[Federal Register Volume 88, Number 210 (Wednesday, November 1, 2023)]
[Notices]
[Pages 74998-74999]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-24081]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Medicare & Medicaid Services


Privacy Act of 1974; Matching Program

AGENCY: Centers for Medicare & Medicaid Services (CMS), Department of 
Health and Human Services (HHS).

ACTION: Notice of a new matching program.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
Department of Health and Human Services (HHS), Centers for Medicare & 
Medicaid Services (CMS) is providing notice of the re-establishment of 
a computer matching program between CMS and the Department of Defense, 
Defense Manpower Data Center for ``Verification of Eligibility for 
Minimum Essential Coverage Under the Patient Protection and Affordable 
Care Act through a Department of Defense Health Benefits Plan.''

DATES: The deadline for comments on this notice is December 1, 2023. 
The re-established matching program will commence not sooner than 30 
days after publication of this notice, provided no comments are 
received that warrant a change to this notice. The matching program 
will be conducted for an initial term of 18 months (from approximately 
November 30, 2023 to May 29, 2025) and within 3 months of expiration 
may be renewed for up to one additional year if the parties make no 
change to the matching program and certify that the program has been 
conducted in compliance with the matching agreement.

ADDRESSES: Interested parties may submit comments on this notice to the 
CMS Privacy Act Officer by mail at: Division of Security, Privacy 
Policy & Governance, Information Security & Privacy Group, Office of 
Information Technology, Centers for Medicare & Medicaid Services, 
Location: N1-14-56, 7500 Security Blvd., Baltimore, MD 21244-1850 or by 
email at [email protected].

FOR FURTHER INFORMATION CONTACT: If you have questions about the 
matching program, you may contact Anne Pesto, Senior Advisor, 
Marketplace Eligibility and Enrollment Group, Center for Consumer 
Information and Insurance Oversight, Centers for Medicare & Medicaid 
Services, at 443-955-9966, by email at [email protected], or by 
mail at 7500 Security Blvd., Baltimore, MD 21244.

SUPPLEMENTARY INFORMATION: The Privacy Act of 1974, as amended (5 
U.S.C. 552a) provides certain protections for individuals applying for 
and receiving Federal benefits. The law governs the use of computer 
matching by Federal agencies when records in a system of records 
(meaning, Federal agency records about individuals

[[Page 74999]]

retrieved by name or other personal identifier) are matched with 
records of other Federal or non-Federal agencies. The Privacy Act 
requires agencies involved in a matching program to:
    1. Enter into a written agreement, which must be prepared in 
accordance with the Privacy Act, approved by the Data Integrity Board 
of each source and recipient Federal agency, provided to Congress and 
the Office of Management and Budget (OMB), and made available to the 
public, as required by 5 U.S.C. 552a(o), (u)(3)(A), and (u)(4).
    2. Notify the individuals whose information will be used in the 
matching program that the information they provide is subject to 
verification through matching, as required by 5 U.S.C. 552a(o)(1)(D).
    3. Verify match findings before suspending, terminating, reducing, 
or making a final denial of an individual's benefits or payments or 
taking other adverse action against the individual, as required by 5 
U.S.C. 552a(p).
    4. Report the matching program to Congress and the OMB, in advance 
and annually, as required by 5 U.S.C. 552a(o) (2)(A)(i), (r), and 
(u)(3)(D).
    5. Publish advance notice of the matching program in the Federal 
Register as required by 5 U.S.C. 552a(e)(12).
    This matching program meets these requirements.

Barbara Demopulos,
Privacy Act Officer, Division of Security, Privacy Policy and 
Governance, Office of Information Technology, Centers for Medicare & 
Medicaid Services.

Participating Agencies

    The Department of Health and Human Services (HHS), Centers for 
Medicare & Medicaid Services (CMS) is the recipient agency, and the 
Department of Defense (DoD), Defense Manpower Data Center (DMDC) is the 
source agency.

Authority for Conducting the Matching Program

    The principal authority for conducting the matching program is 42 
U.S.C. 18001, et seq.

Purpose(s)

    The purpose of the matching program is to provide CMS with DoD data 
verifying individuals' eligibility for coverage under a DoD Health 
Benefit Plan (i.e., TRICARE), when requested by CMS and state-based 
administering entities (AE) for the purpose of determining the 
individuals' eligibility for insurance affordability programs under the 
Patient Protection and Affordable Care Act (PPACA). CMS and the 
requesting AE will use the DoD data to determine whether an enrollee in 
private health coverage under a qualified health plan through a 
federally-facilitated or state-based health insurance exchange is 
eligible for coverage under TRICARE, and the dates the individual was 
eligible for TRICARE coverage. DoD health benefit plans provide minimum 
essential coverage (MEC), and eligibility for such plans precludes 
eligibility for financial assistance in paying for private coverage. 
CMS and AE will use the DoD data to authenticate identity, determine 
eligibility for financial assistance (including an advance tax credit 
and cost-sharing reduction, which are types of insurance affordability 
programs), and determine the amount of any financial assistance.

Categories of Individuals

    The categories of individuals whose information is involved in the 
matching program are: (1) active duty service members and their family 
members and (2) retirees and their family members whose TRICARE 
eligibility records at DoD match data provided to DoD by CMS (submitted 
by AEs) about individual consumers who are applying for or are enrolled 
in private health insurance coverage under a qualified health plan 
through a federally-facilitated or state-based health insurance 
exchange.

Categories of Records

    The categories of records used in the matching program are identity 
records and minimum essential coverage (MEC) period records. To request 
information from DoD, CMS will submit a request to DoD that may 
contain, but is not limited to, the following specified data elements 
in a fixed record format: Social Security Number (SSN), first name, 
middle name, surname (last name), date of birth, gender, and requested 
Qualified Health Plan (QHP) coverage effective date and end date. When 
DoD is able to match the SSN and name provided by CMS and information 
is available, DoD will provide CMS with the following about each 
individual, as relevant: SSN, response code indicating enrollment in 
MEC under a TRICARE plan, and, as applicable, begin date(s) and end 
date(s) of enrollment in MEC under a TRICARE plan.

System(s) of Records

    The records used in the matching program are disclosed from these 
systems of records, as authorized by routine uses published in the 
System of Records Notices (SORNs) cited below:

A. System of Records Maintained by CMS

    CMS Health Insurance Exchanges System (HIX), CMS System No. 09-70-
0560, last published in full at 78 FR 63211 (Oct. 23, 2013), and 
amended at 83 FR 6591 (Feb. 14, 2018). Routine use 3 authorizes CMS' 
disclosures of identifying information about applicants to DoD for use 
in this matching program.

B. System of Records Maintained by DoD

    The DoD system of records and routine use that support this 
matching program are Routine Use h in DMDC 02 DoD, Defense Enrollment 
Eligibility Reporting Systems (DEERS), last published at 87 FR 32384 
(May 31, 2022). Routine use H supports DoD's disclosures to CMS.
[FR Doc. 2023-24081 Filed 10-31-23; 8:45 am]
BILLING CODE 4120-03-P