Privacy Act of 1974; Report of New System of Records, 34539-34542 [2014-14038]

Download as PDF tkelley on DSK3SPTVN1PROD with NOTICES Federal Register / Vol. 79, No. 116 / Tuesday, June 17, 2014 / Notices ClinicalTrials.gov along with the ClinicalTrials.gov trial number. • For completed studies that do not have results on ClinicalTrials.gov, a summary, including the following elements: Study number, study period, design, methodology, indication and diagnosis, proper use instructions, inclusion and exclusion criteria, primary and secondary outcomes, baseline characteristics, number of patients screened/eligible/enrolled/lost to follow-up/withdrawn/analyzed, effectiveness/efficacy, and safety results. • A list of ongoing studies your company has sponsored for this indication. In the list, please provide the ClinicalTrials.gov trial number or, if the trial is not registered, the protocol for the study including a study number, the study period, design, methodology, indication and diagnosis, proper use instructions, inclusion and exclusion criteria, and primary and secondary outcomes. • Description of whether the above studies constitute ALL Phase II and above clinical trials sponsored by your company for this indication and an index outlining the relevant information in each submitted file. Your contribution is very beneficial to the Program. The contents of all submissions will be made available to the public upon request. Materials submitted must be publicly available or can be made public. Materials that are considered confidential; marketing materials; study types not included in the review; or information on indications not included in the review cannot be used by the Effective Health Care Program. This is a voluntary request for information, and all costs for complying with this request must be borne by the submitter. The draft of this review will be posted on AHRQ’s EHC program Web site and available for public comment for a period of 4 weeks. If you would like to be notified when the draft is posted, please sign up for the email list at: http://effectivehealthcare.AHRQ.gov/ index.cfm/join-the-email-list1/. The systematic review will answer the following questions. This information is provided as background. AHRQ is not requesting that the public provide answers to these questions. The entire research protocol, is also available online at: http://effectivehealth care.AHRQ.gov/search-for-guidesreviews-and-reports/ ?pageaction=displayproduct& productID=1906#8766. Key Questions (KQs) 1. What methods are available to clinicians to diagnose ME/CFS and how VerDate Mar<15>2010 16:43 Jun 16, 2014 Jkt 232001 do the use of these methods vary by patient subgroups? A. What are widely accepted diagnostic methods and what conditions are required to be ruled out or excluded before assigning a diagnosis of ME/CFS? B. What is the accuracy and concordance of diagnostic methods? C. What harms are associated with diagnosing ME/CFS? 2. What are the (a) benefits and (b) harms of therapeutic interventions for patients with ME/CFS and how do they vary by patient subgroups? A. What are the characteristics of responders and non-responders to interventions? PICOTS (Population, Intervention, Comparator(s), Outcomes, Timing, Setting) Population(s) 1. Include: A. For KQ 1: Symptomatic adults (aged 18 years or older) with fatigue B. For KQ 2: Adults aged 18 years or older, with ME/CFS, without other underlying diagnosis 2. Exclude: A. Children and adolescents B. Patients with other underlying diagnosis Interventions 1. Include: A. For KQ1: Case definitions: e.g., Fukada/CDC, Canadian, International and others For KQ2: symptom-based medication management (immune modulators, beta blockers, antidepressants, anxiolytics, stimulants), forms of counseling and behavior therapy, graded exercise programs, complementary and alternative medicine (acupuncture, relaxation, massage, or other), and transcutaneous electrical nerve stimulation. Comparators 1. Include: A. For KQ1: Diagnostic accuracy studies and diagnostic concordance studies with comparators B. For KQ2: Placebo or no treatment/ usual care, other active interventions (including combination therapies and head-to-head trials) Outcomes 1. Include: A. For KQ1: Sensitivity, specificity, positive predictive value, negative predictive value, positive likelihood ratio, negative likelihood ratio, C statistic (AUROC), net reclassification PO 00000 Frm 00054 Fmt 4703 Sfmt 4703 34539 index; concordance, any potential harm from diagnosis (such as psychological harms, labeling, risk from diagnostic test, misdiagnosis, other) B. For KQ2: Overall function (i.e., 36item Short Form Survey [SF–36]), quality of life, days spent at work/ school, proportion working full or part time, fatigue (Multidimensional Fatigue Inventory [MFI] or similar), adverse effects of interventions, withdrawals and withdrawals due to adverse events, rates of adverse events due to interventions Timing 1. Include: 12 weeks or longer Setting 1. Include: Clinical settings Dated: June 3, 2014. Richard Kronick, AHRQ Director. [FR Doc. 2014–14084 Filed 6–16–14; 8:45 am] BILLING CODE 4160–90–M DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Medicare and Medicaid Services Privacy Act of 1974; Report of New System of Records Centers for Medicare & Medicaid Services (CMS), Department of Health and Human Services (HHS). ACTION: Notice of New System of Records (SOR). AGENCY: In accordance with the requirements of the Privacy Act of 1974, we are proposing to establish a new SOR, titled ‘‘CMS Encounter Data System (EDS)’’, System No. 09–70–0506. CMS intends to collect encounter data, or data on each item or service delivered to enrollees of Medicare Advantage (MA) plans offered by MA organizations as defined at Title 42, Code of Federal Regulation (CFR), § 422.4. Pursuant to 42 CFR 422.310, each MA organization must submit encounter data to CMS that is used to determine the risk adjustment factors for payment, updating the risk adjustment model, calculating Medicare Disproportionate Share Hospital (DSH) percentages, Medicare coverage purposes, and quality review and improvement activities. Encounter data will be collected and maintained in the EDS. Under the authority granted in Section 1115 of the Social Security Act (the Act), CMS is authorized to conduct experimental, pilot or demonstration SUMMARY: E:\FR\FM\17JNN1.SGM 17JNN1 tkelley on DSK3SPTVN1PROD with NOTICES 34540 Federal Register / Vol. 79, No. 116 / Tuesday, June 17, 2014 / Notices projects. CMS is conducting a demonstration project under the Financial Alignment Initiative to test a new capitated payment system and item/service delivery model designed to lower costs and improve the quality of care for individuals eligible for both Medicare and Medicaid (dual eligibles). CMS and the participating State Medicaid agency jointly contract with health plans (known as MedicareMedicaid Plans or ‘‘MMPs’’). MMPs are paid monthly on a capitated basis and are required to submit to CMS comprehensive encounter data on each item or service provided to each enrollee, including both Medicare and Medicaid items and services. The program and the SOR are more thoroughly described in the Supplemental Information section and System of Records Notice (SORN), below. DATES: Effective 30 days after publication. Written comments should be submitted on or before the effective date. HHS/CMS/CM may publish an amended SORN in light of any comments received. ADDRESSES: The public should send comments to: CMS Privacy Officer, Division of Privacy Policy, Privacy Policy and Compliance Group, Office of E-Health Standards and Services, Offices of Enterprise Management, CMS, Room S2–24–25, 7500 Security Boulevard, Baltimore, Maryland 21244– 1850. Comments received will be available for review at this location, by appointment, during regular business hours, Monday through Friday from 9:00 a.m.–3:00 p.m., Eastern Time zone. FOR FURTHER INFORMATION CONTACT: Shari Kosko, Division of Encounter Data and Risk Adjustment Operations, Medicare Plan Payment Group, Center for Medicare, Centers for Medicare & Medicaid Services, Mail Stop C1–13–07, 7500 Security Boulevard, Baltimore, Maryland 21244–1850. The telephone number is (410) 786–6159 or email: Shari.Kosko@cms.hhs.gov. SUPPLEMENTARY INFORMATION: Medicare beneficiaries who receive both Part A and Part B benefits may elect to receive their Medicare coverage by enrolling in a plan offered by a MA organization or certain other Medicare private plans. MA plans must provide all Medicarecovered items and services, and may also provide additional benefits not covered by Original Medicare. CMS pays MA organizations on a monthly capitated rate for each beneficiary enrolled, and the MA organizations are responsible for paying providers for items and services that are provided to enrolled beneficiaries. All MA VerDate Mar<15>2010 16:43 Jun 16, 2014 Jkt 232001 organizations are required to submit encounter data that CMS uses to adjust the advanced monthly payments made to the MA organization. CMS will collect encounter data for all items and services provided to MA plan enrollees covered by all MA organizations in the states where the demonstration projects are being conducted. In the case of cost plans, only encounter data for items and services covered by the plans will be collected. None of the data that will be included in the EDS will come from Medicare Part A or Part B data, nor will any additional identifiers be provided in the EDS data submitted by the MA organizations. However, the data submitted to EDS will be provided into the Integrated Data Repository (IDR) and will be available along with Medicare Part A and Part B data. Beginning with calendar year 2007, 100 percent of monthly payments to MA organizations have been subject to adjustment based on risk adjustment factors. Given the increased importance of the accuracy of our risk adjustment methodology, CMS amended 42 CFR 422.310 in August of 2008 to authorize the collection of data from MA organizations regarding each item and service provided to a MA plan enrollee. Once encounter data for MA enrollees are available in the EDS, CMS will have beneficiary-specific information on the utilization of items and services by MA plan enrollees. These data will primarily be used to develop and calibrate the CMS hierarchical condition categories (CMS–HCC) for risk adjustment models using MA patterns of diagnoses and expenditures. These new models will be used to calculate the risk adjustment factors used to adjust advanced monthly payments to MA plans made by CMS on behalf of beneficiaries. The data will also be used for other purposes such as calculating Disproportionate Share Hospital (DSH) payments and quality improvement activities, etc. as outlined in 42 CFR 422.310(f). The types of MA organizations that CMS collects encounter data from include: coordinated care plans (including Special Needs Plans), private fee for service plans, and a combination of a MA Medical Savings Account (MSA) and a contribution into a MA MSA established in accordance with 42 CFR 422.262. These categories also include Medicare AdvantagePrescription Drug plans, Program-of-AllInclusive-Care-for-the-Elderly-(PACE) organizations, Employer Group Health Plans (EGHPs), Section 1833 health care prepayment plans (HCPPs) and Section 1876 plans operated by an HMO or PO 00000 Frm 00055 Fmt 4703 Sfmt 4703 Competitive Medical Plan (HMO/CMP) (42 U.S.C. 1833 and 42 U.S.C. 1876, referred to collectively as ‘‘cost plans’’). The encounter data that CMS collects includes, the identity of the Medicare beneficiary, the provider, the place of service, and the item or service provided. In addition to identifying information about the beneficiary and provider, other significant data elements submitted by the MA organization include, claim pricing information, contact information, service provider information, revenue center codes, modifiers, Healthcare Common Procedure Coding System (HCPCS) codes, and Current Procedural Terminology (CPT) codes. The Privacy Act The Privacy Act (5 U.S.C. 552a) governs the means by which the United States Government maintains personally identifiable information (PII) in a system of records. A ‘‘system of records’’ is a group of any records under the control of a Federal agency from which information about individuals is retrieved by name or other personal identifier. The Privacy Act requires each agency to publish in the Federal Register a system of records notice (SORN) identifying and describing each system of records the agency maintains, including a description of the categories of records maintained in the system, the source(s) of records in the system, the purposes for which the agency uses PII in the system, the routine uses for which the agency discloses such information outside the agency, and how individual record subjects can exercise their rights under the Privacy Act (e.g., to determine if the system contains information about them). SYSTEM NUMBER: 09–70–0506 SYSTEM NAME: CMS Encounter Data System (EDS), HHS/CMS/CM. SECURITY CLASSIFICATION: Sensitive, unclassified. SYSTEM LOCATION: CMS Data Center, 7500 Security Boulevard, North Building, First Floor, Baltimore, Maryland 21244–1850; CDS Columbia Data Center EDC2, I–20 at Alpine Road, AA–278, Columbia, SC 29219; and at various contractor sites. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Information maintained in this system includes identifying information of individuals and beneficiaries who have enrolled in a MA plan (including coordinated care plans, Special Needs E:\FR\FM\17JNN1.SGM 17JNN1 Federal Register / Vol. 79, No. 116 / Tuesday, June 17, 2014 / Notices Plans, private fee for service plans, Medicare Medical Savings Accounts, PACE organizations, MMPs, and MA– PD plans) (Medicare Advantage plus Part D plans) (collectively, ‘‘MA plan enrollees’’), whose information is reported by a Medicare provider, supplier, physician, or other practitioner. It also includes identifying information of those health care professionals who provide the items or services to individuals during a service year. CATEGORIES OF RECORDS IN THE SYSTEM: The system contains the name and other identifying information of the MA plan enrollee, beneficiary; and the name, work address, work phone number, social security number, National Provider Identification Number (NPI) of servicing providers, supplier, physician, or other practitioner. CMS will collect the admission date, discharge date, health insurance claim number (HICN), Medicare hospital number/CCN (CMS Certification Number) and other identifying demographics of individuals necessary to characterize the context and purposes of each item and service provided to a Medicare enrollee by a provider, supplier, physician, or other practitioner. MA plans will make data collection changes from 5 data elements currently collected to all of the required data elements on the HIPAA 5010 version of the X12 standards. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: tkelley on DSK3SPTVN1PROD with NOTICES Section 1853(a)(3)(B) of the Act requires that MA organizations and certain other private Medicare plans submit data regarding inpatient hospital and other services that CMS deems necessary to risk adjust these payments. The final 2009 Inpatient Prospective Payment System rule (73 FR 48757, August 19, 2008) modified 42 CFR 422.310 to clarify that the Secretary has the authority to require MA organizations and other private plans to submit encounter data for each item and service provided to a MA plan enrollee. Information for the Financial Alignment Initiative is being collected from MA plans that provide an integrated set of Medicare and Medicaid services through the demonstration project authorized under section 1115 of the Act. PURPOSE(S) OF THE SYSTEM: The primary purpose of the SOR is to collect and maintain encounter data for each item and service provided to MA plan enrollees reported by a Medicare provider, supplier, physician, or other practitioner. CMS will collect VerDate Mar<15>2010 16:43 Jun 16, 2014 Jkt 232001 information necessary to determine the risk adjustment factors used to adjust payments, calculate Medicare DSH percentages, conduct quality review and improvement activities, and for other Medicare coverage purposes. Information retrieved from this SOR will also be disseminated or disclosed to: (1) Support regulatory, reimbursement, and policy functions performed within the Agency or by a contractor, consultant, or a CMS grantee; (2) assist another Federal agency, agency of a state government, an agency established by state law, or its fiscal agent; (3) assist MA plans with required collection of encounter data obtained from the provider, supplier, physician, or other practitioner that furnished the item or service; (4) support an individual or organization for a research; (5) support litigation involving the Agency related to this SOR; (6) to assist a contractor combat fraud, waste, and abuse in certain health care programs; (7) to assist another Federal agency combat fraud, waste, and abuse; (8) to assist appropriate Federal agencies and CMS contractors and consultants to assist in CMS’ efforts to respond to a suspected or confirmed breach; (9) assist the U.S. Department of Homeland Security (DHS) cyber security personnel; and (10) assist with emergency preparedness. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OR USERS AND THE PURPOSES OF SUCH USES: ENTITIES WHO MAY RECEIVE DISCLOSURES UNDER ROUTINE USES These routine uses specify circumstances, in addition to those provided by statute in the Privacy Act of 1974, under which CMS may release information from the EDS without the consent of the individual to whom such information pertains. Each proposed disclosure of information under these routine uses will be evaluated to ensure that the disclosure is legally permissible under 42 CFR 422.310, including but not limited to ensuring that the purpose of the disclosure is compatible with the purpose for which the information was collected. We propose to establish the following routine use disclosures of information maintained in the system: 1. To Agency contractors, consultants, or CMS grantees who have been engaged by the Agency in order to support them in accomplishment of a CMS function relating to the purposes for this collection and who need to have access to the records in order to assist CMS. 2. To another Federal agency, agency of a state government, an agency established by state law, or its fiscal agent in order to: PO 00000 Frm 00056 Fmt 4703 Sfmt 4703 34541 a. Contribute to the accuracy of CMS’ proper payment of Medicare benefits, b. enable such agency to administer a Federal health benefits program, or as necessary to enable such agency to fulfill a requirement of a Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds, and/or c. fulfill oversight, regulatory, or policy functions performed by such agency. 3. To assist MA plans with the required collection of encounter data, which is to be obtained from the provider, supplier, physician, or other practitioner that furnished the item or service. 4. To an individual or organization to support or assist them with (a) a research, evaluation or epidemiological project related to the prevention of disease or disability, the restoration or maintenance of health, (b) payment related projects, and (c) analysis of the provision of health services. 5. To provide information to the U.S. Department of Justice (DOJ), a court, or an adjudicatory body when (a) CMS or any component thereof, or (b) any employee of CMS in his or her official capacity, or (c) any employee of CMS in his or her individual capacity where the DOJ has agreed to represent the employee, or (d) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, CMS determines that the records are both relevant and necessary to the litigation and that the use of such records by the DOJ, court, or adjudicatory body is compatible with the purpose for which the agency collected the records. 6. To a CMS contractor (including but not limited to Medicare Administrative Contractors) that assists in the administration of a CMS-administered health benefits program, or to a grantee of a CMS-administered grant program, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud, waste or abuse in such program. 7. To another Federal agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States (including any state or local governmental agency), that administers or that has the authority to investigate potential fraud, waste or abuse in a health benefits program funded in whole or in part by Federal funds, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, E:\FR\FM\17JNN1.SGM 17JNN1 34542 Federal Register / Vol. 79, No. 116 / Tuesday, June 17, 2014 / Notices investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud, waste or abuse in such programs. 8. To appropriate Federal agencies and CMS contractors and consultants that have a need to know the information for the purpose of assisting CMS’ efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this SOR, provided that the information disclosed is relevant and necessary for that assistance. 9. To the U.S. Department of Homeland Security (DHS) cyber security personnel, if captured in an intrusion detection system used by HHS and DHS pursuant to the Einstein 2 programs. 10. To disclose the personally identifiable information of MA plan enrollees to public health authorities, and those entities acting under a delegation of authority from a public health authority, when requesting such information to carry out statutorilyauthorized public health activities pertaining to emergency preparedness and response. Disclosures under this routine use will be limited to ‘‘public health authorities’’, ‘‘public health activities’’, and ‘‘minimum necessary data’’, as defined in the HIPAA Privacy Rule (45 CFR 154.502, 164.512(b), 164.502(b) and 164.514(d)(3)(iii)(A)). POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM All records are stored on magnetic media. RETRIEVABILITY: All records are accessible by NPI/ NPPES or by beneficiary HICN. This system supports both on-line and batch access. The EDS system itself does not provide reporting capabilities. All reporting functionality can be found in the IDR. tkelley on DSK3SPTVN1PROD with NOTICES SAFEGUARDS: Personnel having access to the system have been trained in the Privacy Act and information security requirements. Employees who maintain records in this system are instructed not to release data until the intended recipient agrees to implement appropriate management, operational, and technical safeguards sufficient to protect the confidentiality, integrity and availability of the information and information systems, and to prevent unauthorized access. Access to records in the EDS will be limited to CMS personnel and approved contractors. 16:43 Jun 16, 2014 Jkt 232001 Records containing PII will be maintained for a period of up to 10 years after entry in the database. Any such records that are needed longer, such as to resolve claims and audit exceptions or to prosecute fraud, will be retained until such matters are resolved. Enrollee claims records are currently subject to a document preservation order and will be preserved indefinitely pending further notice from the DOJ. SYSTEM MANAGER AND ADDRESS: Director, Division of Risk Adjustment Payment and Policy, Medicare Plan Payment Group, Center for Medicare, Centers for Medicare & Medicaid Services. NOTIFICATION PROCEDURE: Individuals wishing to know if this system contains records about them should write to the system managers and include the pertinent personal identifier used for retrieval of their records (i.e., TIN, NPI or HICN). RECORD ACCESS PROCEDURE: Individuals seeking access to records about them in this system should follow the same instructions indicated under ‘‘Notification Procedure’’ and reasonably specify the record contents being sought. (These procedures are in accordance with HHS Privacy Act regulations at 45 CFR 5b.5 (a)(2)). CONTESTING RECORD PROCEDURES: STORAGE: VerDate Mar<15>2010 RETENTION AND DISPOSAL: Individuals seeking to contest the content of information about them in this system should follow the same instructions indicated under ‘‘Notification Procedure.’’ The request should reasonably identify the record and specify the information being contested; state the corrective actions sought, and provide the reasons for the correction, with supporting justification. (These procedures are in accordance with HHS Privacy Act regulations at 45 CFR 5b.7). RECORD SOURCE CATEGORIES: Sources of information contained in this records system include data collected from MA organizations and encounter data obtained from the provider, supplier, physician, or other practitioner that furnished the item or service. SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: None. Celeste Dade-Vinson, Health Insurance Specialist, Centers for Medicare & Medicaid Services. [FR Doc. 2014–14038 Filed 6–16–14; 8:45 am] BILLING CODE 4120–03–P PO 00000 Frm 00057 Fmt 4703 Sfmt 4703 DEPARTMENT OF HEALTH AND HUMAN SERVICES National Institutes of Health National Eye Institute; Notice of Closed Meeting Pursuant to section 10(d) of the Federal Advisory Committee Act, as amended (5 U.S.C. App.), notice is hereby given of the following meeting. The meeting will be closed to the public in accordance with the provisions set forth in sections 552b(c)(4) and 552b(c)(6), Title 5 U.S.C., as amended. The grant applications and the discussions could disclose confidential trade secrets or commercial property such as patentable material, and personal information concerning individuals associated with the grant applications, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy. Name of Committee: National Eye Institute Special Emphasis Panel, NEI Cornea and Anterior Eye Grant Applications. Date: July 21, 2014. Time: 10:00 a.m. to 1:00 p.m. Agenda: To review and evaluate grant applications. Place: National Institutes of Health, 5635 Fishers Lane, Bethesda, MD 20892 (Telephone Conference Call). Contact Person: Anne E Schaffner, Ph.D., Chief, Scientific Review Branch Division of Extramural Research, National Eye Institute, 5635 Fishers Lane, Suite 1300, MSC 9300, Bethesda, MD 20892–9300, (301) 451–2020, aes@nei.nih.gov. (Catalogue of Federal Domestic Assistance Program Nos. 93.867, Vision Research, National Institutes of Health, HHS). Dated: June 12, 2014. David Clary, Program Analyst, Office of Federal Advisory Committee Policy. [FR Doc. 2014–14109 Filed 6–16–14; 8:45 am] BILLING CODE 4140–01–P DEPARTMENT OF HEALTH AND HUMAN SERVICES National Institutes of Health Eunice Kennedy Shriver National Institute of Child Health & Human Development; Notice of Closed Meetings Pursuant to section 10(d) of the Federal Advisory Committee Act, as amended (5 U.S.C. App.), notice is hereby given of the following meetings. The meetings will be closed to the public in accordance with the provisions set forth in sections 552b(c)(4) and 552b(c)(6), Title 5 U.S.C., as amended. The grant applications and E:\FR\FM\17JNN1.SGM 17JNN1

Agencies

[Federal Register Volume 79, Number 116 (Tuesday, June 17, 2014)]
[Notices]
[Pages 34539-34542]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-14038]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Medicare and Medicaid Services


Privacy Act of 1974; Report of New System of Records

AGENCY: Centers for Medicare & Medicaid Services (CMS), Department of 
Health and Human Services (HHS).

ACTION: Notice of New System of Records (SOR).

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, we are proposing to establish a new SOR, titled ``CMS Encounter 
Data System (EDS)'', System No. 09-70-0506. CMS intends to collect 
encounter data, or data on each item or service delivered to enrollees 
of Medicare Advantage (MA) plans offered by MA organizations as defined 
at Title 42, Code of Federal Regulation (CFR), Sec.  422.4. Pursuant to 
42 CFR 422.310, each MA organization must submit encounter data to CMS 
that is used to determine the risk adjustment factors for payment, 
updating the risk adjustment model, calculating Medicare 
Disproportionate Share Hospital (DSH) percentages, Medicare coverage 
purposes, and quality review and improvement activities. Encounter data 
will be collected and maintained in the EDS.
    Under the authority granted in Section 1115 of the Social Security 
Act (the Act), CMS is authorized to conduct experimental, pilot or 
demonstration

[[Page 34540]]

projects. CMS is conducting a demonstration project under the Financial 
Alignment Initiative to test a new capitated payment system and item/
service delivery model designed to lower costs and improve the quality 
of care for individuals eligible for both Medicare and Medicaid (dual 
eligibles). CMS and the participating State Medicaid agency jointly 
contract with health plans (known as Medicare-Medicaid Plans or 
``MMPs''). MMPs are paid monthly on a capitated basis and are required 
to submit to CMS comprehensive encounter data on each item or service 
provided to each enrollee, including both Medicare and Medicaid items 
and services. The program and the SOR are more thoroughly described in 
the Supplemental Information section and System of Records Notice 
(SORN), below.

DATES: Effective 30 days after publication. Written comments should be 
submitted on or before the effective date. HHS/CMS/CM may publish an 
amended SORN in light of any comments received.

ADDRESSES: The public should send comments to: CMS Privacy Officer, 
Division of Privacy Policy, Privacy Policy and Compliance Group, Office 
of E-Health Standards and Services, Offices of Enterprise Management, 
CMS, Room S2-24-25, 7500 Security Boulevard, Baltimore, Maryland 21244-
1850. Comments received will be available for review at this location, 
by appointment, during regular business hours, Monday through Friday 
from 9:00 a.m.-3:00 p.m., Eastern Time zone.

FOR FURTHER INFORMATION CONTACT: Shari Kosko, Division of Encounter 
Data and Risk Adjustment Operations, Medicare Plan Payment Group, 
Center for Medicare, Centers for Medicare & Medicaid Services, Mail 
Stop C1-13-07, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. 
The telephone number is (410) 786-6159 or email: 
Shari.Kosko@cms.hhs.gov.

SUPPLEMENTARY INFORMATION: Medicare beneficiaries who receive both Part 
A and Part B benefits may elect to receive their Medicare coverage by 
enrolling in a plan offered by a MA organization or certain other 
Medicare private plans. MA plans must provide all Medicare-covered 
items and services, and may also provide additional benefits not 
covered by Original Medicare. CMS pays MA organizations on a monthly 
capitated rate for each beneficiary enrolled, and the MA organizations 
are responsible for paying providers for items and services that are 
provided to enrolled beneficiaries. All MA organizations are required 
to submit encounter data that CMS uses to adjust the advanced monthly 
payments made to the MA organization.
    CMS will collect encounter data for all items and services provided 
to MA plan enrollees covered by all MA organizations in the states 
where the demonstration projects are being conducted. In the case of 
cost plans, only encounter data for items and services covered by the 
plans will be collected. None of the data that will be included in the 
EDS will come from Medicare Part A or Part B data, nor will any 
additional identifiers be provided in the EDS data submitted by the MA 
organizations. However, the data submitted to EDS will be provided into 
the Integrated Data Repository (IDR) and will be available along with 
Medicare Part A and Part B data.
    Beginning with calendar year 2007, 100 percent of monthly payments 
to MA organizations have been subject to adjustment based on risk 
adjustment factors. Given the increased importance of the accuracy of 
our risk adjustment methodology, CMS amended 42 CFR 422.310 in August 
of 2008 to authorize the collection of data from MA organizations 
regarding each item and service provided to a MA plan enrollee. Once 
encounter data for MA enrollees are available in the EDS, CMS will have 
beneficiary-specific information on the utilization of items and 
services by MA plan enrollees. These data will primarily be used to 
develop and calibrate the CMS hierarchical condition categories (CMS-
HCC) for risk adjustment models using MA patterns of diagnoses and 
expenditures. These new models will be used to calculate the risk 
adjustment factors used to adjust advanced monthly payments to MA plans 
made by CMS on behalf of beneficiaries. The data will also be used for 
other purposes such as calculating Disproportionate Share Hospital 
(DSH) payments and quality improvement activities, etc. as outlined in 
42 CFR 422.310(f).
    The types of MA organizations that CMS collects encounter data from 
include: coordinated care plans (including Special Needs Plans), 
private fee for service plans, and a combination of a MA Medical 
Savings Account (MSA) and a contribution into a MA MSA established in 
accordance with 42 CFR 422.262. These categories also include Medicare 
Advantage-Prescription Drug plans, Program-of-All-Inclusive-Care-for-
the-Elderly-(PACE) organizations, Employer Group Health Plans (EGHPs), 
Section 1833 health care prepayment plans (HCPPs) and Section 1876 
plans operated by an HMO or Competitive Medical Plan (HMO/CMP) (42 
U.S.C. 1833 and 42 U.S.C. 1876, referred to collectively as ``cost 
plans'').
    The encounter data that CMS collects includes, the identity of the 
Medicare beneficiary, the provider, the place of service, and the item 
or service provided. In addition to identifying information about the 
beneficiary and provider, other significant data elements submitted by 
the MA organization include, claim pricing information, contact 
information, service provider information, revenue center codes, 
modifiers, Healthcare Common Procedure Coding System (HCPCS) codes, and 
Current Procedural Terminology (CPT) codes.

The Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the 
United States Government maintains personally identifiable information 
(PII) in a system of records. A ``system of records'' is a group of any 
records under the control of a Federal agency from which information 
about individuals is retrieved by name or other personal identifier. 
The Privacy Act requires each agency to publish in the Federal Register 
a system of records notice (SORN) identifying and describing each 
system of records the agency maintains, including a description of the 
categories of records maintained in the system, the source(s) of 
records in the system, the purposes for which the agency uses PII in 
the system, the routine uses for which the agency discloses such 
information outside the agency, and how individual record subjects can 
exercise their rights under the Privacy Act (e.g., to determine if the 
system contains information about them).
SYSTEM NUMBER: 09-70-0506

SYSTEM NAME:
    CMS Encounter Data System (EDS), HHS/CMS/CM.

SECURITY CLASSIFICATION:
    Sensitive, unclassified.

SYSTEM LOCATION:
    CMS Data Center, 7500 Security Boulevard, North Building, First 
Floor, Baltimore, Maryland 21244-1850; CDS Columbia Data Center EDC2, 
I-20 at Alpine Road, AA-278, Columbia, SC 29219; and at various 
contractor sites.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Information maintained in this system includes identifying 
information of individuals and beneficiaries who have enrolled in a MA 
plan (including coordinated care plans, Special Needs

[[Page 34541]]

Plans, private fee for service plans, Medicare Medical Savings 
Accounts, PACE organizations, MMPs, and MA-PD plans) (Medicare 
Advantage plus Part D plans) (collectively, ``MA plan enrollees''), 
whose information is reported by a Medicare provider, supplier, 
physician, or other practitioner. It also includes identifying 
information of those health care professionals who provide the items or 
services to individuals during a service year.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains the name and other identifying information of 
the MA plan enrollee, beneficiary; and the name, work address, work 
phone number, social security number, National Provider Identification 
Number (NPI) of servicing providers, supplier, physician, or other 
practitioner. CMS will collect the admission date, discharge date, 
health insurance claim number (HICN), Medicare hospital number/CCN (CMS 
Certification Number) and other identifying demographics of individuals 
necessary to characterize the context and purposes of each item and 
service provided to a Medicare enrollee by a provider, supplier, 
physician, or other practitioner. MA plans will make data collection 
changes from 5 data elements currently collected to all of the required 
data elements on the HIPAA 5010 version of the X12 standards.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Section 1853(a)(3)(B) of the Act requires that MA organizations and 
certain other private Medicare plans submit data regarding inpatient 
hospital and other services that CMS deems necessary to risk adjust 
these payments. The final 2009 Inpatient Prospective Payment System 
rule (73 FR 48757, August 19, 2008) modified 42 CFR 422.310 to clarify 
that the Secretary has the authority to require MA organizations and 
other private plans to submit encounter data for each item and service 
provided to a MA plan enrollee. Information for the Financial Alignment 
Initiative is being collected from MA plans that provide an integrated 
set of Medicare and Medicaid services through the demonstration project 
authorized under section 1115 of the Act.

PURPOSE(S) OF THE SYSTEM:
    The primary purpose of the SOR is to collect and maintain encounter 
data for each item and service provided to MA plan enrollees reported 
by a Medicare provider, supplier, physician, or other practitioner. CMS 
will collect information necessary to determine the risk adjustment 
factors used to adjust payments, calculate Medicare DSH percentages, 
conduct quality review and improvement activities, and for other 
Medicare coverage purposes. Information retrieved from this SOR will 
also be disseminated or disclosed to: (1) Support regulatory, 
reimbursement, and policy functions performed within the Agency or by a 
contractor, consultant, or a CMS grantee; (2) assist another Federal 
agency, agency of a state government, an agency established by state 
law, or its fiscal agent; (3) assist MA plans with required collection 
of encounter data obtained from the provider, supplier, physician, or 
other practitioner that furnished the item or service; (4) support an 
individual or organization for a research; (5) support litigation 
involving the Agency related to this SOR; (6) to assist a contractor 
combat fraud, waste, and abuse in certain health care programs; (7) to 
assist another Federal agency combat fraud, waste, and abuse; (8) to 
assist appropriate Federal agencies and CMS contractors and consultants 
to assist in CMS' efforts to respond to a suspected or confirmed 
breach; (9) assist the U.S. Department of Homeland Security (DHS) cyber 
security personnel; and (10) assist with emergency preparedness.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OR USERS AND THE PURPOSES OF SUCH USES:
Entities Who May Receive Disclosures Under Routine Uses
    These routine uses specify circumstances, in addition to those 
provided by statute in the Privacy Act of 1974, under which CMS may 
release information from the EDS without the consent of the individual 
to whom such information pertains. Each proposed disclosure of 
information under these routine uses will be evaluated to ensure that 
the disclosure is legally permissible under 42 CFR 422.310, including 
but not limited to ensuring that the purpose of the disclosure is 
compatible with the purpose for which the information was collected. We 
propose to establish the following routine use disclosures of 
information maintained in the system:
    1. To Agency contractors, consultants, or CMS grantees who have 
been engaged by the Agency in order to support them in accomplishment 
of a CMS function relating to the purposes for this collection and who 
need to have access to the records in order to assist CMS.
    2. To another Federal agency, agency of a state government, an 
agency established by state law, or its fiscal agent in order to:
    a. Contribute to the accuracy of CMS' proper payment of Medicare 
benefits,
    b. enable such agency to administer a Federal health benefits 
program, or as necessary to enable such agency to fulfill a requirement 
of a Federal statute or regulation that implements a health benefits 
program funded in whole or in part with Federal funds, and/or
    c. fulfill oversight, regulatory, or policy functions performed by 
such agency.
    3. To assist MA plans with the required collection of encounter 
data, which is to be obtained from the provider, supplier, physician, 
or other practitioner that furnished the item or service.
    4. To an individual or organization to support or assist them with 
(a) a research, evaluation or epidemiological project related to the 
prevention of disease or disability, the restoration or maintenance of 
health, (b) payment related projects, and (c) analysis of the provision 
of health services.
    5. To provide information to the U.S. Department of Justice (DOJ), 
a court, or an adjudicatory body when (a) CMS or any component thereof, 
or (b) any employee of CMS in his or her official capacity, or (c) any 
employee of CMS in his or her individual capacity where the DOJ has 
agreed to represent the employee, or (d) the United States Government, 
is a party to litigation or has an interest in such litigation, and by 
careful review, CMS determines that the records are both relevant and 
necessary to the litigation and that the use of such records by the 
DOJ, court, or adjudicatory body is compatible with the purpose for 
which the agency collected the records.
    6. To a CMS contractor (including but not limited to Medicare 
Administrative Contractors) that assists in the administration of a 
CMS-administered health benefits program, or to a grantee of a CMS-
administered grant program, when disclosure is deemed reasonably 
necessary by CMS to prevent, deter, discover, detect, investigate, 
examine, prosecute, sue with respect to, defend against, correct, 
remedy, or otherwise combat fraud, waste or abuse in such program.
    7. To another Federal agency or to an instrumentality of any 
governmental jurisdiction within or under the control of the United 
States (including any state or local governmental agency), that 
administers or that has the authority to investigate potential fraud, 
waste or abuse in a health benefits program funded in whole or in part 
by Federal funds, when disclosure is deemed reasonably necessary by CMS 
to prevent, deter, discover, detect,

[[Page 34542]]

investigate, examine, prosecute, sue with respect to, defend against, 
correct, remedy, or otherwise combat fraud, waste or abuse in such 
programs.
    8. To appropriate Federal agencies and CMS contractors and 
consultants that have a need to know the information for the purpose of 
assisting CMS' efforts to respond to a suspected or confirmed breach of 
the security or confidentiality of information maintained in this SOR, 
provided that the information disclosed is relevant and necessary for 
that assistance.
    9. To the U.S. Department of Homeland Security (DHS) cyber security 
personnel, if captured in an intrusion detection system used by HHS and 
DHS pursuant to the Einstein 2 programs.
    10. To disclose the personally identifiable information of MA plan 
enrollees to public health authorities, and those entities acting under 
a delegation of authority from a public health authority, when 
requesting such information to carry out statutorily-authorized public 
health activities pertaining to emergency preparedness and response. 
Disclosures under this routine use will be limited to ``public health 
authorities'', ``public health activities'', and ``minimum necessary 
data'', as defined in the HIPAA Privacy Rule (45 CFR 154.502, 
164.512(b), 164.502(b) and 164.514(d)(3)(iii)(A)).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM
STORAGE:
    All records are stored on magnetic media.

RETRIEVABILITY:
    All records are accessible by NPI/NPPES or by beneficiary HICN. 
This system supports both on-line and batch access. The EDS system 
itself does not provide reporting capabilities. All reporting 
functionality can be found in the IDR.

SAFEGUARDS:
    Personnel having access to the system have been trained in the 
Privacy Act and information security requirements. Employees who 
maintain records in this system are instructed not to release data 
until the intended recipient agrees to implement appropriate 
management, operational, and technical safeguards sufficient to protect 
the confidentiality, integrity and availability of the information and 
information systems, and to prevent unauthorized access. Access to 
records in the EDS will be limited to CMS personnel and approved 
contractors.

RETENTION AND DISPOSAL:
    Records containing PII will be maintained for a period of up to 10 
years after entry in the database. Any such records that are needed 
longer, such as to resolve claims and audit exceptions or to prosecute 
fraud, will be retained until such matters are resolved. Enrollee 
claims records are currently subject to a document preservation order 
and will be preserved indefinitely pending further notice from the DOJ.

SYSTEM MANAGER AND ADDRESS:
    Director, Division of Risk Adjustment Payment and Policy, Medicare 
Plan Payment Group, Center for Medicare, Centers for Medicare & 
Medicaid Services.

NOTIFICATION PROCEDURE:
    Individuals wishing to know if this system contains records about 
them should write to the system managers and include the pertinent 
personal identifier used for retrieval of their records (i.e., TIN, NPI 
or HICN).

RECORD ACCESS PROCEDURE:
    Individuals seeking access to records about them in this system 
should follow the same instructions indicated under ``Notification 
Procedure'' and reasonably specify the record contents being sought. 
(These procedures are in accordance with HHS Privacy Act regulations at 
45 CFR 5b.5 (a)(2)).

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest the content of information about 
them in this system should follow the same instructions indicated under 
``Notification Procedure.'' The request should reasonably identify the 
record and specify the information being contested; state the 
corrective actions sought, and provide the reasons for the correction, 
with supporting justification. (These procedures are in accordance with 
HHS Privacy Act regulations at 45 CFR 5b.7).

RECORD SOURCE CATEGORIES:
    Sources of information contained in this records system include 
data collected from MA organizations and encounter data obtained from 
the provider, supplier, physician, or other practitioner that furnished 
the item or service.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.

Celeste Dade-Vinson,
Health Insurance Specialist, Centers for Medicare & Medicaid Services.
[FR Doc. 2014-14038 Filed 6-16-14; 8:45 am]
BILLING CODE 4120-03-P