Reform Act of 1995 (UMRA), Public Law 104-4, we have determined that 
this rule does not impose any mandates on State, local, or tribal 
governments, or the private sector that will result in an annual 
expenditure of $110 million or more, and that a full analysis under the 
Act is not required.
1. Executive Order 12866
    HRSA has examined the economic implications of this final rule as 
required by Executive Order 12866. Executive Order 12866 directs 
agencies to assess all costs and benefits of available regulatory 
alternatives and, when regulation is necessary, to select regulatory 
approaches that maximize net benefits (including potential economic, 
environmental, public health and safety, and other advantages; 
distributive impacts; and equity). Executive Order 12866 classifies a 
rule as significant if it meets any one of a number of specified 
conditions, including: having an annual effect on the economy of $100 
million, adversely affecting a sector of the economy in a material way, 
adversely affecting competition, or adversely affecting jobs. 
Regulations are also considered a significant regulatory action if it 
raises novel legal or policy issues.
    The Office of Information and Regulatory Affairs (OIRA) has 
designated this final rule a significant regulatory action under the 
Executive Order since it raises novel legal and policy issues under 
section 3(f)(4) of the Executive Order. OIRA concludes, however, that 
this rule does not meet the significance threshold of $100 million 
effect on the economy in any one year under section 3(f)(1).
    Consistent with section 1921, these regulations identify certain 
data elements for reporting that are mandatory and specify other 
discretionary data elements for reporting. Many of the mandatory and 
discretionary data elements set forth in this final rule are already 
collected and maintained on a routine basis for a variety of purposes 
by reporting entities, and should not result in additional costs or in 
new and significant burdens. After consulting with State 
representatives, we understand that States routinely collect and 
maintain much of this information. Many licensing boards routinely 
collect and report much of this information to national organizations 
such as the National Council of State Boards of Nursing, Federation of 
Chiropractic Licensing Boards, American Association of State Social 
Work Boards, Federation of State Medical Boards and the Association of 
State and Provincial Psychology Boards. In addition, State Survey and 
Certification agencies are required to report adverse information to 
CMS regarding certain health care entities. Moreover, this information 
is reported to the HIPDB under section 1128E. Actions that are reported 
under section 1128E will only need to be reported once; the NPDB-HIPDB 
system will automatically route these reports to both Data Banks. 
Further, private accreditation entities maintain information on 
Internet Web sites regarding health care entities that have undergone 
the accreditation survey process and their ensuing accreditation 
status. We are unaware of any peer review organizations that make 
available specific information relating to their reviews on their 
organization's Web sites.
    Since we recognize that some classes of reporters may not collect 
or maintain the full array of data elements contemplated for inclusion 
into the NPDB (e.g., other name(s) used or a DEA registration number), 
we are classifying certain data elements to be reported ``if known.'' 
We do not intend to impose new or added burdens on reporters and are 
proposing to give reporters the option of omitting certain data 
elements that they do not maintain or to which they do not have access.
2. Regulatory Flexibility Act
    The Regulatory Flexibility Act (RFA) and the Small Business 
Regulatory Enforcement and Fairness Act of 1996, which amended the RFA, 
require HRSA to analyze options for regulatory relief of small 
businesses. For purposes of the RFA, small entities include small 
businesses, nonprofit organizations, and government agencies. Further, 
in accordance with the RFA, if a rule has a significant economic effect 
on a substantial number of small entities, the Secretary must 
specifically consider the economic effect of the rule on small entities 
and analyze regulatory options that could lessen the impact of the 
rule. Therefore, we have defined small entities as peer review 
organizations, private accreditation entities and local health care 
practitioner and entity licensing boards; individuals and States are 
not included in this definition of small entities. We have determined 
that both the burden and costs associated with reporting to the NPDB 
will be minimal. According to leading private accreditation entities, 
(e.g., the Joint Commission, National Committee for Quality Assurance, 
Utilization Review Accreditation Commission and Commission on 
Accreditation of Rehabilitation Facilities), accreditation entities 
take approximately 11 negative findings or actions per year against 
health care entities. Based on a review of public comments, we estimate 
the potential volume of reporting by peer review organizations to be 
minimal. Most commenters that addressed the volume of such reports, 
while not providing specific estimates, stated that peer review 
organizations would rarely make the types of recommendations that would 
be reportable under these regulations. On this basis, we have 
determined that the data collection process will not have a significant 
impact on local government agencies, peer review organizations, private 
accreditation entities, and that this rule will not have a major effect 
on the economy or on Federal or State expenditures.
    We estimate that the costs to entities that must report to the NPDB 
under section 1921 and those that opt to query under section 1921 will 
not approach the threshold of a major rule. In the burden estimate 
table which follows, the total cost of the section 1921 to users

[[Page 4674]]

is less than $300,000 annually. This cost estimate does not include the 
cost of queries which the entity may file. The major reason for the low 
cost is that the majority of categories of reporters and potential 
queriers are already interacting with the NPDB and/or the HIPDB. These 
users are already familiar with the operation and procedures of the 
Data Banks. For instance, the State licensing authorities are currently 
reporting to the NPDB and/or the HIPDB. Reports required under section 
1921 will be the same as those currently being made to the HIPDB, and 
filing one report, in almost all cases, will meet the reporting 
obligation for the NPDB, HIPDB and section 1921 of the enhanced NPDB. 
Hospitals and other health care entities are currently querying the 
NPDB regarding physicians and dentists, for these entities there would 
only be a small increase in administrative costs if they began to query 
on other hospital personnel such as nurses. Thus, the Secretary 
certifies that these regulations will not have a significant impact on 
a substantial number of small entities.
3. Unfunded Mandates Reform Act
    Section 202 of the Unfunded Mandates Reform Act of 1995 (UMRA) 
(Pub. L. 104-4) requires that agencies assess anticipated costs and 
benefits for any rulemaking that may result in an annual expenditure of 
$110 million or more by State, local, or tribal governments, or the 
private sector. In accordance with the UMRA, we have determined that 
the only costs are those related to the ability to transmit the 
information electronically (e.g., Internet service) and additional 
staff hours needed to transmit information (which we believe will not 
be significant). We estimate an initial start-up cost of approximately 
$500 per private accreditation entity. For this reason, we have 
determined that this rule does not impose any mandates on State, local 
or tribal government or the private sector that will result in an 
annual expenditure of $110 million or more, and that a full analysis 
under the UMRA is not necessary.
4. Executive Order 13132
    Executive Order 13132, Federalism, establishes certain requirements 
that an agency must meet when it promulgates a rule that imposes 
substantial direct requirements or costs on State and local 
governments, preempts State law, or otherwise has Federalism 
implications. In reviewing this final rule under the threshold criteria 
of Executive Order 13132, we have determined that this rule will not 
significantly affect the rights, roles, and responsibilities of State 
or local governments because the actions that are to be reported under 
section 1921 are already being reported to the HIPDB under 1128E.

B. Paperwork Reduction Act of 1995

    The NPDB regulations contain information collection requirements 
that have been approved by OMB under the Paperwork Reduction Act of 
1995 (PRA) and assigned control number 0915-0126.
    This final rule also contains information collection requirements. 
As required by the PRA [44 U.S.C. 3507(d)], we have submitted a copy of 
this final rule to OMB for its review of these information collection 
requirements.
    Collection of Information: National Practitioner Data Bank for 
Adverse Information on Physicians and Other Health Care Practitioners.
    Description: Information collected under Sec. Sec.  60.9 and 60.10 
of this final rule would be used by authorized parties, specified in 
the final rule, to determine the fitness of individuals to provide 
health care services, to protect the health and safety of individuals 
receiving health care through programs administered by the requesting 
agencies, and to protect the fiscal integrity of these programs. 
Information collected under Sec. Sec.  60.6 and 60.16 would be used to 
correct reports submitted to the NPDB. Information collected under 
Sec.  60.13 would be used to disseminate reports to individuals and 
entities eligible to query the NPDB.
    Description of Respondents: State government authorities 
responsible for licensing health care practitioners, physicians, 
dentists, and health care entities, peer review organizations, and 
private accreditation entities reviewing the services of a health care 
practitioner, physician, dentist, or entity.
    Estimated Annual Reporting: We estimate that the public reporting 
burden for the final rule is 10,429.48 hours. Each State is required to 
adopt a system of reporting to the Secretary certain adverse licensure 
actions taken against health care practitioners, physicians, dentists, 
and health care entities, and any other negative actions or findings by 
a State licensing authority, peer review organization, or private 
accreditation entity. The estimated annual reporting and querying 
burden is as follows:

--------------------------------------------------------------------------------------------------------------------------------------------------------
                                              Number of    Frequency    Number of
                Section No.                  respondents  of response   responses        Hours per response       Burden hours  Hourly cost   Total cost
--------------------------------------------------------------------------------------------------------------------------------------------------------
Errors and Omissions 60.6 (a) \1\..........           23            1           23  15 min......................          5.75          $25         $144
Revisions to Actions 60.6 (b) \1\..........            7            1            7  30 min......................          3.5            25           88
Licensure Actions 60.9 \2\.................            0            0            0  0...........................          0               0            0
Adverse Action 60.10 Private Accreditation            11            1           11  45 min......................          8.25           25          206
 Entities \3\.
Adverse Action 60.10 Peer Review                      25            2           50  45 min......................         37.50           25          938
 Organizations \3\.
Queries: Agencies administering Federal               10           26          260  5 min.......................         21.66           25          542
 health care programs 60.13 (a)(2)(i) \4\.
Queries: State Licensing Authorities                   0            0            0  0...........................          0               0            0
 60.13(a)(2)(ii) \4\.
Queries: State Agencies 60.13 (a)(2)(iii)             51           20         1020  5 min.......................         85              25        2,125
 \4\.
Queries: State Medicaid 60.13 (a)(2)(iv)              51           20         1020  5 min.......................         85              25        2,125
 \4\.
Queries: Law Enforcement 60.13 (a)(2)(v)             262            1          262  5 min.......................         21.83           25          546
 \4\.
Queries: QIOs 60.13 (a)(2)(vi) \4\.........           51            5          255  5 min.......................         21.25           25          531
Queries: Hospitals and other health care          10,930           11      120,230  5 min.......................     10,019.16           25      250,479
 entities 60.13 (a)(2)(vii) \4\.
Self-Query 60.11(a)(2) \5\.................            0            0            0  0...........................          0               0            0
Entity Registration 60.3 \6\...............           50            1           50  60 min......................         50              25        1,250
Entity Update 60.3 \6\.....................           25            1           25  5 min.......................          2.08           25           52
Initial Request for Dispute of Report                 18            1           18  15 min......................          4.5            45          203
 60.16(b) \7\.

[[Page 4675]]

 
Practitioner Requests for Secretarial                  3            1            3  8 hours.....................         24             200        4,800
 Review 60.16(b) \7\.
Subject Statements 60.16(b) \7\............           40            1           40  60 min......................         40             100        4,000
                                            ------------------------------------------------------------------------------------------------------------
    Total..................................       11,557  ...........      123,183  ............................     10,429.48  ...........      268,029
--------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ Although OMB has previously approved the burden under the HCQIA for the reporting of errors and omissions to information previously reported to the
  NPDB, section 1921 will expand the scope of the NPDB to include all health care practitioners and health care entities. However, licensure actions
  reported to the NPDB regarding health care practitioners, physicians, dentists, and health care entities are already reported to the HIPDB and, thus,
  were previously calculated in the burden estimates for the HIPDB. Therefore, the burden for correcting or revising NPDB licensure actions is not
  included in this regulation. Section 60.6 requires individuals and entities that report information to the NPDB to ensure the accuracy of the
  information. If there are any errors or omissions to the reports previously submitted to the NPDB, the individual or entity that submitted the report
  to the NPDB is responsible for making the necessary correction or revision to the original report. If there is any revision to the action, the
  individual or entity that submitted the original report to the NPDB is responsible for reporting the revision. Based upon corrections and revisions
  made under the HCQIA, we estimate that a total of 23 respondents will need to correct their reports each year and that a total of 7 respondents will
  need to revise actions originally reported each year. Based on experience with the NPDB, a correction is expected to take 15 minutes to complete and
  submit. A revision is expected to take somewhat longer (30 minutes) because it involves completing a portion of a new report form rather than just
  correcting the individual items that are in error. The costs associated with preparing corrections and revisions are estimated at $25 per hour.
\2\ Since Sec.   60.9 requires each State to adopt a system of reporting to the NPDB disciplinary licensure actions, the various licensing boards within
  each State will be required to report such actions directly to the State licensing authorities. These same licensing boards already are responsible
  for reporting such actions to the HIPDB. Therefore, we calculate the annual reporting burden for State licensing boards under the HIPDB and not this
  regulation. As a result, the reporting burden for State licensing boards is not included in this regulation. We estimate that, under the HIPDB
  regulations, 40,400 reports will be submitted to both the NPDB and the HIPDB each year, for an average of 187 reports per State licensing authority
  and 22 reports per State licensing board. The costs associated with preparing licensure reports are estimated at $25 per hour. The cost estimates for
  this burden are associated with the HIPDB.
\3\ Section 1921 requires each State to adopt a system of reporting to the NPDB any negative action or finding concluded against health care
  practitioners, physicians, dentists, and health care entities by a State licensing authority, peer review organization, or private accreditation
  entity. The negative actions or findings taken by State licensing authorities are already required to be reported to the HIPDB and were included in
  the HIPDB regulations. This regulation, therefore, includes the burden estimates only for those negative actions or findings taken by peer review
  organizations and private accreditation entities. We anticipate that there may be 25 peer review organizations that meet the definition proposed in
  this NPRM. Comments on the proposed rule indicate that peer review organizations will not often take the type of action or finding required to be
  reported in this regulation. Therefore, we estimate that on average these organizations would, at most, report a finding 2 times a year to the NPDB.
  We estimate that, under Sec.   60.10, there will be approximately 11 private accreditation entities reporting on an average 2 times each during the
  year to the NPDB for a total of 50 reports. We have identified 11 organizations that meet the definition of a private accreditation entity. We believe
  that these entities will report an average of 11 actions per year. This estimation is based on changes in the final rule that limits reportable
  actions to final terminations and denials of accreditation. Based on experience with the NPDB, we estimate that it will take a peer review
  organization or a private accreditation entity 45 minutes to complete and submit an initial report. The costs associated with preparing reports are
  estimated at $25 per hour.
\4\ Although OMB has previously approved the burden under the HCQIA for querying the NPDB, section 1921 authorizes additional entities, such as State
  Medicaid Fraud Control Units, Quality Improvement Organizations, and certain law enforcement officials to query the NPDB for disciplinary licensure
  actions, and other negative actions or findings concluded against health care practitioners, physicians, dentists, and health care entities. Based on
  current NPDB querying patterns, we estimate an approximate total of 123,183 new (section 1921--only) queries per year on health care practitioners,
  physicians, dentists, and health care entities. The costs associated with preparing these queries are estimated at $25 per hour. This estimate
  excludes queries by State licensing authorities. State licensing boards that license health care practitioners already have access to NPDB
  information. Additionally, State licensing authorities that license health care practitioners and entities currently have access to the HIPDB, which
  not only contains the new types of licensing reports collected under section 1921, but also contains a range of other types of adverse actions.
  Because of the low volume of queries currently submitted by these authorities, we do not anticipate an increase in queries as a result of section 1921
  implementation. All queries under section 1921 are voluntary.
\5\ Currently, self queries by health care practitioners are automatically submitted to both the NPDB and the HIPDB, and we anticipate the same policy
  will be in effect for health care entities when section 1921 is implemented. Therefore, self queries submitted to the NPDB by health care
  practitioners, physicians, dentists, and health care entities already are included in HIPDB burden estimates and are not included in this regulation.
  Since the burden and costs for preparation of self queries is contained in HIPDB no additional cost estimates are required by the implementation of
  section 1921. All self-querying is voluntary.
\6\ To access the NPDB, entities are required to certify that they meet section 1921 reporting and/or querying requirements. Consequently, an eligible
  entity must complete and submit an Entity Registration Form to the NPDB. Data collected on this form provides the NPDB with essential information
  concerning the entity (e.g., name, address, and entity type). Eligible entities (e.g., State licensing agencies, hospitals, or managed care
  organizations) that have access to the HCQIA, section 1921 and section 1128E information will only be required to register once. We estimate that an
  additional 50 entities will register with the NPDB each year for the next 3 years for a total of 150 entities. We estimate that it will take an entity
  60 minutes to complete and submit the Entity Registration Form to the NPDB. The costs associated with preparing the registration and entity
  verification documents are estimated at $25 per hour.
If there are any changes in the entity's name, address, telephone number, entity type designation, or query and/or report point of contact, the entity
  representative must update the information on the Entity Registration Update Form and submit it to the NPDB. Of these 150 new registrants, we estimate
  that approximately 25 entities will need to update their organization's information each year. The costs associated with preparing the registration
  and entity verification documents are estimated at $25 per hour.
\7\ OMB has previously approved the burden under the HCQIA for disputing the factual accuracy of information in a report and requesting Secretarial
  review of the disputed report. Based on experience with the NPDB, we estimate that an additional 18 reports will be entered into the ``disputed
  status.'' We estimate that it will take a health care practitioner, physician, dentist, or health care entity 15 minutes to notify the NPDB to enter
  the report into ``disputed status.'' The costs associated with preparing an initial dispute request is estimated at approximately $45 per hour. Of the
  18 disputed reports, we estimate that only 3 will be forwarded to the Secretary for review. We estimate that it will take a health care practitioner,
  physician, dentist, or entity 8 hours to describe, in writing, which facts are in dispute and to gather supporting documentation related to the
  dispute. Based on experience with the NPDB and HIPDB, we estimate the costs associated with preparing a request for Secretarial review at
  approximately $200 per hour. In addition, a health care practitioner, physician, or dentist who, or a health care entity that, is the subject of a
  report may submit a 2,000-character statement at any time after the NPDB has received the report. We estimate that an additional 40 practitioners and
  entities will submit statements to the NPDB. Based on previous experience, we estimate that each statement will take approximately 60 minutes to
  prepare. The cost estimate for preparation of statements is $100 per hour.
\8\ The costs presented in this table have been estimated based on whole hours. The cost estimates are for response preparation and do not cover the
  costs per query (user fee), which will be assessed for each name submitted to the NPDB. The per hour cost estimates have been developed by using
  operational reports of organizations utilizing the NPDB and HIPDB.


[[Page 4676]]

List of Subjects in 45 CFR Part 60

    Claims, Fraud, Health, Health maintenance organizations (HMOs), 
Health professions, Hospitals, Insurance companies, Malpractice, 
Reporting and recordkeeping requirements.

    Dated: September 9, 2009.
Mary K. Wakefield,
Administrator, Health Resources and Services Administration.
    Dated: September 14, 2009.
Kathleen Sebelius,
Secretary, Department of Health and Human Services.

0
For the reasons set forth in the preamble, the Health Resources and 
Services Administration amends 45 CFR part 60 as set forth below:

PART 60--NATIONAL PRACTITIONER DATA BANK FOR ADVERSE INFORMATION ON 
PHYSICIANS AND OTHER HEALTH CARE PRACTITIONERS

0
1. The authority citation for 45 CFR part 60 is revised to read as 
follows:

    Authority: 42 U.S.C. 11101-11152; 42 U.S.C. 1396r-2.

Subpart A--General Provisions

0
2. Section 60.1 is revised to read as follows:


Sec.  60.1  The National Practitioner Data Bank.

    The Health Care Quality Improvement Act of 1986, as amended 
(HCQIA), title IV of Public Law 99-660 (42 U.S.C. 11101 et seq.), 
authorizes the Secretary to establish (either directly or by contract) 
a National Practitioner Data Bank (NPDB) to collect and release certain 
information relating to the professional competence and conduct of 
physicians, dentists and other health care practitioners. Section 1921 
of the Social Security Act (42 U.S.C. 1396r-2) (section 1921) requires 
each State to adopt a system of reporting to the Secretary adverse 
licensure actions taken against health care practitioners and entities. 
Section 1921 also requires States to report any negative action or 
finding which a State licensing authority, peer review organization, or 
private accreditation entity has concluded against a health care 
practitioner or entity. This information will be collected and released 
to authorized parties by the NPDB. The regulations in this part set 
forth the reporting and disclosure requirements for the NPDB.


Sec.  60.2  [Amended]

0
3. Section 60.2 is amended by adding the phrase ``State licensing 
authorities;'' after the phrase ``Boards of Medical Examiners;'' in the 
first sentence and by adding ``State licensing or certification 
authorities, peer review organizations, and private accreditation 
entities that take negative actions or findings against health care 
practitioners, physicians, dentists, or entities;'' after the phrase 
``professional review actions;'' in the first sentence; and by removing 
the phrase ``National Practitioner Data Bank,'' wherever it appears, 
and adding the term ``NPDB'' in its place.

0
4. Section 60.3 is amended by removing the reference to ``Sec.  60.9'' 
in the third sentence of the definition of ``Board of Medical 
Examiners'' and adding ``Sec.  60.11'' in its place, and by adding the 
following definitions: ``Affiliated or associated,'' ``Formal 
proceeding,'' ``Negative action or finding,'' ``Organization name,'' 
``Organization type,'' ``Peer review organization,'' ``Private 
accreditation entity,'' ``Quality Improvement Organization,'' and 
``Voluntary surrender of license'' in alphabetical order to read as 
follows:


Sec.  60.3  Definitions.

* * * * *
    Affiliated or associated refers to health care entities with which 
a subject of a final adverse action has a business or professional 
relationship. This includes, but is not limited to, organizations, 
associations, corporations, or partnerships. This also includes a 
professional corporation or other business entity composed of a single 
individual.
* * * * *
    Formal proceeding means a proceeding held before a State licensing 
or certification authority, peer review organization, or private 
accreditation entity that maintains defined rules, policies, or 
procedures for such a proceeding.
* * * * *
    Negative action or finding by a State licensing authority, peer 
review organization, or private accreditation entity means:
    (a) A final determination of denial or termination of an 
accreditation status from a private accreditation entity that indicates 
a risk to the safety of a patient(s) or quality of health care 
services;
    (b) Any recommendation by a peer review organization to sanction a 
health care practitioner, physician, or dentist; or
    (c) Any negative action or finding that under the State's law is 
publicly available information and is rendered by a licensing or 
certification authority, including, but not limited to, limitations on 
the scope of practice, liquidations, injunctions and forfeitures. This 
definition excludes administrative fines or citations, and corrective 
action plans, unless they are:
    (1) Connected to the delivery of health care services, or
    (2) Taken in conjunction with other licensure or certification 
actions such as revocation, suspension, censure, reprimand, probation, 
or surrender.
    Organization name means the subject's business or employer at the 
time the underlying acts occurred. If more than one business or 
employer is applicable, the one most closely related to the underlying 
acts should be reported as the ``organization name,'' with the others 
being reported as ``affiliated or associated health care entities.''
    Organization type means a description of the nature of that 
business or employer.
    Peer review organization means an organization with the primary 
purpose of evaluating the quality of patient care practices or services 
ordered or performed by health care practitioners, physicians, or 
dentists measured against objective criteria which define acceptable 
and adequate practice through an evaluation by a sufficient number of 
health practitioners in such an area to ensure adequate peer review. 
The organization has due process mechanisms available to health care 
practitioners, physicians, and dentists. This definition excludes 
utilization and quality control peer review organizations described in 
Part B of Title XI of the Social Security Act (referred to as QIOs) and 
other organizations funded by the Centers for Medicare and Medicaid 
Services (CMS) to support the QIO program.
* * * * *
    Private accreditation entity means an entity or organization that:
    (a) Evaluates and seeks to improve the quality of health care 
provided by a health care entity;
    (b) Measures a health care entity's performance based on a set of 
standards and assigns a level of accreditation;
    (c) Conducts ongoing assessments and periodic reviews of the 
quality of health care provided by a health care entity; and
    (d) Has due process mechanisms available to health care entities.
* * * * *
    Quality Improvement Organization means a utilization and quality 
control peer review organization (as defined in part B of title XI of 
the Social Security Act) that:
    (a)(1) Is composed of a substantial number of the licensed doctors 
of

[[Page 4677]]

medicine and osteopathy engaged in the practice of medicine or surgery 
in the area and who are representative of the practicing physicians in 
the area, designated by the Secretary under section 1153, with respect 
to which the entity shall perform services under this part, or
    (2) Has available to it, by arrangement or otherwise, the services 
of a sufficient number of licensed doctors of medicine or osteopathy 
engaged in the practice of medicine or surgery in such area to assure 
that adequate peer review of the services provided by the various 
medical specialties and subspecialties can be assured;
    (b) Is able, in the judgment of the Secretary, to perform review 
functions required under section 1154 in a manner consistent with the 
efficient and effective administration of this part and to perform 
reviews of the pattern of quality of care in an area of medical 
practice where actual performance is measured against objective 
criteria which define acceptable and adequate practice; and
    (c) Has at least one individual who is a representative of 
consumers on its governing body.
* * * * *
    Voluntary surrender of license means a surrender made after a 
notification of investigation or a formal official request by a State 
licensing authority for a health care practitioner, physician, dentist, 
or entity to surrender a license. The definition also includes those 
instances where a health care practitioner, physician, dentist, or 
entity voluntarily surrenders a license in exchange for a decision by 
the licensing authority to cease an investigation or similar 
proceeding, or in return for not conducting an investigation or 
proceeding, or in lieu of a disciplinary action.
0
5. Subpart B is revised as set forth below:
Subpart B--Reporting of Information
60.4 How information must be reported.
60.5 When information must be reported.
60.6 Reporting errors, omissions, and revisions.
60.7 Reporting medical malpractice payments.
60.8 Reporting licensure actions taken by Boards of Medical 
Examiners.
60.9 Reporting licensure actions taken by States.
60.10 Reporting negative actions or findings taken by peer review 
organizations or private accreditation entities.
60.11 Reporting adverse actions on clinical privileges.

Subpart B--Reporting of Information


Sec.  60.4  How information must be reported.

    Information must be reported to the NPDB or to a Board of Medical 
Examiners as required under Sec. Sec.  60.7, 60.8, and 60.11 in such 
form and manner as the Secretary may prescribe.


Sec.  60.5  When information must be reported.

    Information required under Sec. Sec.  60.7, 60.8, and 60.11 must be 
submitted to the NPDB within 30 days following the action to be 
reported, beginning with actions occurring on or after September 1, 
1990, and information required under Sec. Sec.  60.9 and 60.10 must be 
submitted to the NPDB within 30 days following the action to be 
reported, beginning with actions occurring on or after January 1, 1992, 
as follows:
    (a) Malpractice Payments (Sec.  60.7). Persons or entities must 
submit information to the NPDB within 30 days from the date that a 
payment, as described in Sec.  60.7, is made. If required under Sec.  
60.7, this information must be submitted simultaneously to the 
appropriate State licensing board.
    (b) Licensure Actions (Sec.  60.8 and Sec.  60.9). The Board of 
Medical Examiners or other licensing or certifying authority of a State 
must submit information within 30 days from the date the licensure 
action was taken.
    (c) Negative Action or Finding (Sec.  60.10). Peer review 
organizations, or private accreditation entities must report any 
negative actions or findings to the State within 15 days from the date 
the action was taken or the finding was made. Each State, through the 
adopted system of reporting, must submit to the NPDB the information 
received from the peer review organization or private accreditation 
entity within 15 days from the date on which it received this 
information.
    (d) Adverse Actions (Sec.  60.11). A health care entity must report 
an adverse action to the Board within 15 days from the date the adverse 
action was taken. The Board must submit the information received from a 
health care entity within 15 days from the date on which it received 
this information. If required under Sec.  60.11, this information must 
be submitted by the Board simultaneously to the appropriate State 
licensing board in the State in which the health care entity is 
located, if the Board is not such licensing Board.


Sec.  60.6  Reporting errors, omissions, and revisions.

    (a) Persons and entities are responsible for the accuracy of 
information which they report to the NPDB. If errors or omissions are 
found after information has been reported, the person or entity which 
reported it must send an addition or correction to the NPDB or, in the 
case of reports made under Sec.  60.11, to the Board of Medical 
Examiners, as soon as possible.
    (b) An individual or entity which reports information on licensure, 
negative actions or findings or clinical privileges under Sec. Sec.  
60.8, 60.9, 60.10, or 60.11 must also report any revision of the action 
originally reported. Revisions include reversal of a professional 
review action or reinstatement of a license. Revisions are subject to 
the same time constraints and procedures of Sec. Sec.  60.5, 60.8, 
60.9, 60.10, and 60.11, as applicable to the original action which was 
reported.


(Approved by the Office of Management and Budget under control number 
0915-0126)


Sec.  60.7  Reporting medical malpractice payments.

    (a) Who must report. Each entity, including an insurance company, 
which makes a payment under an insurance policy, self-insurance, or 
otherwise, for the benefit of a physician, dentist or other health care 
practitioner in settlement of or in satisfaction in whole or in part of 
a claim or a judgment against such physician, dentist, or other health 
care practitioner for medical malpractice, must report information as 
set forth in paragraph (b) of this section to the NPDB and to the 
appropriate State licensing board(s) in the State in which the act or 
omission upon which the medical malpractice claim was based. For 
purposes of this section, the waiver of an outstanding debt is not 
construed as a ``payment'' and is not required to be reported.
    (b) What information must be reported. Entities described in 
paragraph (a) of this section must report the following information:
    (1) With respect to the physician, dentist or other health care 
practitioner for whose benefit the payment is made--
    (i) Name,
    (ii) Work address,
    (iii) Home address, if known,
    (iv) Social Security Number, if known, and if obtained in 
accordance with section 7 of the Privacy Act of 1974 (5 U.S.C. 552a 
note),
    (v) Date of birth,
    (vi) Name of each professional school attended and year of 
graduation,
    (vii) For each professional license: the license number, the field 
of licensure, and the name of the State or Territory in which the 
license is held,

[[Page 4678]]

    (viii) Drug Enforcement Administration registration number, if 
known,
    (ix) Name of each hospital with which he or she is affiliated, if 
known;
    (2) With respect to the reporting entity--
    (i) Name and address of the entity making the payment,
    (ii) Name, title, and telephone number of the responsible official 
submitting the report on behalf of the entity, and
    (iii) Relationship of the reporting entity to the physician, 
dentist, or other health care practitioner for whose benefit the 
payment is made;
    (3) With respect to the judgment or settlement resulting in the 
payment--
    (i) Where an action or claim has been filed with an adjudicative 
body, identification of the adjudicative body and the case number,
    (ii) Date or dates on which the act(s) or omission(s) which gave 
rise to the action or claim occurred,
    (iii) Date of judgment or settlement,
    (iv) Amount paid, date of payment, and whether payment is for a 
judgment or a settlement,
    (v) Description and amount of judgment or settlement and any 
conditions attached thereto, including terms of payment,
    (vi) A description of the acts or omissions and injuries or 
illnesses upon which the action or claim was based,
    (vii) Classification of the acts or omissions in accordance with a 
reporting code adopted by the Secretary, and
    (viii) Other information as required by the Secretary from time to 
time after publication in the Federal Register and after an opportunity 
for public comment.
    (c) Sanctions. Any entity that fails to report information on a 
payment required to be reported under this section is subject to a 
civil money penalty not to exceed the amount specified at 42 CFR 
1003.103(c).
    (d) Interpretation of information. A payment in settlement of a 
medical malpractice action or claim shall not be construed as creating 
a presumption that medical malpractice has occurred.


(Approved by the Office of Management and Budget under control number 
0915-0126)


Sec.  60.8  Reporting licensure actions taken by Boards of Medical 
Examiners.

    (a) What actions must be reported. Each Board of Medical Examiners 
must report to the NPDB any action based on reasons relating to a 
physician's or dentist's professional competence or professional 
conduct:
    (1) Which revokes or suspends (or otherwise restricts) a 
physician's or dentist's license,
    (2) Which censures, reprimands, or places on probation a physician 
or dentist, or
    (3) Under which a physician's or dentist's license is surrendered.
    (b) Information that must be reported. The Board must report the 
following information for each action:
    (1) The physician's or dentist's name,
    (2) The physician's or dentist's work address,
    (3) The physician's or dentist's home address, if known,
    (4) The physician's or dentist's Social Security number, if known, 
and if obtained in accordance with section 7 of the Privacy Act of 1974 
(5 U.S.C. 552a note),
    (5) The physician's or dentist's date of birth,
    (6) Name of each professional school attended by the physician or 
dentist and year of graduation,
    (7) For each professional license, the physician's or dentist's 
license number, the field of licensure and the name of the State or 
Territory in which the license is held,
    (8) The physician's or dentist's Drug Enforcement Administration 
registration number, if known,
    (9) A description of the acts or omissions or other reasons for the 
action taken,
    (10) A description of the Board action, the date the action was 
taken, its effective date and duration,
    (11) Classification of the action in accordance with a reporting 
code adopted by the Secretary, and
    (12) Other information as required by the Secretary from time to 
time after publication in the Federal Register and after an opportunity 
for public comment.
    (c) Sanctions. If, after notice of noncompliance and providing 
opportunity to correct noncompliance, the Secretary determines that a 
Board has failed to submit a report as required by this section, the 
Secretary will designate another qualified entity for the reporting of 
information under Sec.  60.11.


Sec.  60.9  Reporting licensure actions taken by States.

    (a) What actions must be reported. Each State is required to adopt 
a system of reporting to the NPDB actions, as listed below, which are 
taken against a health care practitioner, physician, dentist, or entity 
(as defined in Sec.  60.3). The actions taken must be as a result of 
formal proceedings (as defined in Sec.  60.3). The actions which must 
be reported are:
    (1) Any adverse action taken by the licensing authority of the 
State as a result of a formal proceeding, including revocation or 
suspension of a license (and the length of any such suspension), 
reprimand, censure, or probation;
    (2) Any dismissal or closure of the formal proceeding by reason of 
the health care practitioner, physician, dentist, or entity 
surrendering the license, or the practitioner leaving the State or 
jurisdiction;
    (3) Any other loss of the license of the health care practitioner, 
physician, dentist, or entity, whether by operation of law, voluntary 
surrender (excluding those due to non-payment of licensure renewal 
fees, retirement, or change to inactive status), or otherwise; and
    (4) Any negative action or finding by such authority, organization, 
or entity regarding the health care practitioner, physician, dentist, 
or entity.
    (b) What information must be reported. Each State must report the 
following information (not otherwise reported under Sec.  60.8):
    (1) If the subject is a health care practitioner, physician, or 
dentist, personal identifiers, including:
    (i) Name;
    (ii) Social Security Number, if known, and if obtained in 
accordance with section 7 of the Privacy Act of 1974 (5 U.S.C. 552a 
note);
    (iii) Home address or address of record;
    (iv) Sex; and
    (v) Date of birth.
    (2) If the subject is a health care practitioner, physician, or 
dentist, employment or professional identifiers, including:
    (i) Organization name and type;
    (ii) Occupation and specialty, if applicable;
    (iii) National Provider Identifier (NPI), when issued by the 
Centers for Medicare & Medicaid Services (CMS);
    (iv) Name of each professional school attended and year of 
graduation; and
    (v) With respect to the professional license (including 
professional certification and registration) on which the reported 
action was taken, the license number, the field of licensure, and the 
name of the State or Territory in which the license is held.
    (3) If the subject is a health care entity, identifiers, including:
    (i) Name;
    (ii) Business address;
    (iii) Federal Employer Identification Number (FEIN), or Social 
Security Number when used by the subject as a Taxpayer Identification 
Number (TIN);
    (iv) The NPI, when issued by CMS;
    (v) Type of organization; and
    (vi) With respect to the license (including certification and 
registration)

[[Page 4679]]

on which the reported action was taken, the license and the name of the 
State or Territory in which the license is held.
    (4) For all subjects:
    (i) A narrative description of the acts or omissions and injuries 
upon which the reported action was based;
    (ii) Classification of the acts or omissions in accordance with a 
reporting code adopted by the Secretary;
    (iii) Classification of the action taken in accordance with a 
reporting code adopted by the Secretary, and the amount of any monetary 
penalty resulting from the reported action;
    (iv) The date the action was taken, its effective date and 
duration;
    (v) Name of the agency taking the action;
    (vi) Name and address of the reporting entity; and
    (vii) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity.
    (c) What information may be reported, if known: Entities described 
in paragraph (a) of this section may voluntarily report, if known, the 
following information:
    (1) If the subject is a health care practitioner, physician, or 
dentist, personal identifiers, including:
    (i) Other name(s) used;
    (ii) Other address;
    (iii) FEIN, when used by the individual as a TIN; and
    (iv) If deceased, date of death.
    (2) If the subject is a health care practitioner, physician, or 
dentist, employment or professional identifiers, including:
    (i) Other State professional license number(s), field(s) of 
licensure, and the name(s) of the State or Territory in which the 
license is held;
    (ii) Other numbers assigned by Federal or State agencies, 
including, but not limited to Drug Enforcement Administration (DEA) 
registration number(s), Unique Physician Identification Number(s) 
(UPIN), and Medicaid and Medicare provider number(s);
    (iii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated; and
    (iv) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (3) If the subject is a health care entity, identifiers, including:
    (i) Other name(s) used;
    (ii) Other address(es) used;
    (iii) Other FEIN(s) or Social Security Number(s) used;
    (iv) Other NPI(s) used;
    (v) Other State license number(s) and the name(s) of the State or 
Territory in which the license is held;
    (vi) Other numbers assigned by Federal or State agencies, 
including, but not limited to Drug Enforcement Administration (DEA) 
registration number(s), Clinical Laboratory Improvement Act (CLIA) 
number(s), Food and Drug Administration (FDA) number(s), and Medicaid 
and Medicare provider number(s);
    (vii) Names and titles of principal officers and owners;
    (viii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated; and
    (ix) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (4) For all subjects:
    (i) Whether the subject will be automatically reinstated.
    (ii) [Reserved]
    (d) Access to documents. Each State must provide the Secretary (or 
an entity designated by the Secretary) with access to the documents 
underlying the actions described in paragraphs (a)(1) through (4) of 
this section, as may be necessary for the Secretary to determine the 
facts and circumstances concerning the actions and determinations for 
the purpose of carrying out section 1921 of the Social Security Act.


Sec.  60.10  Reporting negative actions or findings taken by peer 
review organizations or private accreditation entities.

    (a) What actions must be reported. Each State is required to adopt 
a system of reporting to the NPDB any negative actions or findings (as 
defined in Sec.  60.3) which are taken against a health care 
practitioner, physician, dentist, or entity by a peer review 
organization or private accreditation entity. The health care 
practitioner, physician, dentist, or entity must be licensed or 
otherwise authorized by the State to provide health care services. The 
actions taken must be as a result of formal proceedings (as defined in 
Sec.  60.3).
    (b) What information must be reported. Each State must report the 
information as required in Sec.  60.9(b).
    (c) What information should be reported, if known: Each State 
should report, if known, the information as described in Sec.  60.9(c).
    (d) Access to documents. Each State must provide the Secretary (or 
an entity designated by the Secretary) with access to the documents 
underlying the actions described in this section as may be necessary 
for the Secretary to determine the facts and circumstances concerning 
the actions and determinations for the purpose of carrying out section 
1921 of the Social Security Act.


Sec.  60.11  Reporting adverse actions on clinical privileges.

    (a) Reporting to the Board of Medical Examiners--(1) Actions that 
must be reported and to whom the report must be made. Each health care 
entity must report to the Board of Medical Examiners in the State in 
which the health care entity is located the following actions:
    (i) Any professional review action that adversely affects the 
clinical privileges of a physician or dentist for a period longer than 
30 days;
    (ii) Acceptance of the surrender of clinical privileges or any 
restriction of such privileges by a physician or dentist--
    (A) While the physician or dentist is under investigation by the 
health care entity relating to possible incompetence or improper 
professional conduct, or
    (B) In return for not conducting such an investigation or 
proceeding; or
    (iii) In the case of a health care entity which is a professional 
society, when it takes a professional review action concerning a 
physician or dentist.
    (2) Voluntary reporting on other health care practitioners. A 
health care entity may report to the Board of Medical Examiners 
information as described in paragraph (a)(3) of this section concerning 
actions described in paragraph (a)(1) in this section with respect to 
other health care practitioners.
    (3) What information must be reported. The health care entity must 
report the following information concerning actions described in 
paragraph (a)(1) of this section with respect to a physician or 
dentist:
    (i) Name,
    (ii) Work address,
    (iii) Home address, if known,
    (iv) Social Security Number, if known, and if obtained in 
accordance with section 7 of the Privacy Act of 1974 (5 U.S.C. 552a 
note),
    (v) Date of birth,
    (vi) Name of each professional school attended and year of 
graduation,
    (vii) For each professional license: the license number, the field 
of licensure, and the name of the State or Territory in which the 
license is held,
    (viii) Drug Enforcement Administration registration number, if 
known,
    (ix) A description of the acts or omissions or other reasons for 
privilege loss, or, if known, for surrender,
    (x) Action taken, date the action was taken, and effective date of 
the action, and
    (xi) Other information as required by the Secretary from time to 
time after publication in the Federal Register and

[[Page 4680]]

after an opportunity for public comment.
    (b) Reporting by the Board of Medical Examiners to the National 
Practitioner Data Bank. Each Board must report, in accordance with 
Sec. Sec.  60.4 and 60.5, the information reported to it by a health 
care entity and any known instances of a health care entity's failure 
to report information as required under paragraph (a)(1) of this 
section. In addition, each Board must simultaneously report this 
information to the appropriate State licensing board in the State in 
which the health care entity is located, if the Board is not such 
licensing board.
    (c) Sanctions--(1) Health care entities. If the Secretary has 
reason to believe that a health care entity has substantially failed to 
report information in accordance with this section, the Secretary will 
conduct an investigation. If the investigation shows that the health 
care entity has not complied with this section, the Secretary will 
provide the entity with a written notice describing the noncompliance, 
giving the health care entity an opportunity to correct the 
noncompliance, and stating that the entity may request, within 30 days 
after receipt of such notice, a hearing with respect to the 
noncompliance. The request for a hearing must contain a statement of 
the material factual issues in dispute to demonstrate that there is 
cause for a hearing. These issues must be both substantive and 
relevant. The hearing will be held in the Washington, DC, metropolitan 
area. The Secretary will deny a hearing if:
    (i) The request for a hearing is untimely,
    (ii) The health care entity does not provide a statement of 
material factual issues in dispute, or
    (iii) The statement of factual issues in dispute is frivolous or 
inconsequential.


In the event that the Secretary denies a hearing, the Secretary will 
send a written denial to the health care entity setting forth the 
reasons for denial. If a hearing is denied, or if as a result of the 
hearing the entity is found to be in noncompliance, the Secretary will 
publish the name of the health care entity in the Federal Register. In 
such case, the immunity protections provided under section 411(a) of 
the Act will not apply to the health care entity for professional 
review activities that occur during the 3-year period beginning 30 days 
after the date of publication of the entity's name in the Federal 
Register.
    (2) Board of Medical Examiners. If, after notice of noncompliance 
and providing opportunity to correct noncompliance, the Secretary 
determines that a Board has failed to report information in accordance 
with paragraph (b) of this section, the Secretary will designate 
another qualified entity for the reporting of this information.

(Approved by the Office of Management and Budget under control number 
0915-0126)
0
6. Subpart C is revised as set forth below:

Subpart C--Disclosure of Information by the National Practitioner 
Data Bank

60.12 Information which hospitals must request from the National 
Practitioner Data Bank.
60.13 Requesting information from the National Practitioner Data 
Bank.
60.14 Fees applicable to requests for information.
60.15 Confidentiality of National Practitioner Data Bank 
information.
60.16 How to dispute the accuracy of National Practitioner Data Bank 
information.

Subpart C--Disclosure of Information by the National Practitioner 
Data Bank


Sec.  60.12  Information which hospitals must request from the National 
Practitioner Data Bank.

    (a) When information must be requested. Each hospital, either 
directly or through an authorized agent, must request information from 
the NPDB concerning a physician, dentist or other health care 
practitioner as follows:
    (1) At the time a physician, dentist or other health care 
practitioner applies for a position on its medical staff (courtesy or 
otherwise), or for clinical privileges at the hospital; and
    (2) Every 2 years concerning any physician, dentist, or other 
health care practitioner who is on its medical staff (courtesy or 
otherwise), or has clinical privileges at the hospital.
    (b) Failure to request information. Any hospital which does not 
request the information as required in paragraph (a) of this section is 
presumed to have knowledge of any information reported to the NPDB 
concerning this physician, dentist or other health care practitioner.
    (c) Reliance on the obtained information. Each hospital may rely 
upon the information provided by the NPDB to the hospital. A hospital 
shall not be held liable for this reliance unless the hospital has 
knowledge that the information provided was false. (Approved by the 
Office of Management and Budget under control number 0915-0126)


Sec.  60.13  Requesting information from the National Practitioner Data 
Bank.

    (a) Who may request information and what information may be 
available. Information in the NPDB will be available, upon request, to 
the persons or entities, or their authorized agents, as described 
below:
    (1) Information reported under Sec. Sec.  60.7, 60.8, and 60.11 is 
available to:
    (i) A hospital that requests information concerning a physician, 
dentist or other health care practitioner who is on its medical staff 
(courtesy or otherwise) or has clinical privileges at the hospital;
    (ii) A physician, dentist, or other health care practitioner who 
requests information concerning himself or herself;
    (iii) A State Medical Board of Examiners or other State authority 
that licenses physicians, dentists, or other health care practitioners;
    (iv) A health care entity which has entered or may be entering into 
an employment or affiliation relationship with a physician, dentist, or 
other health care practitioner, or to which the physician, dentist, or 
other health care practitioner has applied for clinical privileges or 
appointment to the medical staff;
    (v) An attorney, or individual representing himself or herself, who 
has filed a medical malpractice action or claim in a State or Federal 
court or other adjudicative body against a hospital, and who requests 
information regarding a specific physician, dentist, or other health 
care practitioner who is also named in the action or claim. This 
information will be disclosed only upon the submission of evidence that 
the hospital failed to request information from the NPDB, as required 
by Sec.  60.12(a), and may be used solely with respect to litigation 
resulting from the action or claim against the hospital;
    (vi) A health care entity with respect to professional review 
activity; and
    (vii) A person or entity requesting statistical information, in a 
form which does not permit the identification of any individual or 
entity.
    (2) Information reported under Sec. Sec.  60.9 and 60.10 is 
available to the agencies, authorities, and officials listed below that 
request information on licensure disciplinary actions and any other 
negative actions or findings concerning an individual health care 
practitioner, physician, dentist, or entity. These agencies, 
authorities, and officials may obtain data for the purposes of 
determining the fitness of individuals to provide health care services, 
protecting the health and safety of individuals receiving health care 
through programs

[[Page 4681]]

administered by the requesting agency, and protecting the fiscal 
integrity of these programs.
    (i) Agencies administering Federal health care programs, including 
private entities administering such programs under contract;
    (ii) Authorities of States (or political subdivisions thereof) 
which are responsible for licensing health care practitioners, 
physicians, dentists, and entities;
    (iii) State agencies administering or supervising the 
administration of State health care programs (as defined in 42 U.S.C. 
1128(h));
    (iv) State Medicaid Fraud Control Units (as defined in 42 U.S.C. 
1903(q));
    (v) Law enforcement officials and agencies such as:
    (A) United States Attorney General;
    (B) United States Chief Postal Inspector;
    (C) United States Inspectors General;
    (D) United States Attorneys;
    (E) United States Comptroller General;
    (F) United States Drug Enforcement Administration;
    (G) United States Nuclear Regulatory Commission;
    (H) Federal Bureau of Investigation; and
    (I) State law enforcement agencies, which include, but are not 
limited to, State Attorneys General.
    (vi) Utilization and quality control peer review organizations 
described in part B of title XI and appropriate entities with contracts 
under section 1154(a)(4)(C) of the Social Security Act with respect to 
eligible organizations reviewed under the contracts;
    (vii) Hospitals and other health care entities (as defined in 
section 431 of the HCQIA), with respect to physicians or other licensed 
health care practitioners who have entered (or may be entering) into 
employment or affiliation relationships with, or have applied for 
clinical privileges or appointments to the medical staff of, such 
hospitals or other health care entities;
    (viii) A physician, dentist, or other health care practitioner who, 
and an entity which, requests information concerning himself, herself, 
or itself; and
    (ix) A person or entity requesting statistical information, in a 
form which does not permit the identification of any individual or 
entity. (For example, researchers may use statistical information to 
identify the total number of nurses with adverse licensure actions in a 
specific State. Similarly, researchers may use statistical information 
to identify the total number of health care entities denied 
accreditation.)
    (b) Procedures for obtaining National Practitioner Data Bank 
information. Persons and entities may obtain information from the NPDB 
by submitting a request in such form and manner as the Secretary may 
prescribe. These requests are subject to fees as described in Sec.  
60.14.


Sec.  60.14  Fees applicable to requests for information.

    (a) Policy on fees. The fees described in this section apply to all 
requests for information from the NPDB. The amount of such fees will be 
sufficient to cover the full costs of operating the NPDB. The actual 
fees will be announced by the Secretary in periodic notices in the 
Federal Register. However, for purposes of verification and dispute 
resolution at the time the report is accepted, the NPDB will provide a 
copy--at the time a report has been submitted, automatically, without a 
request and free of charge--of the record to the health care 
practitioner or entity who is the subject of the report and to the 
reporter.
    (b) Criteria for determining the fee. The amount of each fee will 
be determined based on the following criteria:
    (1) Direct and indirect personnel costs, including salaries and 
fringe benefits such as medical insurance and retirement;
    (2) Physical overhead, consulting, and other indirect costs 
including materials and supplies, utilities, insurance, travel and rent 
and depreciation on land, buildings and equipment;
    (3) Agency management and supervisory costs;
    (4) Costs of enforcement, research, and establishment of 
regulations and guidance;
    (5) Use of electronic data processing equipment to collect and 
maintain information--the actual cost of the service, including 
computer search time, runs and printouts; and
    (6) Any other direct or indirect costs related to the provision of 
services.
    (c) Assessing and collecting fees. The Secretary will announce 
through notice in the Federal Register from time to time the methods of 
payment of NPDB fees. In determining these methods, the Secretary will 
consider efficiency, effectiveness, and convenience for the NPDB users 
and the Department. Methods may include: Credit card, electronic fund 
transfer, and other methods of electronic payment.


Sec.  60.15  Confidentiality of National Practitioner Data Bank 
information.

    (a) Limitations on disclosure. Information reported to the NPDB is 
considered confidential and shall not be disclosed outside the 
Department of Health and Human Services, except as specified in 
Sec. Sec.  60.12, 60.13, and 60.16. Persons who, and entities which, 
receive information from the NPDB either directly or from another party 
must use it solely with respect to the purpose for which it was 
provided. Nothing in this paragraph shall prevent the disclosure of 
information by a party which is authorized under applicable State law 
to make such disclosure.
    (b) Penalty for violations. Any person who violates paragraph (a) 
shall be subject to a civil money penalty of up to $11,000 for each 
violation. This penalty will be imposed pursuant to procedures at 42 
CFR part 1003.


Sec.  60.16  How to dispute the accuracy of National Practitioner Data 
Bank information.

    (a) Who may dispute National Practitioner Data Bank information. 
Any physician, dentist, or other health care practitioner or health 
care entity may dispute the accuracy of information in the NPDB 
concerning himself, herself or itself. The Secretary will routinely 
mail a copy of any report filed in the NPDB to the subject individual 
or entity.
    (b) Procedures for filing a dispute. The subject of the report may 
dispute the accuracy of the report within 60 days from the date on 
which the Secretary mails the report to the subject individual or 
entity. The procedures for disputing a report are:
    (1) Informing the Secretary and the reporting entity, in writing, 
of the disagreement, and the basis for it,
    (2) Requesting simultaneously that the disputed information be 
entered into a ``disputed'' status and be reported to inquirers as 
being in a ``disputed'' status, and
    (3) Attempting to enter into discussion with the reporting entity 
to resolve the dispute.
    (c) Procedures for revising disputed information.
    (1) If the reporting entity revises the information originally 
submitted to the NPDB, the Secretary will notify all entities to whom 
reports have been sent that the original information has been revised.
    (2) If the reporting entity does not revise the reported 
information, the Secretary will, upon request, review the written 
information submitted by both parties (the subject individual or entity 
and the reporting entity). After review, the Secretary will either--
    (i) If the Secretary concludes that the information is accurate, 
include a brief statement by the physician, dentist or other health 
care practitioner or health care entity describing the disagreement 
concerning the information, and an

[[Page 4682]]

explanation of the basis for the decision that it is accurate, or
    (ii) If the Secretary concludes that the information is incorrect, 
send corrected information to previous inquirers.

[FR Doc. 2010-1514 Filed 1-27-10; 8:45 am]
BILLING CODE 4165-15-P