[Federal Register Volume 76, Number 226 (Wednesday, November 23, 2011)]
[Rules and Regulations]
[Pages 72325-72327]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-30292]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
45 CFR Part 5b
RIN 0906-AA91
Privacy Act; Exempt Record System
AGENCY: Health Resources and Services Administration (HRSA), HHS.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: This final rule exempts the system of records (09-15-0054, the
National Practitioner Data Bank for Adverse Information on Physicians
and Other Health Care Practitioners, HHS/HRSA/BHPr) for the National
Practitioner Data Bank (NPDB) from certain provisions of the Privacy
Act (5 U.S.C. 552a). The exemption is necessary due to the recent
expansion of the NPDB under section 1921 of the Social Security Act to
include the investigative materials compiled for law enforcement
purposes reported to the Healthcare Integrity and Protection Data Bank
(HIPDB). The system of records for the HIPDB is exempt from certain
provisions of the Privacy Act (see 45 CFR 5b.11(b)(2)(ii)(F)). In order
to maintain the exemption for the HIPDB investigative materials, which
will now also be available through the NPDB, it is necessary to extend
the same exemption to the NPDB.
DATES: The effective date of this rule is December 23, 2011.
FOR FURTHER INFORMATION CONTACT: Cynthia Grubbs, Director, Division of
Practitioner Data Banks, Bureau of Health Professions, Health Resources
and Services Administration, Parklawn Building, 5600 Fishers Lane, Room
8-103, Rockville, MD 20857; telephone number: (301) 443-2300.
SUPPLEMENTARY INFORMATION:
I. Background
The NPDB was established by Title IV of Public Law 99-660, the
Health Care Quality Improvement Act of 1986, as amended. The NPDB is
primarily an alert or flagging system intended to facilitate a
comprehensive review of health care practitioners' professional
credentials. On January 28, 2010, HRSA published a final rule in the
Federal Register (75 FR 4656) designed to implement section 1921 of the
Social Security Act (herein referred to as section 1921). Section 1921
expands the scope of the NPDB. Section 1921 requires each State to
adopt a system of reporting to the Secretary certain adverse licensure
actions taken against health care practitioners and health care
entities by any authority of the State responsible for the licensing of
such practitioners or entities. It also requires each State to report
any negative action or finding that a State licensing authority, a peer
review organization, or a private accreditation entity has finalized
against a health care practitioner or entity. Practically speaking,
section 1921 resulted in, among other consequences, the transfer of the
vast majority of information contained in the HIPDB, a companion data
bank, to the NPDB.
The HIPDB was created by the Health Insurance Portability and
Accountability Act (HIPAA) of 1996, Public Law (Pub. L. 104-191), which
required the Secretary, acting through the Office of Inspector General
(OIG) and the United States Attorney General, to establish a new health
care fraud and abuse control program, to combat health care fraud and
abuse. Together, the HIPDB and NPDB serve to facilitate review of
health care practitioners' and entities' backgrounds.
II. Summary of the Proposed Rule
In the February 17, 2011 Federal Register (76 FR 9295), HRSA
published a proposed rule that would exempt the NPDB system of records
from subsection (c)(3), (d)(1) through (d)(4), (e)(4)(G) and (H), and
(f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(2). These
exemptions are necessary to deal with the expansion of NPDB information
after implementation of section 1921 on March 1, 2010. Groups that have
access to the section 1921 information in the NPDB include all
organizations eligible to query the NPDB under the Health Care Quality
Improvement Act of 1986 (hospitals, other health care entities that
conduct peer review and provide health care services, State medical or
dental boards, and other health care practitioner State boards), other
State licensing authorities, agencies administering Federal health care
programs (including private entities administering such programs under
contract), State agencies administering or supervising the
administration of State health care programs, State Medicaid Fraud
Control Units, certain law enforcement agencies, utilization and
quality control peer review organizations (referred to as QIOs), as
defined in Part B of title XI of the Social
[[Page 72326]]
Security Act, and appropriate entities with contracts under section
1154(a)(4)(C) of the Social Security Act. Individual health care
practitioners and entities can self-query.
One of the purposes of these data will be use of this information
by a Federal or State government agency charged with the responsibility
of investigating or prosecuting a case where there is an indication of
a violation or potential violation of law, whether civil, criminal, or
regulatory in nature. The information in this system may also be used
in the preparation for a trial or hearing for such violation.
Specifically, this final rule now exempts the NPDB from the
following subsections of the Privacy Act for the reasons set forth
below:
Subsection (c)(3). This provision requires that
individuals be provided an accounting of disclosures of their records
from a Privacy Act system, if requested. Providing an accounting of
disclosures (i.e., an accounting of queries made by law enforcement
agencies) to an individual who is the subject of an investigation could
reveal the nature and scope of the investigation and could lead to the
destruction or alteration of evidence, tampering with witnesses, and
other evasive actions that could impede or compromise an investigation.
Subsections (d)(1) through (d)(4). These provisions
require that individuals be allowed to access and correct or amend
their records in a Privacy Act system, if requested. Release of
investigative records to an individual who is the subject of an
investigation could interfere with pending or prospective law
enforcement proceedings, or could reveal sensitive investigative
techniques and procedures. Report subjects will have access to
information on all other queries to the data bank. Report subjects are
guaranteed access to, and correction rights for, substantive
information reported to the NPDB. The procedures, appearing in 45 CFR
part 60, use the Privacy Act access and correction procedures as a
basic framework while, at the same time, providing significant
additional rights (such as automatic notification to the record subject
of any report filed with the data bank). Data bank subjects also have
broader rights on NPDB correction procedures, including the right to
file a statement of disagreement as soon as a report is filed with the
data bank.
Subsections (e)(4)(G) and (H), and (f). These provisions
require that the system of records notice for a Privacy Act system
provide the procedures whereby individuals can be notified at their
request if the system contains records about them and can request and
gain access to, and contest the content of, their records. Notifying an
individual who is the subject of an investigation or a witness that a
system of records contains information about him or her could reveal
the nature and scope of the investigation and could result in the
altering or destruction of evidence, improper influencing of witnesses,
and other evasive actions that could impede or compromise an
investigation. Report subjects are guaranteed access to, and correction
rights for, substantive information reported to the NPDB. The same
correction procedures apply (contained in 45 CFR part 60) as mentioned
in the earlier bullet for subsections (d)(1) through (d)(4).
Accordingly, HRSA proposes to amend 45 CFR 5b.11(b)(2)(ii) of the
HHS Privacy Act regulations by adding the following:
A new paragraph (L) that exempts investigative materials
compiled for law enforcement purposes for the National Practitioner
Data Bank from requirements (c)(3), (d)(1) through (d)(4), (e)(4)(G)
and (H), and (f) of the Privacy Act (5 U.S.C. 552a).
The system of records for the NPDB, which was last published in the
Federal Register on October 1, 2010 (75 FR 60763), will be re-published
promptly to reflect this change.
III. Summary and Response to Public Comments
The proposed rule set forth a 60-day public comment period, ending
April 18, 2011. HRSA received one response from a national association
representing physicians. Following are two concerns highlighted by the
commenter and our responses to those concerns.
Issue #1: Commenter believes that shielding law enforcement queries
from a NPDB physician subject's review would result in wasted law
enforcement resources and would deny physicians due process.
Response: The restriction on revealing law enforcement queries to
data bank report subjects has been in place for the last 15 years for
the Healthcare Integrity and Protection Data Bank (HIPDB). Law
enforcement queries constitute less than one percent of the total
queries to the data bank and on average there are only 20 law
enforcement queries per year. The act of querying the data bank does
not deny providers due process rights or bar them from availing
themselves of correction procedures, if a report is filed against them
in the data bank. Law enforcement agencies are not required to notify
subjects that they are under investigation and doing so would most
likely compromise an investigation. The commenter additionally claims
that law enforcement resources are being wasted. This claim has no
evidentiary support, and HRSA feels it is best left to law enforcement
officials to make this determination.
Issue #2: When commenting on the exemption of the NPDB from Privacy
Act access and amendment procedures, commenter expressed support
maintaining NPDB access and correction procedures so that NPDB subjects
are guaranteed access to, and correction rights for, information
reported to the NPDB. However, the commenter feels that shielding law
enforcement queries from disclosure to physicians would hamper the
physician's ability to ensure the accuracy of the information that has
been reported to the NPDB.
Response: NPDB access and correction procedures, which guarantee
access to, and correction rights for, information reported to the NPDB,
are maintained. HRSA disagrees with the statement that disclosure of
law enforcement queries would affect a physician's ability to ensure
the accuracy of information reported to the data bank. Data bank
reports and data bank queries are two separate things. Data bank
reports reflect an adverse action taken by a reporting entity, whereas
a data bank query is a request for information on a practitioner.
Practitioners receive a copy of all reports submitted by a reporting
entity along with instructions on correction procedures. If a
practitioner elects, they can receive an accounting of entities that
have queried them by submitting a self- query. Shielding law
enforcement query history does not affect a practitioner's ability to
use the report correction procedures. Information on how to dispute the
accuracy of a data bank report can be accessed on page F-1 of the NPDB
Guidebook at: http://www.npdb-hipdb.hrsa.gov/resources/NPDBGuidebook.pdf.
Based on HRSA's review of the public comments, no revisions have
been made to the final rule.
Economic and Regulatory Impact
We have reviewed this final rule in accordance with the provisions
of Executive Orders 13563 and 12866 and the Regulatory Flexibility Act
(5 U.S.C. 601-612) and have determined that it will have no major
effect on the economy or Federal expenditures. Executive Orders 13563
and 12866 direct agencies to assess all costs and benefits of available
regulatory alternatives and, when rulemaking is necessary, to select
regulatory
[[Page 72327]]
approaches that maximize net benefits, including potential economic,
environmental, public health, safety distributive, and equity effects.
The Secretary has determined that this final rule is not a ``major
rule'' within the meaning of the statute providing for Congressional
Review of Agency Rulemaking, 5 U.S.C. 801, and has determined that it
does not meet the criteria for a significant regulatory action. In
addition, under the Small Business Enforcement Act (SBEA) of 1996, if a
rule has a significant economic effect on a substantial number of small
businesses, the Secretary must specifically consider the economic
effect of a rule on small business entities and analyze regulatory
options that could lessen the impact of the rule. The Secretary has
reviewed this exemption in accordance with the provisions of the SBEA
and certifies that this exemption will not have a significant impact on
a substantial number of small entities. Specifically, as indicated
above, while the reports of adverse actions to the NPDB will be known
to the subjects of the records in the data bank, the access and use of
such information by law enforcement agencies would not be known to the
subjects of the records, because HRSA believes that disclosure of this
information could compromise ongoing law enforcement activities.
Similarly, the final rule will not have effects on State, local,
and Tribal governments, and on the private sector such as to require
consultation under the Unfunded Mandates Reform Act of 1995.
The Secretary has reviewed this final rule in accordance with
Executive Order 13132 regarding federalism and has determined that it
does not have ``federalism implications.'' This rule would not ``have
substantial direct effects on the States, or on the relationship
between the national government and the States, or on the distribution
of power and responsibilities among the various levels of government.''
The proposals made in this final rule would not adversely affect
the following family elements: Family safety, family stability, marital
commitment; parental rights in the education, nurture and supervision
of their children; family functioning, disposable income, or poverty;
or the behavior and personal responsibility of youth, as determined
under section 654(c) of the Treasury and General Government
Appropriations Act of 1999.
In accordance with the provisions of Executive Order 12866, this
final rule was not reviewed by the Office of Management and Budget.
Paperwork Reduction Act
This final rule does not have any information collection
requirements.
Dated: October 20, 2011.
Mary Wakefield,
Administrator, Health Resources and Services Administration.
Approved: November 16, 2011.
Kathleen Sebelius,
Secretary.
List of Subjects in 45 CFR Part 5b
Privacy.
PART 5b--PRIVACY ACT REGULATIONS
Accordingly, 45 CFR part 5b is amended as set forth below:
0
1. The authority citation for part 5b continues to read as follows:
Authority: 5 U.S.C. 301, 5 U.S.C. 552a.
0
2. Add Sec. 5b.11(b)(2)(ii)(L) to read as follows:
Sec. 5b.11 Exempt systems.
* * * * *
(b) * * *
(2) * * *
(ii) * * *
(L) Investigative materials compiled for law enforcement purposes
in the National Practitioner Data Bank (NPDB). (See Sec. 60.16 of this
subtitle for access and correction rights under the NPDB by subjects of
the Data Bank.)
* * * * *
[FR Doc. 2011-30292 Filed 11-22-11; 8:45 am]
BILLING CODE 4165-15-P