Privacy Act of 1974; Notice of Modified System of Records, 80412-80417 [E8-31146]
Download as PDF
80412
Federal Register / Vol. 73, No. 251 / Wednesday, December 31, 2008 / Notices
Prevention and the Agency for Toxic
Substances and Disease Registry.
request for OMB approval of the
proposed information collection. All
comments will become a matter of
public record.
BILLING CODE 4160–90–M
BILLING CODE 4163–18–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Disease Control and
Prevention
Centers for Medicare & Medicaid
Services
Board of Scientific Counselors,
National Center for Injury Prevention
and Control: Notice of Charter
Amendment
pwalker on PROD1PC71 with NOTICES
Dated: December 17, 2008.
Carolyn M. Clancy,
Director.
[FR Doc. E8–30762 Filed 12–30–08; 8:45 am]
Dated: December 17, 2008.
Elaine L. Baker,
Director, Management Analysis and Services
Office, Centers for Disease Control and
Prevention.
[FR Doc. E8–31111 Filed 12–30–08; 8:45 am]
Privacy Act of 1974; Notice of Modified
System of Records
This gives notice under the Federal
Advisory Committee Act (Pub. L. 92–
463) of October 6, 1972, that the
statutory requirements of the Advisory
Committee for Injury Prevention and
Control (ACIPC) have been transferred
to the Board of Scientific Counselors,
National Center for Injury Prevention
and Control (BSC, NCIPC).
The ACIPC was established on
October 18, 1988, in accordance with
Public Law 92–463, as amended (5
U.S.C. App. 2). Section 394(a) of the
Public Health Service Act, (42 U.S.C.
280b–2(a)), as amended, directed the
Secretary, Department of Health and
Human Services, acting through the
Director, CDC, to establish an advisory
committee to provide advice with
respect to the prevention and control of
injuries. On October 28, 1994, ACIPC
was reestablished under statute.
The responsibilities of ACIPC have
been assumed by the BSC, NCIPC. By
assuming the statutorily mandated
responsibilities of ACIPC, the BSC,
NCIPC will thereby become a statutorily
mandated committee, continuing to
serve the purposes set forth by Section
394(a) of the Public Health Service Act.
For information, contact Gwendolyn
Cattledge, Ph.D., Executive Secretary,
Board of Scientific Counselors, National
Center for Injury Prevention and
Control, Centers for Disease Control and
Prevention, Department of Health and
Human Services, 4770 Buford Highway,
Mailstop K02, Atlanta, Georgia 30341,
telephone (770) 488–4655 or fax (770)
488–4422.
The Director, Management Analysis
and Services Office, has been delegated
the authority to sign Federal Register
notices pertaining to announcements of
meetings and other committee
management activities, for both the
Centers for Disease Control and
VerDate Aug<31>2005
17:41 Dec 30, 2008
Jkt 217001
AGENCY: Department of Health and
Human Services (HHS), Centers for
Medicare & Medicaid Services (CMS).
ACTION: Notice of a Modified System of
Records.
SUMMARY: In accordance with the
requirements of the Privacy Act of 1974,
CMS is proposing to make minor
amendments to an existing system of
records (SOR) titled, ‘‘Performance
Measurement and Reporting System
(PMRS),’’ System No. 09–70–0584,
published at 72 FR 52133 (September
12, 2007). PMRS serves as a master
system of records to assist in projects
that provide transparency in health care
on a broad scale enabling consumers to
compare the quality and price of health
care services so that they can make
informed choices among individual
physicians, practitioners, and other
providers of services. We are making
minor amendments to PMRS to include
two additional legal authorities: The
Medicare, Medicaid, and SCHIP
Extension Act of 2007 (MMSEA) (Pub.
L. 110–173) and the Medicare
Improvements for Patients and
Providers Act of 2008 (MIPPA) (Pub. L.
110–275). Section 101(b) of the MMSEA
amended section 1848(k)(2)(B) of the
Social Security Act (the Act) (42 U.S.C.
1395w–4) and section 101(c) of division
B of the Tax Relief and Health Care Act
of 2006 to extend the Physician Quality
Reporting Initiative (PQRI). MIPPA,
effective July 15, 2008, extended the
PQRI for 2010 and subsequent years and
authorized a new incentive program for
successful electronic prescribers under
section 1848(m)(2) of the Act. In
addition, the MIPPA requires the
Secretary to post on the CMS Web site
the names of eligible professionals or
group practices who satisfactorily
submit data on quality measures
through PQRI and the names of those
eligible professionals or group practices
PO 00000
Frm 00052
Fmt 4703
Sfmt 4703
who are successful electronic
prescribers. This requirement is codified
at section 1848(m)(5)(G) of the Act.
Accordingly, CMS is adding §§ 131 and
132 of MIPPA, § 101 of MMSEA,
§ 1848(k) of the Act, and § 1848(m) of
the Act to the PMRS’ legal authority
section.
In addition, we are clarifying in this
notice that the term, ‘‘performance
measurement results’’ used in the PMRS
includes, but is not limited to,
submission of data on measures, eprescribing usage, frequency of
reporting or performance, as well as
rates or scores based on application of
specific measures. We consider all of
these types of information to be valid
indicators of a physician’s,
practitioner’s, or other provider’s
commitment to and delivery of high
quality, high value health care.
The primary purpose of this system is
to support the collection, maintenance,
and processing of information to
promote the delivery of high quality,
efficient, effective, and economical
health care services, and promoting the
quality and efficiency of services of the
type for which payment may be made
under title XVIII by allowing for the
establishment and implementation of
performance measures, the provision of
feedback to physicians, and public
reporting of performance information.
Information in this system will also be
disclosed to: (1) Support regulatory,
reimbursement, and policy functions
performed for the Agency or by a
contractor, consultant, or a CMS
grantee; (2) assist another Federal and/
or state agency, agency of a state
government, or an agency established by
state law; (3) promote more informed
choices by Medicare beneficiaries
among their Medicare group options by
making physician performance
measurement information available to
Medicare beneficiaries through a Web
site and other forms of data
dissemination; (4) provide CVEs and
data aggregators with information that
will assist in generating single or multipayer performance measurement results
to promote transparency in health care
to members of their community; (5)
assist individual physicians,
practitioners, providers of services,
suppliers, laboratories, and other health
care professionals who are participating
in health care transparency projects; (6)
assist individuals or organizations with
projects that provide transparency in
health care on a broad scale enabling
consumers to compare the quality and
price of health care services; or for
research, evaluation, and
epidemiological projects related to the
prevention of disease or disability;
E:\FR\FM\31DEN1.SGM
31DEN1
pwalker on PROD1PC71 with NOTICES
Federal Register / Vol. 73, No. 251 / Wednesday, December 31, 2008 / Notices
restoration or maintenance of health or
for payment purposes; (7) assist Quality
Improvement Organizations; (8) support
litigation involving the agency; and (9)
and (10) combat fraud, waste, and abuse
in certain health benefits programs. We
have provided background information
about this modified system in the
SUPPLEMENTARY INFORMATION section
below
DATES: Effective Dates: The minor
amendments contained in this notice
are effective upon publication in the
Federal Register.
FOR FURTHER INFORMATION CONTACT:
Aucha Prachanronarong, Health
Insurance Specialist, Division of
Ambulatory Care and Measure
Management, Quality Measurement and
Health Assessment Group, Office of
Clinical Standards and Quality, CMS,
Room C1–23–14, 7500 Security
Boulevard, Baltimore, Maryland 21244–
1850. The telephone number is (410)
786–1879 or contact
Aucha.Prachanronarong@cms.hhs.gov.
SUPPLEMENTARY INFORMATION: The
Value-driven Health Care Initiative is
designed to achieve four cornerstones:
Interoperable health information
technology (HIT); transparency of price
information; transparency of quality
information; and the use of incentives to
promote high-quality and cost-efficient
health care. Regional/local publicprivate collaboration is essential to the
success of this Initiative. As such, the
Initiative is encouraging the growth of
regional public-private collaboratives
that will be chartered by the Agency for
Healthcare Research and Quality
(AHRQ) to support and achieve the four
cornerstones. Only mature, sustainable,
multi-stakeholder entities that are
committed to achieving the four
cornerstones, including publicly
reporting physician-level and other
provider performance measurement
information and facilitating the use of
this information to improve the quality
and efficiency of health care delivery,
will become Chartered Value Exchanges
(CVEs).
Provided they meet certain criteria
established by CMS and disclosure is
consistent with the Privacy Act, the
Health Insurance Portability and
Accountability Act (HIPAA) Privacy
Rule and other applicable laws, CMS
may provide CVEs with patient deidentified Medicare-inclusive
individual physician-level or group
practice level performance measurement
results. CMS also may provide
physician and patient identifiable
protected health claims data
information to data aggregators that are
HIPAA business associates of CMS
VerDate Aug<31>2005
17:41 Dec 30, 2008
Jkt 217001
(including working with providers,
payers, or other HIPAA covered entities)
for purposes for generating these results.
The patient de-identified results will be
calculated using Medicare claims data
based on consensus-based measures as
determined by CMS, including but not
limited to quality, resource use,
efficiency, and utilization metrics.
Available results may include single
payer (i.e., Medicare only and private
payer only performance measurement
results) and/or multi-payer (i.e., results
generated from merging or combining
Medicare results with private payer
results) patient de-identified, individual
physician-level performance
measurement results. CMS also may
make patient de-identified and
individual physician-level or group
practice level performance measurement
results available to Medicare
beneficiaries, and others that meet CMS
requirements for disclosure.
CMS also has implemented a pilot
project known as, ‘‘The Better Quality
Information to Improve Care for
Medicare Beneficiaries (BQI) Project’’ to
develop a model to combine data,
quality measurement, and public
reporting. Through the BQI project, each
pilot collaborative, as a QIO
subcontractor, is combining private
claims data with Medicare claims data
and, in some cases, Medicaid claims
data to produce single payer and/or
multi-payer, patient de-identified,
individual physician-level or group
practice level performance measurement
results using quality measures that are
approved by CMS. These performance
measurement results were made
available to Medicare beneficiaries by
CMS or a CMS contractor.
In addition, as required by the Tax
Relief and Health Care Act of 2006, CMS
implemented a voluntary Physician
Quality Reporting Initiative (PQRI).
Under PQRI, eligible professionals who
choose to participate and satisfactorily
report on a designated set of quality
measures for services paid under the
Medicare Physician Fee Schedule and
provided to Medicare beneficiaries
under the traditional fee-for-service
program, may earn an incentive
payment. Participating eligible
professionals whose Medicare patients
in the traditional fee-for-service program
fit the specifications of the PQRI quality
measures will report the corresponding
appropriate Common Procedural
Terminology (CPT) Category II codes or
G-codes on their claims or through
qualified PQRI registries.
In 2009, CMS also will implement an
Electronic Prescribing (E-Prescribing)
Incentive Program as required by the
MIPPA. Eligible professionals who
PO 00000
Frm 00053
Fmt 4703
Sfmt 4703
80413
choose to participate and are successful
electronic prescribers may earn an
incentive payment. MIPPA also requires
CMS to publicly report the names of
eligible professionals or group practices
who satisfactorily submit data on
quality measures through PQRI and the
names of those eligible professionals or
group practices who are successful eprescribers.
CMS may publicly report additional
performance information, including
submission of data on measures, eprescribing usage, frequency of
reporting or performance, as well as
specific rates or scores based on
application of specific measures. CMS
considers all of these types of
information to be valid indicators of a
physician, practitioner, or other health
care provider’s commitment to and
delivery of high quality, high value
health care.
I. Description of the Proposed System of
Records
A. Statutory and Regulatory Basis for
System
Authority for the collection,
maintenance, and disclosures from this
system is given under provisions of
§§ 1152, 1153(c), 1153(e), 1154, 1160,
1848(k), 1848(m), 1851(d) and 1862(g) of
the Social Security Act; § 101 of
division B of the Tax Relief and Health
Care Act of 2006; § 101 of the Medicare,
Medicaid, and SCHIP Extension Act of
2007, §§ 131 and 132 of MIPPA, and
§§ 901, 912, and 914 of the Public
Health Service Act.
B. Collection and Maintenance of Data
in the System
The system contains single and multipayer, patient de-identified, individual
physician-level performance
measurement results as well as, patient
identifiable clinical and claims
information provided by individual
physicians, practitioners and providers
of services, individuals assigned to
provider groups, insurance and provider
associations, government agencies,
accrediting and quality organizations,
and others who are committed to
improving the quality of physician
services. This system contains the
patient’s or beneficiary’s name, sex,
health insurance claim number (HIC),
Social Security Number (SSN), address,
date of birth, medical record number(s),
prior stay information, provider name
and address, physician’s name, and/or
identification number, date of
admission or discharge, other health
insurance, diagnosis, surgical
procedures, and a statement of services
rendered for related charges and other
E:\FR\FM\31DEN1.SGM
31DEN1
80414
Federal Register / Vol. 73, No. 251 / Wednesday, December 31, 2008 / Notices
data needed to substantiate claims. The
system contains provider
characteristics, prescriber identification
number(s), assigned provider number(s)
(facility, referring/servicing physician),
and national drug code information,
total charges, and Medicare payment
amounts.
II. Agency Policies, Procedures, and
Restrictions on Routine Uses
The Privacy Act permits us to disclose
information without an individual’s
consent/authorization if the information
is to be used for a purpose that is
compatible with the purpose(s) for
which the information was collected.
Any such disclosure of data is known as
a ‘‘routine use.’’ The agency policies,
procedures, and restriction on routine
uses for the PMRS were published in
the Federal Register on September 12,
2007. See 72 FR 52133 (Sept. 12, 2007)
for further information.
pwalker on PROD1PC71 with NOTICES
III. Routine Use Disclosures of Data In
the System
For further information on the routine
uses for the PMRS, please see 72 FR
52133.
IV. Safeguards
CMS has safeguards in place for
authorized users and monitors such
users to ensure against unauthorized
use. Personnel having access to the
system have been trained in the Privacy
Act and information security
requirements. Employees who maintain
records in this system are instructed not
to release data until the intended
recipient agrees to implement
appropriate management, operational
and technical safeguards sufficient to
protect the confidentiality, integrity and
availability of the information and
information systems and to prevent
unauthorized access.
This system will conform to all
applicable Federal laws and regulations
and Federal, HHS, and CMS policies
and standards as they relate to
information security and data privacy.
These laws and regulations include but
are not limited to: The Privacy Act of
1974; the Federal Information Security
Management Act of 2002; the Computer
Fraud and Abuse Act of 1986; the
Health Insurance Portability and
Accountability Act of 1996; the EGovernment Act of 2002, the ClingerCohen Act of 1996; the Medicare
Modernization Act of 2003, and the
corresponding implementing
regulations. OMB Circular A–130,
Management of Federal Resources,
Appendix III, Security of Federal
Automated Information Resources also
applies. Federal, HHS, and CMS
VerDate Aug<31>2005
17:41 Dec 30, 2008
Jkt 217001
policies and standards include but are
not limited to: All pertinent National
Institute of Standards and Technology
publications; the HHS Information
Systems Program Handbook and the
CMS Information Security Handbook.
V. Effects of the New System on the
Rights of Individuals
CMS proposes to establish this system
in accordance with the principles and
requirements of the Privacy Act and will
collect, use, and disseminate
information only as prescribed therein.
We will only disclose the minimum
personal data necessary to achieve the
purpose of PMRS. Disclosure of
information from the system will be
approved only to the extent necessary to
accomplish the purpose of the
disclosure. CMS has assigned a higher
level of security clearance for the
information maintained in this system
in an effort to provide added security
and protection of data in this system.
CMS will take precautionary
measures to minimize the risks of
unauthorized access to the records and
the potential harm to individual privacy
or other personal or property rights.
CMS will collect only that information
necessary to perform the system’s
functions. In addition, CMS will make
disclosure from the proposed system
only with consent of the subject
individual, or his/her legal
representative, or in accordance with an
applicable exception provision of the
Privacy Act. CMS, therefore, does not
anticipate an unfavorable effect on
individual privacy as a result of the
disclosure of information relating to
individuals.
measurement results as well as, clinical
and claims information provided by
individual physicians, practitioners and
providers of services, individuals
assigned to provider groups, insurance
and provider associations, government
agencies, accrediting and quality
organizations, and others who are
committed to improving the quality of
physician, practitioner, and other
providers’ services.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains the patient’s or
beneficiary’s name, sex, health
insurance claim number (HIC), Social
Security Number (SSN), address, date of
birth, medical record number(s), prior
stay information, provider name and
address, physician’s name, and/or
identification number, date of
admission or discharge, other health
insurance, diagnosis, surgical
procedures, and a statement of services
rendered for related charges and other
data needed to substantiate claims. The
system contains provider
characteristics, prescriber identification
number(s), assigned provider number(s)
(facility, referring/servicing physician),
and national drug code information,
total charges, and Medicare payment
amounts.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
System No. 09–70–0584
Authority for the collection,
maintenance, and disclosures from this
system is given under provisions of
§§ 1152, 1153(c), 1153(e), 1154, 1160,
1848(k), 1848(m), 1851(d) and 1862(g) of
the Social Security Act; § 101 of
division B of the Tax Relief and Health
Care Act of 2006; § 101 of the Medicare,
Medicaid, and SCHIP Extension Act of
2007, §§ 131 and 132 of the Medicare
Improvements for Patients and
Providers Act of 2008, and §§ 901, 912,
and 914 of the Public Health Service
Act.
SYSTEM NAME:
PURPOSE(S) OF THE SYSTEM:
‘‘Performance Measurement and
Reporting System (PMRS),’’ HHS/CMS/
OCSQ.
The primary purpose of this system is
to support the collection, maintenance,
and processing of information to
promote the delivery of high quality,
efficient, effective and economical
delivery of health care services, and
promoting the quality of services of the
type for which payment may be made
under title XVIII by allowing for the
establishment and implementation of
performance measures, provision of
feedback to physicians, and public
reporting of performance information.
Information in this system will also be
disclosed to: (1) Support regulatory,
reimbursement, and policy functions
performed for the Agency or by a
contractor, consultant, or a CMS
Dated: December 18, 2008.
Charlene Frizzera,
Chief Operating Officer, Centers for Medicare
& Medicaid Services.
SECURITY CLASSIFICATION:
Level Three Privacy Act Sensitive.
SYSTEM LOCATION:
CMS Data Center, 7500 Security
Boulevard, North Building, First Floor,
Baltimore, Maryland 21244–1850 and at
various contractor sites.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
The system contains single and multipayer, patient de-identified, individual
physician, practitioner or other
provider-level performance
PO 00000
Frm 00054
Fmt 4703
Sfmt 4703
E:\FR\FM\31DEN1.SGM
31DEN1
Federal Register / Vol. 73, No. 251 / Wednesday, December 31, 2008 / Notices
grantee; (2) assist another Federal and/
or state agency, agency of a state
government, or an agency established by
state law; (3) promote more informed
choices by Medicare beneficiaries
among their Medicare group options by
making physician performance
measurement information available to
Medicare beneficiaries through a Web
site and other forms of data
dissemination; (4) provide CVEs and
data aggregators with information that
will assist in generating single or multipayer performance measurement results
to promote transparency in health care
to members of their community; (5)
assist individual physicians,
practitioners, providers of services,
suppliers, laboratories, and other health
care professionals who are participating
in health care transparency projects; (6)
assist individuals or organizations with
projects that provide transparency in
health care on a broad-scale enabling
consumers to compare the quality and
price of health care services; or for
research, evaluation, and
epidemiological projects related to the
prevention of disease or disability;
restoration or maintenance of health or
for payment purposes; (7) assist Quality
Improvement Organizations; (8) support
litigation involving the agency; and (9)
and (10) combat fraud, waste, and abuse
in certain health benefits programs.
pwalker on PROD1PC71 with NOTICES
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OR USERS AND
THE PURPOSES OF SUCH USES:
A. Entities Who May Receive
Disclosures Under Routine Use
These routine uses specify
circumstances, in addition to those
provided by statute in the Privacy Act
of 1974, under which CMS may release
information from the PMRS without the
consent/authorization of the individual
to whom such information pertains.
Each proposed disclosure of information
under these routine uses will be
evaluated to ensure that the disclosure
is legally permissible, including but not
limited to ensuring that the purpose of
the disclosure is compatible with the
purpose for which the information was
collected. We propose to establish the
following routine use disclosures of
information maintained in the system:
1. To support Agency contractors,
consultants, or CMS grantees who have
been engaged by the Agency to assist in
accomplishment of a CMS function
relating to the purposes for this SOR
and who need to have access to the
records in order to assist CMS.
2. Pursuant to agreements with CMS
to assist another Federal or state agency,
agency of a state government, or an
agency established by state law to:
VerDate Aug<31>2005
17:41 Dec 30, 2008
Jkt 217001
a. Contribute to projects that provide
transparency in health care on a broadscale enabling consumers to compare
the quality and price of health care
services,
b. Contribute to the accuracy of CMS’s
proper payment of Medicare benefits,
c. Enable such agency to administer a
Federal health benefits program, or as
necessary to enable such agency to
fulfill a requirement of a Federal statute
or regulation that implements a health
benefits program funded in whole or in
part with Federal funds, and/or
d. Assist Federal/state Medicaid
programs which may require PMRS
information for purposes related to this
system.
3. To assist in making the individual
physician-level performance
measurement results available to
Medicare beneficiaries, through a Web
site and other forms of data
dissemination, in order to promote more
informed choices by Medicare
beneficiaries among their Medicare
coverage options.
4. To provide Chartered Value
Exchanges (CVE) and data aggregators
with information that will assist in
generating single or multi-payer
performance measurement results that
will assist beneficiaries in making
informed choices among individual
physicians, practitioners and providers
of services; enable consumers to
compare the quality and price of health
care services; and assist in providing
transparency in health care at the local
level if CMS:
determines that the use or disclosure
does not violate legal limitations under
which the record was provided,
collected, or obtained;
a. Determines that the purpose for
which the disclosure is to be made:
(1) Is of sufficient importance to
warrant the effect and/or risk on the
privacy of the individual that additional
exposure of the record might bring, and
(2) There is reasonable probability
that the objective for the use would be
accomplished;
b. Requires the recipient of the
information to establish reasonable
administrative, technical, and physical
safeguards to prevent unauthorized use
or disclosure of the record,
c. Make no further use or disclosure
of the record except:
(1) For use in another project
providing transparency in health care,
under these same conditions, and with
written authorization of CMS;
(2) When required by law.
d. Secures a written statement
attesting to the information recipient’s
understanding of and willingness to
abide by these provisions. CVEs and
PO 00000
Frm 00055
Fmt 4703
Sfmt 4703
80415
data aggregators should complete a Data
Use Agreement (CMS Form 0235) in
accordance with current CMS policies.
5. To assist individual physicians,
practitioners, providers of services,
suppliers, laboratories, and others
health care professionals who are
participating in health care transparency
projects.
6. To assist an individual or
organization with projects that provide
transparency in health care on a broadscale enabling consumers to compare
the quality and price of health care
services; or for research, evaluation, and
epidemiological projects related to the
prevention of disease or disability;
restoration or maintenance of health or
for payment purposes if CMS:
a. Determines that the use or
disclosure does not violate legal
limitations under which the record was
provided, collected, or obtained;
b. Determines that the purpose for
which the disclosure is to be made:
(1) Cannot be reasonably
accomplished unless the record is
provided in individually identifiable
form,
(2) Is of sufficient importance to
warrant the effect and/or risk on the
privacy of the individual that additional
exposure of the record might bring, and
(3) There is reasonable probability
that the objective for the use would be
accomplished;
c. Requires the recipient of the
information to:
(1) Establish reasonable
administrative, technical, and physical
safeguards to prevent unauthorized use
or disclosure of the record, and
(2) Remove or destroy the information
that allows the individual to be
identified at the earliest time at which
removal or destruction can be
accomplished consistent with the
purpose of the project, unless the
recipient presents an adequate
justification of a research or health
nature for retaining such information,
and
(3) Make no further use or disclosure
of the record except:
(a) For disclosure to a properly
identified person, for purposes of
providing transparency in health care
enabling consumers to compare the
quality and price of health care services
so that they can make informed choices
among individual physicians,
practitioners and providers of services;
(b) In emergency circumstances
affecting the health or safety of any
individual;
(c) For use in another research project,
under these same conditions, and with
written authorization of CMS;
E:\FR\FM\31DEN1.SGM
31DEN1
pwalker on PROD1PC71 with NOTICES
80416
Federal Register / Vol. 73, No. 251 / Wednesday, December 31, 2008 / Notices
(d) For disclosure to a properly
identified person for the purpose of an
audit related to the research project, if
information that would enable research
subjects to be identified is removed or
destroyed at the earliest opportunity
consistent with the purpose of the audit;
or
(e) When required by law.
d. Secures a written statement
attesting to the information recipient’s
understanding of and willingness to
abide by these provisions. Researchers
should complete a Data Use Agreement
(CMS Form 0235) in accordance with
current CMS policies.
7. To support Quality Improvement
Organizations (QIO) in connection with
review of claims, or in connection with
studies or other review activities
conducted pursuant to Part B of Title XI
of the Act and in performing affirmative
outreach activities to individuals for the
purpose of establishing and maintaining
their entitlement to Medicare benefits or
health insurance plans.
8. To support the Department of
Justice (DOJ), court, or adjudicatory
body when:
a. The Agency or any component
thereof, or
b. Any employee of the Agency in his
or her official capacity, or
c. Any employee of the Agency in his
or her individual capacity where the
DOJ has agreed to represent the
employee, or
d. The United States Government,
is a party to litigation or has an
interest in such litigation, and by careful
review, CMS determines that the
records are both relevant and necessary
to the litigation and that the use of such
records by the DOJ, court or
adjudicatory body is compatible with
the purpose for which the agency
collected the records.
9. To assist a CMS contractor
(including, but not limited to MACs,
fiscal intermediaries and carriers) that
assists in the administration of a CMSadministered health benefits program,
or to a grantee of a CMS-administered
grant program, when disclosure is
deemed reasonably necessary by CMS to
prevent, deter, discover, detect,
investigate, examine, prosecute, sue
with respect to, defend against, correct,
remedy, or otherwise combat fraud,
waste or abuse in such program.
10. To assist another Federal agency
or to an instrumentality of any
governmental jurisdiction within or
under the control of the United States
(including any state or local
governmental agency), that administers,
or that has the authority to investigate
potential fraud, waste or abuse in a
health benefits program funded in
VerDate Aug<31>2005
17:41 Dec 30, 2008
Jkt 217001
whole or in part by Federal funds, when
disclosure is deemed reasonably
necessary by CMS to prevent, deter,
discover, detect, investigate, examine,
prosecute, sue with respect to, defend
against, correct, remedy, or otherwise
combat fraud, waste or abuse in such
programs.
B. Additional Circumstances
Affecting Routine Use Disclosures
To the extent this system contains
Protected Health Information (PHI) as
defined by HHS regulation ‘‘Standards
for Privacy of Individually Identifiable
Health Information’’ (45 CFR Parts 160
and 164, Subparts A and E) 65 Fed. Reg.
82462 (12–28–00). Disclosures of such
PHI that are otherwise authorized by
these routine uses may only be made if,
and as, permitted or required by the
‘‘Standards for Privacy of Individually
Identifiable Health Information.’’ (See
45 CFR 164–512(a)(1).)
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are stored on both tape
cartridges (magnetic storage media) and
in a DB2 relational database
management environment (DASD data
storage media).
RETRIEVABILITY:
Information is most frequently
retrieved by HICN, provider number
(facility, physician, IDs), service dates,
and beneficiary state code.
SAFEGUARDS:
CMS has safeguards in place for
authorized users and monitors such
users to ensure against unauthorized
use. Personnel having access to the
system have been trained in the Privacy
Act and information security
requirements. Employees who maintain
records in this system are instructed not
to release data until the intended
recipient agrees to implement
appropriate management, operational
and technical safeguards sufficient to
protect the confidentiality, integrity and
availability of the information and
information systems and to prevent
unauthorized access.
This system will conform to all
applicable Federal laws and regulations
and Federal, HHS, and CMS policies
and standards as they relate to
information security and data privacy.
These laws and regulations include but
are not limited to: The Privacy Act of
1974; the Federal Information Security
Management Act of 2002; the Computer
Fraud and Abuse Act of 1986; the
Health Insurance Portability and
Accountability Act of 1996; the E-
PO 00000
Frm 00056
Fmt 4703
Sfmt 4703
Government Act of 2002, the ClingerCohen Act of 1996; the Medicare
Modernization Act of 2003, and the
corresponding implementing
regulations. OMB Circular A–130,
Management of Federal Resources,
Appendix III, Security of Federal
Automated Information Resources also
applies. Federal, HHS, and CMS
policies and standards include but are
not limited to: All pertinent National
Institute of Standards and Technology
publications; the HHS Information
Systems Program Handbook and the
CMS Information Security Handbook.
RETENTION AND DISPOSAL:
Records are maintained with
identifiers for all transactions after they
are entered into the system for a period
of 20 years. Records are housed in both
active and archival files. All claimsrelated records are encompassed by the
document preservation order and will
be retained until notification is received
from the Department of Justice.
SYSTEM MANAGER AND ADDRESS:
Director, Quality Measurement and
Health Assessment Group, Office of
Clinical Standards and Quality, CMS,
Room C1–23–14, 7500 Security
Boulevard, Baltimore, Maryland 21244–
1850.
NOTIFICATION PROCEDURE:
For purpose of notification, the
subject individual should write to the
system manager who will require the
system name, and the retrieval selection
criteria (e.g., HICN, Provider number,
etc.).
RECORD ACCESS PROCEDURE:
For purpose of access, use the same
procedures outlined in Notification
Procedures above. Requestors should
also reasonably specify the record
contents being sought. (These
procedures are in accordance with
Department regulation 45 CFR
5b.5(a)(2).)
CONTESTING RECORD PROCEDURES:
The subject individual should contact
the system manager named above, and
reasonably identify the record and
specify the information to be contested.
State the corrective action sought and
the reasons for the correction with
supporting justification. (These
procedures are in accordance with
Department regulation 45 CFR 5b.7.)
RECORD SOURCE CATEGORIES:
Medicare Beneficiary Database (09–
70–0536), National Claims History File
(09–70–0558), and private physicians,
private providers, laboratories, other
providers and suppliers who are
E:\FR\FM\31DEN1.SGM
31DEN1
Federal Register / Vol. 73, No. 251 / Wednesday, December 31, 2008 / Notices
participating in health care transparency
projects sponsored by the Agency.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS
OF THE ACT:
None.
[FR Doc. E8–31146 Filed 12–30–08; 8:45 am]
BILLING CODE 4120–03–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
National Institutes of Health
Center for Scientific Review; Notice of
Closed Meetings
pwalker on PROD1PC71 with NOTICES
Pursuant to section 10(d) of the
Federal Advisory Committee Act, as
amended (5 U.S.C. Appendix 2), notice
is hereby given of the following
meetings.
The meetings will be closed to the
public in accordance with the
provisions set forth in sections
552b(c)(4) and 552b(c)(6), Title 5 U.S.C.,
as amended. The grant applications and
the discussions could disclose
confidential trade secrets or commercial
property such as patentable material,
and personal information concerning
individuals associated with the grant
applications, the disclosure of which
would constitute a clearly unwarranted
invasion of personal privacy.
Name of Committee: Bioengineering
Sciences & Technologies; Integrated Review
Group Instrumentation and Systems
Development Study Section.
Date: January 20–21, 2009.
Time: 7 p.m. to 5 p.m.
Agenda: To review and evaluate grant
applications.
Place: Hotel Kabuki, 1625 Post Street, San
Francisco, CA 94155.
Contact Person: Marc Rigas, PhD, Scientific
Review Officer, Center for Scientific Review,
National Institutes of Health, 6701 Rockledge
Drive, Room 5158, MSC 7849, Bethesda, MD
20892, 301–402–1074, rigasm@mail.nih.gov.
Name of Committee: Center for Scientific
Review Special Emphasis Panel; Research on
Ethical Issues in Human Studies.
Date: January 22, 2009.
Time: 12 p.m. to 4 p.m.
Agenda: To review and evaluate grant
applications.
Place: National Institutes of Health, 6701
Rockledge Drive, Bethesda, MD 20892,
(Virtual Meeting).
Contact Person: Ellen K. Schwartz, EDD,
Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 3168,
MSC 7770, Bethesda, MD 20892, 301–435–
0681, schwarte@csr.nih.gov.
Name of Committee: Center for Scientific
Review Special Emphasis Panel; Platelet
Biology.
Date: January 26, 2009.
Time: 2 p.m. to 4 p.m.
VerDate Aug<31>2005
17:41 Dec 30, 2008
Jkt 217001
Agenda: To review and evaluate grant
applications.
Place: National Institutes of Health, 6701
Rockledge Drive, Bethesda, MD 20892,
(Telephone Conference Call).
Contact Person: Manjit Hanspal, PhD,
Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 4138,
MSC 7804, Bethesda, MD 20892, 301–435–
1195, hanspalm@csr.nih.gov.
Name of Committee: Bioengineering
Sciences & Technologies Integrated Review
Group; Nanotechnology Study Section.
Date: January 28–29, 2009.
Time: 8:30 a.m. to 5:30 p.m.
Agenda: To review and evaluate grant
applications.
Place: Hilton Alexandria Old Town, 1767
King Street, Alexandria, VA 22314.
Contact Person: Joseph D. Mosca, PhD,
Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 5158,
MSC 7808, Bethesda, MD 20892, (301) 435–
2344, moscajos@csr.nih.gov.
Name of Committee: Molecular, Cellular
and Developmental Neuroscience Integrated
Review Group; Biophysics of Neural Systems
Study Section.
Date: January 29, 2009.
Time: 8 a.m. to 8 p.m.
Agenda: To review and evaluate grant
applications.
Place: Fairmont Hotel, 2401 M Street, NW.,
Washington, DC 20037.
Contact Person: Geoffrey G. Schofield,
PhD, Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 4040–A,
MSC 7850, Bethesda, MD 20892, 301–435–
1235, geoffreys@csr.nih.gov.
Name of Committee: Brain Disorders and
Clinical Neuroscience Integrated Review
Group; Clinical Neuroscience and
Neurodegeneration Study Section.
Date: January 29, 2009.
Time: 8 a.m. to 5 p.m.
Agenda: To review and evaluate grant
applications.
Place: Mark Hopkins San Francisco Hotel,
One Nob Hill, San Francisco, CA 94108.
Contact Person: Rene Etcheberrigaray, MD,
Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 5196,
MSC 7846, Bethesda, MD 20892, (301) 435–
1246, etcheber@csr.nih.gov.
Name of Committee: Oncological Sciences
Integrated Review Group; Cancer Biomarkers
Study Section.
Date: February 3–4, 2009.
Time: 8 a.m. to 5 p.m.
Agenda: To review and evaluate grant
applications.
Place: Holiday Inn Georgetown, 2101
Wisconsin Avenue, NW., Washington, DC
20007.
Contact Person: Steven B. Scholnick, PhD,
Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 6152,
MSC 7804, Bethesda, MD 20892, 301–435–
1719, scholnis@csr.nih.gov.
Name of Committee: Genes, Genomes, and
Genetics Integrated Review Group;
PO 00000
Frm 00057
Fmt 4703
Sfmt 4703
80417
Genomics, Computational Biology and
Technology Study Section.
Date: February 3–4, 2009.
Time: 8:30 a.m. to 5 p.m.
Agenda: To review and evaluate grant
applications.
Place: Hyatt Regency Bethesda, One
Bethesda Metro Center, 7400 Wisconsin
Avenue, Bethesda, MD 20814.
Contact Person: Barbara J. Thomas, PhD,
Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 2218,
MSC 7890, Bethesda, MD 20892, 301–435–
0603, bthomas@csr.nih.gov.
Name of Committee: Center for Scientific
Review Special Emphasis Panel; Member
Conflict: Mechanisms of Cancer Prevention.
Date: February 3, 2009.
Time: 1 p.m. to 3 p.m.
Agenda: To review and evaluate grant
applications.
Place: National Institutes of Health, 6701
Rockledge Drive, Bethesda, MD 20892,
(Telephone Conference Call).
Contact Person: Zhiqiang Zou, MD, PhD,
Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 6190,
MSC 7804, Bethesda, MD 20892, 301–451–
0132, zouzhiq@csr.nih.gov.
Name of Committee: Digestive Sciences
Integrated Review Group; Xenobiotic and
Nutrient Disposition and Action Study
Section.
Date: February 4, 2009.
Time: 8 a.m. to 6 p.m.
Agenda: To review and evaluate grant
applications.
Place: Hyatt Regency Bethesda, One
Bethesda Metro Center, 7400 Wisconsin
Avenue, Bethesda, MD 20814.
Contact Person: Patricia Greenwel, PhD,
Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 2172,
MSC 7818, Bethesda, MD 20892, 301–435–
1169, greenwep@csr.nih.gov.
Name of Committee: Health of the
Population Integrated Review Group; Kidney,
Nutrition, Obesity and Diabetes Study
Section.
Date: February 4–5, 2009.
Time: 8 a.m. to 11 a.m.
Agenda: To review and evaluate grant
applications.
Place: Bahia Resort Hotel, 998 W. Mission
Bay Drive, San Diego, CA 92109.
Contact Person: Fungai F. Chanetsa, PhD,
Scientific Review Officer, Center for
Scientific Review, National Institutes of
Health, 6701 Rockledge Drive, Room 3135,
MSC 7770, Bethesda, MD 20892, 301–435–
1262, chanetsaf@csr.nih.gov.
Name of Committee: Bioengineering
Sciences & Technologies Integrated Review
Group; Gene and Drug Delivery Systems
Study Section.
Date: February 4–5, 2009.
Time: 8 a.m. to 5 p.m.
Agenda: To review and evaluate grant
applications.
Place: Sir Francis Drake Hotel, 450 Powell
Street, San Francisco, CA 94102.
Contact Person: Steven J. Zullo, PhD,
Scientific Review Officer, Center for
E:\FR\FM\31DEN1.SGM
31DEN1
Agencies
[Federal Register Volume 73, Number 251 (Wednesday, December 31, 2008)]
[Notices]
[Pages 80412-80417]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-31146]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Medicare & Medicaid Services
Privacy Act of 1974; Notice of Modified System of Records
AGENCY: Department of Health and Human Services (HHS), Centers for
Medicare & Medicaid Services (CMS).
ACTION: Notice of a Modified System of Records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, CMS is proposing to make minor amendments to an existing system
of records (SOR) titled, ``Performance Measurement and Reporting System
(PMRS),'' System No. 09-70-0584, published at 72 FR 52133 (September
12, 2007). PMRS serves as a master system of records to assist in
projects that provide transparency in health care on a broad scale
enabling consumers to compare the quality and price of health care
services so that they can make informed choices among individual
physicians, practitioners, and other providers of services. We are
making minor amendments to PMRS to include two additional legal
authorities: The Medicare, Medicaid, and SCHIP Extension Act of 2007
(MMSEA) (Pub. L. 110-173) and the Medicare Improvements for Patients
and Providers Act of 2008 (MIPPA) (Pub. L. 110-275). Section 101(b) of
the MMSEA amended section 1848(k)(2)(B) of the Social Security Act (the
Act) (42 U.S.C. 1395w-4) and section 101(c) of division B of the Tax
Relief and Health Care Act of 2006 to extend the Physician Quality
Reporting Initiative (PQRI). MIPPA, effective July 15, 2008, extended
the PQRI for 2010 and subsequent years and authorized a new incentive
program for successful electronic prescribers under section 1848(m)(2)
of the Act. In addition, the MIPPA requires the Secretary to post on
the CMS Web site the names of eligible professionals or group practices
who satisfactorily submit data on quality measures through PQRI and the
names of those eligible professionals or group practices who are
successful electronic prescribers. This requirement is codified at
section 1848(m)(5)(G) of the Act. Accordingly, CMS is adding Sec. Sec.
131 and 132 of MIPPA, Sec. 101 of MMSEA, Sec. 1848(k) of the Act, and
Sec. 1848(m) of the Act to the PMRS' legal authority section.
In addition, we are clarifying in this notice that the term,
``performance measurement results'' used in the PMRS includes, but is
not limited to, submission of data on measures, e-prescribing usage,
frequency of reporting or performance, as well as rates or scores based
on application of specific measures. We consider all of these types of
information to be valid indicators of a physician's, practitioner's, or
other provider's commitment to and delivery of high quality, high value
health care.
The primary purpose of this system is to support the collection,
maintenance, and processing of information to promote the delivery of
high quality, efficient, effective, and economical health care
services, and promoting the quality and efficiency of services of the
type for which payment may be made under title XVIII by allowing for
the establishment and implementation of performance measures, the
provision of feedback to physicians, and public reporting of
performance information. Information in this system will also be
disclosed to: (1) Support regulatory, reimbursement, and policy
functions performed for the Agency or by a contractor, consultant, or a
CMS grantee; (2) assist another Federal and/or state agency, agency of
a state government, or an agency established by state law; (3) promote
more informed choices by Medicare beneficiaries among their Medicare
group options by making physician performance measurement information
available to Medicare beneficiaries through a Web site and other forms
of data dissemination; (4) provide CVEs and data aggregators with
information that will assist in generating single or multi-payer
performance measurement results to promote transparency in health care
to members of their community; (5) assist individual physicians,
practitioners, providers of services, suppliers, laboratories, and
other health care professionals who are participating in health care
transparency projects; (6) assist individuals or organizations with
projects that provide transparency in health care on a broad scale
enabling consumers to compare the quality and price of health care
services; or for research, evaluation, and epidemiological projects
related to the prevention of disease or disability;
[[Page 80413]]
restoration or maintenance of health or for payment purposes; (7)
assist Quality Improvement Organizations; (8) support litigation
involving the agency; and (9) and (10) combat fraud, waste, and abuse
in certain health benefits programs. We have provided background
information about this modified system in the Supplementary Information
section below
DATES: Effective Dates: The minor amendments contained in this notice
are effective upon publication in the Federal Register.
FOR FURTHER INFORMATION CONTACT: Aucha Prachanronarong, Health
Insurance Specialist, Division of Ambulatory Care and Measure
Management, Quality Measurement and Health Assessment Group, Office of
Clinical Standards and Quality, CMS, Room C1-23-14, 7500 Security
Boulevard, Baltimore, Maryland 21244-1850. The telephone number is
(410) 786-1879 or contact Aucha.Prachanronarong@cms.hhs.gov.
SUPPLEMENTARY INFORMATION: The Value-driven Health Care Initiative is
designed to achieve four cornerstones: Interoperable health information
technology (HIT); transparency of price information; transparency of
quality information; and the use of incentives to promote high-quality
and cost-efficient health care. Regional/local public-private
collaboration is essential to the success of this Initiative. As such,
the Initiative is encouraging the growth of regional public-private
collaboratives that will be chartered by the Agency for Healthcare
Research and Quality (AHRQ) to support and achieve the four
cornerstones. Only mature, sustainable, multi-stakeholder entities that
are committed to achieving the four cornerstones, including publicly
reporting physician-level and other provider performance measurement
information and facilitating the use of this information to improve the
quality and efficiency of health care delivery, will become Chartered
Value Exchanges (CVEs).
Provided they meet certain criteria established by CMS and
disclosure is consistent with the Privacy Act, the Health Insurance
Portability and Accountability Act (HIPAA) Privacy Rule and other
applicable laws, CMS may provide CVEs with patient de-identified
Medicare-inclusive individual physician-level or group practice level
performance measurement results. CMS also may provide physician and
patient identifiable protected health claims data information to data
aggregators that are HIPAA business associates of CMS (including
working with providers, payers, or other HIPAA covered entities) for
purposes for generating these results. The patient de-identified
results will be calculated using Medicare claims data based on
consensus-based measures as determined by CMS, including but not
limited to quality, resource use, efficiency, and utilization metrics.
Available results may include single payer (i.e., Medicare only and
private payer only performance measurement results) and/or multi-payer
(i.e., results generated from merging or combining Medicare results
with private payer results) patient de-identified, individual
physician-level performance measurement results. CMS also may make
patient de-identified and individual physician-level or group practice
level performance measurement results available to Medicare
beneficiaries, and others that meet CMS requirements for disclosure.
CMS also has implemented a pilot project known as, ``The Better
Quality Information to Improve Care for Medicare Beneficiaries (BQI)
Project'' to develop a model to combine data, quality measurement, and
public reporting. Through the BQI project, each pilot collaborative, as
a QIO subcontractor, is combining private claims data with Medicare
claims data and, in some cases, Medicaid claims data to produce single
payer and/or multi-payer, patient de-identified, individual physician-
level or group practice level performance measurement results using
quality measures that are approved by CMS. These performance
measurement results were made available to Medicare beneficiaries by
CMS or a CMS contractor.
In addition, as required by the Tax Relief and Health Care Act of
2006, CMS implemented a voluntary Physician Quality Reporting
Initiative (PQRI). Under PQRI, eligible professionals who choose to
participate and satisfactorily report on a designated set of quality
measures for services paid under the Medicare Physician Fee Schedule
and provided to Medicare beneficiaries under the traditional fee-for-
service program, may earn an incentive payment. Participating eligible
professionals whose Medicare patients in the traditional fee-for-
service program fit the specifications of the PQRI quality measures
will report the corresponding appropriate Common Procedural Terminology
(CPT) Category II codes or G-codes on their claims or through qualified
PQRI registries.
In 2009, CMS also will implement an Electronic Prescribing (E-
Prescribing) Incentive Program as required by the MIPPA. Eligible
professionals who choose to participate and are successful electronic
prescribers may earn an incentive payment. MIPPA also requires CMS to
publicly report the names of eligible professionals or group practices
who satisfactorily submit data on quality measures through PQRI and the
names of those eligible professionals or group practices who are
successful e-prescribers.
CMS may publicly report additional performance information,
including submission of data on measures, e-prescribing usage,
frequency of reporting or performance, as well as specific rates or
scores based on application of specific measures. CMS considers all of
these types of information to be valid indicators of a physician,
practitioner, or other health care provider's commitment to and
delivery of high quality, high value health care.
I. Description of the Proposed System of Records
A. Statutory and Regulatory Basis for System
Authority for the collection, maintenance, and disclosures from
this system is given under provisions of Sec. Sec. 1152, 1153(c),
1153(e), 1154, 1160, 1848(k), 1848(m), 1851(d) and 1862(g) of the
Social Security Act; Sec. 101 of division B of the Tax Relief and
Health Care Act of 2006; Sec. 101 of the Medicare, Medicaid, and SCHIP
Extension Act of 2007, Sec. Sec. 131 and 132 of MIPPA, and Sec. Sec.
901, 912, and 914 of the Public Health Service Act.
B. Collection and Maintenance of Data in the System
The system contains single and multi-payer, patient de-identified,
individual physician-level performance measurement results as well as,
patient identifiable clinical and claims information provided by
individual physicians, practitioners and providers of services,
individuals assigned to provider groups, insurance and provider
associations, government agencies, accrediting and quality
organizations, and others who are committed to improving the quality of
physician services. This system contains the patient's or beneficiary's
name, sex, health insurance claim number (HIC), Social Security Number
(SSN), address, date of birth, medical record number(s), prior stay
information, provider name and address, physician's name, and/or
identification number, date of admission or discharge, other health
insurance, diagnosis, surgical procedures, and a statement of services
rendered for related charges and other
[[Page 80414]]
data needed to substantiate claims. The system contains provider
characteristics, prescriber identification number(s), assigned provider
number(s) (facility, referring/servicing physician), and national drug
code information, total charges, and Medicare payment amounts.
II. Agency Policies, Procedures, and Restrictions on Routine Uses
The Privacy Act permits us to disclose information without an
individual's consent/authorization if the information is to be used for
a purpose that is compatible with the purpose(s) for which the
information was collected. Any such disclosure of data is known as a
``routine use.'' The agency policies, procedures, and restriction on
routine uses for the PMRS were published in the Federal Register on
September 12, 2007. See 72 FR 52133 (Sept. 12, 2007) for further
information.
III. Routine Use Disclosures of Data In the System
For further information on the routine uses for the PMRS, please
see 72 FR 52133.
IV. Safeguards
CMS has safeguards in place for authorized users and monitors such
users to ensure against unauthorized use. Personnel having access to
the system have been trained in the Privacy Act and information
security requirements. Employees who maintain records in this system
are instructed not to release data until the intended recipient agrees
to implement appropriate management, operational and technical
safeguards sufficient to protect the confidentiality, integrity and
availability of the information and information systems and to prevent
unauthorized access.
This system will conform to all applicable Federal laws and
regulations and Federal, HHS, and CMS policies and standards as they
relate to information security and data privacy. These laws and
regulations include but are not limited to: The Privacy Act of 1974;
the Federal Information Security Management Act of 2002; the Computer
Fraud and Abuse Act of 1986; the Health Insurance Portability and
Accountability Act of 1996; the E-Government Act of 2002, the Clinger-
Cohen Act of 1996; the Medicare Modernization Act of 2003, and the
corresponding implementing regulations. OMB Circular A-130, Management
of Federal Resources, Appendix III, Security of Federal Automated
Information Resources also applies. Federal, HHS, and CMS policies and
standards include but are not limited to: All pertinent National
Institute of Standards and Technology publications; the HHS Information
Systems Program Handbook and the CMS Information Security Handbook.
V. Effects of the New System on the Rights of Individuals
CMS proposes to establish this system in accordance with the
principles and requirements of the Privacy Act and will collect, use,
and disseminate information only as prescribed therein. We will only
disclose the minimum personal data necessary to achieve the purpose of
PMRS. Disclosure of information from the system will be approved only
to the extent necessary to accomplish the purpose of the disclosure.
CMS has assigned a higher level of security clearance for the
information maintained in this system in an effort to provide added
security and protection of data in this system.
CMS will take precautionary measures to minimize the risks of
unauthorized access to the records and the potential harm to individual
privacy or other personal or property rights. CMS will collect only
that information necessary to perform the system's functions. In
addition, CMS will make disclosure from the proposed system only with
consent of the subject individual, or his/her legal representative, or
in accordance with an applicable exception provision of the Privacy
Act. CMS, therefore, does not anticipate an unfavorable effect on
individual privacy as a result of the disclosure of information
relating to individuals.
Dated: December 18, 2008.
Charlene Frizzera,
Chief Operating Officer, Centers for Medicare & Medicaid Services.
System No. 09-70-0584
SYSTEM NAME:
``Performance Measurement and Reporting System (PMRS),'' HHS/CMS/
OCSQ.
SECURITY CLASSIFICATION:
Level Three Privacy Act Sensitive.
SYSTEM LOCATION:
CMS Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850 and at various contractor sites.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The system contains single and multi-payer, patient de-identified,
individual physician, practitioner or other provider-level performance
measurement results as well as, clinical and claims information
provided by individual physicians, practitioners and providers of
services, individuals assigned to provider groups, insurance and
provider associations, government agencies, accrediting and quality
organizations, and others who are committed to improving the quality of
physician, practitioner, and other providers' services.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains the patient's or beneficiary's name, sex,
health insurance claim number (HIC), Social Security Number (SSN),
address, date of birth, medical record number(s), prior stay
information, provider name and address, physician's name, and/or
identification number, date of admission or discharge, other health
insurance, diagnosis, surgical procedures, and a statement of services
rendered for related charges and other data needed to substantiate
claims. The system contains provider characteristics, prescriber
identification number(s), assigned provider number(s) (facility,
referring/servicing physician), and national drug code information,
total charges, and Medicare payment amounts.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Authority for the collection, maintenance, and disclosures from
this system is given under provisions of Sec. Sec. 1152, 1153(c),
1153(e), 1154, 1160, 1848(k), 1848(m), 1851(d) and 1862(g) of the
Social Security Act; Sec. 101 of division B of the Tax Relief and
Health Care Act of 2006; Sec. 101 of the Medicare, Medicaid, and SCHIP
Extension Act of 2007, Sec. Sec. 131 and 132 of the Medicare
Improvements for Patients and Providers Act of 2008, and Sec. Sec.
901, 912, and 914 of the Public Health Service Act.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of this system is to support the collection,
maintenance, and processing of information to promote the delivery of
high quality, efficient, effective and economical delivery of health
care services, and promoting the quality of services of the type for
which payment may be made under title XVIII by allowing for the
establishment and implementation of performance measures, provision of
feedback to physicians, and public reporting of performance
information. Information in this system will also be disclosed to: (1)
Support regulatory, reimbursement, and policy functions performed for
the Agency or by a contractor, consultant, or a CMS
[[Page 80415]]
grantee; (2) assist another Federal and/or state agency, agency of a
state government, or an agency established by state law; (3) promote
more informed choices by Medicare beneficiaries among their Medicare
group options by making physician performance measurement information
available to Medicare beneficiaries through a Web site and other forms
of data dissemination; (4) provide CVEs and data aggregators with
information that will assist in generating single or multi-payer
performance measurement results to promote transparency in health care
to members of their community; (5) assist individual physicians,
practitioners, providers of services, suppliers, laboratories, and
other health care professionals who are participating in health care
transparency projects; (6) assist individuals or organizations with
projects that provide transparency in health care on a broad-scale
enabling consumers to compare the quality and price of health care
services; or for research, evaluation, and epidemiological projects
related to the prevention of disease or disability; restoration or
maintenance of health or for payment purposes; (7) assist Quality
Improvement Organizations; (8) support litigation involving the agency;
and (9) and (10) combat fraud, waste, and abuse in certain health
benefits programs.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OR USERS AND THE PURPOSES OF SUCH USES:
A. Entities Who May Receive Disclosures Under Routine Use
These routine uses specify circumstances, in addition to those
provided by statute in the Privacy Act of 1974, under which CMS may
release information from the PMRS without the consent/authorization of
the individual to whom such information pertains. Each proposed
disclosure of information under these routine uses will be evaluated to
ensure that the disclosure is legally permissible, including but not
limited to ensuring that the purpose of the disclosure is compatible
with the purpose for which the information was collected. We propose to
establish the following routine use disclosures of information
maintained in the system:
1. To support Agency contractors, consultants, or CMS grantees who
have been engaged by the Agency to assist in accomplishment of a CMS
function relating to the purposes for this SOR and who need to have
access to the records in order to assist CMS.
2. Pursuant to agreements with CMS to assist another Federal or
state agency, agency of a state government, or an agency established by
state law to:
a. Contribute to projects that provide transparency in health care
on a broad-scale enabling consumers to compare the quality and price of
health care services,
b. Contribute to the accuracy of CMS's proper payment of Medicare
benefits,
c. Enable such agency to administer a Federal health benefits
program, or as necessary to enable such agency to fulfill a requirement
of a Federal statute or regulation that implements a health benefits
program funded in whole or in part with Federal funds, and/or
d. Assist Federal/state Medicaid programs which may require PMRS
information for purposes related to this system.
3. To assist in making the individual physician-level performance
measurement results available to Medicare beneficiaries, through a Web
site and other forms of data dissemination, in order to promote more
informed choices by Medicare beneficiaries among their Medicare
coverage options.
4. To provide Chartered Value Exchanges (CVE) and data aggregators
with information that will assist in generating single or multi-payer
performance measurement results that will assist beneficiaries in
making informed choices among individual physicians, practitioners and
providers of services; enable consumers to compare the quality and
price of health care services; and assist in providing transparency in
health care at the local level if CMS:
determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
a. Determines that the purpose for which the disclosure is to be
made:
(1) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the record
might bring, and
(2) There is reasonable probability that the objective for the use
would be accomplished;
b. Requires the recipient of the information to establish
reasonable administrative, technical, and physical safeguards to
prevent unauthorized use or disclosure of the record,
c. Make no further use or disclosure of the record except:
(1) For use in another project providing transparency in health
care, under these same conditions, and with written authorization of
CMS;
(2) When required by law.
d. Secures a written statement attesting to the information
recipient's understanding of and willingness to abide by these
provisions. CVEs and data aggregators should complete a Data Use
Agreement (CMS Form 0235) in accordance with current CMS policies.
5. To assist individual physicians, practitioners, providers of
services, suppliers, laboratories, and others health care professionals
who are participating in health care transparency projects.
6. To assist an individual or organization with projects that
provide transparency in health care on a broad-scale enabling consumers
to compare the quality and price of health care services; or for
research, evaluation, and epidemiological projects related to the
prevention of disease or disability; restoration or maintenance of
health or for payment purposes if CMS:
a. Determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
b. Determines that the purpose for which the disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is provided
in individually identifiable form,
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the record
might bring, and
(3) There is reasonable probability that the objective for the use
would be accomplished;
c. Requires the recipient of the information to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record, and
(2) Remove or destroy the information that allows the individual to
be identified at the earliest time at which removal or destruction can
be accomplished consistent with the purpose of the project, unless the
recipient presents an adequate justification of a research or health
nature for retaining such information, and
(3) Make no further use or disclosure of the record except:
(a) For disclosure to a properly identified person, for purposes of
providing transparency in health care enabling consumers to compare the
quality and price of health care services so that they can make
informed choices among individual physicians, practitioners and
providers of services;
(b) In emergency circumstances affecting the health or safety of
any individual;
(c) For use in another research project, under these same
conditions, and with written authorization of CMS;
[[Page 80416]]
(d) For disclosure to a properly identified person for the purpose
of an audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit; or
(e) When required by law.
d. Secures a written statement attesting to the information
recipient's understanding of and willingness to abide by these
provisions. Researchers should complete a Data Use Agreement (CMS Form
0235) in accordance with current CMS policies.
7. To support Quality Improvement Organizations (QIO) in connection
with review of claims, or in connection with studies or other review
activities conducted pursuant to Part B of Title XI of the Act and in
performing affirmative outreach activities to individuals for the
purpose of establishing and maintaining their entitlement to Medicare
benefits or health insurance plans.
8. To support the Department of Justice (DOJ), court, or
adjudicatory body when:
a. The Agency or any component thereof, or
b. Any employee of the Agency in his or her official capacity, or
c. Any employee of the Agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
d. The United States Government,
is a party to litigation or has an interest in such litigation, and
by careful review, CMS determines that the records are both relevant
and necessary to the litigation and that the use of such records by the
DOJ, court or adjudicatory body is compatible with the purpose for
which the agency collected the records.
9. To assist a CMS contractor (including, but not limited to MACs,
fiscal intermediaries and carriers) that assists in the administration
of a CMS-administered health benefits program, or to a grantee of a
CMS-administered grant program, when disclosure is deemed reasonably
necessary by CMS to prevent, deter, discover, detect, investigate,
examine, prosecute, sue with respect to, defend against, correct,
remedy, or otherwise combat fraud, waste or abuse in such program.
10. To assist another Federal agency or to an instrumentality of
any governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud,
waste or abuse in a health benefits program funded in whole or in part
by Federal funds, when disclosure is deemed reasonably necessary by CMS
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud, waste or abuse in such programs.
B. Additional Circumstances Affecting Routine Use Disclosures
To the extent this system contains Protected Health Information
(PHI) as defined by HHS regulation ``Standards for Privacy of
Individually Identifiable Health Information'' (45 CFR Parts 160 and
164, Subparts A and E) 65 Fed. Reg. 82462 (12-28-00). Disclosures of
such PHI that are otherwise authorized by these routine uses may only
be made if, and as, permitted or required by the ``Standards for
Privacy of Individually Identifiable Health Information.'' (See 45 CFR
164-512(a)(1).)
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are stored on both tape cartridges (magnetic storage media)
and in a DB2 relational database management environment (DASD data
storage media).
RETRIEVABILITY:
Information is most frequently retrieved by HICN, provider number
(facility, physician, IDs), service dates, and beneficiary state code.
SAFEGUARDS:
CMS has safeguards in place for authorized users and monitors such
users to ensure against unauthorized use. Personnel having access to
the system have been trained in the Privacy Act and information
security requirements. Employees who maintain records in this system
are instructed not to release data until the intended recipient agrees
to implement appropriate management, operational and technical
safeguards sufficient to protect the confidentiality, integrity and
availability of the information and information systems and to prevent
unauthorized access.
This system will conform to all applicable Federal laws and
regulations and Federal, HHS, and CMS policies and standards as they
relate to information security and data privacy. These laws and
regulations include but are not limited to: The Privacy Act of 1974;
the Federal Information Security Management Act of 2002; the Computer
Fraud and Abuse Act of 1986; the Health Insurance Portability and
Accountability Act of 1996; the E-Government Act of 2002, the Clinger-
Cohen Act of 1996; the Medicare Modernization Act of 2003, and the
corresponding implementing regulations. OMB Circular A-130, Management
of Federal Resources, Appendix III, Security of Federal Automated
Information Resources also applies. Federal, HHS, and CMS policies and
standards include but are not limited to: All pertinent National
Institute of Standards and Technology publications; the HHS Information
Systems Program Handbook and the CMS Information Security Handbook.
RETENTION AND DISPOSAL:
Records are maintained with identifiers for all transactions after
they are entered into the system for a period of 20 years. Records are
housed in both active and archival files. All claims-related records
are encompassed by the document preservation order and will be retained
until notification is received from the Department of Justice.
SYSTEM MANAGER AND ADDRESS:
Director, Quality Measurement and Health Assessment Group, Office
of Clinical Standards and Quality, CMS, Room C1-23-14, 7500 Security
Boulevard, Baltimore, Maryland 21244-1850.
NOTIFICATION PROCEDURE:
For purpose of notification, the subject individual should write to
the system manager who will require the system name, and the retrieval
selection criteria (e.g., HICN, Provider number, etc.).
RECORD ACCESS PROCEDURE:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2).)
CONTESTING RECORD PROCEDURES:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons for
the correction with supporting justification. (These procedures are in
accordance with Department regulation 45 CFR 5b.7.)
RECORD SOURCE CATEGORIES:
Medicare Beneficiary Database (09-70-0536), National Claims History
File (09-70-0558), and private physicians, private providers,
laboratories, other providers and suppliers who are
[[Page 80417]]
participating in health care transparency projects sponsored by the
Agency.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
None.
[FR Doc. E8-31146 Filed 12-30-08; 8:45 am]
BILLING CODE 4120-03-P