Privacy Act of 1974; New OIG Privacy Act System of Records: Consolidated Data Repository, 66648-66651 [E8-26725]
Download as PDF
<![CDATA[
jlentini on PROD1PC65 with NOTICES
66648
Federal Register / Vol. 73, No. 218 / Monday, November 10, 2008 / Notices
products, the testing phase begins when
the exemption to permit the clinical
investigations of the human drug
product becomes effective and runs
until the approval phase begins. The
approval phase starts with the initial
submission of an application to market
the human drug product and continues
until FDA grants permission to market
the drug product. Although only a
portion of a regulatory review period
may count toward the actual amount of
extension that the Director of Patents
and Trademarks may award (for
example, half the testing phase must be
subtracted as well as any time that may
have occurred before the patent was
issued), FDA’s determination of the
length of a regulatory review period for
a human drug product will include all
of the testing phase and approval phase
as specified in 35 U.S.C. 156(g)(1)(B).
FDA recently approved for marketing
the human drug product TYKERB
(lapatinib). TYKERB is indicated in
combination with capecitabine, for the
treatment of patients with advanced or
metastatic breast cancer whose tumors
overexpress HER2 and who have
received prior therapy including an
anthracycline, a taxane, and
trastuzumab. Subsequent to this
approval, the Patent and Trademark
Office received a patent term restoration
application for TYKERB (U.S. Patent
No. 6,713,485) from SmithKline
Beecham Corp. (doing business as
GlaxoSmithKline), and the Patent and
Trademark Office requested FDA’s
assistance in determining this patent’s
eligibility for patent term restoration. In
a letter dated April 28, 2008, FDA
advised the Patent and Trademark
Office that this human drug product had
undergone a regulatory review period
and that the approval of TYKERB
represented the first permitted
commercial marketing or use of the
product. Thereafter, the Patent and
Trademark Office requested that FDA
determine the product’s regulatory
review period.
FDA has determined that the
applicable regulatory review period for
TYKERB is 2,260 days. Of this time,
2,078 days occurred during the testing
phase of the regulatory review period,
while 182 days occurred during the
approval phase. These periods of time
were derived from the following dates:
1. The date an exemption under
section 505(i) of the Federal Food, Drug,
and Cosmetic Act (the act) (21 U.S.C.
355(i)) became effective: January 5,
2001. FDA has verified the applicant’s
claim that the date the investigational
new drug application became effective
was on January 5, 2001.
VerDate Aug<31>2005
16:09 Nov 07, 2008
Jkt 217001
2. The date the application was
initially submitted with respect to the
human drug product under section
505(b) of the act: September 13, 2006.
FDA has verified the applicant’s claim
that the new drug application (NDA) for
TYKERB (NDA 22–059) was initially
submitted on September 13, 2006.
3. The date the application was
approved: March 13, 2007. FDA has
verified the applicant’s claim that NDA
22–059 was approved on March 13,
2007.
This determination of the regulatory
review period establishes the maximum
potential length of a patent extension.
However, the U.S. Patent and
Trademark Office applies several
statutory limitations in its calculations
of the actual period for patent extension.
In its application for patent extension,
this applicant seeks 628 days of patent
term extension.
Anyone with knowledge that any of
the dates as published are incorrect may
submit to the Division of Dockets
Management (see ADDRESSES) written or
electronic comments and ask for a
redetermination by January 9, 2009.
Furthermore, any interested person may
petition FDA for a determination
regarding whether the applicant for
extension acted with due diligence
during the regulatory review period by
May 11, 2009. To meet its burden, the
petition must contain sufficient facts to
merit an FDA investigation. (See H.
Rept. 857, part 1, 98th Cong., 2d sess.,
pp. 41–42, 1984.) Petitions should be in
the format specified in 21 CFR 10.30.
Comments and petitions should be
submitted to the Division of Dockets
Management. Three copies of any
mailed information are to be submitted,
except that individuals may submit one
copy. Comments are to be identified
with the docket number found in
brackets in the heading of this
document. Comments and petitions may
be seen in the Division of Dockets
Management between 9 a.m. and 4 p.m.,
Monday through Friday.
Please note that on January 15, 2008,
the FDA Division of Dockets
Management Web site transitioned to
the Federal Dockets Management
System (FDMS). FDMS is a
Government-wide, electronic docket
management system. Electronic
comments or submissions will be
accepted by FDA only through FDMS at
https://www.regulations.gov.
Dated: October 20, 2008.
Jane A. Axelrad,
Associate Director for Policy, Center for Drug
Evaluation and Research.
[FR Doc. E8–26679 Filed 11–7–08; 8:45 am]
BILLING CODE 4160–01–S
PO 00000
Frm 00059
Fmt 4703
Sfmt 4703
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Office of Inspector General
Privacy Act of 1974; New OIG Privacy
Act System of Records: Consolidated
Data Repository
Office of Inspector General
(OIG), HHS.
ACTION: Notice of proposed new Privacy
Act System of Records.
AGENCY:
SUMMARY: The Privacy Act of 1974 (5
U.S.C. 552(e)(4)) requires that all
agencies publish in the Federal Register
a notice of the existence and character
of their system of records. Notice is
hereby given that OIG is adding a new
system of records entitled
‘‘Consolidated Data Repository—HHS–
OIG’’ (09–90–1000).
DATES: Effective Date: This system of
records will become effective without
further notice on December 22, 2008,
unless comments received on or before
that date result in a contrary
determination.
Comment Date: Comments on this
new system of records will be
considered if we receive them at the
addresses provided below no later than
5 p.m. Eastern Standard Time on
December 10, 2008.
ADDRESSES: In commenting, please
reference file code 09–90–1000. Because
of staff and resource limitations, we
cannot accept comments by facsimile
(fax) transmission. However, you may
submit comments using one of the
following three ways (no duplicates,
please):
1. Electronically. You may submit
electronically through the Federal
eRulemaking Portal at https://
www.regulations.gov. (Attachments
should be in Microsoft Word, if
possible.)
2. By regular, express, or overnight
mail. You may mail your printed or
written submissions to the following
address: Office of Inspector General,
Department of Health and Human
Services, Attention: Marco Villagrana,
Room 5541, Cohen Building, 330
Independence Avenue, SW.,
Washington, DC 20201. Please allow
sufficient time for mailed comments to
be received before the close of the
comment period.
3. By hand or courier. You may
deliver, by hand or courier, before the
close of the comment period, your
printed or written comments to the
Office of Inspector General, Department
of Health and Human Services, Cohen
Building, 330 Independence Avenue,
SW., Washington, DC 20201. Because
E:\FR\FM\10NON1.SGM
10NON1
Federal Register / Vol. 73, No. 218 / Monday, November 10, 2008 / Notices
jlentini on PROD1PC65 with NOTICES
access to the interior of the Cohen
Building is not readily available to
persons without Federal Government
identification, commenters are
encouraged to schedule their delivery
with one of our staff members at (202)
619–1343.
Inspection of Public Comments: All
comments received before the end of the
comment period will be posted on
https://www.regulations.gov for public
viewing. Hard copies will also be
available for public inspection at the
Office of Inspector General, Department
of Health and Human Services, Cohen
Building, 330 Independence Avenue,
SW., Washington, DC 20201, Monday
through Friday, from 8:30 a.m. to 4 p.m.
To schedule an appointment to view
public comments, phone (202) 401–
2206.
FOR FURTHER INFORMATION CONTACT:
Marco Villagrana, Department of Health
& Human Services, Office of Inspector
General, Office of External Affairs, (202)
401–2206; or Stephen Conway,
Department of Health & Human
Services, Office of Inspector General,
Office of Audit Services, (617) 565–
2946.
SUPPLEMENTARY INFORMATION: Under
Section 2 of the Inspector General Act
of 1978, as amended, OIG is required to
conduct audits and investigations
relating to programs and operations of
the Department. In performing these
required functions, OIG must collect,
collate, and analyze claims information
relating to services rendered to
Medicare beneficiaries and Medicaid
recipients. For this reason, OIG is
establishing a new system of records
which combines information from
several existing HHS systems of records
with information from State sources.
This combined system of records is
necessary for OIG to perform timely and
independent audits, evaluations and
inspections, and investigations of the
Medicare and Medicaid programs.
In addition, in compliance with the
‘‘Incident Reporting and Handling
Requirements’’ set forth in the Office of
Management and Budget Memoranda
07–16, Safeguarding Against and
Responding to the Breach of Personally
Identifiable Information, OIG is
incorporating the routine use language
into this new system of records as part
of our normal System of Records Notice
(SORN) review development process.
Description of the Proposed System of
Records
Records from the Centers for Medicare
& Medicaid Services and State Medicaid
agencies will be incorporated into this
new system of records. The new system
VerDate Aug<31>2005
16:09 Nov 07, 2008
Jkt 217001
of records will be created by including
Medicare and Medicaid enrollment,
eligibility, and claims data records on
all beneficiaries and recipients. Data in
the system of records will include
names; Social Security numbers (SSNs);
health insurance identification
numbers; and claims information
relating to inpatient, outpatient,
physician/supplier, skilled nursing
facilities, nursing home, hospice, home
health, durable medical equipment,
dental, prescription drug, and managed
care.
Agency Policies, Procedures and
Restrictions on the Routine Use
The Privacy Act permits OIG to
disclose information outside HHS
without an individual’s consent if the
information is to be used for a purpose
that is compatible with the purposes for
which the information was collected.
Any such disclosure of data is known as
a routine use. Accordingly, we are
proposing to establish the following
routine use disclosures of records
maintained in the system:
1. Disclosure may be made to Federal,
State, and local agencies for the purpose
of better identifying the total current
health care usage of the Medicare and
Medicaid patient population.
2. Disclosure may be made to Federal,
State, and local government agencies
and national health organizations to
assist in the development of programs
that will be beneficial to claimants and
to protect their rights under law and
assure that they are receiving all
benefits to which they are entitled.
3. Disclosure may be made to a
Federal department or agency or to a
contractor of a Federal department or
agency in order to conduct Federal
audits, evaluations and inspections, or
investigations necessary to accomplish a
statutory purpose of an agency. OIG
must be able to disclose information for
purposes needed to accomplish a
statutory purpose of a Federal agency.
4. Disclosure may be made to a
congressional office from the record of
an individual in response to an inquiry
from the congressional office made at
the request of that individual.
5. In the event of litigation,
information from the system of records
may be disclosed to the Department of
Justice, to a judicial or administrative
tribunal, opposing counsel, and
witnesses in the course of proceedings
involving HHS, any HHS employee
(where the matter pertains to the
employee’s official duties), or the
United States, or any agency thereof
where the litigation is likely to affect
HHS, or HHS is a party or has an
interest in the litigation and the use of
PO 00000
Frm 00060
Fmt 4703
Sfmt 4703
66649
the information is relevant and
necessary to the litigation.
6. In the event that a system of records
maintained by OIG to carry out its
functions indicates a violation or
potential violation of law, whether civil,
criminal, or regulatory in nature, and
whether arising by general statute or
particular program statute, or by
regulation, rule, or order issued
pursuant thereto, the relevant records in
the system of records may be referred,
as a routine use, to the appropriate
agency, whether Federal, State, local, or
foreign, charged with the responsibility
of investigating or prosecuting such
violation or charged with enforcing or
implementing the statute, rule,
regulation, or order issued pursuant
thereto.
7. In the event the that Department
deems it desirable or necessary in
determining whether particular records
are required to be disclosed under the
Freedom of Information Act, disclosure
may be made to the Department of
Justice for the purpose of obtaining its
advice.
8. A record from this system of
records may be disclosed to a Federal
agency in response to its request in
connection with the hiring or retention
of an employee, the issuance of a
security clearance, the reporting of an
investigation of an employee, the letting
of a contract, or the issuance of a
license, grant, or other benefit by the
requesting agency, to the extent that the
record is relevant and necessary to the
requesting agency’s decision on the
matter.
9. The system of records may be
disclosed to student volunteers and
other individuals performing functions
for the Department but technically not
having the status of agency employees,
if they need access to the records to
perform their assigned agency functions.
10. A record may be disclosed to
appropriate Federal agencies and
Department contractors that have a need
to know the information for the purpose
of assisting the Department’s efforts to
respond to a suspected or confirmed
breach of the security or confidentiality
of information maintained in this
system of records, and the information
disclosed is relevant and necessary for
that assistance.
Safeguards
OIG has safeguards in place for
authorized users and monitors users to
ensure against unauthorized use. The
system will conform to all applicable
Federal laws and regulations and
Federal, HHS, and OIG policies and
standards as they relate to information
security and data privacy.
E:\FR\FM\10NON1.SGM
10NON1
66650
Federal Register / Vol. 73, No. 218 / Monday, November 10, 2008 / Notices
Effects of the Proposed System of
Records on Individual Rights
This system is established in
accordance with the principles and
requirements of the Privacy Act and will
collect, use, and disseminate
information only as prescribed therein.
Data in this system will be subject to the
authorized releases in accordance with
the routine uses identified in this
system of records notice.
OIG will take precautionary measures
to minimize the risks of unauthorized
access to the records and the potential
harm to individual privacy or other
personal or property rights of
beneficiaries and recipients whose data
are maintained in the system. OIG will
make disclosures from the proposed
system in accordance with the Privacy
Act. OIG does not anticipate an
unfavorable effect on individual privacy
as a result of the disclosure of
information relating to individuals. This
proposed change will not otherwise
increase access to these records.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
The records include information
concerning Medicare beneficiaries and
Medicaid recipients.
CATEGORIES OF RECORDS IN THE SYSTEM:
09–90–1000
The categories of records in the
system will include Medicare
beneficiaries’ names, addresses, dates of
birth, Medicare HIC numbers, SSNs,
enrollment information and eligibility
information, and claims information
relating to the following types of
services: Inpatient, skilled nursing
facility, outpatient, physician/supplier,
home health, hospice, durable medical
equipment, prescription drug, and
Medicare Advantage. The records will
also include names, addresses, dates of
birth, and SSNs on Medicaid recipients
from State enrollment and eligibility
files and claims information relating to
the following types of services:
Inpatient, long-term care, professional,
dental, pharmacy, and Medicare crossover. The National Provider
Identification database and the Unique
Provider Identification Number (UPIN)
directory will be stored in this system
of records.
SYSTEM NAME:
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Consolidated Data Repository–HHS–
OIG.
Inspector General Act of 1978 (5
U.S.C. App.).
SYSTEM LOCATION(S):
PURPOSE(S):
Records will be maintained at the
following computer site locations:
• HHS–OIG, 330 Independence
Avenue, SW., Washington, DC 20201.
• HHS–OIG, N2–01–02, 7500 Security
Boulevard, Baltimore, MD 21244.
And the following HHS–OIG
Regional/Field Office locations:
• JFK Federal Building, Boston, MA
02203.
• J.K. Javits Federal Building, 26
Federal Plaza, New York, NY 10278.
• 150 South Independence Mall West,
Public Ledger Building, Philadelphia,
PA 19106.
• Atlanta Federal Center, Forsyth
Street South, Atlanta, GA 30303.
• 8659 Baypine Road, Suite 203
Jacksonville, FL 32256.
• 233 North Michigan Avenue, Room
1360, Chicago, IL 60601.
• 3815 West Street, Joseph Hwy,
Lansing, MI 48917.
• Galtier Plaza, 380 Jackson Street,
Suite 727, St. Paul, MN 55101.
• 1124 Rickard Road, Suite C,
Springfield, IL 62704.
• 1100 Commerce Street, Dallas, TX
75242.
• 1201 Walnut Street, Kansas City,
MO 64106.
• 90 7th Street, San Francisco, CA
94103.
The purpose of this system of records
is to conduct audits, evaluations and
inspections, and investigations of the
Medicare and Medicaid programs.
jlentini on PROD1PC65 with NOTICES
Dated: October 28, 2008.
Daniel R. Levinson,
Inspector General.
VerDate Aug<31>2005
16:09 Nov 07, 2008
Jkt 217001
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSE OF SUCH USES:
The Privacy Act permits OIG to
disclose information outside HHS
without an individual’s consent if the
information is to be used for a purpose
that is compatible with the purposes for
which the information was collected.
Any such disclosure of data is known as
a routine use. Accordingly, we are
proposing to establish the following
routine use disclosures of records
maintained in the system:
a. Disclosure may be made to Federal,
State, and local agencies for the purpose
of better identifying the total current
health care usage of the Medicare and
Medicaid patient population.
b. Disclosure may be made to Federal,
State, and local government agencies
and national health care organizations
to assist in the development of programs
that will be beneficial to claimants and
to protect their rights under law and
assure that they are receiving all
benefits to which they are entitled.
PO 00000
Frm 00061
Fmt 4703
Sfmt 4703
c. Disclosure may be made to a
Federal department or agency or to a
contractor of a Federal department or
agency to permit it to conduct Federal
audits, evaluations and inspections, or
investigations necessary to accomplish a
statutory purpose of an agency. OIG
must be able to disclose information for
purposes needed to accomplish a
statutory purpose of a Federal agency.
d. Disclosure may be made to a
congressional office from the record of
an individual in response to an inquiry
from the congressional office made at
the request of that individual.
e. In the event of litigation,
information from the system of records
may be disclosed to the Department of
Justice, to a judicial or administrative
tribunal, opposing counsel, and
witnesses, in the course of proceedings
involving HHS, any HHS employee
(where the matter pertains to the
employee’s official duties), or the
United States, or any agency thereof
where the litigation is likely to affect
HHS, or HHS is a party or has an
interest in the litigation and the use of
the information is relevant and
necessary to the litigation.
f. In the event that a system of records
maintained by OIG to carry out its
functions indicates a violation or
potential violation of law, whether civil,
criminal, or regulatory in nature, and
whether arising by general statute or
particular program statute, or by
regulation, rule or order issued pursuant
thereto, the relevant records in the
system of records may be referred, as a
routine use, to the appropriate agency,
whether Federal, State, local, or foreign,
charged with the responsibility of
investigating or prosecuting such
violation or charged with enforcing or
implementing the statute, or rule,
regulation or order issued pursuant
thereto.
g. In the event that the Department
deems it desirable or necessary, in
determining whether particular records
are required to be disclosed under the
Freedom of Information Act, disclosure
may be made to the Department of
Justice for the purpose of obtaining its
advice.
h. A record from this system of
records may be disclosed to a Federal
agency, in response to its request, in
connection with the hiring or retention
of an employee, the issuance of a
security clearance, the reporting of an
investigation of an employee, the letting
of a contract, or the issuance of a
license, grant, or other benefit by the
requesting agency, to the extent that the
record is relevant and necessary to the
requesting agency’s decision on the
matter.
E:\FR\FM\10NON1.SGM
10NON1
Federal Register / Vol. 73, No. 218 / Monday, November 10, 2008 / Notices
i. The system of records may be
disclosed to student volunteers and
other individuals performing functions
for the Department but technically not
having the status of agency employees,
if they need access to the records to
perform their assigned agency functions.
j. A record may be disclosed to
appropriate Federal agencies and
Department contractors that have a need
to know the information for the purpose
of assisting the Department’s efforts to
respond to a suspected or confirmed
breach of the security or confidentiality
of information maintained in this
system of records, and the information
disclosed is relevant and necessary for
that assistance.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
Data are maintained on magnetic tape,
disk, or laser optical media.
RETRIEVABILITY:
Records may be retrieved by name,
name and one or more criteria (e.g.,
dates of birth, death, and service), SSN,
Medicare HIC number, Medicaid
Identification Number.
jlentini on PROD1PC65 with NOTICES
SAFEGUARDS:
The computers that process these data
are protected by technical, managerial,
and operational controls that follow
Federal policies and guidelines. The
computers are protected by a
combination of physical security by
being located in Federal offices; access
controls such as passwords and
identification numbers; and technical
protections such as encryption,
firewalls, and anti-virus software. These
controls allow only authorized users to
access the data.
Employees who maintain records in
this system are instructed not to release
data until the intended recipient agrees
to implement appropriate management,
operational, and technical safeguards
sufficient to protect the confidentiality,
integrity, and availability of the
information and information systems
and to prevent unauthorized access.
This system will conform to all
applicable Federal laws and regulations
and Federal, HHS, and OIG policies and
standards as they relate to information
security and data privacy. These laws
and regulations may apply but are not
limited to: The Privacy Act of 1974; the
Federal Information Security
Management Act of 2002; the Computer
Fraud and Abuse Act of 1986; the
Health Insurance Portability and
Accountability Act of 1996; the
eGovernment Act of 2002, the Clinger-
16:09 Nov 07, 2008
Jkt 217001
RETENTION AND DISPOSAL:
These records may be maintained for
an indefinite duration.
SYSTEM MANAGER AND ADDRESS:
STORAGE:
VerDate Aug<31>2005
Cohen Act of 1996; the Medicare
Prescription Drug, Improvement, and
Modernization Act of 2003, and the
corresponding implementing
regulations; and OMB Circular A–130,
Management of Federal Resources,
Appendix III, Security of Federal
Automated Information Resources also
applies. Federal, HHS, and OIG policies
and standards include but are not
limited to: All pertinent National
Institute of Standards and Technology
publications; the HHS Information
Systems Program Handbook; and OIG
Information Security Handbooks.
The agency official responsible for the
system policies and practices outlined
above is: The Chief Information Officer,
Office of Management and Policy, Office
of Inspector General, Department of
Health and Human Services, Wilbur J.
Cohen Building, Room 5230, 330
Independence Avenue, SW.,
Washington, DC 20201.
NOTIFICATION PROCEDURE:
Any inquiries regarding these systems
of records should be addressed to the
System Manager. An individual who
requests notification of or access to a
medical record shall, at the time the
request is made, designate in writing a
responsible representative who will be
willing to review the record and inform
the subject individual of its contents at
the representative’s discretion. (These
notification and access procedures are
in accordance with Department
regulations (45 CFR 5b.6).)
RECORDS ACCESS PROCEDURES:
Same as notification procedures.
Requesters should also reasonably
specify the record contents being
sought. (These access procedures are in
accordance with Department regulations
(45 CFR 5b.5(a)(2).)
CONTESTING RECORD PROCEDURES:
Contact the official at the address in
the System Manager and Address
section above, and reasonably identify
the record and specify the information
to be contested and the corrective action
sought with supporting justification.
(These procedures are in accordance
with Department Regulations (45 CFR
5b.7).)
RECORD SOURCE CATEGORIES:
Information may be obtained from the
Centers for Medicare & Medicaid
Services National Claims History
(inpatient, outpatient, physician
PO 00000
Frm 00062
Fmt 4703
Sfmt 4703
66651
supplier, nursing home, hospice, home
care, and durable medical equipment),
Drug Data Processing System, Medicare
Advantage and Prescription Drug
system and State Medicaid claims and
enrollment databases.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS
OF THE ACT:
None.
[FR Doc. E8–26725 Filed 11–7–08; 8:45 am]
BILLING CODE 4152–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
National Institutes of Health
Submission for OMB Review;
Comment Request; California Health
Interview Survey Cancer Control
Module (CHIS–CCM) 2009 (NCI)
SUMMARY: Under the provisions of
Section 3507(a)(1)(D) of the Paperwork
Reduction Act of 1995, the National
Cancer Institute (NCI), the National
Institutes of Health (NIH), has submitted
to the Office of Management and Budget
(OMB) a request for review and
approval of the information collection
listed below. This proposed information
collection was previously published in
the Federal Register on August 22, 2008
(Volume 73, No. 164, p. 49685) and
allowed 60 days for public comment. No
public comments were received. The
purpose of this notice is to allow an
additional 30 days for public comment.
The National Institutes of Health may
not conduct or sponsor, and the
respondent is not required to respond
to, an information collection that has
been extended, revised, or implemented
on or after October 1, 1995, unless it
displays a currently valid OMB control
number.
Proposed Collection: Title: California
Health Interview Survey Cancer Control
Module (CHIS–CCM) 2009. Type of
Information Collection Request: New.
Need and Use of Information Collection:
The NCI has sponsored four Cancer
Control Modules in the California
Health Interview Survey (CHIS), and
will be sponsoring a fifth to be
administered in 2009. CHIS is a
telephone survey that collects
population-based, standardized healthrelated data to assess California’s
progress in meeting Healthy People
2010 objectives for the nation and the
state. The CHIS sample is designed to
provide statistically reliable estimates
statewide, for California counties, and
for California’s ethnically and racially
diverse population. Initiated by the
UCLA Center for Health Policy
E:\FR\FM\10NON1.SGM
10NON1
]]>Agencies
[Federal Register Volume 73, Number 218 (Monday, November 10, 2008)]
[Notices]
[Pages 66648-66651]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-26725]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of Inspector General
Privacy Act of 1974; New OIG Privacy Act System of Records:
Consolidated Data Repository
AGENCY: Office of Inspector General (OIG), HHS.
ACTION: Notice of proposed new Privacy Act System of Records.
-----------------------------------------------------------------------
SUMMARY: The Privacy Act of 1974 (5 U.S.C. 552(e)(4)) requires that all
agencies publish in the Federal Register a notice of the existence and
character of their system of records. Notice is hereby given that OIG
is adding a new system of records entitled ``Consolidated Data
Repository--HHS-OIG'' (09-90-1000).
DATES: Effective Date: This system of records will become effective
without further notice on December 22, 2008, unless comments received
on or before that date result in a contrary determination.
Comment Date: Comments on this new system of records will be
considered if we receive them at the addresses provided below no later
than 5 p.m. Eastern Standard Time on December 10, 2008.
ADDRESSES: In commenting, please reference file code 09-90-1000.
Because of staff and resource limitations, we cannot accept comments by
facsimile (fax) transmission. However, you may submit comments using
one of the following three ways (no duplicates, please):
1. Electronically. You may submit electronically through the
Federal eRulemaking Portal at https://www.regulations.gov. (Attachments
should be in Microsoft Word, if possible.)
2. By regular, express, or overnight mail. You may mail your
printed or written submissions to the following address: Office of
Inspector General, Department of Health and Human Services, Attention:
Marco Villagrana, Room 5541, Cohen Building, 330 Independence Avenue,
SW., Washington, DC 20201. Please allow sufficient time for mailed
comments to be received before the close of the comment period.
3. By hand or courier. You may deliver, by hand or courier, before
the close of the comment period, your printed or written comments to
the Office of Inspector General, Department of Health and Human
Services, Cohen Building, 330 Independence Avenue, SW., Washington, DC
20201. Because
[[Page 66649]]
access to the interior of the Cohen Building is not readily available
to persons without Federal Government identification, commenters are
encouraged to schedule their delivery with one of our staff members at
(202) 619-1343.
Inspection of Public Comments: All comments received before the end
of the comment period will be posted on https://www.regulations.gov for
public viewing. Hard copies will also be available for public
inspection at the Office of Inspector General, Department of Health and
Human Services, Cohen Building, 330 Independence Avenue, SW.,
Washington, DC 20201, Monday through Friday, from 8:30 a.m. to 4 p.m.
To schedule an appointment to view public comments, phone (202) 401-
2206.
FOR FURTHER INFORMATION CONTACT: Marco Villagrana, Department of Health
& Human Services, Office of Inspector General, Office of External
Affairs, (202) 401-2206; or Stephen Conway, Department of Health &
Human Services, Office of Inspector General, Office of Audit Services,
(617) 565-2946.
SUPPLEMENTARY INFORMATION: Under Section 2 of the Inspector General Act
of 1978, as amended, OIG is required to conduct audits and
investigations relating to programs and operations of the Department.
In performing these required functions, OIG must collect, collate, and
analyze claims information relating to services rendered to Medicare
beneficiaries and Medicaid recipients. For this reason, OIG is
establishing a new system of records which combines information from
several existing HHS systems of records with information from State
sources. This combined system of records is necessary for OIG to
perform timely and independent audits, evaluations and inspections, and
investigations of the Medicare and Medicaid programs.
In addition, in compliance with the ``Incident Reporting and
Handling Requirements'' set forth in the Office of Management and
Budget Memoranda 07-16, Safeguarding Against and Responding to the
Breach of Personally Identifiable Information, OIG is incorporating the
routine use language into this new system of records as part of our
normal System of Records Notice (SORN) review development process.
Description of the Proposed System of Records
Records from the Centers for Medicare & Medicaid Services and State
Medicaid agencies will be incorporated into this new system of records.
The new system of records will be created by including Medicare and
Medicaid enrollment, eligibility, and claims data records on all
beneficiaries and recipients. Data in the system of records will
include names; Social Security numbers (SSNs); health insurance
identification numbers; and claims information relating to inpatient,
outpatient, physician/supplier, skilled nursing facilities, nursing
home, hospice, home health, durable medical equipment, dental,
prescription drug, and managed care.
Agency Policies, Procedures and Restrictions on the Routine Use
The Privacy Act permits OIG to disclose information outside HHS
without an individual's consent if the information is to be used for a
purpose that is compatible with the purposes for which the information
was collected. Any such disclosure of data is known as a routine use.
Accordingly, we are proposing to establish the following routine use
disclosures of records maintained in the system:
1. Disclosure may be made to Federal, State, and local agencies for
the purpose of better identifying the total current health care usage
of the Medicare and Medicaid patient population.
2. Disclosure may be made to Federal, State, and local government
agencies and national health organizations to assist in the development
of programs that will be beneficial to claimants and to protect their
rights under law and assure that they are receiving all benefits to
which they are entitled.
3. Disclosure may be made to a Federal department or agency or to a
contractor of a Federal department or agency in order to conduct
Federal audits, evaluations and inspections, or investigations
necessary to accomplish a statutory purpose of an agency. OIG must be
able to disclose information for purposes needed to accomplish a
statutory purpose of a Federal agency.
4. Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
5. In the event of litigation, information from the system of
records may be disclosed to the Department of Justice, to a judicial or
administrative tribunal, opposing counsel, and witnesses in the course
of proceedings involving HHS, any HHS employee (where the matter
pertains to the employee's official duties), or the United States, or
any agency thereof where the litigation is likely to affect HHS, or HHS
is a party or has an interest in the litigation and the use of the
information is relevant and necessary to the litigation.
6. In the event that a system of records maintained by OIG to carry
out its functions indicates a violation or potential violation of law,
whether civil, criminal, or regulatory in nature, and whether arising
by general statute or particular program statute, or by regulation,
rule, or order issued pursuant thereto, the relevant records in the
system of records may be referred, as a routine use, to the appropriate
agency, whether Federal, State, local, or foreign, charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, rule, regulation,
or order issued pursuant thereto.
7. In the event the that Department deems it desirable or necessary
in determining whether particular records are required to be disclosed
under the Freedom of Information Act, disclosure may be made to the
Department of Justice for the purpose of obtaining its advice.
8. A record from this system of records may be disclosed to a
Federal agency in response to its request in connection with the hiring
or retention of an employee, the issuance of a security clearance, the
reporting of an investigation of an employee, the letting of a
contract, or the issuance of a license, grant, or other benefit by the
requesting agency, to the extent that the record is relevant and
necessary to the requesting agency's decision on the matter.
9. The system of records may be disclosed to student volunteers and
other individuals performing functions for the Department but
technically not having the status of agency employees, if they need
access to the records to perform their assigned agency functions.
10. A record may be disclosed to appropriate Federal agencies and
Department contractors that have a need to know the information for the
purpose of assisting the Department's efforts to respond to a suspected
or confirmed breach of the security or confidentiality of information
maintained in this system of records, and the information disclosed is
relevant and necessary for that assistance.
Safeguards
OIG has safeguards in place for authorized users and monitors users
to ensure against unauthorized use. The system will conform to all
applicable Federal laws and regulations and Federal, HHS, and OIG
policies and standards as they relate to information security and data
privacy.
[[Page 66650]]
Effects of the Proposed System of Records on Individual Rights
This system is established in accordance with the principles and
requirements of the Privacy Act and will collect, use, and disseminate
information only as prescribed therein. Data in this system will be
subject to the authorized releases in accordance with the routine uses
identified in this system of records notice.
OIG will take precautionary measures to minimize the risks of
unauthorized access to the records and the potential harm to individual
privacy or other personal or property rights of beneficiaries and
recipients whose data are maintained in the system. OIG will make
disclosures from the proposed system in accordance with the Privacy
Act. OIG does not anticipate an unfavorable effect on individual
privacy as a result of the disclosure of information relating to
individuals. This proposed change will not otherwise increase access to
these records.
Dated: October 28, 2008.
Daniel R. Levinson,
Inspector General.
09-90-1000
SYSTEM NAME:
Consolidated Data Repository-HHS-OIG.
SYSTEM LOCATION(S):
Records will be maintained at the following computer site
locations:
HHS-OIG, 330 Independence Avenue, SW., Washington, DC
20201.
HHS-OIG, N2-01-02, 7500 Security Boulevard, Baltimore, MD
21244.
And the following HHS-OIG Regional/Field Office locations:
JFK Federal Building, Boston, MA 02203.
J.K. Javits Federal Building, 26 Federal Plaza, New York,
NY 10278.
150 South Independence Mall West, Public Ledger Building,
Philadelphia, PA 19106.
Atlanta Federal Center, Forsyth Street South, Atlanta, GA
30303.
8659 Baypine Road, Suite 203 Jacksonville, FL 32256.
233 North Michigan Avenue, Room 1360, Chicago, IL 60601.
3815 West Street, Joseph Hwy, Lansing, MI 48917.
Galtier Plaza, 380 Jackson Street, Suite 727, St. Paul, MN
55101.
1124 Rickard Road, Suite C, Springfield, IL 62704.
1100 Commerce Street, Dallas, TX 75242.
1201 Walnut Street, Kansas City, MO 64106.
90 7th Street, San Francisco, CA 94103.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records include information concerning Medicare beneficiaries
and Medicaid recipients.
CATEGORIES OF RECORDS IN THE SYSTEM:
The categories of records in the system will include Medicare
beneficiaries' names, addresses, dates of birth, Medicare HIC numbers,
SSNs, enrollment information and eligibility information, and claims
information relating to the following types of services: Inpatient,
skilled nursing facility, outpatient, physician/supplier, home health,
hospice, durable medical equipment, prescription drug, and Medicare
Advantage. The records will also include names, addresses, dates of
birth, and SSNs on Medicaid recipients from State enrollment and
eligibility files and claims information relating to the following
types of services: Inpatient, long-term care, professional, dental,
pharmacy, and Medicare cross-over. The National Provider Identification
database and the Unique Provider Identification Number (UPIN) directory
will be stored in this system of records.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Inspector General Act of 1978 (5 U.S.C. App.).
PURPOSE(S):
The purpose of this system of records is to conduct audits,
evaluations and inspections, and investigations of the Medicare and
Medicaid programs.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSE OF SUCH USES:
The Privacy Act permits OIG to disclose information outside HHS
without an individual's consent if the information is to be used for a
purpose that is compatible with the purposes for which the information
was collected. Any such disclosure of data is known as a routine use.
Accordingly, we are proposing to establish the following routine use
disclosures of records maintained in the system:
a. Disclosure may be made to Federal, State, and local agencies for
the purpose of better identifying the total current health care usage
of the Medicare and Medicaid patient population.
b. Disclosure may be made to Federal, State, and local government
agencies and national health care organizations to assist in the
development of programs that will be beneficial to claimants and to
protect their rights under law and assure that they are receiving all
benefits to which they are entitled.
c. Disclosure may be made to a Federal department or agency or to a
contractor of a Federal department or agency to permit it to conduct
Federal audits, evaluations and inspections, or investigations
necessary to accomplish a statutory purpose of an agency. OIG must be
able to disclose information for purposes needed to accomplish a
statutory purpose of a Federal agency.
d. Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
e. In the event of litigation, information from the system of
records may be disclosed to the Department of Justice, to a judicial or
administrative tribunal, opposing counsel, and witnesses, in the course
of proceedings involving HHS, any HHS employee (where the matter
pertains to the employee's official duties), or the United States, or
any agency thereof where the litigation is likely to affect HHS, or HHS
is a party or has an interest in the litigation and the use of the
information is relevant and necessary to the litigation.
f. In the event that a system of records maintained by OIG to carry
out its functions indicates a violation or potential violation of law,
whether civil, criminal, or regulatory in nature, and whether arising
by general statute or particular program statute, or by regulation,
rule or order issued pursuant thereto, the relevant records in the
system of records may be referred, as a routine use, to the appropriate
agency, whether Federal, State, local, or foreign, charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule, regulation
or order issued pursuant thereto.
g. In the event that the Department deems it desirable or
necessary, in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be made
to the Department of Justice for the purpose of obtaining its advice.
h. A record from this system of records may be disclosed to a
Federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
[[Page 66651]]
i. The system of records may be disclosed to student volunteers and
other individuals performing functions for the Department but
technically not having the status of agency employees, if they need
access to the records to perform their assigned agency functions.
j. A record may be disclosed to appropriate Federal agencies and
Department contractors that have a need to know the information for the
purpose of assisting the Department's efforts to respond to a suspected
or confirmed breach of the security or confidentiality of information
maintained in this system of records, and the information disclosed is
relevant and necessary for that assistance.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Data are maintained on magnetic tape, disk, or laser optical media.
RETRIEVABILITY:
Records may be retrieved by name, name and one or more criteria
(e.g., dates of birth, death, and service), SSN, Medicare HIC number,
Medicaid Identification Number.
SAFEGUARDS:
The computers that process these data are protected by technical,
managerial, and operational controls that follow Federal policies and
guidelines. The computers are protected by a combination of physical
security by being located in Federal offices; access controls such as
passwords and identification numbers; and technical protections such as
encryption, firewalls, and anti-virus software. These controls allow
only authorized users to access the data.
Employees who maintain records in this system are instructed not to
release data until the intended recipient agrees to implement
appropriate management, operational, and technical safeguards
sufficient to protect the confidentiality, integrity, and availability
of the information and information systems and to prevent unauthorized
access. This system will conform to all applicable Federal laws and
regulations and Federal, HHS, and OIG policies and standards as they
relate to information security and data privacy. These laws and
regulations may apply but are not limited to: The Privacy Act of 1974;
the Federal Information Security Management Act of 2002; the Computer
Fraud and Abuse Act of 1986; the Health Insurance Portability and
Accountability Act of 1996; the eGovernment Act of 2002, the Clinger-
Cohen Act of 1996; the Medicare Prescription Drug, Improvement, and
Modernization Act of 2003, and the corresponding implementing
regulations; and OMB Circular A-130, Management of Federal Resources,
Appendix III, Security of Federal Automated Information Resources also
applies. Federal, HHS, and OIG policies and standards include but are
not limited to: All pertinent National Institute of Standards and
Technology publications; the HHS Information Systems Program Handbook;
and OIG Information Security Handbooks.
RETENTION AND DISPOSAL:
These records may be maintained for an indefinite duration.
SYSTEM MANAGER AND ADDRESS:
The agency official responsible for the system policies and
practices outlined above is: The Chief Information Officer, Office of
Management and Policy, Office of Inspector General, Department of
Health and Human Services, Wilbur J. Cohen Building, Room 5230, 330
Independence Avenue, SW., Washington, DC 20201.
NOTIFICATION PROCEDURE:
Any inquiries regarding these systems of records should be
addressed to the System Manager. An individual who requests
notification of or access to a medical record shall, at the time the
request is made, designate in writing a responsible representative who
will be willing to review the record and inform the subject individual
of its contents at the representative's discretion. (These notification
and access procedures are in accordance with Department regulations (45
CFR 5b.6).)
RECORDS ACCESS PROCEDURES:
Same as notification procedures. Requesters should also reasonably
specify the record contents being sought. (These access procedures are
in accordance with Department regulations (45 CFR 5b.5(a)(2).)
CONTESTING RECORD PROCEDURES:
Contact the official at the address in the System Manager and
Address section above, and reasonably identify the record and specify
the information to be contested and the corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7).)
RECORD SOURCE CATEGORIES:
Information may be obtained from the Centers for Medicare &
Medicaid Services National Claims History (inpatient, outpatient,
physician supplier, nursing home, hospice, home care, and durable
medical equipment), Drug Data Processing System, Medicare Advantage and
Prescription Drug system and State Medicaid claims and enrollment
databases.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
None.
[FR Doc. E8-26725 Filed 11-7-08; 8:45 am]
BILLING CODE 4152-01-P
