Privacy Act of 1974; Report of an Altered System of Records, 60763-60767 [2010-24568]

Download as PDF Federal Register / Vol. 75, No. 190 / Friday, October 1, 2010 / Notices mission to protect and promote people’s health. The board provides advice and guidance that will assist NCEH/ATSDR in ensuring scientific quality, timeliness, utility, and dissemination of results. The board also provides guidance to help NCEH/ATSDR work more efficiently and effectively with its various constituents and to fulfill its mission in protecting America’s health. MATTERS TO BE DISCUSSED: The agenda items for the BSC Meeting on October 21–22, 2010 will include presentations from the Division of Environmental Hazards and Health Effects to the BSC on Air Pollution and Respiratory Health, Environmental Health Tracking, and Climate Control; a discussion of ATSDR Funded State Reports; an update on Amyotrophic Lateral Sclerosis (ALS) Registry; Director Updates on ATSDR; Director Updates on NCEH and Program Response to BSC Program Peer Review of the Division of Laboratory Sciences. Agenda items are subject to change as priorities dictate. SUPPLEMENTARY INFORMATION: The public comment period is scheduled from 3:45 p.m. until 4 p.m. October 21, 2010. CONTACT PERSON FOR MORE INFORMATION: Sandra Malcom, Committee Management Specialist, NCEH/ATSDR, CDC, 4770 Buford Highway, Mail Stop F–61, Chamblee, Georgia 30345; telephone 770/488–0575, fax 770/488– 3377; E-mail: smalcom@cdc.gov. The deadline for notification of attendance is October 15, 2010. The Director, Management Analysis and Services Office, has been delegated the authority to sign Federal Register notices pertaining to announcements of meetings and other committee management activities for both CDC and NCEH/ATSDR. Dated: September 27, 2010. Elaine L. Baker, Director, Management Analysis and Services Office, Centers for Disease Control and Prevention. [FR Doc. 2010–24671 Filed 9–30–10; 8:45 am] BILLING CODE 4163–18–P DEPARTMENT OF HEALTH AND HUMAN SERVICES emcdonald on DSK2BSOYB1PROD with NOTICES National Institutes of Health Center for Scientific Review; Notice of Closed Meetings Pursuant to section 10(d) of the Federal Advisory Committee Act, as amended (5 U.S.C. App.), notice is hereby given of the following meetings. The meetings will be closed to the public in accordance with the VerDate Mar<15>2010 17:34 Sep 30, 2010 Jkt 220001 provisions set forth in sections 552b(c)(4) and 552b(c)(6), Title 5 U.S.C., as amended. The grant applications and the discussions could disclose confidential trade secrets or commercial property such as patentable material, and personal information concerning individuals associated with the grant applications, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy. Name of Committee: Healthcare Delivery and Methodologies Integrated Review Group, Biostatistical Methods and Research Design Study Section. Date: October 21, 2010. Time: 8 a.m. to 5 p.m. Agenda: To review and evaluate grant applications. Place: InterContinental Mark Hopkins Hotel, 999 California Street, San Francisco, CA 94108. Contact Person: Tomas Drgon, PhD, Scientific Review Officer, Center for Scientific Review, National Institutes of Health, 6701 Rockledge Drive, Room 3152, MSC 7770, Bethesda, MD 20892, 301–435– 1017, tdrgon@csr.nih.gov. Name of Committee: Center for Scientific Review Special Emphasis Panel, Member Conflict: Enabling Bioanalytical and Imaging Technologies. Date: October 29, 2010. Time: 10 a.m. to 1 p.m. Agenda: To review and evaluate grant applications. Place: National Institutes of Health, 6701 Rockledge Drive, Bethesda, MD 20892. (Telephone Conference Call) Contact Person: Allen Richon, PhD, Scientific Review Officer, Center for Scientific Review, National Institutes of Health, 6701 Rockledge Drive, Room 6181, MSC 7892, Bethesda, MD 20892, 301–435– 2902, allen.richon@nih.hhs.gov. Name of Committee: Center for Scientific Review Special Emphasis Panel, Member Conflict: Topics in Microbial Diseases. Date: November 1–2, 2010. Time: 9 a.m. to 5 p.m. Agenda: To review and evaluate grant applications. Place: National Institutes of Health, 6701 Rockledge Drive, Bethesda, MD 20892. (Virtual Meeting) Contact Person: Liangbiao Zheng, PhD, Scientific Review Officer, Center for Scientific Review, National Institutes of Health, 6701 Rockledge Drive, Room 3214, MSC 7808, Bethesda, MD 20892, 301–402– 5671, zhengli@csr.nih.gov. Name of Committee: Center for Scientific Review Special Emphasis Panel, Diabetes, Obesity and Endocrine Disorders. Date: November 2–3, 2010. Time: 11 a.m. to 2 p.m. Agenda: To review and evaluate grant applications. Place: National Institutes of Health, 6701 Rockledge Drive, Bethesda, MD 20892. (Virtual Meeting) Contact Person: Krish Krishnan, PhD, Scientific Review Officer, Center for Scientific Review, National Institutes of PO 00000 Frm 00053 Fmt 4703 Sfmt 4703 60763 Health, 6701 Rockledge Drive, Room 6164, MSC 7892, Bethesda, MD 20892, (301) 435– 1041, krishnak@csr.nih.gov. Name of Committee: Center for Scientific Review Special Emphasis Panel, Fellowships: Physiology and Pathobiology of Cardiovascular and Respiratory Systems. Date: November 18–19, 2010. Time: 8 a.m. to 5 p.m. Agenda: To review and evaluate grant applications. Place: The Fairmont San Francisco, 950 Mason Street, San Francisco, CA 94108. Contact Person: Abdelouahab Aitouche, PhD, Scientific Review Officer, Center for Scientific Review, National Institutes of Health, 6701 Rockledge Drive, Room 4222, MSC 7812, Bethesda, MD 20892, 301–435– 2365, aitouchea@csr.nih.gov. (Catalogue of Federal Domestic Assistance Program Nos. 93.306, Comparative Medicine; 93.333, Clinical Research, 93.306, 93.333, 93.337, 93.393–93.396, 93.837–93.844, 93.846–93.878, 93.892, 93.893, National Institutes of Health, HHS) Dated: September 27, 2010. Jennifer S. Spaeth, Director, Office of Federal Advisory Committee Policy. [FR Doc. 2010–24680 Filed 9–30–10; 8:45 am] BILLING CODE 4140–01–P DEPARTMENT OF HEALTH AND HUMAN SERVICES Health Resources and Services Administration Privacy Act of 1974; Report of an Altered System of Records Department of Health and Human Services (HHS), Health Resources and Services Administration (HRSA). ACTION: Notice of an Altered System of Records (SOR). AGENCY: In accordance with the requirements of the Privacy Act of 1974, the Health Resources and Services Administration (HRSA) is publishing a notice to alter the system of records for the National Practitioner Data Bank for Adverse Information on Physicians and other Health Care Practitioners, HHS/ HRSA/BHPR. The SORN 09–15–0054 was last published March 17, 1997. In accordance with the Health Care Quality Improvement Act of 1986, as amended, title IV of Public Law 99–660 (42 U.S.C. 11101 et seq.) authorizes the Secretary to establish a National Practitioner Data Bank (NPDB) to collect and release certain information relating to the professional competence and conduct of physicians, dentists, and other health care practitioners. This information is releasable only to specific entities described in the SORN. It requires the SUMMARY: E:\FR\FM\01OCN1.SGM 01OCN1 emcdonald on DSK2BSOYB1PROD with NOTICES 60764 Federal Register / Vol. 75, No. 190 / Friday, October 1, 2010 / Notices maintenance of records such as medical malpractice payments, adverse licensure and clinical privilege actions, disciplinary actions taken by Boards of Medical Examiners, and professional review actions taken by health care entities against physicians, dentists, and other healthcare practitioners. Section 1921 of the Social Security Act, as amended by Section 5(b) of the Medicare and Medicaid Patient and Program Protection Act of 1987 (MMPPPA), and as amended by the Omnibus Budget Reconciliation Act of 1990 (OBRA), expands reporting to the NPDB to authorize maintenance of records of adverse licensure actions and negative actions or findings taken by a State licensing authority, peer review organization, or private accreditation entity against all healthcare practitioners or healthcare entities. The purpose of these alterations is to update: (1) System location; (2) Category of individuals covered by the system; (3) Category of records in the system; (4) Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system; (5) Notification procedure; (6) Record access procedures; (7) Contesting record procedures; and (8) Routine uses for the contractors accessing the system. Also, HRSA is proposing an additional routine use, number 17 (Responding to a breach of the security or confidentiality of information) for this system of records. The physical NPDB system which includes hardware and software will not be altered. DATES: HRSA filed an altered system report with the Chair of the House Committee on Government Reform and Oversight, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on 6/13/10. To ensure all parties have adequate time in which to comment, the altered systems including the routine uses, will become effective 30 days from the publication of the notice or 40 days from the date it was submitted to OMB and Congress, whichever is later, unless HRSA receives comments that require alterations to this notice. ADDRESSES: Please address comments to Associate Administrator, Bureau of Health Professions, Health Resources and Services Administration, 5600 Fishers Lane, Room 8–103, Rockville, Maryland 20857. Comments received will be available for inspection at this same address from 9 a.m. to 3 p.m. (Eastern Standard Time Zone), Monday through Friday. VerDate Mar<15>2010 18:34 Sep 30, 2010 Jkt 220001 FOR FURTHER INFORMATION CONTACT: Director, Division of Practitioner Data Banks, Bureau of Health Professions, 5600 Fishers Lane, Room 8–103, Rockville, Maryland 20857; Telephone: (301) 443–2300. This is not a toll-free number. The Health Resources and Services Administration is proposing a change to: (1) System location; (2) Category of individuals covered by the system; (3) Category of records in the system; (4) Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system; (5) Notification procedure; (6) Record access procedures; (7) Contesting record procedures; and (8) Routine uses for the contractors accessing the system. The above listed items are being modified to reflect changes in the business process and the addition of new information pursuant to Section 1921 of the Social Security Act. The specific changes are as follows: (1) System location reflects a move to new secure facility; (2) individual profession covered by the system is a new category; (3) record in the system changed from narrative to list format; (4) policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system to reflect changes in business practice and procedure; (5) notification procedures demonstrate the method used to notify a subject of a report; (6) record access procedures list the new Domain Name (DN); (7) contesting record procedures reflect a change from Health Care Financing Administration (HCFA) to Centers for Medicare and Medicaid Services (CMS); and (8) routine uses allow the contractor to perform their functions as it relates to the system. HRSA is also proposing an additional routine use, number 17, to permit disclosures to appropriate federal agencies and Department contractors that have a need to know the information for the purpose of assisting the Department’s efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, and the information disclosed is relevant and necessary for that assistance. SUPPLEMENTARY INFORMATION: Dated: September 16, 2010. Mary K. Wakefield, Administrator. System Number: 09–15–0054. SYSTEM NAME: National Practitioner Data Bank for Adverse Information on Physicians and PO 00000 Frm 00054 Fmt 4703 Sfmt 4703 Other Health Care Practitioners, HHS/ HRSA/BHPR. SECURITY CLASSIFICATION: None. SYSTEM LOCATION: The contractor, SRA International, Inc., operates and maintains an internetbased system through a technical service contract for the Division of Practitioner Data Banks, Bureau of Health Professions, Health Resources and Services Administration. SRA’s physical address is 4350 Fair Lakes Courts, Fairfax Virginia 22033–4233. This system is located at the AT&T Data Center, a secure facility; the street address will not be disclosed for security reasons. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: The system collects and maintains information in accordance with 5 U.S.C. 552a of the Privacy Act of 1974, as follows: (1) Medical malpractice payment reports for all health care practitioners, i.e. physicians, dentists, nurses, optometrists, pharmacists, and podiatrists, etc.; (2) adverse clinical privilege action reports for physicians, dentists, and other healthcare practitioners who may have medical staff privileges either restricted or surrendered; (3) adverse licensure action reports for physicians, dentists and other healthcare practitioners and healthcare entities such as a suspension or revocation; (4) adverse professional society membership action reports for physicians and dentists; (5) reports of the results of formal proceedings by a State licensing authority, peer review organization, or private accreditation organization concluded against a health care practitioner or entity; (6) reports of Medicare/Medicaid exclusions of all healthcare practitioners; and (7) reports of adverse actions taken against the U.S. Drug Enforcement Administration (DEA) registration of all healthcare practitioners. CATEGORIES OF RECORDS IN THE SYSTEM: The system collects and maintains categories of information concerning healthcare practitioners such as: 1. Name. 2. Work address. 3. Home address. 4. Social Security number. 5. Date of birth. 6. Name of each professional school attended and year of graduation. 7. Professional license(s) number. 8. Field of licensure. 9. Name of the State or Territory in which the license is held. E:\FR\FM\01OCN1.SGM 01OCN1 Federal Register / Vol. 75, No. 190 / Friday, October 1, 2010 / Notices dentists based on professional competence and conduct, medical malpractice payment history on all health care practitioners, as well as the results of formal proceedings by a State authority, peer review organization or private accreditation organization concluded against any health care practitioner or entity; (2) store such reports so that future queriers may have access to pertinent information regarding the review of a health care practitioner and/or a healthcare entity in their process of making important decisions related to the delivery of health care services; and (3) disseminate such data to entities that qualify to receive the reports under the governing statutes as authorized by the Health Care Quality Improvement Act of 1986 and Section 1921 of the Social Security Act to protect the public from unfit practitioners from providing patient care. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: emcdonald on DSK2BSOYB1PROD with NOTICES 10. DEA registration numbers. 11. CMS unique practitioner identification number (for exclusions only). 12. Names of each hospital with which the practitioner is affiliated. 13. Name and address of the entity making the payment. 14. Name, title, and telephone number of the official responsible for submitting the report on behalf of the entity. 15. Payment information including the date and amount of payment and whether it is for a judgment or settlement. 16. Date action occurred. 17. Acts or omissions upon which the action or claim was based. 18. Description of the action/ omissions and injuries or illnesses upon which the action or claim was based. 19. Description of the Board action, the date of action and its effective date. 20. Classification of the action/ omission per reporting code. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: The Health Care Quality Improvement Act of 1986, as amended, title IV of Public Law 99–660 [42 U.S.C. 11101 et seq.], authorizes the Secretary to establish a National Practitioner Data Bank (NPDB) to collect and release certain information relating to the professional competence and conduct of physicians, dentists, and other health care practitioners. This information is released only to specific entities described below. It requires the maintenance of records such as medical malpractice payments, adverse licensure and clinical privilege actions, disciplinary actions taken by Boards of Medical Examiners, and professional review actions taken by health care entities against physicians, dentists, and other healthcare practitioners. Section 1921 of the Social Security Act, as amended by Section 5(b) of the Medicare and Medicaid Patient and Program Protection Act of 1987 (MMPPPA), and as amended by the Omnibus Budget Reconciliation Act of 1990 (OBRA), expands reporting to the NPDB to authorize maintenance of records of adverse licensure actions and the results of formal proceedings by a State licensing authority, peer review organization, or private accreditation entity against all healthcare practitioners or healthcare entities. PURPOSE(S): The purpose of the system is to: (1) Receive information such as adverse licensure actions on all healthcare practitioners or entities, clinical privileges and professional society membership actions on physicians and VerDate Mar<15>2010 18:34 Sep 30, 2010 Jkt 220001 Information shall be disclosed to: 1. Hospitals requesting information on adverse licensure actions, medical malpractice payments or exclusions from Medicare and Medicaid programs taken against all licensed healthcare practitioners such as physicians, dentists, nurses, podiatrists, chiropractors, and psychologists, among many. The information is accessible to both public and private sector hospitals who can request information concerning a physician, dentist or other health care practitioner who is on its medical staff (courtesy or otherwise) or who has clinical privileges at the hospital, for the purpose of: (a) Screening the professional qualifications of individuals who apply for staff positions or clinical privileges at the hospital; and (b) meeting the requirements of the Health Care Quality Improvement Act of 1986, which prescribes that a hospital must query the Data Bank once every 2 years regarding all individuals on its medical staff or who hold clinical privileges. 2. Other health care entities, as defined in 45 CFR 60.3, to which a physician, dentist or other health care practitioner has applied for clinical privileges or appointment to the medical staff or who has entered or may be entering an employment or affiliation relationship. The purpose of these disclosures is to identify individuals whose professional conduct may be unsatisfactory. 3. A health care entity with respect to professional review activity. The purpose of these disclosures is to aid PO 00000 Frm 00055 Fmt 4703 Sfmt 4703 60765 health care entities in the conduct of professional review activities, such as those involving determinations of whether a physician, dentist, or other health care practitioner may be granted membership in a professional society; the conditions of such membership, or of changes to such membership; and ongoing professional review activities conducted by a health care entity which provides health care services, of the professional performance or conduct of a physician, dentist, or other health care practitioner. 4. A State healthcare practitioner and/ or entity licensing or certification authority can request information expanded by Section 1921 of the Social Security Act in conducting a review of all healthcare practitioners or health entities. A State healthcare practitioner and entity licensing or certification authority may also request information when making licensure determinations about healthcare practitioners and entities. The purpose of these disclosures is to aid the board or certification authority in meeting its responsibility to protect the health of the population in its jurisdiction, by identifying individuals whose professional performance or conduct may be unsatisfactory. 5. Federal and State health care programs (and their contractors) can request information reported under Section 1921 of the Social Security Act. The purpose of these disclosures is to aid Federal and State health programs to ensure the integrity and professional competence of affiliated health care practitioners and uncovering information needed to make appropriate decisions in the delivery of healthcare. 6. State Medicaid Fraud Control Units (MFCUs) can request information reported under Section 1921 of the Social Security Act to assist with investigating fraud and prosecution of healthcare practitioners and providers in the administration of the Medicaid programs. 7. U.S. Comptroller General can request information reported under Section 1921 of the Social Security Act to assist in determining the fitness of individuals to provide healthcare services, and protect the health and safety of individuals receiving health care through programs who employ these individuals. 8. U.S. Attorney General and other law enforcement agencies can request information reported under Section 1921 of the Social Security Act to assist with healthcare investigations involving healthcare practitioners and healthcare entities. The purpose of the disclosure E:\FR\FM\01OCN1.SGM 01OCN1 emcdonald on DSK2BSOYB1PROD with NOTICES 60766 Federal Register / Vol. 75, No. 190 / Friday, October 1, 2010 / Notices would assist in determining the fitness of individuals to provide healthcare services, and protect the health and safety of individuals receiving health care through programs who employ these individuals. 9. Utilization and quality control Peer Review Organizations and those entities which are under contract with the CMS can request information reported under Section 1921 of the Social Security Act to protect and improve the quality of care for Medicare beneficiaries when performing quality of care reviews and other related activities. 10. A physician, dentist, or other health care practitioner can request information concerning himself or herself. 11. An entity that has been reported on may query the system to receive information concerning itself. 12. A person or entity can request statistical information, in a form which does not permit the identification of any individual or entity. An example of this disclosure involves researchers who may use statistical information to identify the total number of nurses with adverse licensure actions in a specific State. 13. An attorney, or individual representing himself or herself, who has filed a medical malpractice action or claim in a State or Federal court or other adjudicative body against a hospital, and who requests information regarding a specific physician, dentist, or other health care practitioner who is also named in the action or claim provided that: (a) This information will be disclosed only upon the submission of evidence that the hospital failed to request information from the Data Bank as required by law; and (b) the information will be used solely with respect to litigation resulting from the action or claim against the hospital. The purpose of these disclosures is to permit an attorney (or a person representing himself or herself in a medical malpractice action) to have information from the Data Bank on a health care practitioner, under the conditions set out in this routine use. 14. Any Federal entity, employing or otherwise engaging under arrangement (e.g., such as a contract) the services of a physician, dentist, or other health care practitioner, or having the authority to sanction such practitioners covered by a Federal program, which: (a) Enters into a memorandum of understanding with HHS regarding its participation in the Data Bank; (b) engages in a professional review activity in determining an adverse action against a practitioner; and (c) maintains a Privacy Act system of records regarding the health care VerDate Mar<15>2010 18:34 Sep 30, 2010 Jkt 220001 practitioners it employs, or whose services it engages under arrangement. The purpose of such disclosures is to enable hospitals and other facilities and health care providers under the jurisdiction of Federal agencies such as the Public Health Service, HHS; the Department of Defense; the Department of Veterans’ Affairs; the U.S. Coast Guard; and the Bureau of Prisons, Department of Justice, to participate in the Data Bank. The Health Care Quality Improvement Act of 1986 includes provisions regarding the participation of such agencies and of the DEA. 15. In the event of litigation where the defendant is: (a) The Department, any component of the Department, or any employee of the Department in his or her official capacity; (b) the United States where the Department determines that the claim, if successful, is likely to affect directly the operation of the Department or any of its components; or (c) any Department employee in his or her individual capacity where the Department of Justice has agreed to represent such employee, for example in defending a claim against the Public Health Service based upon an individual’s mental or physical condition and alleged to have arisen because of activities of the Public Health Service in connection with such individual, disclosures may be made to the Department of Justice to enable the Department to present an effective defense, provided that such disclosure is compatible with the purpose for which the records were collected. 16. The contractor, SRA International Inc., accesses the system to operate and maintain it. These functions include but are not limited to providing continuous user availability, develop system enhancements, upgrade of hardware and software, security information assurance, and system backups. 17. To appropriate Federal agencies and Department contractors that have a need to know the information for the purpose of assisting the Department’s efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, and the information disclosed is relevant and necessary for that assistance. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: Records are maintained on database servers with disk storage, optical jukebox storage, backup tapes and printed reports. PO 00000 Frm 00056 Fmt 4703 Sfmt 4703 RETRIEVABILITY: Records are retrieved by name, date of birth, Social Security number, educational information, and license number. The matching algorithm uses these data elements to match reports to the subject. SAFEGUARDS FOR ACCESSING RECORDS: 1. Authorized Users include internal users such as the government and contractor personnel staff who support the Data Banks and are required to obtain favorable adjudication for a Level 5 Position of Public Trust. New employees of the NPDB and the contractor must attend security training, sign a Non-Disclosure Agreement, and sign the Rules of Behavior which is renewed annually. Authorized users are given role-based access to the system on a limited need-to-know basis. All physical and logical access to the system is removed upon termination of employment. External users, who are responsible for meeting Title IV reporting and/or querying requirements to the Data Banks, are responsible for determining their eligibility to access the Data Banks through a selfcertification process which requires completing an Entity Registration form. All external users must acknowledge the Rules of Behavior. All external users must re-register every two years to access the Data Banks. Both HRSA and the contractor maintain lists of authorized users. 2. Physical Safeguards involve physical controls that are in place 24 hours a day/7 days a week such as identification badge access, cipher locks, locked hardware cages, man trap with biometric hand scanner, security guard monitoring, and closed circuit TV. All sites are protected with fire and environmental safety controls. 3. Technical Safeguards include firewalls, network intrusion detection, host-based intrusion detection and file integrity monitoring, user identification, and passwords restrictions. All webbased traffic is encrypted using 128 bit SSL and all network traffic is encrypted internally. 4. Administrative Safeguards involve certification and accreditation that is required every three years, which authorizes operation of the system based on acceptable risk. Security assessments are conducted continuously throughout the year to verify compliance with all required controls. RETENTION AND DISPOSAL OF RECORDS: HRSA is working with NARA to obtain the appropriate retention value. E:\FR\FM\01OCN1.SGM 01OCN1 Federal Register / Vol. 75, No. 190 / Friday, October 1, 2010 / Notices SYSTEM MANAGER(S) AND ADDRESS: Director, Division of Practitioner Data Banks, Bureau of Health Professions, Health Resources and Services Administration, Room 8–103, Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857. NOTIFICATION PROCEDURE: Information is available upon request, to the persons or entities, or to the authorized agents in such form or manner as the Secretary prescribes. The subject of a report is notified via U.S. mail when a record concerning the individual is submitted to the Data Bank via Subject Notification Document (SND). REQUESTS BY MAIL: Practitioners may submit a ‘‘Request for Information Disclosure’’ to the address under system location for any report on themselves. The request must contain the following: Name, address, date of birth, gender, Social Security Number (optional), professional schools and years of graduation, and the professional license(s). For license, include: The license number, the field of licensure, the name of the State or Territory in which the license is held, and DEA registration number(s). The practitioner must submit a signed and notarized self-query request. PENALTIES FOR VIOLATION: Submitting a request under false pretenses is a criminal offense and subject to a civil monetary penalty of up to $11,000 for each violation. REQUESTS IN PERSON: Due to security considerations, the Data Bank cannot accept requests in person. REQUEST BY TELEPHONE: Practitioners may provide all of the identifying information stated above to the Data Bank Customer Service Center operator. Before the data request is fulfilled, the operator will return a paper copy of this information for verification, signature and notarization. emcdonald on DSK2BSOYB1PROD with NOTICES RECORD ACCESS PROCEDURES: Request for access of records in the Data Bank may be completed online at: http://www.npdb-hipdb.hrsa.gov. The requests are submitted over the web using the Integrated Query and Reporting Service (IQRS), Query and Reporting Extensible Markup Language Service (QRXS), Interface Control Document (ICD) Transfer Program (ITP) or the Proactive Disclosure Service (PDS). Self-query, as described previously, may be initiated via the electronic system and is completed VerDate Mar<15>2010 18:34 Sep 30, 2010 Jkt 220001 60767 using the conventional mail system. Requesters, including self-queries, will receive an accounting of disclosure that has been made of their records, if any. SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: CONTESTING RECORD PROCEDURES: BILLING CODE 4160–15–P The Data Bank routinely mails a copy of any report filed in it to the subject individual. A subject individual may contest the accuracy of information in the Data Bank concerning himself or herself and file a dispute. To dispute the accuracy of the information, the individual must contact the Data Bank and the reporting entity to: (1) Request for the reporting entity to file correction to the report; and (2) request the information be entered into a ‘‘disputed’’ status and submit a statement regarding the basis for the inaccuracy of the information in the report. If the reporting entity declines to change the disputed report or takes no actions, the subject may request that the Secretary of HHS review the disputed report. In order to seek a Secretarial Review, the subject must: (1) Provide written documentation containing clear and brief factual information regarding the information of the report; (2) submit supporting documentation or justification substantiating that the reporting entity’s information is inaccurate; and (3) submit proof that the subject individual has attempted to resolve the disagreement with reporting entity but was unsuccessful. The Department can only determine whether the report was legally required to be filed and whether the report accurately depicts the action taken and the reporter’s basis for action. Additional detail on the process of dispute resolution and Secretarial Review process can be found at 45 CFR § 60.14 of the Data Bank regulations. RECORD SOURCE CATEGORIES: The records contained in the system are submitted by the following entities: (1) Insurance companies and others who have made payment as a result of a malpractice action or claim, (2) State Boards of Medical and Dental Examiners; (3) State Licensing Boards; (4) hospitals and other health care entities; (5) DEA; and (6) Federal entities which employ health practitioners or who have authority to sanction such practitioners covered by a Federal program. Section 1921 of the Social Security Act expands reporting of actions submitted by State health care practitioner licensing and certification authorities (including medical and dental boards), State entity licensing and certification authorities, peer review organizations and private accreditation organizations. PO 00000 Frm 00057 Fmt 4703 Sfmt 4703 None. [FR Doc. 2010–24568 Filed 9–30–10; 8:45 am] DEPARTMENT OF HEALTH AND HUMAN SERVICES Food and Drug Administration [Docket No. FDA–2010–N–0506] Office of the Commissioner; Request for Comments on the Food and Drug Administration Fiscal Year 2011–2015 Strategic Priorities Document; Request for Comments AGENCY: Food and Drug Administration, HHS. ACTION: Notice; request for comments. The Food and Drug Administration (FDA) is seeking public comment on its draft Strategic Priorities FY 2011–2015. FDA has identified these strategic priorities and goals that will guide its efforts to achieve its public health mission. FDA is seeking public comment to help further refine these priorities and goals. DATES: Submit either electronic or written comments by November 1, 2010. ADDRESSES: Submit electronic comments to http:// www.regulations.gov. Submit written comments to the Division of Dockets Management (HFA–305), Food and Drug Administration, 5630 Fishers Lane, rm. 1061, Rockville, MD 20852. FOR FURTHER INFORMATION CONTACT: Darian Tarver, Office of Planning, Food and Drug Administration, 10903 New Hampshire Ave., Bldg. 32, rm. 4219, Silver Spring, MD 20993–0002, 301– 796–4850. SUPPLEMENTARY INFORMATION: SUMMARY: I. Background FDA is posting its draft Strategic Priorities FY 2011–2015 to ensure that key stakeholders are given an opportunity to comment on this document. The purpose of this document is to outline FDA’s strategic intentions and plans for the next 5 years (fiscal year (FY) 2011 through 2015). This document identifies four key crosscutting strategic priorities and four strategic program goals that will guide efforts to achieve FDA’s public health mission and to fulfill its role in supporting the larger mission and strategic goals of the Department of E:\FR\FM\01OCN1.SGM 01OCN1

Agencies

[Federal Register Volume 75, Number 190 (Friday, October 1, 2010)]
[Notices]
[Pages 60763-60767]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-24568]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Health Resources and Services Administration


Privacy Act of 1974; Report of an Altered System of Records

AGENCY: Department of Health and Human Services (HHS), Health Resources 
and Services Administration (HRSA).

ACTION: Notice of an Altered System of Records (SOR).

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, the Health Resources and Services Administration (HRSA) is 
publishing a notice to alter the system of records for the National 
Practitioner Data Bank for Adverse Information on Physicians and other 
Health Care Practitioners, HHS/HRSA/BHPR. The SORN 09-15-0054 was last 
published March 17, 1997. In accordance with the Health Care Quality 
Improvement Act of 1986, as amended, title IV of Public Law 99-660 (42 
U.S.C. 11101 et seq.) authorizes the Secretary to establish a National 
Practitioner Data Bank (NPDB) to collect and release certain 
information relating to the professional competence and conduct of 
physicians, dentists, and other health care practitioners. This 
information is releasable only to specific entities described in the 
SORN. It requires the

[[Page 60764]]

maintenance of records such as medical malpractice payments, adverse 
licensure and clinical privilege actions, disciplinary actions taken by 
Boards of Medical Examiners, and professional review actions taken by 
health care entities against physicians, dentists, and other healthcare 
practitioners. Section 1921 of the Social Security Act, as amended by 
Section 5(b) of the Medicare and Medicaid Patient and Program 
Protection Act of 1987 (MMPPPA), and as amended by the Omnibus Budget 
Reconciliation Act of 1990 (OBRA), expands reporting to the NPDB to 
authorize maintenance of records of adverse licensure actions and 
negative actions or findings taken by a State licensing authority, peer 
review organization, or private accreditation entity against all 
healthcare practitioners or healthcare entities.
    The purpose of these alterations is to update: (1) System location; 
(2) Category of individuals covered by the system; (3) Category of 
records in the system; (4) Policies and practices for storing, 
retrieving, accessing, retaining, and disposing of records in the 
system; (5) Notification procedure; (6) Record access procedures; (7) 
Contesting record procedures; and (8) Routine uses for the contractors 
accessing the system. Also, HRSA is proposing an additional routine 
use, number 17 (Responding to a breach of the security or 
confidentiality of information) for this system of records. The 
physical NPDB system which includes hardware and software will not be 
altered.

DATES: HRSA filed an altered system report with the Chair of the House 
Committee on Government Reform and Oversight, the Chair of the Senate 
Committee on Homeland Security and Governmental Affairs, and the 
Administrator, Office of Information and Regulatory Affairs, Office of 
Management and Budget (OMB) on 6/13/10. To ensure all parties have 
adequate time in which to comment, the altered systems including the 
routine uses, will become effective 30 days from the publication of the 
notice or 40 days from the date it was submitted to OMB and Congress, 
whichever is later, unless HRSA receives comments that require 
alterations to this notice.

ADDRESSES: Please address comments to Associate Administrator, Bureau 
of Health Professions, Health Resources and Services Administration, 
5600 Fishers Lane, Room 8-103, Rockville, Maryland 20857. Comments 
received will be available for inspection at this same address from 9 
a.m. to 3 p.m. (Eastern Standard Time Zone), Monday through Friday.

FOR FURTHER INFORMATION CONTACT: Director, Division of Practitioner 
Data Banks, Bureau of Health Professions, 5600 Fishers Lane, Room 8-
103, Rockville, Maryland 20857; Telephone: (301) 443-2300. This is not 
a toll-free number.

SUPPLEMENTARY INFORMATION: The Health Resources and Services 
Administration is proposing a change to: (1) System location; (2) 
Category of individuals covered by the system; (3) Category of records 
in the system; (4) Policies and practices for storing, retrieving, 
accessing, retaining, and disposing of records in the system; (5) 
Notification procedure; (6) Record access procedures; (7) Contesting 
record procedures; and (8) Routine uses for the contractors accessing 
the system.
    The above listed items are being modified to reflect changes in the 
business process and the addition of new information pursuant to 
Section 1921 of the Social Security Act. The specific changes are as 
follows: (1) System location reflects a move to new secure facility; 
(2) individual profession covered by the system is a new category; (3) 
record in the system changed from narrative to list format; (4) 
policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system to reflect changes in business 
practice and procedure; (5) notification procedures demonstrate the 
method used to notify a subject of a report; (6) record access 
procedures list the new Domain Name (DN); (7) contesting record 
procedures reflect a change from Health Care Financing Administration 
(HCFA) to Centers for Medicare and Medicaid Services (CMS); and (8) 
routine uses allow the contractor to perform their functions as it 
relates to the system.
    HRSA is also proposing an additional routine use, number 17, to 
permit disclosures to appropriate federal agencies and Department 
contractors that have a need to know the information for the purpose of 
assisting the Department's efforts to respond to a suspected or 
confirmed breach of the security or confidentiality of information 
maintained in this system of records, and the information disclosed is 
relevant and necessary for that assistance.

    Dated: September 16, 2010.
Mary K. Wakefield,
Administrator.
System Number: 09-15-0054.

System Name:
    National Practitioner Data Bank for Adverse Information on 
Physicians and Other Health Care Practitioners, HHS/HRSA/BHPR.

Security Classification:
    None.

System Location:
    The contractor, SRA International, Inc., operates and maintains an 
internet-based system through a technical service contract for the 
Division of Practitioner Data Banks, Bureau of Health Professions, 
Health Resources and Services Administration. SRA's physical address is 
4350 Fair Lakes Courts, Fairfax Virginia 22033-4233. This system is 
located at the AT&T Data Center, a secure facility; the street address 
will not be disclosed for security reasons.

Categories of Individuals Covered by the System:
    The system collects and maintains information in accordance with 5 
U.S.C. 552a of the Privacy Act of 1974, as follows:
    (1) Medical malpractice payment reports for all health care 
practitioners, i.e. physicians, dentists, nurses, optometrists, 
pharmacists, and podiatrists, etc.; (2) adverse clinical privilege 
action reports for physicians, dentists, and other healthcare 
practitioners who may have medical staff privileges either restricted 
or surrendered; (3) adverse licensure action reports for physicians, 
dentists and other healthcare practitioners and healthcare entities 
such as a suspension or revocation; (4) adverse professional society 
membership action reports for physicians and dentists; (5) reports of 
the results of formal proceedings by a State licensing authority, peer 
review organization, or private accreditation organization concluded 
against a health care practitioner or entity; (6) reports of Medicare/
Medicaid exclusions of all healthcare practitioners; and (7) reports of 
adverse actions taken against the U.S. Drug Enforcement Administration 
(DEA) registration of all healthcare practitioners.

Categories of Records in the System:
    The system collects and maintains categories of information 
concerning healthcare practitioners such as:
    1. Name.
    2. Work address.
    3. Home address.
    4. Social Security number.
    5. Date of birth.
    6. Name of each professional school attended and year of 
graduation.
    7. Professional license(s) number.
    8. Field of licensure.
    9. Name of the State or Territory in which the license is held.

[[Page 60765]]

    10. DEA registration numbers.
    11. CMS unique practitioner identification number (for exclusions 
only).
    12. Names of each hospital with which the practitioner is 
affiliated.
    13. Name and address of the entity making the payment.
    14. Name, title, and telephone number of the official responsible 
for submitting the report on behalf of the entity.
    15. Payment information including the date and amount of payment 
and whether it is for a judgment or settlement.
    16. Date action occurred.
    17. Acts or omissions upon which the action or claim was based.
    18. Description of the action/omissions and injuries or illnesses 
upon which the action or claim was based.
    19. Description of the Board action, the date of action and its 
effective date.
    20. Classification of the action/omission per reporting code.

Authority for Maintenance of the System:
    The Health Care Quality Improvement Act of 1986, as amended, title 
IV of Public Law 99-660 [42 U.S.C. 11101 et seq.], authorizes the 
Secretary to establish a National Practitioner Data Bank (NPDB) to 
collect and release certain information relating to the professional 
competence and conduct of physicians, dentists, and other health care 
practitioners. This information is released only to specific entities 
described below. It requires the maintenance of records such as medical 
malpractice payments, adverse licensure and clinical privilege actions, 
disciplinary actions taken by Boards of Medical Examiners, and 
professional review actions taken by health care entities against 
physicians, dentists, and other healthcare practitioners. Section 1921 
of the Social Security Act, as amended by Section 5(b) of the Medicare 
and Medicaid Patient and Program Protection Act of 1987 (MMPPPA), and 
as amended by the Omnibus Budget Reconciliation Act of 1990 (OBRA), 
expands reporting to the NPDB to authorize maintenance of records of 
adverse licensure actions and the results of formal proceedings by a 
State licensing authority, peer review organization, or private 
accreditation entity against all healthcare practitioners or healthcare 
entities.

Purpose(s):
    The purpose of the system is to: (1) Receive information such as 
adverse licensure actions on all healthcare practitioners or entities, 
clinical privileges and professional society membership actions on 
physicians and dentists based on professional competence and conduct, 
medical malpractice payment history on all health care practitioners, 
as well as the results of formal proceedings by a State authority, peer 
review organization or private accreditation organization concluded 
against any health care practitioner or entity; (2) store such reports 
so that future queriers may have access to pertinent information 
regarding the review of a health care practitioner and/or a healthcare 
entity in their process of making important decisions related to the 
delivery of health care services; and (3) disseminate such data to 
entities that qualify to receive the reports under the governing 
statutes as authorized by the Health Care Quality Improvement Act of 
1986 and Section 1921 of the Social Security Act to protect the public 
from unfit practitioners from providing patient care.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses:
    Information shall be disclosed to:
    1. Hospitals requesting information on adverse licensure actions, 
medical malpractice payments or exclusions from Medicare and Medicaid 
programs taken against all licensed healthcare practitioners such as 
physicians, dentists, nurses, podiatrists, chiropractors, and 
psychologists, among many. The information is accessible to both public 
and private sector hospitals who can request information concerning a 
physician, dentist or other health care practitioner who is on its 
medical staff (courtesy or otherwise) or who has clinical privileges at 
the hospital, for the purpose of: (a) Screening the professional 
qualifications of individuals who apply for staff positions or clinical 
privileges at the hospital; and (b) meeting the requirements of the 
Health Care Quality Improvement Act of 1986, which prescribes that a 
hospital must query the Data Bank once every 2 years regarding all 
individuals on its medical staff or who hold clinical privileges.
    2. Other health care entities, as defined in 45 CFR 60.3, to which 
a physician, dentist or other health care practitioner has applied for 
clinical privileges or appointment to the medical staff or who has 
entered or may be entering an employment or affiliation relationship. 
The purpose of these disclosures is to identify individuals whose 
professional conduct may be unsatisfactory.
    3. A health care entity with respect to professional review 
activity. The purpose of these disclosures is to aid health care 
entities in the conduct of professional review activities, such as 
those involving determinations of whether a physician, dentist, or 
other health care practitioner may be granted membership in a 
professional society; the conditions of such membership, or of changes 
to such membership; and ongoing professional review activities 
conducted by a health care entity which provides health care services, 
of the professional performance or conduct of a physician, dentist, or 
other health care practitioner.
    4. A State healthcare practitioner and/or entity licensing or 
certification authority can request information expanded by Section 
1921 of the Social Security Act in conducting a review of all 
healthcare practitioners or health entities. A State healthcare 
practitioner and entity licensing or certification authority may also 
request information when making licensure determinations about 
healthcare practitioners and entities. The purpose of these disclosures 
is to aid the board or certification authority in meeting its 
responsibility to protect the health of the population in its 
jurisdiction, by identifying individuals whose professional performance 
or conduct may be unsatisfactory.
    5. Federal and State health care programs (and their contractors) 
can request information reported under Section 1921 of the Social 
Security Act. The purpose of these disclosures is to aid Federal and 
State health programs to ensure the integrity and professional 
competence of affiliated health care practitioners and uncovering 
information needed to make appropriate decisions in the delivery of 
healthcare.
    6. State Medicaid Fraud Control Units (MFCUs) can request 
information reported under Section 1921 of the Social Security Act to 
assist with investigating fraud and prosecution of healthcare 
practitioners and providers in the administration of the Medicaid 
programs.
    7. U.S. Comptroller General can request information reported under 
Section 1921 of the Social Security Act to assist in determining the 
fitness of individuals to provide healthcare services, and protect the 
health and safety of individuals receiving health care through programs 
who employ these individuals.
    8. U.S. Attorney General and other law enforcement agencies can 
request information reported under Section 1921 of the Social Security 
Act to assist with healthcare investigations involving healthcare 
practitioners and healthcare entities. The purpose of the disclosure

[[Page 60766]]

would assist in determining the fitness of individuals to provide 
healthcare services, and protect the health and safety of individuals 
receiving health care through programs who employ these individuals.
    9. Utilization and quality control Peer Review Organizations and 
those entities which are under contract with the CMS can request 
information reported under Section 1921 of the Social Security Act to 
protect and improve the quality of care for Medicare beneficiaries when 
performing quality of care reviews and other related activities.
    10. A physician, dentist, or other health care practitioner can 
request information concerning himself or herself.
    11. An entity that has been reported on may query the system to 
receive information concerning itself.
    12. A person or entity can request statistical information, in a 
form which does not permit the identification of any individual or 
entity. An example of this disclosure involves researchers who may use 
statistical information to identify the total number of nurses with 
adverse licensure actions in a specific State.
    13. An attorney, or individual representing himself or herself, who 
has filed a medical malpractice action or claim in a State or Federal 
court or other adjudicative body against a hospital, and who requests 
information regarding a specific physician, dentist, or other health 
care practitioner who is also named in the action or claim provided 
that: (a) This information will be disclosed only upon the submission 
of evidence that the hospital failed to request information from the 
Data Bank as required by law; and (b) the information will be used 
solely with respect to litigation resulting from the action or claim 
against the hospital. The purpose of these disclosures is to permit an 
attorney (or a person representing himself or herself in a medical 
malpractice action) to have information from the Data Bank on a health 
care practitioner, under the conditions set out in this routine use.
    14. Any Federal entity, employing or otherwise engaging under 
arrangement (e.g., such as a contract) the services of a physician, 
dentist, or other health care practitioner, or having the authority to 
sanction such practitioners covered by a Federal program, which: (a) 
Enters into a memorandum of understanding with HHS regarding its 
participation in the Data Bank; (b) engages in a professional review 
activity in determining an adverse action against a practitioner; and 
(c) maintains a Privacy Act system of records regarding the health care 
practitioners it employs, or whose services it engages under 
arrangement. The purpose of such disclosures is to enable hospitals and 
other facilities and health care providers under the jurisdiction of 
Federal agencies such as the Public Health Service, HHS; the Department 
of Defense; the Department of Veterans' Affairs; the U.S. Coast Guard; 
and the Bureau of Prisons, Department of Justice, to participate in the 
Data Bank. The Health Care Quality Improvement Act of 1986 includes 
provisions regarding the participation of such agencies and of the DEA.
    15. In the event of litigation where the defendant is: (a) The 
Department, any component of the Department, or any employee of the 
Department in his or her official capacity; (b) the United States where 
the Department determines that the claim, if successful, is likely to 
affect directly the operation of the Department or any of its 
components; or (c) any Department employee in his or her individual 
capacity where the Department of Justice has agreed to represent such 
employee, for example in defending a claim against the Public Health 
Service based upon an individual's mental or physical condition and 
alleged to have arisen because of activities of the Public Health 
Service in connection with such individual, disclosures may be made to 
the Department of Justice to enable the Department to present an 
effective defense, provided that such disclosure is compatible with the 
purpose for which the records were collected.
    16. The contractor, SRA International Inc., accesses the system to 
operate and maintain it. These functions include but are not limited to 
providing continuous user availability, develop system enhancements, 
upgrade of hardware and software, security information assurance, and 
system backups.
    17. To appropriate Federal agencies and Department contractors that 
have a need to know the information for the purpose of assisting the 
Department's efforts to respond to a suspected or confirmed breach of 
the security or confidentiality of information maintained in this 
system of records, and the information disclosed is relevant and 
necessary for that assistance.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    Records are maintained on database servers with disk storage, 
optical jukebox storage, backup tapes and printed reports.

Retrievability:
    Records are retrieved by name, date of birth, Social Security 
number, educational information, and license number. The matching 
algorithm uses these data elements to match reports to the subject.

Safeguards for Accessing Records:
    1. Authorized Users include internal users such as the government 
and contractor personnel staff who support the Data Banks and are 
required to obtain favorable adjudication for a Level 5 Position of 
Public Trust. New employees of the NPDB and the contractor must attend 
security training, sign a Non-Disclosure Agreement, and sign the Rules 
of Behavior which is renewed annually. Authorized users are given role-
based access to the system on a limited need-to-know basis. All 
physical and logical access to the system is removed upon termination 
of employment. External users, who are responsible for meeting Title IV 
reporting and/or querying requirements to the Data Banks, are 
responsible for determining their eligibility to access the Data Banks 
through a self-certification process which requires completing an 
Entity Registration form. All external users must acknowledge the Rules 
of Behavior. All external users must re-register every two years to 
access the Data Banks. Both HRSA and the contractor maintain lists of 
authorized users.
    2. Physical Safeguards involve physical controls that are in place 
24 hours a day/7 days a week such as identification badge access, 
cipher locks, locked hardware cages, man trap with biometric hand 
scanner, security guard monitoring, and closed circuit TV. All sites 
are protected with fire and environmental safety controls.
    3. Technical Safeguards include firewalls, network intrusion 
detection, host-based intrusion detection and file integrity 
monitoring, user identification, and passwords restrictions. All web-
based traffic is encrypted using 128 bit SSL and all network traffic is 
encrypted internally.
    4. Administrative Safeguards involve certification and 
accreditation that is required every three years, which authorizes 
operation of the system based on acceptable risk. Security assessments 
are conducted continuously throughout the year to verify compliance 
with all required controls.

Retention and Disposal of records:
    HRSA is working with NARA to obtain the appropriate retention 
value.

[[Page 60767]]

System Manager(s) and Address:
    Director, Division of Practitioner Data Banks, Bureau of Health 
Professions, Health Resources and Services Administration, Room 8-103, 
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857.

Notification Procedure:
    Information is available upon request, to the persons or entities, 
or to the authorized agents in such form or manner as the Secretary 
prescribes. The subject of a report is notified via U.S. mail when a 
record concerning the individual is submitted to the Data Bank via 
Subject Notification Document (SND).

Requests by Mail:
    Practitioners may submit a ``Request for Information Disclosure'' 
to the address under system location for any report on themselves. The 
request must contain the following: Name, address, date of birth, 
gender, Social Security Number (optional), professional schools and 
years of graduation, and the professional license(s). For license, 
include: The license number, the field of licensure, the name of the 
State or Territory in which the license is held, and DEA registration 
number(s). The practitioner must submit a signed and notarized self-
query request.

Penalties for Violation:
    Submitting a request under false pretenses is a criminal offense 
and subject to a civil monetary penalty of up to $11,000 for each 
violation.

Requests in Person:
    Due to security considerations, the Data Bank cannot accept 
requests in person.

Request by Telephone:
    Practitioners may provide all of the identifying information stated 
above to the Data Bank Customer Service Center operator. Before the 
data request is fulfilled, the operator will return a paper copy of 
this information for verification, signature and notarization.

Record Access Procedures:
    Request for access of records in the Data Bank may be completed 
online at: http://www.npdb-hipdb.hrsa.gov. The requests are submitted 
over the web using the Integrated Query and Reporting Service (IQRS), 
Query and Reporting Extensible Markup Language Service (QRXS), 
Interface Control Document (ICD) Transfer Program (ITP) or the 
Proactive Disclosure Service (PDS). Self-query, as described 
previously, may be initiated via the electronic system and is completed 
using the conventional mail system. Requesters, including self-queries, 
will receive an accounting of disclosure that has been made of their 
records, if any.

Contesting Record Procedures:
    The Data Bank routinely mails a copy of any report filed in it to 
the subject individual. A subject individual may contest the accuracy 
of information in the Data Bank concerning himself or herself and file 
a dispute. To dispute the accuracy of the information, the individual 
must contact the Data Bank and the reporting entity to: (1) Request for 
the reporting entity to file correction to the report; and (2) request 
the information be entered into a ``disputed'' status and submit a 
statement regarding the basis for the inaccuracy of the information in 
the report. If the reporting entity declines to change the disputed 
report or takes no actions, the subject may request that the Secretary 
of HHS review the disputed report. In order to seek a Secretarial 
Review, the subject must: (1) Provide written documentation containing 
clear and brief factual information regarding the information of the 
report; (2) submit supporting documentation or justification 
substantiating that the reporting entity's information is inaccurate; 
and (3) submit proof that the subject individual has attempted to 
resolve the disagreement with reporting entity but was unsuccessful. 
The Department can only determine whether the report was legally 
required to be filed and whether the report accurately depicts the 
action taken and the reporter's basis for action. Additional detail on 
the process of dispute resolution and Secretarial Review process can be 
found at 45 CFR Sec.  60.14 of the Data Bank regulations.

Record Source Categories:
    The records contained in the system are submitted by the following 
entities: (1) Insurance companies and others who have made payment as a 
result of a malpractice action or claim, (2) State Boards of Medical 
and Dental Examiners; (3) State Licensing Boards; (4) hospitals and 
other health care entities; (5) DEA; and (6) Federal entities which 
employ health practitioners or who have authority to sanction such 
practitioners covered by a Federal program. Section 1921 of the Social 
Security Act expands reporting of actions submitted by State health 
care practitioner licensing and certification authorities (including 
medical and dental boards), State entity licensing and certification 
authorities, peer review organizations and private accreditation 
organizations.

Systems exempted from Certain Provisions of the Act:
    None.

[FR Doc. 2010-24568 Filed 9-30-10; 8:45 am]
BILLING CODE 4160-15-P