Privacy Act of 1974; Report of New System of Records, 34539-34542 [2014-14038]
Download as PDF
<![CDATA[
tkelley on DSK3SPTVN1PROD with NOTICES
Federal Register / Vol. 79, No. 116 / Tuesday, June 17, 2014 / Notices
ClinicalTrials.gov along with the
ClinicalTrials.gov trial number.
• For completed studies that do not
have results on ClinicalTrials.gov, a
summary, including the following
elements: Study number, study period,
design, methodology, indication and
diagnosis, proper use instructions,
inclusion and exclusion criteria,
primary and secondary outcomes,
baseline characteristics, number of
patients screened/eligible/enrolled/lost
to follow-up/withdrawn/analyzed,
effectiveness/efficacy, and safety results.
• A list of ongoing studies your
company has sponsored for this
indication. In the list, please provide the
ClinicalTrials.gov trial number or, if the
trial is not registered, the protocol for
the study including a study number, the
study period, design, methodology,
indication and diagnosis, proper use
instructions, inclusion and exclusion
criteria, and primary and secondary
outcomes.
• Description of whether the above
studies constitute ALL Phase II and
above clinical trials sponsored by your
company for this indication and an
index outlining the relevant information
in each submitted file.
Your contribution is very beneficial to
the Program. The contents of all
submissions will be made available to
the public upon request. Materials
submitted must be publicly available or
can be made public. Materials that are
considered confidential; marketing
materials; study types not included in
the review; or information on
indications not included in the review
cannot be used by the Effective Health
Care Program. This is a voluntary
request for information, and all costs for
complying with this request must be
borne by the submitter.
The draft of this review will be posted
on AHRQ’s EHC program Web site and
available for public comment for a
period of 4 weeks. If you would like to
be notified when the draft is posted,
please sign up for the email list at:
https://effectivehealthcare.AHRQ.gov/
index.cfm/join-the-email-list1/.
The systematic review will answer the
following questions. This information is
provided as background. AHRQ is not
requesting that the public provide
answers to these questions. The entire
research protocol, is also available
online at: https://effectivehealth
care.AHRQ.gov/search-for-guidesreviews-and-reports/
?pageaction=displayproduct&
productID=1906#8766.
Key Questions (KQs)
1. What methods are available to
clinicians to diagnose ME/CFS and how
VerDate Mar<15>2010
16:43 Jun 16, 2014
Jkt 232001
do the use of these methods vary by
patient subgroups?
A. What are widely accepted
diagnostic methods and what conditions
are required to be ruled out or excluded
before assigning a diagnosis of ME/CFS?
B. What is the accuracy and
concordance of diagnostic methods?
C. What harms are associated with
diagnosing ME/CFS?
2. What are the (a) benefits and (b)
harms of therapeutic interventions for
patients with ME/CFS and how do they
vary by patient subgroups?
A. What are the characteristics of
responders and non-responders to
interventions?
PICOTS (Population, Intervention,
Comparator(s), Outcomes, Timing,
Setting)
Population(s)
1. Include:
A. For KQ 1: Symptomatic adults (aged
18 years or older) with fatigue
B. For KQ 2: Adults aged 18 years or
older, with ME/CFS, without other
underlying diagnosis
2. Exclude:
A. Children and adolescents
B. Patients with other underlying
diagnosis
Interventions
1. Include:
A. For KQ1: Case definitions: e.g.,
Fukada/CDC, Canadian, International
and others
For KQ2: symptom-based medication
management (immune modulators,
beta blockers, antidepressants,
anxiolytics, stimulants), forms of
counseling and behavior therapy,
graded exercise programs,
complementary and alternative
medicine (acupuncture, relaxation,
massage, or other), and
transcutaneous electrical nerve
stimulation.
Comparators
1. Include:
A. For KQ1: Diagnostic accuracy studies
and diagnostic concordance studies
with comparators
B. For KQ2: Placebo or no treatment/
usual care, other active interventions
(including combination therapies and
head-to-head trials)
Outcomes
1. Include:
A. For KQ1: Sensitivity, specificity,
positive predictive value, negative
predictive value, positive likelihood
ratio, negative likelihood ratio, C
statistic (AUROC), net reclassification
PO 00000
Frm 00054
Fmt 4703
Sfmt 4703
34539
index; concordance, any potential
harm from diagnosis (such as
psychological harms, labeling, risk
from diagnostic test, misdiagnosis,
other)
B. For KQ2: Overall function (i.e., 36item Short Form Survey [SF–36]),
quality of life, days spent at work/
school, proportion working full or
part time, fatigue (Multidimensional
Fatigue Inventory [MFI] or similar),
adverse effects of interventions,
withdrawals and withdrawals due to
adverse events, rates of adverse events
due to interventions
Timing
1. Include: 12 weeks or longer
Setting
1. Include: Clinical settings
Dated: June 3, 2014.
Richard Kronick,
AHRQ Director.
[FR Doc. 2014–14084 Filed 6–16–14; 8:45 am]
BILLING CODE 4160–90–M
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Medicare and Medicaid
Services
Privacy Act of 1974; Report of New
System of Records
Centers for Medicare &
Medicaid Services (CMS), Department
of Health and Human Services (HHS).
ACTION: Notice of New System of
Records (SOR).
AGENCY:
In accordance with the
requirements of the Privacy Act of 1974,
we are proposing to establish a new
SOR, titled ‘‘CMS Encounter Data
System (EDS)’’, System No. 09–70–0506.
CMS intends to collect encounter data,
or data on each item or service delivered
to enrollees of Medicare Advantage
(MA) plans offered by MA organizations
as defined at Title 42, Code of Federal
Regulation (CFR), § 422.4. Pursuant to
42 CFR 422.310, each MA organization
must submit encounter data to CMS that
is used to determine the risk adjustment
factors for payment, updating the risk
adjustment model, calculating Medicare
Disproportionate Share Hospital (DSH)
percentages, Medicare coverage
purposes, and quality review and
improvement activities. Encounter data
will be collected and maintained in the
EDS.
Under the authority granted in
Section 1115 of the Social Security Act
(the Act), CMS is authorized to conduct
experimental, pilot or demonstration
SUMMARY:
E:\FR\FM\17JNN1.SGM
17JNN1
tkelley on DSK3SPTVN1PROD with NOTICES
34540
Federal Register / Vol. 79, No. 116 / Tuesday, June 17, 2014 / Notices
projects. CMS is conducting a
demonstration project under the
Financial Alignment Initiative to test a
new capitated payment system and
item/service delivery model designed to
lower costs and improve the quality of
care for individuals eligible for both
Medicare and Medicaid (dual eligibles).
CMS and the participating State
Medicaid agency jointly contract with
health plans (known as MedicareMedicaid Plans or ‘‘MMPs’’). MMPs are
paid monthly on a capitated basis and
are required to submit to CMS
comprehensive encounter data on each
item or service provided to each
enrollee, including both Medicare and
Medicaid items and services. The
program and the SOR are more
thoroughly described in the
Supplemental Information section and
System of Records Notice (SORN),
below.
DATES: Effective 30 days after
publication. Written comments should
be submitted on or before the effective
date. HHS/CMS/CM may publish an
amended SORN in light of any
comments received.
ADDRESSES: The public should send
comments to: CMS Privacy Officer,
Division of Privacy Policy, Privacy
Policy and Compliance Group, Office of
E-Health Standards and Services,
Offices of Enterprise Management, CMS,
Room S2–24–25, 7500 Security
Boulevard, Baltimore, Maryland 21244–
1850. Comments received will be
available for review at this location, by
appointment, during regular business
hours, Monday through Friday from
9:00 a.m.–3:00 p.m., Eastern Time zone.
FOR FURTHER INFORMATION CONTACT:
Shari Kosko, Division of Encounter Data
and Risk Adjustment Operations,
Medicare Plan Payment Group, Center
for Medicare, Centers for Medicare &
Medicaid Services, Mail Stop C1–13–07,
7500 Security Boulevard, Baltimore,
Maryland 21244–1850. The telephone
number is (410) 786–6159 or email:
Shari.Kosko@cms.hhs.gov.
SUPPLEMENTARY INFORMATION: Medicare
beneficiaries who receive both Part A
and Part B benefits may elect to receive
their Medicare coverage by enrolling in
a plan offered by a MA organization or
certain other Medicare private plans.
MA plans must provide all Medicarecovered items and services, and may
also provide additional benefits not
covered by Original Medicare. CMS
pays MA organizations on a monthly
capitated rate for each beneficiary
enrolled, and the MA organizations are
responsible for paying providers for
items and services that are provided to
enrolled beneficiaries. All MA
VerDate Mar<15>2010
16:43 Jun 16, 2014
Jkt 232001
organizations are required to submit
encounter data that CMS uses to adjust
the advanced monthly payments made
to the MA organization.
CMS will collect encounter data for
all items and services provided to MA
plan enrollees covered by all MA
organizations in the states where the
demonstration projects are being
conducted. In the case of cost plans,
only encounter data for items and
services covered by the plans will be
collected. None of the data that will be
included in the EDS will come from
Medicare Part A or Part B data, nor will
any additional identifiers be provided in
the EDS data submitted by the MA
organizations. However, the data
submitted to EDS will be provided into
the Integrated Data Repository (IDR) and
will be available along with Medicare
Part A and Part B data.
Beginning with calendar year 2007,
100 percent of monthly payments to MA
organizations have been subject to
adjustment based on risk adjustment
factors. Given the increased importance
of the accuracy of our risk adjustment
methodology, CMS amended 42 CFR
422.310 in August of 2008 to authorize
the collection of data from MA
organizations regarding each item and
service provided to a MA plan enrollee.
Once encounter data for MA enrollees
are available in the EDS, CMS will have
beneficiary-specific information on the
utilization of items and services by MA
plan enrollees. These data will
primarily be used to develop and
calibrate the CMS hierarchical condition
categories (CMS–HCC) for risk
adjustment models using MA patterns of
diagnoses and expenditures. These new
models will be used to calculate the risk
adjustment factors used to adjust
advanced monthly payments to MA
plans made by CMS on behalf of
beneficiaries. The data will also be used
for other purposes such as calculating
Disproportionate Share Hospital (DSH)
payments and quality improvement
activities, etc. as outlined in 42 CFR
422.310(f).
The types of MA organizations that
CMS collects encounter data from
include: coordinated care plans
(including Special Needs Plans), private
fee for service plans, and a combination
of a MA Medical Savings Account
(MSA) and a contribution into a MA
MSA established in accordance with 42
CFR 422.262. These categories also
include Medicare AdvantagePrescription Drug plans, Program-of-AllInclusive-Care-for-the-Elderly-(PACE)
organizations, Employer Group Health
Plans (EGHPs), Section 1833 health care
prepayment plans (HCPPs) and Section
1876 plans operated by an HMO or
PO 00000
Frm 00055
Fmt 4703
Sfmt 4703
Competitive Medical Plan (HMO/CMP)
(42 U.S.C. 1833 and 42 U.S.C. 1876,
referred to collectively as ‘‘cost plans’’).
The encounter data that CMS collects
includes, the identity of the Medicare
beneficiary, the provider, the place of
service, and the item or service
provided. In addition to identifying
information about the beneficiary and
provider, other significant data elements
submitted by the MA organization
include, claim pricing information,
contact information, service provider
information, revenue center codes,
modifiers, Healthcare Common
Procedure Coding System (HCPCS)
codes, and Current Procedural
Terminology (CPT) codes.
The Privacy Act
The Privacy Act (5 U.S.C. 552a)
governs the means by which the United
States Government maintains personally
identifiable information (PII) in a system
of records. A ‘‘system of records’’ is a
group of any records under the control
of a Federal agency from which
information about individuals is
retrieved by name or other personal
identifier. The Privacy Act requires each
agency to publish in the Federal
Register a system of records notice
(SORN) identifying and describing each
system of records the agency maintains,
including a description of the categories
of records maintained in the system, the
source(s) of records in the system, the
purposes for which the agency uses PII
in the system, the routine uses for
which the agency discloses such
information outside the agency, and
how individual record subjects can
exercise their rights under the Privacy
Act (e.g., to determine if the system
contains information about them).
SYSTEM NUMBER: 09–70–0506
SYSTEM NAME:
CMS Encounter Data System (EDS),
HHS/CMS/CM.
SECURITY CLASSIFICATION:
Sensitive, unclassified.
SYSTEM LOCATION:
CMS Data Center, 7500 Security
Boulevard, North Building, First Floor,
Baltimore, Maryland 21244–1850; CDS
Columbia Data Center EDC2, I–20 at
Alpine Road, AA–278, Columbia, SC
29219; and at various contractor sites.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Information maintained in this system
includes identifying information of
individuals and beneficiaries who have
enrolled in a MA plan (including
coordinated care plans, Special Needs
E:\FR\FM\17JNN1.SGM
17JNN1
Federal Register / Vol. 79, No. 116 / Tuesday, June 17, 2014 / Notices
Plans, private fee for service plans,
Medicare Medical Savings Accounts,
PACE organizations, MMPs, and MA–
PD plans) (Medicare Advantage plus
Part D plans) (collectively, ‘‘MA plan
enrollees’’), whose information is
reported by a Medicare provider,
supplier, physician, or other
practitioner. It also includes identifying
information of those health care
professionals who provide the items or
services to individuals during a service
year.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains the name and
other identifying information of the MA
plan enrollee, beneficiary; and the
name, work address, work phone
number, social security number,
National Provider Identification Number
(NPI) of servicing providers, supplier,
physician, or other practitioner. CMS
will collect the admission date,
discharge date, health insurance claim
number (HICN), Medicare hospital
number/CCN (CMS Certification
Number) and other identifying
demographics of individuals necessary
to characterize the context and purposes
of each item and service provided to a
Medicare enrollee by a provider,
supplier, physician, or other
practitioner. MA plans will make data
collection changes from 5 data elements
currently collected to all of the required
data elements on the HIPAA 5010
version of the X12 standards.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
tkelley on DSK3SPTVN1PROD with NOTICES
Section 1853(a)(3)(B) of the Act
requires that MA organizations and
certain other private Medicare plans
submit data regarding inpatient hospital
and other services that CMS deems
necessary to risk adjust these payments.
The final 2009 Inpatient Prospective
Payment System rule (73 FR 48757,
August 19, 2008) modified 42 CFR
422.310 to clarify that the Secretary has
the authority to require MA
organizations and other private plans to
submit encounter data for each item and
service provided to a MA plan enrollee.
Information for the Financial Alignment
Initiative is being collected from MA
plans that provide an integrated set of
Medicare and Medicaid services
through the demonstration project
authorized under section 1115 of the
Act.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of the SOR is to
collect and maintain encounter data for
each item and service provided to MA
plan enrollees reported by a Medicare
provider, supplier, physician, or other
practitioner. CMS will collect
VerDate Mar<15>2010
16:43 Jun 16, 2014
Jkt 232001
information necessary to determine the
risk adjustment factors used to adjust
payments, calculate Medicare DSH
percentages, conduct quality review and
improvement activities, and for other
Medicare coverage purposes.
Information retrieved from this SOR
will also be disseminated or disclosed
to: (1) Support regulatory,
reimbursement, and policy functions
performed within the Agency or by a
contractor, consultant, or a CMS
grantee; (2) assist another Federal
agency, agency of a state government, an
agency established by state law, or its
fiscal agent; (3) assist MA plans with
required collection of encounter data
obtained from the provider, supplier,
physician, or other practitioner that
furnished the item or service; (4)
support an individual or organization
for a research; (5) support litigation
involving the Agency related to this
SOR; (6) to assist a contractor combat
fraud, waste, and abuse in certain health
care programs; (7) to assist another
Federal agency combat fraud, waste, and
abuse; (8) to assist appropriate Federal
agencies and CMS contractors and
consultants to assist in CMS’ efforts to
respond to a suspected or confirmed
breach; (9) assist the U.S. Department of
Homeland Security (DHS) cyber security
personnel; and (10) assist with
emergency preparedness.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OR USERS AND
THE PURPOSES OF SUCH USES:
ENTITIES WHO MAY RECEIVE DISCLOSURES UNDER
ROUTINE USES
These routine uses specify
circumstances, in addition to those
provided by statute in the Privacy Act
of 1974, under which CMS may release
information from the EDS without the
consent of the individual to whom such
information pertains. Each proposed
disclosure of information under these
routine uses will be evaluated to ensure
that the disclosure is legally permissible
under 42 CFR 422.310, including but
not limited to ensuring that the purpose
of the disclosure is compatible with the
purpose for which the information was
collected. We propose to establish the
following routine use disclosures of
information maintained in the system:
1. To Agency contractors, consultants,
or CMS grantees who have been engaged
by the Agency in order to support them
in accomplishment of a CMS function
relating to the purposes for this
collection and who need to have access
to the records in order to assist CMS.
2. To another Federal agency, agency
of a state government, an agency
established by state law, or its fiscal
agent in order to:
PO 00000
Frm 00056
Fmt 4703
Sfmt 4703
34541
a. Contribute to the accuracy of CMS’
proper payment of Medicare benefits,
b. enable such agency to administer a
Federal health benefits program, or as
necessary to enable such agency to
fulfill a requirement of a Federal statute
or regulation that implements a health
benefits program funded in whole or in
part with Federal funds, and/or
c. fulfill oversight, regulatory, or
policy functions performed by such
agency.
3. To assist MA plans with the
required collection of encounter data,
which is to be obtained from the
provider, supplier, physician, or other
practitioner that furnished the item or
service.
4. To an individual or organization to
support or assist them with (a) a
research, evaluation or epidemiological
project related to the prevention of
disease or disability, the restoration or
maintenance of health, (b) payment
related projects, and (c) analysis of the
provision of health services.
5. To provide information to the U.S.
Department of Justice (DOJ), a court, or
an adjudicatory body when (a) CMS or
any component thereof, or (b) any
employee of CMS in his or her official
capacity, or (c) any employee of CMS in
his or her individual capacity where the
DOJ has agreed to represent the
employee, or (d) the United States
Government, is a party to litigation or
has an interest in such litigation, and by
careful review, CMS determines that the
records are both relevant and necessary
to the litigation and that the use of such
records by the DOJ, court, or
adjudicatory body is compatible with
the purpose for which the agency
collected the records.
6. To a CMS contractor (including but
not limited to Medicare Administrative
Contractors) that assists in the
administration of a CMS-administered
health benefits program, or to a grantee
of a CMS-administered grant program,
when disclosure is deemed reasonably
necessary by CMS to prevent, deter,
discover, detect, investigate, examine,
prosecute, sue with respect to, defend
against, correct, remedy, or otherwise
combat fraud, waste or abuse in such
program.
7. To another Federal agency or to an
instrumentality of any governmental
jurisdiction within or under the control
of the United States (including any state
or local governmental agency), that
administers or that has the authority to
investigate potential fraud, waste or
abuse in a health benefits program
funded in whole or in part by Federal
funds, when disclosure is deemed
reasonably necessary by CMS to
prevent, deter, discover, detect,
E:\FR\FM\17JNN1.SGM
17JNN1
34542
Federal Register / Vol. 79, No. 116 / Tuesday, June 17, 2014 / Notices
investigate, examine, prosecute, sue
with respect to, defend against, correct,
remedy, or otherwise combat fraud,
waste or abuse in such programs.
8. To appropriate Federal agencies
and CMS contractors and consultants
that have a need to know the
information for the purpose of assisting
CMS’ efforts to respond to a suspected
or confirmed breach of the security or
confidentiality of information
maintained in this SOR, provided that
the information disclosed is relevant
and necessary for that assistance.
9. To the U.S. Department of
Homeland Security (DHS) cyber security
personnel, if captured in an intrusion
detection system used by HHS and DHS
pursuant to the Einstein 2 programs.
10. To disclose the personally
identifiable information of MA plan
enrollees to public health authorities,
and those entities acting under a
delegation of authority from a public
health authority, when requesting such
information to carry out statutorilyauthorized public health activities
pertaining to emergency preparedness
and response. Disclosures under this
routine use will be limited to ‘‘public
health authorities’’, ‘‘public health
activities’’, and ‘‘minimum necessary
data’’, as defined in the HIPAA Privacy
Rule (45 CFR 154.502, 164.512(b),
164.502(b) and 164.514(d)(3)(iii)(A)).
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM
All records are stored on magnetic
media.
RETRIEVABILITY:
All records are accessible by NPI/
NPPES or by beneficiary HICN. This
system supports both on-line and batch
access. The EDS system itself does not
provide reporting capabilities. All
reporting functionality can be found in
the IDR.
tkelley on DSK3SPTVN1PROD with NOTICES
SAFEGUARDS:
Personnel having access to the system
have been trained in the Privacy Act
and information security requirements.
Employees who maintain records in this
system are instructed not to release data
until the intended recipient agrees to
implement appropriate management,
operational, and technical safeguards
sufficient to protect the confidentiality,
integrity and availability of the
information and information systems,
and to prevent unauthorized access.
Access to records in the EDS will be
limited to CMS personnel and approved
contractors.
16:43 Jun 16, 2014
Jkt 232001
Records containing PII will be
maintained for a period of up to 10
years after entry in the database. Any
such records that are needed longer,
such as to resolve claims and audit
exceptions or to prosecute fraud, will be
retained until such matters are resolved.
Enrollee claims records are currently
subject to a document preservation
order and will be preserved indefinitely
pending further notice from the DOJ.
SYSTEM MANAGER AND ADDRESS:
Director, Division of Risk Adjustment
Payment and Policy, Medicare Plan
Payment Group, Center for Medicare,
Centers for Medicare & Medicaid
Services.
NOTIFICATION PROCEDURE:
Individuals wishing to know if this
system contains records about them
should write to the system managers
and include the pertinent personal
identifier used for retrieval of their
records (i.e., TIN, NPI or HICN).
RECORD ACCESS PROCEDURE:
Individuals seeking access to records
about them in this system should follow
the same instructions indicated under
‘‘Notification Procedure’’ and
reasonably specify the record contents
being sought. (These procedures are in
accordance with HHS Privacy Act
regulations at 45 CFR 5b.5 (a)(2)).
CONTESTING RECORD PROCEDURES:
STORAGE:
VerDate Mar<15>2010
RETENTION AND DISPOSAL:
Individuals seeking to contest the
content of information about them in
this system should follow the same
instructions indicated under
‘‘Notification Procedure.’’ The request
should reasonably identify the record
and specify the information being
contested; state the corrective actions
sought, and provide the reasons for the
correction, with supporting justification.
(These procedures are in accordance
with HHS Privacy Act regulations at 45
CFR 5b.7).
RECORD SOURCE CATEGORIES:
Sources of information contained in
this records system include data
collected from MA organizations and
encounter data obtained from the
provider, supplier, physician, or other
practitioner that furnished the item or
service.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS
OF THE ACT:
None.
Celeste Dade-Vinson,
Health Insurance Specialist, Centers for
Medicare & Medicaid Services.
[FR Doc. 2014–14038 Filed 6–16–14; 8:45 am]
BILLING CODE 4120–03–P
PO 00000
Frm 00057
Fmt 4703
Sfmt 4703
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
National Institutes of Health
National Eye Institute; Notice of Closed
Meeting
Pursuant to section 10(d) of the
Federal Advisory Committee Act, as
amended (5 U.S.C. App.), notice is
hereby given of the following meeting.
The meeting will be closed to the
public in accordance with the
provisions set forth in sections
552b(c)(4) and 552b(c)(6), Title 5 U.S.C.,
as amended. The grant applications and
the discussions could disclose
confidential trade secrets or commercial
property such as patentable material,
and personal information concerning
individuals associated with the grant
applications, the disclosure of which
would constitute a clearly unwarranted
invasion of personal privacy.
Name of Committee: National Eye Institute
Special Emphasis Panel, NEI Cornea and
Anterior Eye Grant Applications.
Date: July 21, 2014.
Time: 10:00 a.m. to 1:00 p.m.
Agenda: To review and evaluate grant
applications.
Place: National Institutes of Health, 5635
Fishers Lane, Bethesda, MD 20892
(Telephone Conference Call).
Contact Person: Anne E Schaffner, Ph.D.,
Chief, Scientific Review Branch Division of
Extramural Research, National Eye Institute,
5635 Fishers Lane, Suite 1300, MSC 9300,
Bethesda, MD 20892–9300, (301) 451–2020,
aes@nei.nih.gov.
(Catalogue of Federal Domestic Assistance
Program Nos. 93.867, Vision Research,
National Institutes of Health, HHS).
Dated: June 12, 2014.
David Clary,
Program Analyst, Office of Federal Advisory
Committee Policy.
[FR Doc. 2014–14109 Filed 6–16–14; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
National Institutes of Health
Eunice Kennedy Shriver National
Institute of Child Health & Human
Development; Notice of Closed
Meetings
Pursuant to section 10(d) of the
Federal Advisory Committee Act, as
amended (5 U.S.C. App.), notice is
hereby given of the following meetings.
The meetings will be closed to the
public in accordance with the
provisions set forth in sections
552b(c)(4) and 552b(c)(6), Title 5 U.S.C.,
as amended. The grant applications and
E:\FR\FM\17JNN1.SGM
17JNN1
]]>Agencies
[Federal Register Volume 79, Number 116 (Tuesday, June 17, 2014)]
[Notices]
[Pages 34539-34542]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-14038]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Medicare and Medicaid Services
Privacy Act of 1974; Report of New System of Records
AGENCY: Centers for Medicare & Medicaid Services (CMS), Department of
Health and Human Services (HHS).
ACTION: Notice of New System of Records (SOR).
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, we are proposing to establish a new SOR, titled ``CMS Encounter
Data System (EDS)'', System No. 09-70-0506. CMS intends to collect
encounter data, or data on each item or service delivered to enrollees
of Medicare Advantage (MA) plans offered by MA organizations as defined
at Title 42, Code of Federal Regulation (CFR), Sec. 422.4. Pursuant to
42 CFR 422.310, each MA organization must submit encounter data to CMS
that is used to determine the risk adjustment factors for payment,
updating the risk adjustment model, calculating Medicare
Disproportionate Share Hospital (DSH) percentages, Medicare coverage
purposes, and quality review and improvement activities. Encounter data
will be collected and maintained in the EDS.
Under the authority granted in Section 1115 of the Social Security
Act (the Act), CMS is authorized to conduct experimental, pilot or
demonstration
[[Page 34540]]
projects. CMS is conducting a demonstration project under the Financial
Alignment Initiative to test a new capitated payment system and item/
service delivery model designed to lower costs and improve the quality
of care for individuals eligible for both Medicare and Medicaid (dual
eligibles). CMS and the participating State Medicaid agency jointly
contract with health plans (known as Medicare-Medicaid Plans or
``MMPs''). MMPs are paid monthly on a capitated basis and are required
to submit to CMS comprehensive encounter data on each item or service
provided to each enrollee, including both Medicare and Medicaid items
and services. The program and the SOR are more thoroughly described in
the Supplemental Information section and System of Records Notice
(SORN), below.
DATES: Effective 30 days after publication. Written comments should be
submitted on or before the effective date. HHS/CMS/CM may publish an
amended SORN in light of any comments received.
ADDRESSES: The public should send comments to: CMS Privacy Officer,
Division of Privacy Policy, Privacy Policy and Compliance Group, Office
of E-Health Standards and Services, Offices of Enterprise Management,
CMS, Room S2-24-25, 7500 Security Boulevard, Baltimore, Maryland 21244-
1850. Comments received will be available for review at this location,
by appointment, during regular business hours, Monday through Friday
from 9:00 a.m.-3:00 p.m., Eastern Time zone.
FOR FURTHER INFORMATION CONTACT: Shari Kosko, Division of Encounter
Data and Risk Adjustment Operations, Medicare Plan Payment Group,
Center for Medicare, Centers for Medicare & Medicaid Services, Mail
Stop C1-13-07, 7500 Security Boulevard, Baltimore, Maryland 21244-1850.
The telephone number is (410) 786-6159 or email:
Shari.Kosko@cms.hhs.gov.
SUPPLEMENTARY INFORMATION: Medicare beneficiaries who receive both Part
A and Part B benefits may elect to receive their Medicare coverage by
enrolling in a plan offered by a MA organization or certain other
Medicare private plans. MA plans must provide all Medicare-covered
items and services, and may also provide additional benefits not
covered by Original Medicare. CMS pays MA organizations on a monthly
capitated rate for each beneficiary enrolled, and the MA organizations
are responsible for paying providers for items and services that are
provided to enrolled beneficiaries. All MA organizations are required
to submit encounter data that CMS uses to adjust the advanced monthly
payments made to the MA organization.
CMS will collect encounter data for all items and services provided
to MA plan enrollees covered by all MA organizations in the states
where the demonstration projects are being conducted. In the case of
cost plans, only encounter data for items and services covered by the
plans will be collected. None of the data that will be included in the
EDS will come from Medicare Part A or Part B data, nor will any
additional identifiers be provided in the EDS data submitted by the MA
organizations. However, the data submitted to EDS will be provided into
the Integrated Data Repository (IDR) and will be available along with
Medicare Part A and Part B data.
Beginning with calendar year 2007, 100 percent of monthly payments
to MA organizations have been subject to adjustment based on risk
adjustment factors. Given the increased importance of the accuracy of
our risk adjustment methodology, CMS amended 42 CFR 422.310 in August
of 2008 to authorize the collection of data from MA organizations
regarding each item and service provided to a MA plan enrollee. Once
encounter data for MA enrollees are available in the EDS, CMS will have
beneficiary-specific information on the utilization of items and
services by MA plan enrollees. These data will primarily be used to
develop and calibrate the CMS hierarchical condition categories (CMS-
HCC) for risk adjustment models using MA patterns of diagnoses and
expenditures. These new models will be used to calculate the risk
adjustment factors used to adjust advanced monthly payments to MA plans
made by CMS on behalf of beneficiaries. The data will also be used for
other purposes such as calculating Disproportionate Share Hospital
(DSH) payments and quality improvement activities, etc. as outlined in
42 CFR 422.310(f).
The types of MA organizations that CMS collects encounter data from
include: coordinated care plans (including Special Needs Plans),
private fee for service plans, and a combination of a MA Medical
Savings Account (MSA) and a contribution into a MA MSA established in
accordance with 42 CFR 422.262. These categories also include Medicare
Advantage-Prescription Drug plans, Program-of-All-Inclusive-Care-for-
the-Elderly-(PACE) organizations, Employer Group Health Plans (EGHPs),
Section 1833 health care prepayment plans (HCPPs) and Section 1876
plans operated by an HMO or Competitive Medical Plan (HMO/CMP) (42
U.S.C. 1833 and 42 U.S.C. 1876, referred to collectively as ``cost
plans'').
The encounter data that CMS collects includes, the identity of the
Medicare beneficiary, the provider, the place of service, and the item
or service provided. In addition to identifying information about the
beneficiary and provider, other significant data elements submitted by
the MA organization include, claim pricing information, contact
information, service provider information, revenue center codes,
modifiers, Healthcare Common Procedure Coding System (HCPCS) codes, and
Current Procedural Terminology (CPT) codes.
The Privacy Act
The Privacy Act (5 U.S.C. 552a) governs the means by which the
United States Government maintains personally identifiable information
(PII) in a system of records. A ``system of records'' is a group of any
records under the control of a Federal agency from which information
about individuals is retrieved by name or other personal identifier.
The Privacy Act requires each agency to publish in the Federal Register
a system of records notice (SORN) identifying and describing each
system of records the agency maintains, including a description of the
categories of records maintained in the system, the source(s) of
records in the system, the purposes for which the agency uses PII in
the system, the routine uses for which the agency discloses such
information outside the agency, and how individual record subjects can
exercise their rights under the Privacy Act (e.g., to determine if the
system contains information about them).
SYSTEM NUMBER: 09-70-0506
SYSTEM NAME:
CMS Encounter Data System (EDS), HHS/CMS/CM.
SECURITY CLASSIFICATION:
Sensitive, unclassified.
SYSTEM LOCATION:
CMS Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850; CDS Columbia Data Center EDC2,
I-20 at Alpine Road, AA-278, Columbia, SC 29219; and at various
contractor sites.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Information maintained in this system includes identifying
information of individuals and beneficiaries who have enrolled in a MA
plan (including coordinated care plans, Special Needs
[[Page 34541]]
Plans, private fee for service plans, Medicare Medical Savings
Accounts, PACE organizations, MMPs, and MA-PD plans) (Medicare
Advantage plus Part D plans) (collectively, ``MA plan enrollees''),
whose information is reported by a Medicare provider, supplier,
physician, or other practitioner. It also includes identifying
information of those health care professionals who provide the items or
services to individuals during a service year.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains the name and other identifying information of
the MA plan enrollee, beneficiary; and the name, work address, work
phone number, social security number, National Provider Identification
Number (NPI) of servicing providers, supplier, physician, or other
practitioner. CMS will collect the admission date, discharge date,
health insurance claim number (HICN), Medicare hospital number/CCN (CMS
Certification Number) and other identifying demographics of individuals
necessary to characterize the context and purposes of each item and
service provided to a Medicare enrollee by a provider, supplier,
physician, or other practitioner. MA plans will make data collection
changes from 5 data elements currently collected to all of the required
data elements on the HIPAA 5010 version of the X12 standards.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Section 1853(a)(3)(B) of the Act requires that MA organizations and
certain other private Medicare plans submit data regarding inpatient
hospital and other services that CMS deems necessary to risk adjust
these payments. The final 2009 Inpatient Prospective Payment System
rule (73 FR 48757, August 19, 2008) modified 42 CFR 422.310 to clarify
that the Secretary has the authority to require MA organizations and
other private plans to submit encounter data for each item and service
provided to a MA plan enrollee. Information for the Financial Alignment
Initiative is being collected from MA plans that provide an integrated
set of Medicare and Medicaid services through the demonstration project
authorized under section 1115 of the Act.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of the SOR is to collect and maintain encounter
data for each item and service provided to MA plan enrollees reported
by a Medicare provider, supplier, physician, or other practitioner. CMS
will collect information necessary to determine the risk adjustment
factors used to adjust payments, calculate Medicare DSH percentages,
conduct quality review and improvement activities, and for other
Medicare coverage purposes. Information retrieved from this SOR will
also be disseminated or disclosed to: (1) Support regulatory,
reimbursement, and policy functions performed within the Agency or by a
contractor, consultant, or a CMS grantee; (2) assist another Federal
agency, agency of a state government, an agency established by state
law, or its fiscal agent; (3) assist MA plans with required collection
of encounter data obtained from the provider, supplier, physician, or
other practitioner that furnished the item or service; (4) support an
individual or organization for a research; (5) support litigation
involving the Agency related to this SOR; (6) to assist a contractor
combat fraud, waste, and abuse in certain health care programs; (7) to
assist another Federal agency combat fraud, waste, and abuse; (8) to
assist appropriate Federal agencies and CMS contractors and consultants
to assist in CMS' efforts to respond to a suspected or confirmed
breach; (9) assist the U.S. Department of Homeland Security (DHS) cyber
security personnel; and (10) assist with emergency preparedness.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OR USERS AND THE PURPOSES OF SUCH USES:
Entities Who May Receive Disclosures Under Routine Uses
These routine uses specify circumstances, in addition to those
provided by statute in the Privacy Act of 1974, under which CMS may
release information from the EDS without the consent of the individual
to whom such information pertains. Each proposed disclosure of
information under these routine uses will be evaluated to ensure that
the disclosure is legally permissible under 42 CFR 422.310, including
but not limited to ensuring that the purpose of the disclosure is
compatible with the purpose for which the information was collected. We
propose to establish the following routine use disclosures of
information maintained in the system:
1. To Agency contractors, consultants, or CMS grantees who have
been engaged by the Agency in order to support them in accomplishment
of a CMS function relating to the purposes for this collection and who
need to have access to the records in order to assist CMS.
2. To another Federal agency, agency of a state government, an
agency established by state law, or its fiscal agent in order to:
a. Contribute to the accuracy of CMS' proper payment of Medicare
benefits,
b. enable such agency to administer a Federal health benefits
program, or as necessary to enable such agency to fulfill a requirement
of a Federal statute or regulation that implements a health benefits
program funded in whole or in part with Federal funds, and/or
c. fulfill oversight, regulatory, or policy functions performed by
such agency.
3. To assist MA plans with the required collection of encounter
data, which is to be obtained from the provider, supplier, physician,
or other practitioner that furnished the item or service.
4. To an individual or organization to support or assist them with
(a) a research, evaluation or epidemiological project related to the
prevention of disease or disability, the restoration or maintenance of
health, (b) payment related projects, and (c) analysis of the provision
of health services.
5. To provide information to the U.S. Department of Justice (DOJ),
a court, or an adjudicatory body when (a) CMS or any component thereof,
or (b) any employee of CMS in his or her official capacity, or (c) any
employee of CMS in his or her individual capacity where the DOJ has
agreed to represent the employee, or (d) the United States Government,
is a party to litigation or has an interest in such litigation, and by
careful review, CMS determines that the records are both relevant and
necessary to the litigation and that the use of such records by the
DOJ, court, or adjudicatory body is compatible with the purpose for
which the agency collected the records.
6. To a CMS contractor (including but not limited to Medicare
Administrative Contractors) that assists in the administration of a
CMS-administered health benefits program, or to a grantee of a CMS-
administered grant program, when disclosure is deemed reasonably
necessary by CMS to prevent, deter, discover, detect, investigate,
examine, prosecute, sue with respect to, defend against, correct,
remedy, or otherwise combat fraud, waste or abuse in such program.
7. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers or that has the authority to investigate potential fraud,
waste or abuse in a health benefits program funded in whole or in part
by Federal funds, when disclosure is deemed reasonably necessary by CMS
to prevent, deter, discover, detect,
[[Page 34542]]
investigate, examine, prosecute, sue with respect to, defend against,
correct, remedy, or otherwise combat fraud, waste or abuse in such
programs.
8. To appropriate Federal agencies and CMS contractors and
consultants that have a need to know the information for the purpose of
assisting CMS' efforts to respond to a suspected or confirmed breach of
the security or confidentiality of information maintained in this SOR,
provided that the information disclosed is relevant and necessary for
that assistance.
9. To the U.S. Department of Homeland Security (DHS) cyber security
personnel, if captured in an intrusion detection system used by HHS and
DHS pursuant to the Einstein 2 programs.
10. To disclose the personally identifiable information of MA plan
enrollees to public health authorities, and those entities acting under
a delegation of authority from a public health authority, when
requesting such information to carry out statutorily-authorized public
health activities pertaining to emergency preparedness and response.
Disclosures under this routine use will be limited to ``public health
authorities'', ``public health activities'', and ``minimum necessary
data'', as defined in the HIPAA Privacy Rule (45 CFR 154.502,
164.512(b), 164.502(b) and 164.514(d)(3)(iii)(A)).
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM
STORAGE:
All records are stored on magnetic media.
RETRIEVABILITY:
All records are accessible by NPI/NPPES or by beneficiary HICN.
This system supports both on-line and batch access. The EDS system
itself does not provide reporting capabilities. All reporting
functionality can be found in the IDR.
SAFEGUARDS:
Personnel having access to the system have been trained in the
Privacy Act and information security requirements. Employees who
maintain records in this system are instructed not to release data
until the intended recipient agrees to implement appropriate
management, operational, and technical safeguards sufficient to protect
the confidentiality, integrity and availability of the information and
information systems, and to prevent unauthorized access. Access to
records in the EDS will be limited to CMS personnel and approved
contractors.
RETENTION AND DISPOSAL:
Records containing PII will be maintained for a period of up to 10
years after entry in the database. Any such records that are needed
longer, such as to resolve claims and audit exceptions or to prosecute
fraud, will be retained until such matters are resolved. Enrollee
claims records are currently subject to a document preservation order
and will be preserved indefinitely pending further notice from the DOJ.
SYSTEM MANAGER AND ADDRESS:
Director, Division of Risk Adjustment Payment and Policy, Medicare
Plan Payment Group, Center for Medicare, Centers for Medicare &
Medicaid Services.
NOTIFICATION PROCEDURE:
Individuals wishing to know if this system contains records about
them should write to the system managers and include the pertinent
personal identifier used for retrieval of their records (i.e., TIN, NPI
or HICN).
RECORD ACCESS PROCEDURE:
Individuals seeking access to records about them in this system
should follow the same instructions indicated under ``Notification
Procedure'' and reasonably specify the record contents being sought.
(These procedures are in accordance with HHS Privacy Act regulations at
45 CFR 5b.5 (a)(2)).
CONTESTING RECORD PROCEDURES:
Individuals seeking to contest the content of information about
them in this system should follow the same instructions indicated under
``Notification Procedure.'' The request should reasonably identify the
record and specify the information being contested; state the
corrective actions sought, and provide the reasons for the correction,
with supporting justification. (These procedures are in accordance with
HHS Privacy Act regulations at 45 CFR 5b.7).
RECORD SOURCE CATEGORIES:
Sources of information contained in this records system include
data collected from MA organizations and encounter data obtained from
the provider, supplier, physician, or other practitioner that furnished
the item or service.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
None.
Celeste Dade-Vinson,
Health Insurance Specialist, Centers for Medicare & Medicaid Services.
[FR Doc. 2014-14038 Filed 6-16-14; 8:45 am]
BILLING CODE 4120-03-P
