[Federal Register Volume 84, Number 220 (Thursday, November 14, 2019)]
[Notices]
[Pages 61960-61961]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-24724]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2019-0016]


Privacy Act of 1974; Matching Program

AGENCY: Social Security Administration (SSA).

ACTION: Notice of a New Matching Program.

-----------------------------------------------------------------------

SUMMARY: In accordance with the provisions of the Privacy Act, as 
amended, this notice announces a new matching program with the Center 
for Medicare & Medicaid Services (CMS). This matching agreement 
establishes the terms, conditions, and safeguards under which CMS will 
disclose to SSA Medicare non-utilization information for Social 
Security Title II beneficiaries aged 90 and above. CMS will identify 
Medicare enrollees whose records have been inactive for three or more 
years. SSA will use this data as an indicator to select and prioritize 
cases for review to determine continued eligibility for benefits under 
Title II of the Social Security Act (Act). SSA will contact these 
individuals to verify ongoing eligibility. SSA will use this data for 
the purposes of fraud discovery and the analysis of fraud program 
operations; this agreement allows for SSA's Office of Anti-Fraud 
Programs (OAFP) to evaluate the data for the purposes of fraud 
detection. SSA will refer individual cases of suspected fraud, waste, 
or abuse to the Office of the Inspector General (OIG) for 
investigation.

DATES: The deadline to submit comments on the proposed matching program 
is 30 days from the date of publication of this notice in the Federal 
Register. The matching program will be applicable on January 1, 2020, 
or once a minimum of 30 days after publication of this notice has 
elapsed, whichever is later. The matching program will be in effect for 
a period of 18 months.

ADDRESSES: Interested parties may comment on this notice by either 
telefaxing to (410) 966-0869, writing to Matthew Ramsey, Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, Social Security

[[Page 61961]]

Administration, G-401 WHR, 6401 Security Boulevard, Baltimore MD 21235-
6401, or emailing [email protected]. All comments received will be 
available for public inspection by contacting Mr. Ramsey at this street 
address.

FOR FURTHER INFORMATION CONTACT: Norma Followell, Supervisory Team 
Lead, Office of Privacy and Disclosure, Office of the General Counsel, 
Social Security Administration, G-401 WHR, 6401 Security Boulevard, 
Baltimore, MD 21235-6401, at telephone: (410) 966-5855, or send an 
email to [email protected].

SUPPLEMENTARY INFORMATION: None.

Matthew Ramsey,
Executive Director, Office of Privacy and Disclosure, Office of the 
General Counsel.

PARTICIPATING AGENCIES:
    SSA and CMS.

AUTHORITY FOR CONDUCTING THE MATCHING PROGRAM:
    The legal authority for this agreement is executed in compliance 
with the Privacy Act of 1974 (5 U.S.C. 552a), as amended by the 
Computer Matching and Privacy Protection Act (CMPPA) of 1988 (Public 
Law (Pub. L.) 100-503), including 5 U.S.C. 552a(b)(3); section 1106 of 
the Act (42 U.S.C. 1306); and Office of Management and Budget 
guidelines pertaining to computer matching at 54 FR 25818 (June 19, 
1989).
    Section 202 of the Act (42 U.S.C. 402) outlines the requirements 
for eligibility to receive Old-Age, Survivors, and Disability Insurance 
Benefits under Title II of the Act. Section 205(c) of the Act (42 
U.S.C. 405) directs the Commissioner of Social Security to verify the 
eligibility of a beneficiary.
    This matching program employs CMS systems containing Protected 
Health Information (PHI) as defined by Health and Human Services (HHS) 
regulation ``Standards for Privacy of Individually Identifiable Health 
Information'' (45 CFR 160 and 164 (78 FR 5566, Parts A and E, published 
January 25, 2013)). PHI authorized by the routine uses may only be 
disclosed by CMS if, and as permitted or required by the ``Standard for 
Privacy in Individually Identifiable Health Information,'' (45 CFR 
164.512d).

PURPOSE(S):
    This matching program establishes the terms, conditions, and 
safeguards under which CMS will disclose to SSA Medicare non-
utilization information for Social Security Title II beneficiaries aged 
90 and above.
    CMS will identify Medicare enrollees whose records have been 
inactive for three or more years. SSA will use this data as an 
indicator to select and prioritize cases for review to determine 
continued eligibility for benefits under Title II of the Act. SSA will 
contact these individuals to verify ongoing eligibility. In addition, 
SSA will use this data for the purposes of fraud discovery and the 
analysis of fraud program operations; this agreement allows for SSA's 
OAFP to evaluate the data for purposes of fraud detection. SSA will 
refer individual cases of suspected fraud, waste, or abuse to OIG for 
investigation.

CATEGORIES OF INDIVIDUALS:
    The individuals whose information is involved in this matching 
program are Social Security Title II beneficiaries aged 90 and above.

CATEGORIES OF RECORDS:
    SSA will provide CMS with a finder file containing the following 
information for each individual: (a) Title II Claim Account Number; (b) 
Title II Beneficiary Identification Code; (c) First Name; (d) Last 
Name; and (e) Date of birth.
    CMS will provide SSA with a response file containing the following 
information for each individual: (a) CMS File Number (identified as a 
Health Insurance Claim Number (HICN) or Medicare Beneficiary Identifier 
(MBI)); (b) Whether CMS matched beneficiary or individual is a Medicare 
beneficiary; (c) Whether individual is a Medicaid recipient; (d) 
Whether Medicare was used in the last 3 years; (e) Whether the 
beneficiary is a part of an HMO; (f) Whether the beneficiary lives in a 
nursing home; (g) Whether the beneficiary has private health insurance; 
(h) Whether the beneficiary has veteran's health insurance; or (i) 
Whether the beneficiary has Tricare insurance.

SYSTEM(S) OF RECORDS:
    SSA will disclose to CMS information from the Master Beneficiary 
Record (MBR) (60-0090), last fully published January 11, 2006 (71 FR 
1826), amended on December 10, 2007 (72 FR 69723), July 5, 2013 (78 FR 
40542), July 3, 2018 (83 FR 31250-31251), and November 1, 2018 (83 FR 
54969).
    SSA will retain any information from the CMS response file in the 
Anti-Fraud Enterprise Solution System of Records for OAFP fraud-related 
analytics, or data that leads to OAFP to initiate a fraud investigation 
(60-0388) published May 3, 2018 (83 FR 19588).
    CMS will disclose to SSA information from the following Systems of 
Record (SORs): (a) National Claims History (NCH) (09-70-0558), 
published November 20, 2006 (71 FR 67137); (b) Enrollment Data Base 
(EDB) (09-70-0502), published February 26, 2008 at 73 FR 10249; and (c) 
The Long Term Care--Minimum Data Set (MDS) (90-70-0528), published 
March 19, 2007 at 72 FR 12801.
    SSA's and CMS's SORs have routine uses permitting the disclosures 
needed to conduct this match.

[FR Doc. 2019-24724 Filed 11-13-19; 8:45 am]
 BILLING CODE P