Skip to Content

Rule

Health Care Fraud and Abuse Data Collection Program: Technical Revisions to Healthcare Integrity and Protection Data Bank Data Collection Activities

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Office of Inspector General (OIG), HHS.

ACTION:

Interim final rule with comment period.

SUMMARY:

The rule makes technical changes to the Healthcare Integrity and Protection Data Bank (HIPDB) data collection reporting requirements set forth in 45 CFR part 61 by clarifying the types of personal numeric identifiers that may be reported to the data bank in connection with adverse actions. Specifically, the rule clarifies that in lieu of a Social Security Number (SSN), an individual taxpayer identification number (ITIN) may be reported to the data bank when, in those limited situations, an individual does not have an SSN.

DATES:

Effective date: These regulations are effective on July 19, 2004.

Comment date: We will consider comments if we receive them at the appropriate address, as provided in the address section below, no later than 5 p.m. on July 19, 2004.

ADDRESSES:

In commenting, please refer to file code OIG-55-FC. Because of staff and resource limitations, we cannot accept comments by facsimile (FAX) transmission. Please mail or deliver your written comments to the following address: Office of Inspector General, Department of Health and Human Services, Attention: OIG-55-FC, Room 5246, Cohen Building, 330 Independence Avenue, SW., Washington, DC 20201.

Please allow sufficient time for us to receive mailed comments by the due date in the event of delivery delays. Because access to the Cohen Building is not readily available to persons without Federal government identification, commenters are encouraged to leave their comments in the OIG drop box located in the main lobby of the building. For information on viewing public comments, see section IV in the SUPPLEMENTARY INFORMATION section.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Joel Schaer, Office of Management and Policy, (202) 619-0089; or Anne MacArthur, Office of Counsel to the Inspector General, (202) 619-0335.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

I. The Healthcare Integrity and Protection Data Bank (HIPDB)

Section 221(a) of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104-91, required the Department, acting through the Office of Inspector General, to establish a health care fraud and abuse control program to combat health care fraud and abuse (section 1128C of the Social Security Act (the Act)). Among the major steps in this program has been the establishment of a national data bank to receive and disclose certain final adverse actions against health care providers, suppliers, or practitioners, as required by section 1128E of the Act, in accordance with section 221(a) of HIPAA. The data bank, known as the Healthcare Integrity and Protection Data Bank (HIPDB), is designed to collect and disseminate the following types of information regarding final adverse actions: (1) Civil judgments against health care providers, suppliers, or practitioners in Federal or State court that are related to the delivery of a health care item or service; (2) Federal or State criminal convictions against a health care provider, supplier, or practitioner related to the delivery of a health care item or service; (3) final adverse actions by Federal or State agencies responsible for the licensing and certification of health care providers, suppliers, or practitioners; (4) exclusion of a health care provider, supplier, or practitioner from participation in Federal or State health care programs; and (5) any other adjudicated actions or decisions that the Secretary establishes by regulation.

Data Elements To Be Reported to the HIPDB

Section 1128E(b)(2) of the Act cited a number of required elements or types of data that must be reported to the HIPDB. These elements include: (1) The name of the individual or entity; (2) a taxpayer identification number; (3) the name of any affiliated or associated health care entity; (4) the nature of the final adverse action and whether the action is on appeal; (5) a description of the acts or omissions, or injuries, upon which a final adverse action is based; and (6) any other additional information deemed appropriate by the Secretary. With respect to this last element, we have exercised this discretion to add additional reportable data elements reflecting much of the information that is already routinely collected by the Federal and State reporting agencies.

Final regulations implementing the HIPDB were published in the Federal Register on October 26, 1999 (64 FR 57740). In those final regulations, for an individual (1) who is the subject of a civil judgment or criminal conviction related to the delivery of a health care item or service; or (2) who is the subject of a licensure action taken by Federal or State licensing and certification agencies, an adjudicated action or decision, or an individual excluded from participation in a Federal or State health care program, the current HIPDB systems of records contains, among other things, the individual's full name, other names used (if known), and his or her SSN. We specifically indicated that use of personal identifiers, such as SSNs and Federal Employer Identification Numbers (FEINs), in the collection and reporting to the HIPDB:

  • Provides explicit matching of specific adverse action reports to and from the data bank;
  • Provides a greater confidence level in the system's matching algorithm and maximizes the system's ability to prevent the erroneous reporting and disclosure of health care providers, suppliers and practitioners; and
  • Strengthens States' ability to detect individuals who move from State to State without disclosure or discovery of previous damaging performance.Start Printed Page 33867

However, in addressing the list of “mandatory” data elements that must be reported to the data bank in connection with adverse actions, the final regulations inadvertently omitted reference to the reporting of an ITIN to the data bank when, in those limited situations, an individual does not have a SSN.

Tax Identification Numbers as Defined by the Internal Revenue Code

As indicated above, HIPAA requires “the name and TIN (as defined in section 7701(a)(41) of the Internal Revenue Code (IRC) of 1986) of any health care provider, supplier, or practitioner who is the subject of a final adverse action” to be reported to the data bank. Section 7701(a)(41) of the IRC does not specifically define TIN, but instead refers to section 6109 of the Code. Section 6109(d) states that an individual's SSN is the tax identifying number for an individual, except as otherwise specified in regulations by the Secretary of the Treasury. In turn, the Department of the Treasury regulations set forth at 26 CFR 301.6109-1(a)(ii)(B) provides for the issuance of an ITIN for individuals who are not eligible for a SSN.

II. Technical Revisions to 45 CFR Part 61

The HIPDB regulations at 45 CFR part 61 currently require the SSN on reports of adverse actions on individuals. Although the SSN meets the statutory requirement of a TIN, we believe that the inclusion of the ITIN, which is also a TIN, is consistent with the statutory requirements of HIPAA. Most reportable final adverse actions are taken against individual health care practitioners who are permitted to work in the United States. Non-citizens in the United States with permission to work are eligible for SSNs. However, we have become aware that there are non-citizens who do not have permission to work in the United States, but who do have ITINs assigned by the Internal Revenue Service (IRS) for tax purposes [1] and hold valid State health care licenses. One example would be a foreign physician who does not practice in the United States, but desires to have a State license as a qualification of his or her ability to practice medicine. We believe that there may be very limited incidences where reportable adverse actions, particularly licensing actions, may be taken against these health care practitioners, such as an adverse licensing action taken by a medical licensing authority in a foreign country that is then reported to a State medical licensing board which then revokes the State medical license of the foreign physician. However, if the physician does not have a SSN, the State medical licensing authority is currently unable to report the action. We believe that the revision of the HIPDB regulations to include the collection of the ITIN for individuals who do not have SSNs, but have been assigned an ITIN, will enable the data bank to receive reports that presently it cannot receive.

As a result, in order to allow for the collection and dissemination of all appropriate information to and from the data bank, we are revising §§ 61.7, 61.8, and 61.10 of the HIPDB regulations at 45 CFR part 61 to indicate that for the reporting of (1) licensure actions taken by Federal and State licensing and certification agencies, (2) Federal or State criminal convictions related to the delivery of a health care item or service, or (3) exclusions from participation in Federal or State health care programs:

  • If the subject is an individual, entities must report either the SSN or ITIN;
  • If the subject is an organization, entities must report the FEIN, or SSN or ITIN when used by the subject as a TIN; and
  • If the subject is an organization, entities should report, if known, any FEINs, SSNs or ITINs used.

These revisions will also allow the reporting of ITINs, by reference, to the reports required in §§ 61.9 and 61.11.

We note that while the inclusion of a SSN or ITIN is a necessary reporting element in reporting adverse actions to the HIPDB, the Social Security Administration and the Internal Revenue Service are not required to assign a SSN or an ITIN, respectively, to those individuals who do not otherwise qualify for such identification numbers.

III. Regulatory Impact Statement

A. Regulatory Analysis

We have examined the impacts of this technical rule revision as required by Executive Order 12866, the Regulatory Flexibility Act (RFA) of 1980, the Unfunded Mandates Reform Act of 1995, and Executive Order 13132.

1. Executive Order 12866

Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, if regulations are necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health, and safety effects; distributive impacts; and equity). A regulatory impact analysis must be prepared for major rules with economically significant effects ($100 million or more in any given year). This is not a major rule as defined at 5 U.S.C. 804(2), and it is not economically significant since this technical revision will not have a significant effect on program expenditures and there will be no additional substantive cost through codification of this change. Specifically, the revisions to 45 CFR part 61 set forth in this rule are technical in nature and are designed to further clarify statutory requirements. The economic effect of these revisions will impact only those limited few individuals or organizations that are that subject of an adverse action reportable to the data bank. As such, we believe that the aggregate economic impact of this technical revision to the regulations will be minimal and have no appreciable effect on the economy or on Federal or State expenditures.

2. Regulatory Flexibility Act

The RFA and the Small Business Regulatory Enforcement and Fairness Act of 1996, which amended the RFA, require agencies to analyze options for regulatory relief of small businesses. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and government agencies. Most providers are considered to be small entities by having revenues of $6 million to $29 million or less in any one year. For purposes of the RFA, most physicians and suppliers are considered to be small entities. In addition, section 1102(b) of the Social Security Act requires us to prepare a regulatory impact analysis if a rule may have a significant impact on the operations of a substantial number of small rural providers. This analysis must conform to the provisions of section 604 of the RFA.

We anticipate that the number of individuals who do not have permission to work in the United States but who have ITINs, who hold valid State health care licenses, and who will be the subject of a report to the HIPDB will be minimal. Even in those very limited incidences where reportable adverse actions, such as licensing actions, may be taken against a health care practitioner, we believe that the aggregate economic impact of this technical revision will be minimal since it is the nature of the conduct and not the size or type of the entity that would result in the violation and the need to report the adverse action to the HIPDB. As a result, we have concluded that this technical rule should not have a Start Printed Page 33868significant impact on the operations of a substantial number of small or rural providers, and that a regulatory flexibility analysis is not required for this rulemaking.

3. Unfunded Mandates Reform Act

Section 202 of the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4) also requires that agencies assess anticipated costs and benefits before issuing any rule that may result in expenditure in any one year by State, local, or tribal governments, in the aggregate, or by the private sector, of $110 million. As indicated, these technical revisions comport with statutory intent and clarify the legal authorities for reporting information to the data bank against those who have acted improperly against the Federal and State health care programs. As a result, we believe that there are no significant costs associated with these revisions that would impose any mandates on State, local, or tribal governments, or the private sector that will result in an expenditure of $110 million or more (adjusted for inflation) in any given year, and that a full analysis under the Unfunded Mandates Reform Act is not necessary.

4. Executive Order 13132

Executive Order 13132, Federalism, establishes certain requirements that an agency must meet when it promulgates a rule that imposes substantial direct requirements or costs on State and local governments, preempts State law, or otherwise has Federalism implications. In reviewing this rule under the threshold criteria of Executive Order 13132, we have determined that this rule will not significantly affect the rights, roles, and responsibilities of State or local governments.

The Office of Management and Budget (OMB) has reviewed this final rule in accordance with Executive Order 12866.

B. Paperwork Reduction Act

The provisions of this rulemaking impose no express new reporting or recordkeeping requirements on reporting entities. As indicated, this additional reportable data element reflects information that is already routinely collected by the Federal and State reporting agencies on health care providers, suppliers and practitioners, and imposes no new reporting burden beyond the data element fields already approved by OMB.

IV. Response to Public Comments

Comments will be available for public inspection beginning on July 6, 2004, in Room 5518 of the Office of Inspector General at 330 Independence Avenue, SW., Washington, DC, on Monday and through Friday of each week from 8 a.m. to 4 p.m., (202) 619-0089. Because of the large number of comments we normally receive on regulations, we cannot acknowledge or respond to comments individually. However, we will consider all timely and appropriate comments when developing any revised final rulemaking.

V. Waiver of Proposed Rulemaking

We ordinarily publish a proposed rule in the Federal Register and provide a period for public comment before we publish a final rule. We may waive this procedure, however, for good cause if we find that the notice and comment procedure is impracticable, unnecessary, or contrary to the public interest and if we incorporate a statement of this finding and its reasons in the rule issued. We find it unnecessary to undertake notice and comment rulemaking in this instance because we believe that it is in the public interest to comply with the statutory requirement in section 1128E of the Act that this information be included with respect to subjects of adverse actions reported to the data bank. Therefore, in accordance with MPDIMA and the Administrative Procedure Act (APA) (5 U.S.C. 553(b)(B)), for good cause, we waive notice and comment procedures. We are, however, providing a 30-day public comment period.

Start List of Subjects

List of Subjects in 45 CFR Part 61

End List of Subjects Start Amendment Part

Accordingly,

End Amendment Part Start Part

PART 61—HEALTHCARE INTEGRITY AND PROTECTION DATA BANK FOR FINAL ADVERSE INFORMATION ON HEALTH CARE PROVIDERS, SUPPLIERS AND PRACTITIONERS

End Part Start Amendment Part

1. The authority citation for part 61 continues to read as follows:

End Amendment Part Start Authority

Authority: 42 U.S.C. 1320a-7e.

End Authority Start Amendment Part

2. Section 61.7 is amended by republishing the introductory text for paragraphs (b) and (b)(1) and revising paragraph (b)(1)(ii); republishing introductory paragraph (b)(3) and revising paragraph (b)(3)(iii); and by republishing introductory paragraph (c) and (c)(3) and revising paragraph (c)(3)(iii) to read as follows:

End Amendment Part
Reporting licensure actions taken by Federal or State licensing and certification agencies.
* * * * *

(b) Entities described in paragraph (a) of this section must report the following information:

(1) If the subject is an individual, personal identifiers, including:

* * * * *

(ii) Social Security Number (or Individual Taxpayer Identification Number (ITIN));

* * * * *

(3) If the subject is an organization, identifiers, including:

* * * * *

(iii) Federal Employer Identification Number (FEIN), or Social Security Number (or ITIN) when used by the subject as a Taxpayer Identification Number (TIN);

* * * * *

(c) Entities described in paragraph (a) of this section should report, if known, the following information:

* * * * *

(3) If the subject is an organization, identifiers, including:

* * * * *

(iii) Other FEIN(s) or Social Security Numbers (or ITIN) used;

* * * * *
Start Amendment Part

3. Section 61.8 is amended by republishing the introductory text for paragraphs (b) and (b)(1) and revising paragraph (b)(1)(ii); republishing introductory paragraph (b)(3) and revising paragraph (b)(3)(iii); and by republishing introductory paragraph (c) and (c)(3) and revising paragraph (c)(3)(iii) to read as follows:

End Amendment Part
Reporting Federal or State criminal convictions related to the delivery of a health care item or service.
* * * * *

(b) Entities described in paragraph (a) of this section must report the following information:

(1) If the subject is an individual, personal identifiers, including:

* * * * *

(ii) Social Security Number (or ITIN);

* * * * *

(3) If the subject is an organization, identifiers, including:

* * * * *

(iii) Federal Employer Number (FEIN), or Social Security Number (or ITIN) when used by the subject as a Taxpayer Identification Number (TIN);

* * * * *
Start Printed Page 33869

(c) Entities described in paragraph (a) of this section should report, if known, the following information:

* * * * *

(3) If the subject is an organization, identifiers, including:

* * * * *

(iii) Other FEIN(s) or Social Security Numbers(s) (or ITINs) used;

* * * * *
Start Amendment Part

4. Section 61.10 is amended by republishing the introductory text for paragraphs (b) and (b)(1) and revising paragraph (b)(1)(ii); republishing introductory paragraph (b)(3) and revising paragraph (b)(3)(iii); and by republishing introductory paragraph (c) and (c)(3) and revising paragraph (c)(3)(iii) to read as follows:

End Amendment Part
Reporting exclusions from participation in Federal or State health care programs.
* * * * *

(b) Entities described in paragraph (a) of this section must report the following information:

(1) If the subject is an individual, personal identifiers, including:

* * * * *

(ii) Social Security Number (or ITIN);

* * * * *

(3) If the subject is an organization, identifiers, including:

* * * * *

(iii) Federal Employer Identification Number (FEIN), or Social Security Number (or ITIN) when used by the subject as a Taxpayer Identification Number (TIN);

* * * * *

(c) Entities described in paragraph (a) of this section should report, if known, the following information:

* * * * *

(3) If the subject is an organization, identifiers, including:

* * * * *

(iii) Other FEIN(s) or Social Security Numbers(s) (or ITINs) used;

* * * * *
Start Signature

Dated: April 1, 2004.

Dara Corrigan,

Acting Principal Deputy Inspector General.

Approved: April 19, 2004.

Tommy G. Thompson,

Secretary.

End Signature End Supplemental Information

Footnotes

1.  These individuals can use previously IRS assigned ITINs, although they cannot qualify for an ITIN solely for licensing purposes.

Back to Citation

[FR Doc. 04-13675 Filed 6-16-04; 8:45 am]

BILLING CODE 4152-01-P