[Federal Register: June 26, 2009 (Volume 74, Number 122)] [Notices] [Page 30606-30608] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr26jn09-119] ----------------------------------------------------------------------- DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Medicare & Medicaid Services Privacy Act of 1974; Addition of a New Routine Use AGENCY: Department of Health and Human Services (HHS), Centers for Medicare & Medicaid Services (CMS). ACTION: Notice to add a new routine use to all CMS systems of records (SOR). ----------------------------------------------------------------------- SUMMARY: CMS proposes to add a new routine use to its inventory of SOR subject to the Privacy Act of 1974 (Title 5 United States Code (U.S.C.) 552a) authorizing disclosure of individually identifiable information to assist in efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in these systems of records. The new routine use will be prioritized in the next consecutive numbered order of routine uses in each system notice and will be included in the next published notice as part of our normal SOR review process. The new routine use will read as follows: 1. To appropriate Federal agencies, Department officials and Agency contractors that need access to identifiable information to provide assistance to the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information. In order to receive the information, CMS must: a. Determines that the use or disclosure does not violate legal [[Page 30607]] limitations under which the record was provided, collected, or obtained; b. Determines that the purpose for which the disclosure is to be made: (1) Cannot be reasonably accomplished unless the record is provided in individually identifiable form, (2) is of sufficient importance to warrant the effect and/or risk on the privacy of the individual that additional exposure of the record might bring, and (3) there is reasonable probability that the objective for the use would be accomplished; c. Requires the recipient of the information to: (1) Establish reasonable administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of the record, and (2) remove or destroy the information that allows the individual to be identified at the earliest time at which removal or destruction can be accomplished consistent with the purpose of the disclosure, and (3) Make no further use or disclosure of the record except: (a) In emergency circumstances affecting the health or safety of any individual, or (b) When required by law. d. Secures a written statement attesting to the information recipient's understanding of and willingness to abide by these provisions and complete a Data Use Agreement (CMS Form 0235) in accordance with current CMS policies. The reason for this routine use is as follows: Other Federal agencies, Department officials and contractors, as well as CMS contractors may need access to identifiable information that is both relevant and necessary to provide assistance to all efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in these systems of records. DATES: Effective Date: The new routine use will be effective on < DATE . ADDRESSES: The public should address comments to: CMS Privacy Officer, Division of Privacy Compliance, Enterprise Architecture and Strategy Group, Office of Information Services, CMS, Room N2-04-27, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. The telephone number is (410) 786-5357. Comments received will be available for review at this location, by appointment, during regular business hours, Monday through Friday from 9 a.m.-3 p.m., Eastern Time zone. SUPPLEMENTARY INFORMATION: On May 22, 2007, the Office of Management and Budget (OMB) released Memoranda (M) 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information. HHS convened a leadership committee composed of members from the Office of the Chief Information Officer (OICO), the Office of Assistant Secretary for Public Affairs (ASPA), and the Office of the Assistant Secretary for Planning and Evaluation (ASPE) in order to formulate a response plan for the newly established requirements. The final response plan was signed by the HHS Chief Information Officer (CIO), Mike Carleton and submitted to OMB on September 19, 2007. As required by the memoranda, to comply with the ``Incident Reporting and Handling Requirements,'' all Operations and Staff Divisions are instructed to incorporate the suggested routine use language as part of their normal SOR review process. Dated: June 16, 2009. Michelle Snyder, Deputy Chief Operating Officer, Centers for Medicare & Medicaid Services. Attachment A ------------------------------------------------------------------------ SOR No. Title FR published ------------------------------------------------------------------------ 09-70-0500.......... Health Plan 71 FR 60718, 10/16/2006 Management System (HPMS). 09-70-0501.......... Medicare Multi- 71 FR 64968, 11/06/2006 Carrier Claims Systems (MCS). 09-70-0502.......... Enrollment Data 73 FR 10249, 02/26/2008 Base (EDB). 09-70-0503.......... Fiscal 71 FR 64961, 11/06/2006 Intermediary Shared System (FISS). 09-70-0514.......... Medicare 71 FR 17470, 04/06/2006 Provider Analysis and Review (MEDPAR). 09-70-0519.......... Medicare 71 FR 60722, 10/16/2006 Current Beneficiary Survey (MCBS). 09-70-0520.......... ESRD Program 72 FR 26126, 5/8/2007 Management and Medical Information System (PMMIS). 09-70-0521.......... Inpatient 71 FR 67143, 11/20/2006 Rehabilitation Facilities--Pa tient Assessment Instrument (IRF-PAI). 09-70-0522.......... Home Health 72 FR 63906, 11/13/2007 Agency Outcome and Assessment Information Set (OASIS). 09-70-0526.......... Common Working 71 FR 64955, 11/06/2006 File (CWF). 09-70-0528.......... Long Term Care- 72 FR 12801, 3/19/2007 Minimum Data Set (LTC MDS). 09-70-0532.......... Provider 71 FR 60536, 10/13/2006 Enrollment Chain and Ownership System (PECOS). 09-70-0536.......... Medicare 71 FR 11420, 03/07/2006 Beneficiary Database (MBD). 09-70-0538.......... Individuals 72 FR 63902, 11/13/2007 Authorized Access to the CMS Computer Services (IACS). 09-70-0541.......... Medicaid 71 FR 65527, 11/08/2006 Statistical Information System (MSIS). 09-70-0550.......... Retiree Drug 70 FR 41035, 7/15/2005 Subsidy Program (RDSP). 09-70-0553.......... Medicare Drug 70 FR 58436, 10/06/2005 Data Processing System (DDPS). 09-70-0558.......... National Claims 71 FR 67137, 11/20/2006 History File (NCH). 09-70-0568.......... One Program 71 FR64530, 11/02/2006 Integrity Data Repository (ODR). 09-70-0569.......... Post Acute Care 72 FR 55225, 09/28/2007 Payment Reform/ Continuity Assessment Report Demonstration and Evaluation (PAC-CARE). 09-70-0571.......... Medicare 71 FR 64530, 11/02/2006 Integrated Data Repository (IDR). 09-70-0573.......... Chronic 71 FR 54495, 09/15/2006 Condition Data Repository (CCDR). 09-70-4001.......... Medicare 70 FR 60530, 10/18/2005 Advantage Prescription Drug (MARx). 09-70-0575.......... Organ 71 FR 29336, 05/22/2006 Procurement Organizations System (OPOS). 09-70-0594.......... Minimum Data 72 FR 72733, 12/21/2007 Set (MDS) for Home and Community Based Alternatives (CBA) to Psychiatric Residential Treatment) Facilities (PRTF) (CBA- PRTF). ------------------------------------------------------------------------ [[Page 30608]] [FR Doc. E9-15192 Filed 6-25-09; 8:45 am] BILLING CODE 4120-03-P
Justia Lawyer, Legal Aid & Services Directory: Health Care Lawyers