Privacy Act of 1974; System of Records, 67475-67478 [2021-25760]
Download as PDF
<![CDATA[
jspears on DSK121TN23PROD with NOTICES1
Federal Register / Vol. 86, No. 225 / Friday, November 26, 2021 / Notices
Lifetime and Annual Limits,
Rescissions, Dependent Coverage,
Appeals, and Patient Protections’’ (80
FR 72192, November 18, 2015) and 2021
interim final regulations titled
‘‘Requirements Related to Surprise
Billing; Part I’’ (86 FR 36872, July 13,
2021). The 2015 final regulations also
require that, if State law prohibits
balance billing, or a plan or issuer is
contractually responsible for any
amounts balanced billed by an out-ofnetwork emergency services provider, a
plan or issuer must provide a
participant, beneficiary or enrollee
adequate and prominent notice of their
lack of financial responsibility with
respect to amounts balanced billed in
order to prevent inadvertent payment by
the individual. Plans and issuers will
not be required to provide this notice for
plan years beginning on or after January
1, 2022. Form Number: CMS–10330
(OMB control number: 0938–1094);
Frequency: On Occasion; Affected
Public: State, Local, or Tribal
Governments, Private Sector; Number of
Respondents: 2,277; Total Annual
Responses: 15,752; Total Annual Hours:
814. (For policy questions regarding this
collection, contact Usree
Bandyopadhyay at (410) 786–6650.)
4. Type of Information Collection
Request: Extension of a currently
approved collection; Title of
Information Collection: Requirements
Related to Surprise Billing: Qualifying
Payment Amount, Notice and Consent,
Disclosure on Patient Protections
Against Balance Billing, and State Law
Opt-in; Use: On December 27, 2020, the
Consolidated Appropriations Act, 2021
(Pub. L. 116–260), which included the
No Surprises Act, was signed into law.
The No Surprises Act provides federal
protections against surprise billing and
limits out-of-network cost sharing under
many of the circumstances in which
surprise medical bills arise most
frequently. The 2021 interim final
regulations ‘‘Requirements Related to
Surprise Billing; Part I’’ (86 FR 36872,
2021 interim final regulations) issued by
the Departments of Health and Human
Services, the Department of Labor, the
Department of Treasury, and the Office
of Personnel Management, implement
provisions of the No Surprises Act that
apply to group health plans, health
insurance issuers offering group or
individual health insurance coverage,
and carriers in the Federal Employees
Health Benefits (FEHB) Program that
provide protections against balance
billing and out-of-network cost sharing
with respect to emergency services, nonemergency services furnished by
nonparticipating providers at certain
VerDate Sep<11>2014
20:16 Nov 24, 2021
Jkt 256001
participating health care facilities, and
air ambulance services furnished by
nonparticipating providers of air
ambulance services. The 2021 interim
final regulations prohibit
nonparticipating providers, emergency
facilities, and providers of air
ambulance services from balance billing
participants, beneficiaries, and enrollees
in certain situations unless they satisfy
certain notice and consent
requirements. The No Surprises Act and
the 2021 interim final regulations
require group health plans and issuers
of health insurance coverage to provide
information about qualifying payment
amounts to nonparticipating providers
and facilities and to provide disclosures
on patient protections against balance
billing to participants, beneficiaries and
enrollees. Self-insured plans opting in
to a specified state law are required to
provide a disclosure to participants.
Certain nonparticipating providers and
nonparticipating emergency facilities
may provide participants, beneficiaries,
and enrollees with notice and obtain
their consent to waive balance billing
protections, provided certain
requirements are met. In addition,
certain providers and facilities are
required to provide disclosures on
patient protections against balance
billing to participants, beneficiaries and
enrollees. Form Number: CMS–10780
(OMB control number: 0938–1401);
Frequency: On Occasion; Affected
Public: Individuals, State, Local, or
Tribal Governments, Private Sector;
Number of Respondents: 2,494,683;
Total Annual Responses: 58,696,352;
Total Annual Hours: 4,933,110. (For
policy questions regarding this
collection, contact Usree
Bandyopadhyay at 410–786–6650.)
Dated: November 22, 2021.
William N. Parham, III,
Director, Paperwork Reduction Staff, Office
of Strategic Operations and Regulatory
Affairs.
[FR Doc. 2021–25816 Filed 11–24–21; 8:45 am]
BILLING CODE 4120–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Health Resources and Services
Administration
Privacy Act of 1974; System of
Records
Health Resources and Services
Administration (HRSA), Department of
Health and Human Services (HHS).
ACTION: Notice of a new system of
records.
AGENCY:
PO 00000
Frm 00046
Fmt 4703
Sfmt 4703
67475
In accordance with the
requirements of the Privacy Act of 1974,
as amended, the HHS is establishing a
new system of records to be maintained
by HHS’s HRSA, 09–15–0093, ‘‘Provider
Support Records.’’ The new system of
records will include payment-related
records containing information about
any sole proprietor health care
providers (including health carepractitioners and suppliers) who
applied for payments or
reimbursements, received a payment,
attested to a payment, reported on the
use of a payment, or otherwise
participated in one of HRSA’s provider
support programs, and about patients
identified in certain claims records
submitted to HRSA for payment by
entity providers and sole proprietor
providers. The records are used to
support the health care population and
administer the programs.
SUMMARY:
The new system of records is
applicable November 26, 2021, subject
to a 30-day period in which to comment
on the routine uses. Submit any
comments by December 27, 2021.
DATES:
The public should address
written comments by email to
OPSInformation.hrsa@hrsa.gov or by
mail to Executive Officer, Provider
Support, HRSA, 5600 Fishers Lane,
Room 9N21, Rockville, MD, 20857.
ADDRESSES:
FOR FURTHER INFORMATION CONTACT:
General questions about the new system
of records may be submitted to
Executive Officer, Provider Support,
HRSA, 5600 Fishers Lane, Room 9N21,
Rockville, MD, 20857, or to
OPSInformation.hrsa@hrsa.gov.
New
system of records 09–15–0093 will
cover records HRSA uses to reimburse
claims and make payments to healthcare
providers and to receive reports on the
use of funds for activities under the
following programs:
• COVID–19 Claims Reimbursement
to Health Care Providers and Facilities
for Testing, Treatment and Vaccine
Administration for the Uninsured
(Uninsured Program).
• COVID–19 Coverage Assistance
Fund (CAF).
• Provider Relief Fund (PRF),
including American Rescue Plan Act
(ARPA) Rural Payments.
The records used by HRSA in these
programs include patient and provider
information needed to administer the
programs. HHS provided advance notice
of the new system of records to the
Office of Management and Budget and
SUPPLEMENTARY INFORMATION:
E:\FR\FM\26NON1.SGM
26NON1
67476
Federal Register / Vol. 86, No. 225 / Friday, November 26, 2021 / Notices
Congress as required by 5 U.S.C. 552a(r)
and OMB Circular A–108.
Diana Espinosa,
Acting Administrator.
SYSTEM NAME AND NUMBER:
Provider Support Records, 09–15–
0093.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The address of the HHS component
responsible for this system of records
(i.e., HRSA) is shown in the System
Manager(s) section, below.
PURPOSE(S) OF THE SYSTEM:
SYSTEM MANAGER(S):
The System Manager is Executive
Officer, Provider Support, HRSA, 5600
Fishers Lane, Rockville, MD, 20857,
OPSInformation.hrsa@hrsa.gov.
jspears on DSK121TN23PROD with NOTICES1
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Authorities include the following
appropriations laws. Collection of
participating providers’ Taxpayer
Identification Numbers is required by 31
U.S.C. 7701(c).
• Uninsured Program: ‘‘The Families
First Coronavirus Response Act or
FFCRA (P.L. 116–127) and the Paycheck
Protection Program and Health Care
Enhancement Act or PPPHCEA (P.L.
116–139), which each appropriated $1
billion to reimburse providers for
conducting COVID–19 testing for
uninsured individuals’’
• Provider Relief Fund: ‘‘The
Coronavirus Aid, Relief, and Economic
Security (CARES) Act (P.L. 116–136),
which provided $100 billion in relief
funds, including to hospitals and other
health care providers on the front lines
of the COVID–19 response; the
Paycheck Protection Program and
Health Care Enhancement Act or
PPPHCEA (P.L. 116–139), which
appropriated an additional $75 billion
in relief funds; and the Coronavirus
Response and Relief Supplemental
Appropriations Act (CRRSA) (P.L. 116–
260), which appropriated an additional
$3 billion (collectively, the Provider
Relief Fund).
• Uninsured program, continued:
Within the Provider Relief Fund, a
portion of the funding supports health
care-related expenses attributable to
COVID–19 testing for the uninsured and
treatment of uninsured individuals with
COVID–19. A portion of the funding is
also used to reimburse providers for
administering Food and Drug
Administration (FDA)-authorized or
licensed COVID–19 vaccines to
uninsured individuals.
• Uninsured program, continued: The
American Rescue Plan Act of 2021
VerDate Sep<11>2014
20:16 Nov 24, 2021
Jkt 256001
(ARPA, P.L. 117–2), which allocated
funding to reimburse providers for
COVID–19 testing of the uninsured.
• ARPA Rural Payments: The
American Rescue Plan Act of 2021
(ARPA, P.L. 117–2). ARPA amends the
SSA. The citation to Section 1150C of
ARPA can be found at 42 U.S.C. 1320b26.
• Coverage Assistance Fund: The
HRSA COVID–19 CAF is a program
established by and administered by
HRSA, using funds appropriated by
Congress under the PRF.
Relevant agency personnel and
contractors use records about
individuals from this system of records
on a need to know basis to administer
the provider support programs, which
support the resilience of the healthcare
population. Such programs include:
• COVID–19 Claims Reimbursement
to Health Care Providers and Facilities
for Testing, Treatment and Vaccine
Administration for the Uninsured
(Uninsured Program).
• COVID–19 CAF Program.
• Provider Relief Fund, including the
ARPA Rural payments.
Specific purposes include:
1. To obtain marketing and
communication information for
providers who submitted applications to
make them aware of policy and funding
opportunities.
2. To make payments and reimburse
claims to eligible healthcare providers
under the above-identified programs.
3. To assist the HHS Program Support
Center (PSC), the Department of Justice
(DOJ), and other government entities in
the collection of program debts.
4. To respond to inquiries from
providers, their attorneys or other
authorized representatives, and
Congressional representatives.
5. To compile and generate
managerial and statistical reports.
6. To perform program administrative
activities, including, but not limited to,
payment tracking, monitoring a
provider’s compliance with the Terms
and Conditions of payment, receipt of
provider reports on the use of funds,
and other program requirements, and
recoupment determinations.
7. To transfer information to the HHS
central accounting system(s) covered by
system of records 09–90–0024, HHS
Financial Management System Records,
maintained by the Office of the
Assistant Secretary for Financial
Resources, for purposes of effecting
program payments and preparing and
maintaining financial management and
accounting documentation related to
obligations and disbursements of funds
PO 00000
Frm 00047
Fmt 4703
Sfmt 4703
(including providing required
notifications to the Department of the
Treasury) related to payments to, or on
behalf of, healthcare providers.
Information transferred to the Office of
the Assistant Secretary for Financial
Resources for these purposes is limited
to the individual’s name, address, SSN,
and other information necessary for
identification and processing of the
payment.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
The records are about these categories
of individuals:
• Sole proprietor providers who
submit claims under the programs
mentioned above.
• Patients identified in claims and
claims-related records submitted to
HRSA by entity providers and sole
proprietor providers.
• Sole proprietor providers who
applied for or who have received
payments under the programs
mentioned above.
CATEGORIES OF RECORDS IN THE SYSTEM:
The categories of records are provider
claims, claims-related records, payment
applications, reports on the use of
funds, and other records used by HRSA
to process the claims, applications, and
payments. Contents include the
provider’s name, address(es), telephone
number(s), and email address(es);
National Provider Identifier; Taxpayer
Identification Number (TIN) (which
could be a Social Security Number
(SSN)); CMS Credentialing Number; tax,
audit, and revenue data; banking
information; payment data and
supporting documentation; repayment/
recoupment information; claims forms
(including patient-related information,
such as principal diagnosis code,
admitting diagnosis code, procedure
codes, date(s) of service and charges);
and each applicable patient’s name,
control number, patient identification
number; health insurance policy
member identification number; gender,
date of birth, zip code, state, and
county.
RECORD SOURCE CATEGORIES:
The information in the system of
records is obtained from payment
applications, claims, reports on the use
of funds, and other information
submitted to HRSA by providers; from
other HHS components; from
commercial and other payers; and from
any relevant federal, state, territorial,
local, or tribal agencies. Other agencies
and HHS components may provide
information to HRSA needed to verify
provider eligibility; validate provider-
E:\FR\FM\26NON1.SGM
26NON1
Federal Register / Vol. 86, No. 225 / Friday, November 26, 2021 / Notices
submitted information; determine
payment distribution or claims
reimbursement amounts; and approve
payments and claims.
jspears on DSK121TN23PROD with NOTICES1
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to other disclosures
authorized directly in the Privacy Act at
5 U.S.C. 552a(b)(1) and (2) and (b)(4)
through (11), HHS may disclose records
about a subject individual (provider or
patient) from this system of records to
parties outside HHS as described in
these routine uses, without the
individual’s prior written consent:
1. To any agent or contractor
(including another federal agency)
engaged by HHS to assist in
accomplishment of an HHS function
relating to the purposes of this system
of records, if the agent or contractor
needs to have access to the records in
order to provide the assistance. For
example, HHS may disclose records
consisting of a provider’s or patient’s
name, SSN, TIN, mailing address, email
address, or telephone number, to
Department contractors and
subcontractors who assist with the
implementation of the above-identified
programs, for the purposes of
distributing funds; collecting,
compiling, aggregating, analyzing, or
refining records in the system of
records; or improving program
operations. Any agent or contractor will
be required to comply with the
requirements of the Privacy Act, as
amended, with respect to the records,
and to ensure that any subcontractors
also maintain Privacy Act safeguards
with respect to the records.
2. To another federal, state, or local
agency about a provider who fails to
return payments identified for
recoupment at the direction of HHS, to
ensure that the provider does not
receive federal funds for which the
provider is ineligible. Disclosure will be
limited to the provider’s name, address,
SSN, TIN, inclusion on the Do Not Pay
List, and any other information
necessary to identify them.
3. To another federal, state, local,
territorial, or Tribal agency to contribute
to the accuracy of HHS’ proper payment
of health care providers’ payment
requests and claims (such as to
determine a provider’s eligibility for a
distribution, validate a provider’s tax
identification number, or confirm a
patient’s uninsured status).
4. To another federal agency or an
instrumentality of any governmental
jurisdiction within or under the control
of the United States (including any
state, local, or Tribal governmental
VerDate Sep<11>2014
20:16 Nov 24, 2021
Jkt 256001
agency) that administers, or that has the
authority to investigate potential fraud
or abuse in, a health care payment
program funded in whole or in part by
federal funds, when the disclosure is
deemed reasonably necessary by HHS to
prevent, deter, discover, detect,
investigate, examine, prosecute, sue
with respect to, defend against, correct,
remedy, or otherwise combat fraud or
abuse in such programs.
5. To a congressional office from the
record of an individual in response to a
written inquiry from the congressional
office made at the written request of that
individual. If a congressional inquiry on
behalf of a patient seeks disclosure of
any information about the patient’s
provider which is or could be
proprietary information of that provider,
the congressional request must be
accompanied by an authorization form
signed by the provider.
6. To DOJ or to a court or other
adjudicative body in litigation or other
proceedings when HHS or any of its
components, or any employee of HHS
acting in the employee’s official
capacity, or any employee of HHS acting
in the employee’s individual capacity
where the DOJ or HHS has agreed to
represent the employee, or the United
States Government, is a party to the
proceedings or has an interest in the
proceedings and, by careful review,
HHS determines that the records are
both relevant and necessary to the
proceedings.
7. To representatives of the National
Archives and Records Administration
(NARA) during records management
inspections conducted pursuant to 44
U.S.C. 2904 and 2906.
8. To appropriate agencies, entities,
and persons when (1) HHS suspects or
has confirmed that there has been a
breach of the system of records, (2) HHS
has determined that as a result of the
suspected or confirmed breach there is
a risk of harm to individuals, HHS
(including its information systems,
programs, and operations), the federal
government, or national security, and
(3) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with HHS’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm.
9. To another federal agency or federal
entity, when HHS determines that
information from this system of records
is reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
PO 00000
Frm 00048
Fmt 4703
Sfmt 4703
67477
entity (including its information
systems, programs, and operations), the
federal government, or national security,
resulting from a suspected or confirmed
breach.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records are maintained in electronic
database servers and backup servers.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records are retrieved by a provider’s
or patient’s name, TIN, or other
identifying number.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
The records are not currently
scheduled, so are retained indefinitely
pending scheduling with the NARA.
HRSA anticipates proposing a retention
period of at least 6 years to NARA for
the records, for consistency with
General Records Schedule 1.1, Financial
Management and Reporting Records,
which provides for such records to be
retained for 6 years after final payment
or cancellation, or longer if required for
business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Safeguards conform to the HHS
Information Security and Privacy
Program, https://www.hhs.gov/ocio/
securityprivacy/. HHS
safeguards these records in accordance
with applicable laws, rules and policies,
including the HHS Information
Technology Security Program
Handbook; the E-Government Act of
2002, which includes the Federal
Information Security Management Act
of 2002, 44 U.S.C. 3541–3549, as
amended by the Federal Information
Security Modernization act of 2014, 44
U.S.C. 3551–3558; pertinent National
Institutes of Standards and Technology
(NIST) publications; and OMB Circular
A–130, Managing Information as a
Strategic Resource. HHS protects the
records from unauthorized access
through appropriate administrative,
physical, and technical safeguards.
These safeguards include protecting the
facilities where records are stored or
accessed with security guards, badges
and cameras; controlling access to
physical locations where records are
maintained and used by means of
combination locks and identification
badges issued only to authorized users;
limiting access to electronic databases to
authorized users based on roles and
either two-factor authentication or
password protection; using a secured
operating system protected by
encryption, firewalls, and intrusion
E:\FR\FM\26NON1.SGM
26NON1
67478
Federal Register / Vol. 86, No. 225 / Friday, November 26, 2021 / Notices
detection systems; and training
personnel in Privacy Act and
information security requirements. After
the records have been scheduled with
NARA, records that are eligible for
destruction will be disposed of in
accordance with the applicable
schedule, using secure destruction
methods prescribed by NIST SP 800–88.
RECORD ACCESS PROCEDURES:
An individual seeking access to
records about that individual in this
system of records must submit a written
access request to the applicable System
Manager identified in the ‘‘System
Manager’’ section of this System of
Records Notice (SORN). The request
must contain the requester’s full name,
address, and signature. The request
should also contain sufficient
identifying particulars (such as, the
provider’s National Provider Identifier,
TIN, or patient medical record number,
or the patient’s patient identifier or SSN
to enable HHS to locate the requested
records. So that HHS may verify the
requester’s identity, the requester’s
signature must be notarized or the
request must include the requester’s
written certification that the requester is
the individual who the requester claims
to be and that the requester understands
that the knowing and willful request for
or acquisition of a record pertaining to
an individual under false pretenses is a
criminal offense subject to a fine of up
to $5,000.
If an access request by a patient seeks
disclosure of any information about the
patient’s provider which is or could be
proprietary information of that provider,
the request must be accompanied by a
disclosure authorization form signed by
the provider.
jspears on DSK121TN23PROD with NOTICES1
CONTESTING RECORD PROCEDURES:
An individual seeking to amend a
record about that individual in this
system of records must submit an
amendment request to the applicable
System Manager identified in the
‘‘System Manager’’ section of this
SORN, containing the same information
required for an access request. The
request must include verification of the
requester’s identity in the same manner
required for an access request; must
reasonably identify the record and
specify the information contested, the
corrective action sought, and the
reasons for requesting the correction;
and should include supporting
information to show how the record is
inaccurate, incomplete, untimely, or
irrelevant.
VerDate Sep<11>2014
20:16 Nov 24, 2021
Jkt 256001
NOTIFICATION PROCEDURES:
An individual who wishes to know if
this system of records contains records
about that individual should submit a
notification request to the applicable
System Manager identified in in the
‘‘System Manager’’ section of this
SORN. The request must contain the
same information required for an access
request and must include verification of
the requester’s identity in the same
manner required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2021–25760 Filed 11–24–21; 8:45 am]
BILLING CODE 4160–15–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Health Resources and Services
Administration
Agency Information Collection
Activities: Proposed Collection: Public
Comment Request; The Stem Cell
Therapeutic Outcomes Database, OMB
No. 0915–0310—Extension
Health Resources and Services
Administration (HRSA), Department of
Health and Human Services.
ACTION: Notice.
AGENCY:
In compliance with the
requirement for opportunity for public
comment on proposed data collection
projects of the Paperwork Reduction Act
of 1995, HRSA announces plans to
submit an Information Collection
Request (ICR), described below, to the
Office of Management and Budget
(OMB). Prior to submitting the ICR to
OMB, HRSA seeks comments from the
public regarding the burden estimate,
below, or any other aspect of the ICR.
DATES: Comments on this ICR should be
received no later than January 25, 2022.
ADDRESSES: Submit your comments to
paperwork@hrsa.gov or by mail to the
HRSA Information Collection Clearance
Officer, Room 14N136B, 5600 Fishers
Lane, Rockville, MD 20857.
FOR FURTHER INFORMATION CONTACT: To
request more information on the
proposed project or to obtain a copy of
the data collection plans and draft
instruments, email paperwork@hrsa.gov
or call Samantha Miller, the acting
HRSA Information Collection Clearance
Officer at (301) 443–9094.
SUPPLEMENTARY INFORMATION: When
submitting comments or requesting
information, please include the
SUMMARY:
PO 00000
Frm 00049
Fmt 4703
Sfmt 4703
information collection request title for
reference.
Information Collection Request Title:
The Stem Cell Therapeutic Outcomes
Database OMB No. 0915–0310—
Extension
Abstract: Given the rapid evolution of
COVID–19 and its impact on those with
compromised immune systems, it is
imperative for the transplant
community to continue collecting
COVID–19 related data. Having access
to COVID–19 vaccination status on
blood stem cell recipients and
understanding immune responses will
assist with making informed decisions
regarding direct clinical care. This will
also inform critical policy decisions.
The Stem Cell Therapeutic and
Research Act of 2005, Public Law (P.L.)
109–129, as amended, provides for the
collection and maintenance of human
blood stem cells for the treatment of
patients and research. It also maintains
a scientific database of information
relating to patients who have been
recipients of a stem cell therapeutics
product (e.g., bone marrow, cord blood,
or other such product) from a donor.
Given the rapid evolution of the
COVID–19 public health emergency and
its impact on immunocompromised
patients, availability of new vaccines,
and continual changes in vaccination
recommendations, HRSA wants to
leverage the required data collection
platform of the Stem Cell Therapeutic
Outcomes Database to obtain vaccine
information for all U.S. allogeneic
hematopoietic stem cell transplant
recipients.
Need and Proposed Use of the
Information: To collect COVID–19
vaccine data, HRSA is requesting an
extension of OMB’s approval of both the
Pre-Transplant Essential Data Form
2400 and Post-Transplant Essential Data
(Post-TED) Form 2450. Collecting these
data will help clinicians and
policymakers to understand the
landscape of vaccination among
immunocompromised patients before
and after a blood stem cell transplant.
HRSA will use this information to
analyze outcomes based on vaccine
manufacturer/type, doses received
(including potential boosters), timing,
and inform future vaccination strategies.
Information currently collected
regarding COVID–19 infections has
already been used in research studies.
HRSA will use data collected prior to
a patient receiving a blood stem cell
transplant to characterize frequencies of
vaccination and level of protection
afforded during and after transplant
based on incidence of COVID infection.
Post-transplant, this information can be
used to assess vaccination rates and
E:\FR\FM\26NON1.SGM
26NON1
]]>Agencies
[Federal Register Volume 86, Number 225 (Friday, November 26, 2021)]
[Notices]
[Pages 67475-67478]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-25760]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Health Resources and Services Administration
Privacy Act of 1974; System of Records
AGENCY: Health Resources and Services Administration (HRSA), Department
of Health and Human Services (HHS).
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended, the HHS is establishing a new system of records to be
maintained by HHS's HRSA, 09-15-0093, ``Provider Support Records.'' The
new system of records will include payment-related records containing
information about any sole proprietor health care providers (including
health care-practitioners and suppliers) who applied for payments or
reimbursements, received a payment, attested to a payment, reported on
the use of a payment, or otherwise participated in one of HRSA's
provider support programs, and about patients identified in certain
claims records submitted to HRSA for payment by entity providers and
sole proprietor providers. The records are used to support the health
care population and administer the programs.
DATES: The new system of records is applicable November 26, 2021,
subject to a 30-day period in which to comment on the routine uses.
Submit any comments by December 27, 2021.
ADDRESSES: The public should address written comments by email to
[email protected] or by mail to Executive Officer, Provider
Support, HRSA, 5600 Fishers Lane, Room 9N21, Rockville, MD, 20857.
FOR FURTHER INFORMATION CONTACT: General questions about the new system
of records may be submitted to Executive Officer, Provider Support,
HRSA, 5600 Fishers Lane, Room 9N21, Rockville, MD, 20857, or to
[email protected].
SUPPLEMENTARY INFORMATION: New system of records 09-15-0093 will cover
records HRSA uses to reimburse claims and make payments to healthcare
providers and to receive reports on the use of funds for activities
under the following programs:
COVID-19 Claims Reimbursement to Health Care Providers and
Facilities for Testing, Treatment and Vaccine Administration for the
Uninsured (Uninsured Program).
COVID-19 Coverage Assistance Fund (CAF).
Provider Relief Fund (PRF), including American Rescue Plan
Act (ARPA) Rural Payments.
The records used by HRSA in these programs include patient and
provider information needed to administer the programs. HHS provided
advance notice of the new system of records to the Office of Management
and Budget and
[[Page 67476]]
Congress as required by 5 U.S.C. 552a(r) and OMB Circular A-108.
Diana Espinosa,
Acting Administrator.
SYSTEM NAME AND NUMBER:
Provider Support Records, 09-15-0093.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The address of the HHS component responsible for this system of
records (i.e., HRSA) is shown in the System Manager(s) section, below.
SYSTEM MANAGER(S):
The System Manager is Executive Officer, Provider Support, HRSA,
5600 Fishers Lane, Rockville, MD, 20857, [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Authorities include the following appropriations laws. Collection
of participating providers' Taxpayer Identification Numbers is required
by 31 U.S.C. 7701(c).
Uninsured Program: ``The Families First Coronavirus
Response Act or FFCRA (P.L. 116-127) and the Paycheck Protection
Program and Health Care Enhancement Act or PPPHCEA (P.L. 116-139),
which each appropriated $1 billion to reimburse providers for
conducting COVID-19 testing for uninsured individuals''
Provider Relief Fund: ``The Coronavirus Aid, Relief, and
Economic Security (CARES) Act (P.L. 116-136), which provided $100
billion in relief funds, including to hospitals and other health care
providers on the front lines of the COVID-19 response; the Paycheck
Protection Program and Health Care Enhancement Act or PPPHCEA (P.L.
116-139), which appropriated an additional $75 billion in relief funds;
and the Coronavirus Response and Relief Supplemental Appropriations Act
(CRRSA) (P.L. 116-260), which appropriated an additional $3 billion
(collectively, the Provider Relief Fund).
Uninsured program, continued: Within the Provider Relief
Fund, a portion of the funding supports health care-related expenses
attributable to COVID-19 testing for the uninsured and treatment of
uninsured individuals with COVID-19. A portion of the funding is also
used to reimburse providers for administering Food and Drug
Administration (FDA)-authorized or licensed COVID-19 vaccines to
uninsured individuals.
Uninsured program, continued: The American Rescue Plan Act
of 2021 (ARPA, P.L. 117-2), which allocated funding to reimburse
providers for COVID-19 testing of the uninsured.
ARPA Rural Payments: The American Rescue Plan Act of 2021
(ARPA, P.L. 117-2). ARPA amends the SSA. The citation to Section 1150C
of ARPA can be found at 42 U.S.C. 1320b-26.
Coverage Assistance Fund: The HRSA COVID-19 CAF is a
program established by and administered by HRSA, using funds
appropriated by Congress under the PRF.
PURPOSE(S) OF THE SYSTEM:
Relevant agency personnel and contractors use records about
individuals from this system of records on a need to know basis to
administer the provider support programs, which support the resilience
of the healthcare population. Such programs include:
COVID-19 Claims Reimbursement to Health Care Providers and
Facilities for Testing, Treatment and Vaccine Administration for the
Uninsured (Uninsured Program).
COVID-19 CAF Program.
Provider Relief Fund, including the ARPA Rural payments.
Specific purposes include:
1. To obtain marketing and communication information for providers
who submitted applications to make them aware of policy and funding
opportunities.
2. To make payments and reimburse claims to eligible healthcare
providers under the above-identified programs.
3. To assist the HHS Program Support Center (PSC), the Department
of Justice (DOJ), and other government entities in the collection of
program debts.
4. To respond to inquiries from providers, their attorneys or other
authorized representatives, and Congressional representatives.
5. To compile and generate managerial and statistical reports.
6. To perform program administrative activities, including, but not
limited to, payment tracking, monitoring a provider's compliance with
the Terms and Conditions of payment, receipt of provider reports on the
use of funds, and other program requirements, and recoupment
determinations.
7. To transfer information to the HHS central accounting system(s)
covered by system of records 09-90-0024, HHS Financial Management
System Records, maintained by the Office of the Assistant Secretary for
Financial Resources, for purposes of effecting program payments and
preparing and maintaining financial management and accounting
documentation related to obligations and disbursements of funds
(including providing required notifications to the Department of the
Treasury) related to payments to, or on behalf of, healthcare
providers. Information transferred to the Office of the Assistant
Secretary for Financial Resources for these purposes is limited to the
individual's name, address, SSN, and other information necessary for
identification and processing of the payment.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records are about these categories of individuals:
Sole proprietor providers who submit claims under the
programs mentioned above.
Patients identified in claims and claims-related records
submitted to HRSA by entity providers and sole proprietor providers.
Sole proprietor providers who applied for or who have
received payments under the programs mentioned above.
CATEGORIES OF RECORDS IN THE SYSTEM:
The categories of records are provider claims, claims-related
records, payment applications, reports on the use of funds, and other
records used by HRSA to process the claims, applications, and payments.
Contents include the provider's name, address(es), telephone number(s),
and email address(es); National Provider Identifier; Taxpayer
Identification Number (TIN) (which could be a Social Security Number
(SSN)); CMS Credentialing Number; tax, audit, and revenue data; banking
information; payment data and supporting documentation; repayment/
recoupment information; claims forms (including patient-related
information, such as principal diagnosis code, admitting diagnosis
code, procedure codes, date(s) of service and charges); and each
applicable patient's name, control number, patient identification
number; health insurance policy member identification number; gender,
date of birth, zip code, state, and county.
RECORD SOURCE CATEGORIES:
The information in the system of records is obtained from payment
applications, claims, reports on the use of funds, and other
information submitted to HRSA by providers; from other HHS components;
from commercial and other payers; and from any relevant federal, state,
territorial, local, or tribal agencies. Other agencies and HHS
components may provide information to HRSA needed to verify provider
eligibility; validate provider-
[[Page 67477]]
submitted information; determine payment distribution or claims
reimbursement amounts; and approve payments and claims.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to other disclosures authorized directly in the Privacy
Act at 5 U.S.C. 552a(b)(1) and (2) and (b)(4) through (11), HHS may
disclose records about a subject individual (provider or patient) from
this system of records to parties outside HHS as described in these
routine uses, without the individual's prior written consent:
1. To any agent or contractor (including another federal agency)
engaged by HHS to assist in accomplishment of an HHS function relating
to the purposes of this system of records, if the agent or contractor
needs to have access to the records in order to provide the assistance.
For example, HHS may disclose records consisting of a provider's or
patient's name, SSN, TIN, mailing address, email address, or telephone
number, to Department contractors and subcontractors who assist with
the implementation of the above-identified programs, for the purposes
of distributing funds; collecting, compiling, aggregating, analyzing,
or refining records in the system of records; or improving program
operations. Any agent or contractor will be required to comply with the
requirements of the Privacy Act, as amended, with respect to the
records, and to ensure that any subcontractors also maintain Privacy
Act safeguards with respect to the records.
2. To another federal, state, or local agency about a provider who
fails to return payments identified for recoupment at the direction of
HHS, to ensure that the provider does not receive federal funds for
which the provider is ineligible. Disclosure will be limited to the
provider's name, address, SSN, TIN, inclusion on the Do Not Pay List,
and any other information necessary to identify them.
3. To another federal, state, local, territorial, or Tribal agency
to contribute to the accuracy of HHS' proper payment of health care
providers' payment requests and claims (such as to determine a
provider's eligibility for a distribution, validate a provider's tax
identification number, or confirm a patient's uninsured status).
4. To another federal agency or an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state, local, or Tribal governmental agency) that
administers, or that has the authority to investigate potential fraud
or abuse in, a health care payment program funded in whole or in part
by federal funds, when the disclosure is deemed reasonably necessary by
HHS to prevent, deter, discover, detect, investigate, examine,
prosecute, sue with respect to, defend against, correct, remedy, or
otherwise combat fraud or abuse in such programs.
5. To a congressional office from the record of an individual in
response to a written inquiry from the congressional office made at the
written request of that individual. If a congressional inquiry on
behalf of a patient seeks disclosure of any information about the
patient's provider which is or could be proprietary information of that
provider, the congressional request must be accompanied by an
authorization form signed by the provider.
6. To DOJ or to a court or other adjudicative body in litigation or
other proceedings when HHS or any of its components, or any employee of
HHS acting in the employee's official capacity, or any employee of HHS
acting in the employee's individual capacity where the DOJ or HHS has
agreed to represent the employee, or the United States Government, is a
party to the proceedings or has an interest in the proceedings and, by
careful review, HHS determines that the records are both relevant and
necessary to the proceedings.
7. To representatives of the National Archives and Records
Administration (NARA) during records management inspections conducted
pursuant to 44 U.S.C. 2904 and 2906.
8. To appropriate agencies, entities, and persons when (1) HHS
suspects or has confirmed that there has been a breach of the system of
records, (2) HHS has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, HHS (including
its information systems, programs, and operations), the federal
government, or national security, and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with HHS's efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm.
9. To another federal agency or federal entity, when HHS determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in (1) responding to a suspected
or confirmed breach or (2) preventing, minimizing, or remedying the
risk of harm to individuals, the recipient agency or entity (including
its information systems, programs, and operations), the federal
government, or national security, resulting from a suspected or
confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained in electronic database servers and backup
servers.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by a provider's or patient's name, TIN, or
other identifying number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The records are not currently scheduled, so are retained
indefinitely pending scheduling with the NARA. HRSA anticipates
proposing a retention period of at least 6 years to NARA for the
records, for consistency with General Records Schedule 1.1, Financial
Management and Reporting Records, which provides for such records to be
retained for 6 years after final payment or cancellation, or longer if
required for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Safeguards conform to the HHS Information Security and Privacy
Program, https://www.hhs.gov/ocio/securityprivacy/. HHS
safeguards these records in accordance with applicable laws, rules and
policies, including the HHS Information Technology Security Program
Handbook; the E-Government Act of 2002, which includes the Federal
Information Security Management Act of 2002, 44 U.S.C. 3541-3549, as
amended by the Federal Information Security Modernization act of 2014,
44 U.S.C. 3551-3558; pertinent National Institutes of Standards and
Technology (NIST) publications; and OMB Circular A-130, Managing
Information as a Strategic Resource. HHS protects the records from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include protecting the
facilities where records are stored or accessed with security guards,
badges and cameras; controlling access to physical locations where
records are maintained and used by means of combination locks and
identification badges issued only to authorized users; limiting access
to electronic databases to authorized users based on roles and either
two-factor authentication or password protection; using a secured
operating system protected by encryption, firewalls, and intrusion
[[Page 67478]]
detection systems; and training personnel in Privacy Act and
information security requirements. After the records have been
scheduled with NARA, records that are eligible for destruction will be
disposed of in accordance with the applicable schedule, using secure
destruction methods prescribed by NIST SP 800-88.
RECORD ACCESS PROCEDURES:
An individual seeking access to records about that individual in
this system of records must submit a written access request to the
applicable System Manager identified in the ``System Manager'' section
of this System of Records Notice (SORN). The request must contain the
requester's full name, address, and signature. The request should also
contain sufficient identifying particulars (such as, the provider's
National Provider Identifier, TIN, or patient medical record number, or
the patient's patient identifier or SSN to enable HHS to locate the
requested records. So that HHS may verify the requester's identity, the
requester's signature must be notarized or the request must include the
requester's written certification that the requester is the individual
who the requester claims to be and that the requester understands that
the knowing and willful request for or acquisition of a record
pertaining to an individual under false pretenses is a criminal offense
subject to a fine of up to $5,000.
If an access request by a patient seeks disclosure of any
information about the patient's provider which is or could be
proprietary information of that provider, the request must be
accompanied by a disclosure authorization form signed by the provider.
CONTESTING RECORD PROCEDURES:
An individual seeking to amend a record about that individual in
this system of records must submit an amendment request to the
applicable System Manager identified in the ``System Manager'' section
of this SORN, containing the same information required for an access
request. The request must include verification of the requester's
identity in the same manner required for an access request; must
reasonably identify the record and specify the information contested,
the corrective action sought, and the reasons for requesting the
correction; and should include supporting information to show how the
record is inaccurate, incomplete, untimely, or irrelevant.
NOTIFICATION PROCEDURES:
An individual who wishes to know if this system of records contains
records about that individual should submit a notification request to
the applicable System Manager identified in in the ``System Manager''
section of this SORN. The request must contain the same information
required for an access request and must include verification of the
requester's identity in the same manner required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2021-25760 Filed 11-24-21; 8:45 am]
BILLING CODE 4160-15-P
