Privacy Act of 1974; Report of Modified System of Records, 64802-64805 [2014-25937]
Download as PDF
64802
Federal Register / Vol. 79, No. 211 / Friday, October 31, 2014 / Notices
asabaliauskas on DSK5VPTVN1PROD with NOTICES
capacity, the expansion may occur only
in facilities on the hospital’s main
campus and may not result in the
number of operating rooms, procedure
rooms, and beds for which the hospital
is licensed exceeding 200 percent of the
hospital’s baseline number of operating
rooms, procedure rooms, and beds
(§ 411.362(c)(6)). Our decision to grant
or deny a hospital’s request for an
exception to the prohibition on
expansion of facility capacity will be
published in the Federal Register in
accordance with our regulations at
§ 411.362(c)(7).
III. Public Response to Notice With
Comment Period
On May 12, 2014, we published a
notice in the Federal Register (79 FR
26969) entitled, Request for an
Exception to the Prohibition on
Expansion of Facility Capacity under
the Hospital Ownership and Rural
Provider Exceptions to the Physician
Self-Referral Prohibition. In the May 12,
2014 notice we stated that as permitted
by section 1877(i)(3) of the Act and our
regulations at § 411.362(c), the following
physician-owned hospital requested an
exception to the prohibition on
expansion of facility capacity:
Name of Facility: Lake Pointe Medical
Center.
Location: 6800 Scenic Drive, Rowlett,
Texas 75088–4552 (Rockwall County).
Basis for Exception Request: High
Medicaid Facility.
In the May 12, 2014 notice we also
solicited comments from individuals
and entities in the community in which
Lake Pointe Medical Center is located.
Eighty-four comments were submitted
under docket number for the notice
(CMS–2014–0061). Eighty-three of those
comments advocated that a different
physician-owned hospital in another
county be allowed to expand under the
expansion exception process. Those
comments were not relevant to the Lake
Pointe Medical Center request, and we
have not considered them in deciding
the request. The only remaining
comment urged CMS to evaluate
whether Lake Pointe Medical Center is
a ‘‘high Medicaid facility’’ using data
that our regulations do not permit us to
consider.
On August 4, 2014, as required by
§ 411.362(c)(5)(ii), we notified Lake
Pointe Medical Center that we received
comments in response to the May 12,
2014 notice and that these comments
were available for public viewing at
https://www.regulations.gov. Lake Pointe
Medical Center submitted a rebuttal
statement on August 13, 2014. The
statement indicated that the comments
raised no issues of law or fact that in
VerDate Sep<11>2014
18:51 Oct 30, 2014
Jkt 235001
any way contradict Lake Pointe Medical
Center’s assertion that it meets all of the
statutory and regulatory requirements to
qualify as a high Medicaid facility. On
September 3, 2014, at the close of the
30-day rebuttal period, CMS deemed the
request complete pursuant to
§ 411.362(c)(5)(ii).
IV. Decision
This final notice announces our
decision to approve the request from
Lake Pointe Medical Center for an
exception to the prohibition against
expansion of facility capacity. As set
forth in our current regulations and
public guidance documents, Lake Pointe
Medical Center submitted the data and
certifications necessary to demonstrate
that it satisfies the criteria to qualify as
a high Medicaid facility. Further, our
regulations do not permit us to consider
the data recommended by the one
relevant comment. Therefore, in
accordance with section 1877(i)(3) of
the Act, we have granted the request
from Lake Pointe Medical Center for an
exception to the expansion of facility
capacity prohibition based on the
following criteria:
• The hospital is not the sole hospital
in Rockwall, Texas, the county in which
it is located;
• The hospital certified that it does
not discriminate against beneficiaries of
Federal health care programs and does
not permit physicians practicing at the
hospital to discriminate against such
beneficiaries; and
• With respect to each of the 3 most
recent fiscal years for which data were
available as of the date the hospital
submitted its request, the hospital has
an annual percent of total inpatient
admissions under Medicaid that is
estimated to be greater than such
percent with respect to such admissions
for any other hospital located in
Rockwall County, Texas, the county in
which the hospital is located.
Our approval grants the request of
Lake Pointe Medical Center to add a
total of 36 beds. Pursuant to
§ 411.362(c)(6), the expansion may
occur only in facilities on the hospital’s
main campus and may not result in the
number of operating rooms, procedure
rooms, and beds for which the hospital
is licensed exceeding 200 percent of the
hospital’s baseline number of operating
rooms, procedure rooms, and beds. Lake
Pointe Medical Center certified that its
baseline number of operating rooms,
procedure rooms, and beds for which it
was licensed as of March 23, 2010, was
129. Accordingly, we find that granting
the additional 36 beds will not result in
an aggregate number of operating rooms,
procedure rooms, and beds for which
PO 00000
Frm 00062
Fmt 4703
Sfmt 4703
the hospital is licensed that exceeds 200
percent of the hospital’s baseline.
IV. Collection of Information
Requirements
This document does not impose
information collection and
recordkeeping requirements.
Consequently, it need not be reviewed
by the Office of Management and
Budget under the authority of the
Paperwork Reduction Act of 1995 (44
U.S.C. 35).
Dated: October 22, 2014.
Marilyn Tavenner,
Administrator, Centers for Medicare &
Medicaid Services.
[FR Doc. 2014–25940 Filed 10–30–14; 8:45 am]
BILLING CODE P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Medicare & Medicaid
Services
Privacy Act of 1974; Report of Modified
System of Records
Centers for Medicare &
Medicaid Services (CMS), Department
of Health and Human Services (HHS).
ACTION: Notice of a Modified System of
Records (SOR).
AGENCY:
In accordance with the
requirements of the Privacy Act of 1974,
we are proposing to modify an existing
SOR titled, ‘‘Chronic Condition Data
Repository (CCDR), System No. 09–70–
0573’’ last published at 71 FR 54495,
September 15, 2006. The current name
of the SOR, Chronic Condition Data
Repository, was developed during the
planning and development stages of the
system. Upon the implementation and
throughout the operations and
maintenance stages of the system, the
system has been referred to as the
Chronic Condition Warehouse (CCW) in
common usage and written references.
In keeping with this current usage, we
will modify the name of this SOR to
read, and from this point forward will
refer to the system as: ‘‘Chronic
Condition Warehouse (CCW).’’
We propose to broaden the scope of
the system to include data that can be
easily linked, at the individual patient
level, to all Medicare and Medicaid
claims, enrollment and/or eligibility
data, nursing home and home health
assessments, and CMS beneficiary
survey data. Accordingly, we are
updating the Authority Section to
include Title XVIII of the Social
Security Act as amended (the Act);
Section 1902(a)(6) of the Act; Section
SUMMARY:
E:\FR\FM\31OCN1.SGM
31OCN1
asabaliauskas on DSK5VPTVN1PROD with NOTICES
Federal Register / Vol. 79, No. 211 / Friday, October 31, 2014 / Notices
1142(c)(6) of the Act; and Title IV of the
Balanced Budget Act (Pub. L. 105–33).
The Record Source Categories section
will be modified to include data from
two new systems of records: the CMS
Encounter Data System, System No. 09–
70–0506, and the National Death Index,
System No. 09–20–0166. These
modifications will make the CCW a
more useful tool by which to support
research, policy analysis, quality
improvement activities, and
demonstrations that attempt to foster a
better understanding of how to improve
the quality of life and contain the health
care costs of the chronically ill.
We propose to modify existing
Routine Use Number 1, to limit
disclosures only to contractors of CMS.
We also propose to add two new routine
uses. Specifically, we propose adding a
routine use to permit disclosures to
healthcare providers who seek patient
information for use in care coordination
and quality improvement activities as
described at 45 CFR 164.506(c)(4). This
routine use will be added as Routine
Use Number 4. We also propose adding
a routine use to support public or
private Qualified Entities (QEs) that use
Medicare claims data to evaluate the
performance of providers of services
and suppliers on measures of quality,
efficiency, effectiveness, and resource
use. This routine use will be added as
routine use number 6.
Finally, we are modifying the
language in Routine Use Number 3 to
include grantees of CMS administered
grant programs and have made minor
grammatical changes to Routine Use
Number 10. These modifications will
provide a better explanation as to the
need for the routine use, and to clearly
state CMS’s intention when making
disclosures of individually identifiable
information contained in this system.
We have provided background
information about the modified system
in the SUPPLEMENTARY INFORMATION
section below. Although the Privacy Act
requires only that the ‘‘Routine Use’’
section of the system of records notice
be published for comment, CMS invites
comments on all portions of this notice.
See the Effective Dates section for
information on the comment period.
DATES: Effective Dates: CMS filed a
modified SOR report with the Chair of
the House Committee on Government
Reform and Oversight, the Chair of the
Senate Committee on Homeland
Security and Government Affairs, and
the Administrator, Office of Information
and Regulatory Affairs, Office of
Management and Budget (OMB) on
September 16, 2014. To ensure that all
parties have adequate time in which to
VerDate Sep<11>2014
18:51 Oct 30, 2014
Jkt 235001
comment, the modified notice will
become effective 30 days from the
publication of the notice, or 40 days
from the date it was submitted to OMB
and the Congress, whichever is later. We
may defer implementation of this
modified system or one or more of the
new routine uses listed below if we
receive comments that persuade us to
defer implementation.
ADDRESSES: The public should address
comments to: CMS Privacy Officer,
Privacy Policy Compliance Group,
Office of E-Health Standards & Services,
Office of Enterprise Management, CMS,
7500 Security Boulevard, Baltimore, MD
21244–1870, Mailstop: S2–24–25,
Office: (410) 786–5357, E-Mail:
walter.stone@cms.hhs.gov. Comments
received will be available for review at
this location, by appointment, during
regular business hours, Monday through
Friday from 9:00 a.m.–3:00 p.m., Eastern
Time zone.
FOR FURTHER INFORMATION CONTACT:
Michelle Seal, Health Insurance
Specialist, Division of Research Data
Development (DRDD), Data
Development and Services Group,
Office of Information Products and Data
Analytics (OIPDA), OEM, CMS, Mail
Stop B2–29–04, 7500 Security
Boulevard, Baltimore, MD 21244–1850.
Office Phone: 410–786–3679, Email
address: michelle.seal@cms.hhs.gov.
SUPPLEMENTARY INFORMATION: The CCW
will house data that will be easily
linked, at the individual patient level,
for all Medicare and Medicaid claims,
enrollment and/or eligibility data,
nursing home and home health
assessments, and CMS beneficiary
survey data. This data repository will
transform and summarize this
administrative health and health
insurance information into data which
will support research, policy analysis,
quality improvement activities,
demonstrations, and studies. These are
aimed at improving the quality of care
and reducing the cost of care for
chronically ill Medicare beneficiaries
and Medicaid recipients.
The repository is designed to
encourage research and innovation that
will reduce program spending, inform
policy analyses, make current Medicare
and Medicaid program data more
readily available to researchers to study
chronic illness in the Medicare and
Medicaid populations, and improve
process time for research data requests
by refocusing on analytic, as opposed to
operational considerations. The
repository will also use utilize data
analytic tools to organize and transform
diagnostic information on a
beneficiary’s Medicare or Medicaid
PO 00000
Frm 00063
Fmt 4703
Sfmt 4703
64803
claims into information about their
chronic medical conditions.
The Virtual Research Data Center
(VRDC), an analytic tool, provides a
secure mechanism for accessing and
analyzing data within the environment
instead of sending physical data files to
researchers for analysis at their site. The
workbench analytic tool provides users
with the ability to create a custom
sample of individuals and view
associated claims within the VRDC
environment. Analysis of data using
these tools increases the privacy and
security of the data.
The Privacy Act
The Privacy Act governs the
collection, maintenance, use, and
dissemination of certain information
about individuals by agencies of the
Federal Government.
A ‘‘SOR’’ is a group of any records
under the control of a Federal agency
from which information about
individuals is retrieved by name or
other personal identifier. The Privacy
Act requires each agency to publish in
the Federal Register a description of the
type and character of each system of
records that the agency maintains, and
the routine uses that are contained in
each system to make agency
recordkeeping practices transparent, to
notify individuals regarding the uses to
which their records are put, and to
assist individuals to more easily find
such files within the agency.
SYSTEM NUMBER: 09–70–0573
SYSTEM NAME:
‘‘Chronic Condition Warehouse’’
(CCW) HHS/CMS/OEM.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
CMS Data Center, 7500 Security
Boulevard, North Building, First Floor,
Baltimore, Maryland 21244–1850, and
at various contractor sites.
CATEGORIES OF INDIVIDUALS IN THE SYSTEM:
CCW will collect and maintain
individually identifiable and other data
collected on Medicare beneficiaries,
Medicaid recipients, and individually
identifiable data on certain health care
professionals.
CATEGORIES OF RECORDS IN THE SYSTEM:
The collected information will
include, but is not limited to,
individually identifiable Medicare and
Medicaid claims, enrollment, and
eligibility data, including names,
addresses, health insurance claims
numbers, social security numbers, race/
E:\FR\FM\31OCN1.SGM
31OCN1
64804
Federal Register / Vol. 79, No. 211 / Friday, October 31, 2014 / Notices
ethnicity data, gender, date of birth,
Medicare Part A, B and C enrollment
information, prescription drug coverage
information, surgical procedures,
diagnoses, provider name(s), unique
provider identification numbers,
National Provider Identification
Numbers (NPI) as well as clinical
assessment and outcome measures, and
demographic, health/well-being, and
background information relating to
Medicare and Medicaid issues.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The CCW is authorized by Sections
723 of the Medicare Prescription Drug
Improvement and Modernization Act of
2003 (MMA) (Pub. L. 108–173), which
was enacted into law on December 8,
2003, and amended Title XVIII of the
Social Security Act (the Act); Section
1902(a)(6) of the Act; Section 1142(c)(6)
of the Act; and Title IV of the Balanced
Budget Act (Pub. L. 105–33).
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to
support research, policy analysis,
quality improvement activities, and
demonstrations that attempt to foster a
better understanding of how to improve
the quality of life and contain the health
care costs of the chronically ill. This
system will utilize data analytic tools to
support accessing data by chronic
conditions and process complex
customized data requests related to
chronic illnesses.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OR USERS AND
THE PURPOSES OF SUCH USES:
asabaliauskas on DSK5VPTVN1PROD with NOTICES
A. ENTITIES WHO MAY RECEIVE DISCLOSURES
UNDER ROUTINE USE
The Privacy Act allows CMS to
disclose information without an
individual’s consent if the information
is to be used for a purpose that is
compatible with the purpose(s) for
which the information was collected.
Any such compatible use of data is
known as a ‘‘routine use’’. The proposed
routine uses in this system meet the
compatibility requirement of the Privacy
Act. We are proposing to establish the
following routine use disclosures of
information maintained in the system:
1. To CMS contractors who have been
engaged by the agency to assist in the
performance of a service related to this
collection and who need to have access
to the records in order to perform the
activity.
2. To another Federal or state agency
to:
a. Contribute to the accuracy of CMS’s
proper payment of Medicare benefits;
b. Enable such agency to administer a
Federal health benefits program, or, as
VerDate Sep<11>2014
18:51 Oct 30, 2014
Jkt 235001
necessary, to enable such agency to
fulfill a requirement of a Federal statute
or regulation that implements a health
benefits program funded in whole or in
part with Federal funds; and/or
c. Assist Federal and/or state officials
carrying out the Medicaid program.
3. To an individual or organization
including grantees of a CMS
administered grant program that require
individually identifiable health
information for use in research projects
including any evaluation project related
to the prevention of disease or
disability, the restoration or
maintenance of health, or payment
reform related projects that produces
generalizable knowledge.
4. To a healthcare provider who seeks
patient information for use in care
coordination and quality improvement
activities as described at 45 CFR
164.506(c)(4);
5. To Quality Improvement
Organizations (QIO) in connection with
review of claims, or in connection with
studies or other review activities
conducted pursuant to Part B of Title XI
of the Act, and in performing affirmative
outreach activities to individuals for the
purpose of establishing and maintaining
their entitlement to Medicare benefits or
health insurance plans.
6. To a public or private Qualified
Entity (QE) that uses Medicare claims
data to evaluate the performance of
providers of services and suppliers on
measures of quality, efficiency,
effectiveness, and resource use; and
who agrees to meet the requirements
regarding the transparency of their
methods and their use and protection of
Medicare data.
7. To the Department of Justice (DOJ),
court or adjudicatory body when: a. The
agency or any component thereof, or b.
Any employee of the agency in his or
her official capacity, or c. Any employee
of the agency in his or her individual
capacity where the DOJ has agreed to
represent the employee, or d. The
United States Government, is a party to
litigation or has an interest in such
litigation, and, by careful review, CMS
determines that the records are both
relevant and necessary to the litigation
and that the use of such records by the
DOJ, court or adjudicatory body is
compatible with the purpose for which
the agency collected the records.
8. To a CMS contractor (including, but
not necessarily limited to, Medicare
Administrative Contractors (MACs)) that
assists in the administration of a CMSadministered health benefits program,
when disclosure is deemed reasonably
necessary by CMS to prevent, deter,
discover, detect, investigate, examine,
prosecute, sue with respect to, defend
PO 00000
Frm 00064
Fmt 4703
Sfmt 4703
against, correct, remedy, or otherwise
combat fraud or abuse in such program.
9. To another Federal agency or to an
instrumentality of any governmental
jurisdiction within or under the control
of the United States (including any State
or local governmental agency), that
administers, or that has the authority to
investigate potential fraud or abuse in,
a health benefits program funded in
whole or in part by Federal funds, when
disclosure is deemed reasonably
necessary by CMS to prevent, deter,
discover, detect, investigate, examine,
prosecute, sue with respect to, defend
against, correct, remedy, or otherwise
combat fraud or abuse in such programs.
10. To Federal Departments, agencies
and their contractors that have a need to
know the information for the purpose of
assisting the Department’s efforts to
respond to a suspected or confirmed
breach of the security or confidentiality
of information maintained in this
system of records, where the
information disclosed is relevant to and
necessary for that assistance.
11. To the U.S. Department of
Homeland Security (DHS) cyber security
personnel, if captured in an intrusion
detection system used by HHS and DHS
pursuant to the Einstein 2 program.
12. To public health authorities, and
those entities acting under a delegation
of authority from a public health
authority, when requesting beneficiaryidentifiable information to carry out
statutorily-authorized public health
activities pertaining to emergency
preparedness and response.
B. ADDITIONAL CIRCUMSTANCES AFFECTING
DISCLOSURE OF PII DATA:
To the extent that the individual
claims records in this system contain
Protected Health Information (PHI) as
defined by HHS regulation ‘‘Standards
for Privacy of Individually Identifiable
Health Information’’ (45 CFR parts 160
and 164, Subparts A and E), disclosures
of such PHI that are otherwise
authorized by these routine uses may
only be made if, and as, permitted or
required by the ‘‘Standards for Privacy
of Individually Identifiable Health
Information’’ (see 45 CFR 164–512 (a)
(1)).
In addition, HHS policy will be to
prohibit release even of data not directly
identifiable with a particular individual,
except pursuant to one of the routine
uses or if required by law, if CMS
determines there is a possibility that a
particular individual can be identified
through implicit deduction based on
small cell sizes (instances where the
patient population is so small that
individuals could, because of the small
E:\FR\FM\31OCN1.SGM
31OCN1
Federal Register / Vol. 79, No. 211 / Friday, October 31, 2014 / Notices
size, use this information to deduce the
identity of a particular individual).
may make searching for a record easier
and prevent delay).
RETENTION AND DISPOSAL:
RECORD ACCESS PROCEDURE:
CMS will retain information for a total
period not to exceed 30 years. All
claims-related records are encompassed
by the document preservation order and
will be retained until notification is
received from DOJ.
An individual seeking access to
records about him or her in this system
should use the same procedures
outlined in Notification Procedures
above. The requestor should also
reasonably specify the record contents
being sought. (These procedures are in
accordance with Department regulation
45 CFR 5b.5(a)(2).)
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
CONTESTING RECORD PROCEDURES:
All records are stored on electronic
media.
RETRIEVABILITY:
The collected data are retrieved by an
individual identifier; e.g., beneficiary,
recipient or provider name, HICN, or
unique provider identification number
(NPI).
SAFEGUARDS:
CMS has safeguards in place for
authorized users and monitors such
users to ensure against excessive or
unauthorized use. Personnel having
access to the system have been trained
in the Privacy Act and information
security requirements. Employees who
maintain records in this system are
instructed not to release data until the
intended recipient agrees to implement
appropriate management, operational
and technical safeguards sufficient to
protect the confidentiality, integrity and
availability of the information and
information systems and to prevent
unauthorized access.
This system will conform to all
applicable Federal laws and regulations
and Federal, HHS, and CMS policies
and standards as they relate to
information security and data privacy.
These laws and regulations may apply
but are not limited to: The Privacy Act
of 1974; and the Federal Information
Department regulation 45 CFR 5b.7.
SYSTEM MANAGER AND ADDRESS:
Director, Data Development and
Services Group, Office of Information
Products and Data Analytics (OIPDA),
OEM, Mail Stop B2–29–04, CMS, 7500
Security Boulevard, Baltimore, MD
21244–1849.
asabaliauskas on DSK5VPTVN1PROD with NOTICES
NOTIFICATION PROCEDURE:
An individual record subject who
wishes to know if this system contains
records about him or her should write
to the system manager who will require
the system name, HICN, and for
verification purposes, the subject
individual’s name (woman’s maiden
name, if applicable), and SSN
(furnishing the SSN is voluntary, but it
VerDate Sep<11>2014
18:51 Oct 30, 2014
Jkt 235001
To contest a record, the subject
individual should contact the system
manager named above, and reasonably
identify the record and specify the
information to be contested. The
individual should state the corrective
action sought and the reasons for the
correction with supporting justification.
(These procedures are in accordance
with Department regulation 45 CFR
5b.7.)
RECORDS SOURCE CATEGORIES:
Frm 00065
Fmt 4703
Sfmt 4703
and Assessment Information Set,
System No. 09–70–0522 (72 FR 63906
(November 13, 2007)); and Integrated
Data Repository, System No. 09–70–
0571 (71 FR 74915 (December 13,
2006)); Provider Enrollment Chain and
Ownership System, System No. 09–70–
0532 (71 FR 60536 (October 13, 2006);
Medicare and Medicaid Electronic
Health Record (EHR) Incentive Program
National Level Repository, System No.
09–70–0587 (75 FR 73095 (November
29, 2010)); Performance Measurement
and Reporting System, System No. 09–
70–0584 (74 FR 17672 (April 16, 2009));
Encounter Data System, 09–70–0506 (79
FR 34539 (June 17, 2014)); and National
Death Index, 09–20–0166 (49 FR 37692
(September 25, 1984)).
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS
OF THE ACT:
None.
Celeste Dade-Vinson,
Health Insurance Specialist, Centers for
Medicare & Medicaid Services.
[FR Doc. 2014–25937 Filed 10–30–14; 8:45 am]
The data collected and maintained in
this system are retrieved from the
following databases: Medicare Drug
Data Processing System, System No. 09–
70–0553 (73 FR 30943 (May 29, 2008));
Medicare Beneficiary Database, System
No. 09–70–0536 (71 FR 70396
(December 4, 2006)); Medicare
Advantage Prescription Drug System,
System No. 09–70–0588 (76 FR 47190
(August 4, 2011)); Medicaid Statistical
Information System, System No. 09–70–
0541 (71 FR 65527 (November 8, 2006));
Retiree Drug Subsidy Program, System
No. 09–70–0550 (70 FR 41035 (July 15,
2005)); Common Working File, System
No. 09–70–0526 (71 FR 64955
(November 6, 2006)); National Claims
History, System No. 09–70–0558 (71 FR
67137 11/20/2006 (November 20,
2006)); Enrollment Database, System
No. 09–70–0502 (73 FR 10249 2/26/
2008 (February 26, 2008)); Carrier
Medicare Claims Record, System No.
09–70–0501 (71 FR 64968 11/6/2006
(November 6, 2006)); Intermediary
Medicare Claims Record, System No.
09–70–0503 (71 FR 648961 (November
6, 2006)); Unique Physician/Provider
Identification Number, System No. 09–
70–0525 (71 FR 66535 (November 15,
2006)); Medicare Supplier Identification
File, System No. 09–70–0530 (71 FR
70404 (December 4, 2006)), A Current
Beneficiary Survey, System No. 09–70–
0519 (71 FR 60722 (October 16, 2006));
National Plan & Provider Enumerator
System, System No. 09–70–0555, (75 FR
30411 (June 1, 2010)); Long Term Care
MDS, System No. 09–70–0528 (72 FR
12801 (March 19, 2007)); HHA Outcome
PO 00000
64805
BILLING CODE 4120–03–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Food and Drug Administration
[Docket No. FDA–2014–N–1072]
Agency Information Collection
Activities; Submission for Office of
Management and Budget Review;
Comment Request; Application for
Participation in the Food and Drug
Administration Commissioner’s
Fellowship Program
AGENCY:
Food and Drug Administration,
HHS.
ACTION:
Notice.
The Food and Drug
Administration (FDA) is announcing
that a proposed collection of
information has been submitted to the
Office of Management and Budget
(OMB) for review and clearance under
the Paperwork Reduction Act of 1995.
DATES: Fax written comments on the
collection of information by December
1, 2014.
ADDRESSES: To ensure that comments on
the information collection are received,
OMB recommends that written
comments be faxed to the Office of
Information and Regulatory Affairs,
OMB, Attn: FDA Desk Officer, FAX:
202–395–7285, or emailed to oira_
submission@omb.eop.gov. All
comments should be identified with the
OMB control number 0910—New and
SUMMARY:
E:\FR\FM\31OCN1.SGM
31OCN1
Agencies
[Federal Register Volume 79, Number 211 (Friday, October 31, 2014)]
[Notices]
[Pages 64802-64805]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-25937]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Medicare & Medicaid Services
Privacy Act of 1974; Report of Modified System of Records
AGENCY: Centers for Medicare & Medicaid Services (CMS), Department of
Health and Human Services (HHS).
ACTION: Notice of a Modified System of Records (SOR).
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, we are proposing to modify an existing SOR titled, ``Chronic
Condition Data Repository (CCDR), System No. 09-70-0573'' last
published at 71 FR 54495, September 15, 2006. The current name of the
SOR, Chronic Condition Data Repository, was developed during the
planning and development stages of the system. Upon the implementation
and throughout the operations and maintenance stages of the system, the
system has been referred to as the Chronic Condition Warehouse (CCW) in
common usage and written references. In keeping with this current
usage, we will modify the name of this SOR to read, and from this point
forward will refer to the system as: ``Chronic Condition Warehouse
(CCW).''
We propose to broaden the scope of the system to include data that
can be easily linked, at the individual patient level, to all Medicare
and Medicaid claims, enrollment and/or eligibility data, nursing home
and home health assessments, and CMS beneficiary survey data.
Accordingly, we are updating the Authority Section to include Title
XVIII of the Social Security Act as amended (the Act); Section
1902(a)(6) of the Act; Section
[[Page 64803]]
1142(c)(6) of the Act; and Title IV of the Balanced Budget Act (Pub. L.
105-33). The Record Source Categories section will be modified to
include data from two new systems of records: the CMS Encounter Data
System, System No. 09-70-0506, and the National Death Index, System No.
09-20-0166. These modifications will make the CCW a more useful tool by
which to support research, policy analysis, quality improvement
activities, and demonstrations that attempt to foster a better
understanding of how to improve the quality of life and contain the
health care costs of the chronically ill.
We propose to modify existing Routine Use Number 1, to limit
disclosures only to contractors of CMS. We also propose to add two new
routine uses. Specifically, we propose adding a routine use to permit
disclosures to healthcare providers who seek patient information for
use in care coordination and quality improvement activities as
described at 45 CFR 164.506(c)(4). This routine use will be added as
Routine Use Number 4. We also propose adding a routine use to support
public or private Qualified Entities (QEs) that use Medicare claims
data to evaluate the performance of providers of services and suppliers
on measures of quality, efficiency, effectiveness, and resource use.
This routine use will be added as routine use number 6.
Finally, we are modifying the language in Routine Use Number 3 to
include grantees of CMS administered grant programs and have made minor
grammatical changes to Routine Use Number 10. These modifications will
provide a better explanation as to the need for the routine use, and to
clearly state CMS's intention when making disclosures of individually
identifiable information contained in this system.
We have provided background information about the modified system
in the Supplementary Information section below. Although the Privacy
Act requires only that the ``Routine Use'' section of the system of
records notice be published for comment, CMS invites comments on all
portions of this notice. See the Effective Dates section for
information on the comment period.
DATES: Effective Dates: CMS filed a modified SOR report with the Chair
of the House Committee on Government Reform and Oversight, the Chair of
the Senate Committee on Homeland Security and Government Affairs, and
the Administrator, Office of Information and Regulatory Affairs, Office
of Management and Budget (OMB) on September 16, 2014. To ensure that
all parties have adequate time in which to comment, the modified notice
will become effective 30 days from the publication of the notice, or 40
days from the date it was submitted to OMB and the Congress, whichever
is later. We may defer implementation of this modified system or one or
more of the new routine uses listed below if we receive comments that
persuade us to defer implementation.
ADDRESSES: The public should address comments to: CMS Privacy Officer,
Privacy Policy Compliance Group, Office of E-Health Standards &
Services, Office of Enterprise Management, CMS, 7500 Security
Boulevard, Baltimore, MD 21244-1870, Mailstop: S2-24-25, Office: (410)
786-5357, E-Mail: walter.stone@cms.hhs.gov. Comments received will be
available for review at this location, by appointment, during regular
business hours, Monday through Friday from 9:00 a.m.-3:00 p.m., Eastern
Time zone.
FOR FURTHER INFORMATION CONTACT: Michelle Seal, Health Insurance
Specialist, Division of Research Data Development (DRDD), Data
Development and Services Group, Office of Information Products and Data
Analytics (OIPDA), OEM, CMS, Mail Stop B2-29-04, 7500 Security
Boulevard, Baltimore, MD 21244-1850. Office Phone: 410-786-3679, Email
address: michelle.seal@cms.hhs.gov.
SUPPLEMENTARY INFORMATION: The CCW will house data that will be easily
linked, at the individual patient level, for all Medicare and Medicaid
claims, enrollment and/or eligibility data, nursing home and home
health assessments, and CMS beneficiary survey data. This data
repository will transform and summarize this administrative health and
health insurance information into data which will support research,
policy analysis, quality improvement activities, demonstrations, and
studies. These are aimed at improving the quality of care and reducing
the cost of care for chronically ill Medicare beneficiaries and
Medicaid recipients.
The repository is designed to encourage research and innovation
that will reduce program spending, inform policy analyses, make current
Medicare and Medicaid program data more readily available to
researchers to study chronic illness in the Medicare and Medicaid
populations, and improve process time for research data requests by
refocusing on analytic, as opposed to operational considerations. The
repository will also use utilize data analytic tools to organize and
transform diagnostic information on a beneficiary's Medicare or
Medicaid claims into information about their chronic medical
conditions.
The Virtual Research Data Center (VRDC), an analytic tool, provides
a secure mechanism for accessing and analyzing data within the
environment instead of sending physical data files to researchers for
analysis at their site. The workbench analytic tool provides users with
the ability to create a custom sample of individuals and view
associated claims within the VRDC environment. Analysis of data using
these tools increases the privacy and security of the data.
The Privacy Act
The Privacy Act governs the collection, maintenance, use, and
dissemination of certain information about individuals by agencies of
the Federal Government.
A ``SOR'' is a group of any records under the control of a Federal
agency from which information about individuals is retrieved by name or
other personal identifier. The Privacy Act requires each agency to
publish in the Federal Register a description of the type and character
of each system of records that the agency maintains, and the routine
uses that are contained in each system to make agency recordkeeping
practices transparent, to notify individuals regarding the uses to
which their records are put, and to assist individuals to more easily
find such files within the agency.
SYSTEM NUMBER: 09-70-0573
SYSTEM NAME:
``Chronic Condition Warehouse'' (CCW) HHS/CMS/OEM.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
CMS Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850, and at various contractor sites.
CATEGORIES OF INDIVIDUALS IN THE SYSTEM:
CCW will collect and maintain individually identifiable and other
data collected on Medicare beneficiaries, Medicaid recipients, and
individually identifiable data on certain health care professionals.
CATEGORIES OF RECORDS IN THE SYSTEM:
The collected information will include, but is not limited to,
individually identifiable Medicare and Medicaid claims, enrollment, and
eligibility data, including names, addresses, health insurance claims
numbers, social security numbers, race/
[[Page 64804]]
ethnicity data, gender, date of birth, Medicare Part A, B and C
enrollment information, prescription drug coverage information,
surgical procedures, diagnoses, provider name(s), unique provider
identification numbers, National Provider Identification Numbers (NPI)
as well as clinical assessment and outcome measures, and demographic,
health/well-being, and background information relating to Medicare and
Medicaid issues.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The CCW is authorized by Sections 723 of the Medicare Prescription
Drug Improvement and Modernization Act of 2003 (MMA) (Pub. L. 108-173),
which was enacted into law on December 8, 2003, and amended Title XVIII
of the Social Security Act (the Act); Section 1902(a)(6) of the Act;
Section 1142(c)(6) of the Act; and Title IV of the Balanced Budget Act
(Pub. L. 105-33).
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to support research, policy analysis,
quality improvement activities, and demonstrations that attempt to
foster a better understanding of how to improve the quality of life and
contain the health care costs of the chronically ill. This system will
utilize data analytic tools to support accessing data by chronic
conditions and process complex customized data requests related to
chronic illnesses.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OR USERS AND THE PURPOSES OF SUCH USES:
A. Entities Who May Receive Disclosures under Routine Use
The Privacy Act allows CMS to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use''. The proposed routine uses in this system meet the compatibility
requirement of the Privacy Act. We are proposing to establish the
following routine use disclosures of information maintained in the
system:
1. To CMS contractors who have been engaged by the agency to assist
in the performance of a service related to this collection and who need
to have access to the records in order to perform the activity.
2. To another Federal or state agency to:
a. Contribute to the accuracy of CMS's proper payment of Medicare
benefits;
b. Enable such agency to administer a Federal health benefits
program, or, as necessary, to enable such agency to fulfill a
requirement of a Federal statute or regulation that implements a health
benefits program funded in whole or in part with Federal funds; and/or
c. Assist Federal and/or state officials carrying out the Medicaid
program.
3. To an individual or organization including grantees of a CMS
administered grant program that require individually identifiable
health information for use in research projects including any
evaluation project related to the prevention of disease or disability,
the restoration or maintenance of health, or payment reform related
projects that produces generalizable knowledge.
4. To a healthcare provider who seeks patient information for use
in care coordination and quality improvement activities as described at
45 CFR 164.506(c)(4);
5. To Quality Improvement Organizations (QIO) in connection with
review of claims, or in connection with studies or other review
activities conducted pursuant to Part B of Title XI of the Act, and in
performing affirmative outreach activities to individuals for the
purpose of establishing and maintaining their entitlement to Medicare
benefits or health insurance plans.
6. To a public or private Qualified Entity (QE) that uses Medicare
claims data to evaluate the performance of providers of services and
suppliers on measures of quality, efficiency, effectiveness, and
resource use; and who agrees to meet the requirements regarding the
transparency of their methods and their use and protection of Medicare
data.
7. To the Department of Justice (DOJ), court or adjudicatory body
when: a. The agency or any component thereof, or b. Any employee of the
agency in his or her official capacity, or c. Any employee of the
agency in his or her individual capacity where the DOJ has agreed to
represent the employee, or d. The United States Government, is a party
to litigation or has an interest in such litigation, and, by careful
review, CMS determines that the records are both relevant and necessary
to the litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
8. To a CMS contractor (including, but not necessarily limited to,
Medicare Administrative Contractors (MACs)) that assists in the
administration of a CMS- administered health benefits program, when
disclosure is deemed reasonably necessary by CMS to prevent, deter,
discover, detect, investigate, examine, prosecute, sue with respect to,
defend against, correct, remedy, or otherwise combat fraud or abuse in
such program.
9. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any State or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in, a health benefits program funded in whole or in part by
Federal funds, when disclosure is deemed reasonably necessary by CMS to
prevent, deter, discover, detect, investigate, examine, prosecute, sue
with respect to, defend against, correct, remedy, or otherwise combat
fraud or abuse in such programs.
10. To Federal Departments, agencies and their contractors that
have a need to know the information for the purpose of assisting the
Department's efforts to respond to a suspected or confirmed breach of
the security or confidentiality of information maintained in this
system of records, where the information disclosed is relevant to and
necessary for that assistance.
11. To the U.S. Department of Homeland Security (DHS) cyber
security personnel, if captured in an intrusion detection system used
by HHS and DHS pursuant to the Einstein 2 program.
12. To public health authorities, and those entities acting under a
delegation of authority from a public health authority, when requesting
beneficiary-identifiable information to carry out statutorily-
authorized public health activities pertaining to emergency
preparedness and response.
B. ADDITIONAL CIRCUMSTANCES AFFECTING DISCLOSURE OF PII DATA:
To the extent that the individual claims records in this system
contain Protected Health Information (PHI) as defined by HHS regulation
``Standards for Privacy of Individually Identifiable Health
Information'' (45 CFR parts 160 and 164, Subparts A and E), disclosures
of such PHI that are otherwise authorized by these routine uses may
only be made if, and as, permitted or required by the ``Standards for
Privacy of Individually Identifiable Health Information'' (see 45 CFR
164-512 (a) (1)).
In addition, HHS policy will be to prohibit release even of data
not directly identifiable with a particular individual, except pursuant
to one of the routine uses or if required by law, if CMS determines
there is a possibility that a particular individual can be identified
through implicit deduction based on small cell sizes (instances where
the patient population is so small that individuals could, because of
the small
[[Page 64805]]
size, use this information to deduce the identity of a particular
individual).
RETENTION AND DISPOSAL:
CMS will retain information for a total period not to exceed 30
years. All claims-related records are encompassed by the document
preservation order and will be retained until notification is received
from DOJ.
RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE
SYSTEM:
STORAGE:
All records are stored on electronic media.
RETRIEVABILITY:
The collected data are retrieved by an individual identifier; e.g.,
beneficiary, recipient or provider name, HICN, or unique provider
identification number (NPI).
SAFEGUARDS:
CMS has safeguards in place for authorized users and monitors such
users to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and
information security requirements. Employees who maintain records in
this system are instructed not to release data until the intended
recipient agrees to implement appropriate management, operational and
technical safeguards sufficient to protect the confidentiality,
integrity and availability of the information and information systems
and to prevent unauthorized access.
This system will conform to all applicable Federal laws and
regulations and Federal, HHS, and CMS policies and standards as they
relate to information security and data privacy. These laws and
regulations may apply but are not limited to: The Privacy Act of 1974;
and the Federal Information Department regulation 45 CFR 5b.7.
SYSTEM MANAGER AND ADDRESS:
Director, Data Development and Services Group, Office of
Information Products and Data Analytics (OIPDA), OEM, Mail Stop B2-29-
04, CMS, 7500 Security Boulevard, Baltimore, MD 21244-1849.
NOTIFICATION PROCEDURE:
An individual record subject who wishes to know if this system
contains records about him or her should write to the system manager
who will require the system name, HICN, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable), and
SSN (furnishing the SSN is voluntary, but it may make searching for a
record easier and prevent delay).
RECORD ACCESS PROCEDURE:
An individual seeking access to records about him or her in this
system should use the same procedures outlined in Notification
Procedures above. The requestor should also reasonably specify the
record contents being sought. (These procedures are in accordance with
Department regulation 45 CFR 5b.5(a)(2).)
CONTESTING RECORD PROCEDURES:
To contest a record, the subject individual should contact the
system manager named above, and reasonably identify the record and
specify the information to be contested. The individual should state
the corrective action sought and the reasons for the correction with
supporting justification. (These procedures are in accordance with
Department regulation 45 CFR 5b.7.)
RECORDS SOURCE CATEGORIES:
The data collected and maintained in this system are retrieved from
the following databases: Medicare Drug Data Processing System, System
No. 09-70-0553 (73 FR 30943 (May 29, 2008)); Medicare Beneficiary
Database, System No. 09-70-0536 (71 FR 70396 (December 4, 2006));
Medicare Advantage Prescription Drug System, System No. 09-70-0588 (76
FR 47190 (August 4, 2011)); Medicaid Statistical Information System,
System No. 09-70-0541 (71 FR 65527 (November 8, 2006)); Retiree Drug
Subsidy Program, System No. 09-70-0550 (70 FR 41035 (July 15, 2005));
Common Working File, System No. 09-70-0526 (71 FR 64955 (November 6,
2006)); National Claims History, System No. 09-70-0558 (71 FR 67137 11/
20/2006 (November 20, 2006)); Enrollment Database, System No. 09-70-
0502 (73 FR 10249 2/26/2008 (February 26, 2008)); Carrier Medicare
Claims Record, System No. 09-70-0501 (71 FR 64968 11/6/2006 (November
6, 2006)); Intermediary Medicare Claims Record, System No. 09-70-0503
(71 FR 648961 (November 6, 2006)); Unique Physician/Provider
Identification Number, System No. 09-70-0525 (71 FR 66535 (November 15,
2006)); Medicare Supplier Identification File, System No. 09-70-0530
(71 FR 70404 (December 4, 2006)), A Current Beneficiary Survey, System
No. 09-70-0519 (71 FR 60722 (October 16, 2006)); National Plan &
Provider Enumerator System, System No. 09-70-0555, (75 FR 30411 (June
1, 2010)); Long Term Care MDS, System No. 09-70-0528 (72 FR 12801
(March 19, 2007)); HHA Outcome and Assessment Information Set, System
No. 09-70-0522 (72 FR 63906 (November 13, 2007)); and Integrated Data
Repository, System No. 09-70-0571 (71 FR 74915 (December 13, 2006));
Provider Enrollment Chain and Ownership System, System No. 09-70-0532
(71 FR 60536 (October 13, 2006); Medicare and Medicaid Electronic
Health Record (EHR) Incentive Program National Level Repository, System
No. 09-70-0587 (75 FR 73095 (November 29, 2010)); Performance
Measurement and Reporting System, System No. 09-70-0584 (74 FR 17672
(April 16, 2009)); Encounter Data System, 09-70-0506 (79 FR 34539 (June
17, 2014)); and National Death Index, 09-20-0166 (49 FR 37692
(September 25, 1984)).
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
None.
Celeste Dade-Vinson,
Health Insurance Specialist, Centers for Medicare & Medicaid Services.
[FR Doc. 2014-25937 Filed 10-30-14; 8:45 am]
BILLING CODE 4120-03-P