Skip to Content

Proposed Rule

Exemption of Certain Systems of Records Under the Privacy Act

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Centers for Medicare & Medicaid Services (CMS), HHS.

ACTION:

Proposed rule.

SUMMARY:

This proposed rule would exempt the four system of records from subsections (c)(3), (d)(1) through (d)(4), (e)(4)(G) and (H), and (f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(2): The Automated Survey Processing Environment (ASPEN) Complaint/Incidents Tracking System (“ACTS”), HHS/CMS, System No. 09-70-0565; the Health Insurance Portability and Accountability Act (HIPAA) Information Tracking System (“HITS”), HHS/CMS, System No. 09-70-0544; the Organ Procurement Organizations System (“OPOS”), HHS/CMS, System No. 09-70-0575; and the Fraud Investigation Database (“FID”), HHS/CMS, System No. 09-70-0527.

DATES:

To be assured consideration, comments must be received at one of the addresses provided below, no later than 5 p.m. on July 24, 2007.

ADDRESSES:

In commenting, please refer to file code CMS-0029-P. Because of staff and resource limitations, we cannot accept comments by facsimile (Fax) transmission.

You may submit comments in one of four ways (no duplicates, please):

1. Electronically. You may submit electronic comments on specific issues in this regulation to http://www.cms.hhs.gov/​eRulemaking. Click on the link “Submit electronic comments on CMS regulations with an open comment period.” (Attachments should be in Microsoft Word, WordPerfect, or Excel; however, we prefer Microsoft Word.)

2. By regular mail. You may mail written comments (one original and two copies) to the following address Only: Centers for Medicare & Medicaid Services, Department of Health and Human Services, Attention: CMS-0029-P, P.O. Box 8017, Baltimore, MD 21244-8017.

Please allow sufficient time for mailed comments to be received before the close of the comment period.

3. By express or overnight mail. You may send written comments (one original and two copies) to the following address Only: Centers for Medicare & Medicaid Services, Department of Health and Human Services, Attention: CMS-0029-P, Mail Stop C4-26-05, Start Printed Page 292907500 Security Boulevard, Baltimore, MD 21244-1850.

4. By hand or courier. If you prefer, you may deliver (by hand or courier) your written comments (one original and two copies) before the close of the comment period to one of the following addresses. If you intend to deliver your comments to the Baltimore address, please call telephone number (410) 786-7195 in advance to schedule your arrival with one of our staff members. Room 445-G, Hubert H. Humphrey Building, 200 Independence Avenue, SW., Washington, DC 20201; or 7500 Security Boulevard, Baltimore, MD 21244-1850.

(Because access to the interior of the HHH Building is not readily available to persons without Federal Government identification, commenters are encouraged to leave their comments in the CMS drop slots located in the main lobby of the building. A stamp-in clock is available for persons wishing to retain a proof of filing by stamping in and retaining an extra copy of the comments being filed.)

Comments mailed to the addresses indicated as appropriate for hand or courier delivery may be delayed and received after the comment period.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Katherine Brewer, (410) 786-7235.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Submitting Comments: We welcome comments from the public on all issues set forth in this rule to assist us in fully considering issues and developing policies. You can assist us by referencing the file code CMS-0029-P and the specific “issue identifier” that precedes the section on which you choose to comment.

Inspection of Public Comments: All comments received before the close of the comment period are available for viewing by the public, including any personally identifiable or confidential business information that is included in a comment. We post all comments received before the close of the comment period on the following Web site as soon as possible after they have been received: http://www.cms.hhs.gov/​eRulemaking. Click on the link “Electronic Comments on CMS Regulations” on that Web site to view public comments.

Comments received timely will also be available for public inspection as they are received, generally beginning approximately 3 weeks after publication of a document, at the headquarters of the Centers for Medicare & Medicaid Services, 7500 Security Boulevard, Baltimore, Maryland 21244, Monday through Friday of each week from 8:30 a.m. to 4 p.m. To schedule an appointment to view public comments, phone 1-800-743-3951.

I. Background

The four SORs that are the subject of this proposed rule are as follows:

A. The Automated Survey Processing Environment Complaints/Incidents Tracking System (“ACTS”), HHS/CMS, System No. 09-70-0565.

In the May 23, 2006 Federal Register (71 FR 29643), we published a notice of a modified or altered SOR titled Automated Survey Processing Environment (ASPEN) Complaint/Incidents Tracking System (“ACTS”), HHS/CMS, System No. 09-70-0565. ACTS is a Windows-based program whose primary purpose is to track and process complaints and incidents reported against health care facilities regulated by CMS and State agencies. These facilities include Clinical Laboratory Improvement Amendment (CLIA)-certified laboratories, skilled nursing facilities (SNFs), nursing facilities, hospitals, home health agencies, end stage renal disease (ESRD) facilities, hospices, rural health clinics, comprehensive outpatient rehabilitation facilities (CORFs), outpatient physical therapy services, community mental health centers, ambulatory surgical centers, suppliers of portable x-ray services, and intermediate care facilities for persons with mental retardation. ACTS is designed to manage all operations associated with complaint and incident tracking and processing, from initial intake and investigation through the final disposition.

B. The Health Insurance Portability and Accountability Act (HIPAA) Information Tracking System (“HITS”), HHS/CMS, System No. 09-70-0544.

In the July 6, 2005 issue of the Federal Register (70 FR 38944), we published a notice of a new SOR titled Health Insurance Portability and Accountability Act (HIPAA) Information Tracking System (“HITS”), HHS/CMS, System No. 09-70-0544. In general, HITS consists of an electronic repository of information, documents, and supplementary paper document files. HITS' purpose is to store the results of all of our investigations, to determine if there were violations as charged in the original complaint, to investigate complaints that appear to be in violation of the Transactions and Code Sets, Security, and Unique Identifier provisions of HIPAA, to refer violations to law enforcement entities as necessary, and to maintain and retrieve records of the results of the complaint investigations.

Investigative files maintained in HITS are received either as electronic documents or as paper records that are compiled for law enforcement purposes.

C. The Organ Procurement Organizations System (“OPOS”), HHS/CMS, System No. 09-70-0575.

In the May 22, 2006 issue of the Federal Register (71 FR 29336), we published a notice of a new SOR titled Organ Procurement Organizations System (“OPOS”), HHS/CMS, System No. 09-70-0575. OPOS is a Windows-based program whose purpose is to track and process complaints and incidents reported against Organ Procurement Organizations. Section 701 of the Organ Procurement Organization System Certification Act of 2000 (Pub. L. 106-505) gave us the authority to collect and maintain individually identifiable information pertaining to complaint allegations filed by a complainant, beneficiary, or provider of services against Organ Procurement Organizations; this information includes information gathered during all aspects of an investigation, including initial complaints, findings, results, disposition, and relevant correspondence.

D. The Fraud Investigation Database (“FID”), HHS/CMS, System No. 09-70-0527

In the October 28, 2002 Federal Register (70 FR 65795), we published a notice of a modified or altered system of records (SOR) that changed the name of a SOR entitled “CMS Utilization Review Investigatory Files, System No. 09-70-0527” to be the “CMS Fraud Investigation Database (FID).” The FID system contains the name, work address, work phone number, social security number, Unique Provider Identification Number (UPIN), and other identifying demographics of individuals alleged to have violated provisions of the Social Security Act (“the Act”) related to Medicare, Medicaid, HMO/Managed Care, and the Children's Health Insurance Program. The FID system also contains the contact information and other identifying demographics of individuals alleged to have violated other criminal or civil statutes connected with the Act and the Act's programs. Here, individuals are persons alleged to have abused the Act's programs. (For example, an individual could be a person alleged to have rendered unnecessary services to Medicare beneficiaries or Medicaid recipients, over-used services, or engaged in improper billing.) They are Start Printed Page 29291persons whose activities have provided a substantial basis for criminal or civil prosecution, or who are identified as defendants in criminal prosecution cases.

II. Provisions of the Proposed Rule

We propose to exempt the ACTS, HITS, OPOS, and FIS systems of records from subsection (c)(3), (d)(1) through (d)(4), (e)(4)(G) and (H), and (f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(2). These exemptions apply only to the extent that information in a record is subject to exemption pursuant to 5 U.S.C. 552a(k)(2). The ACTS, HITS, OPOS, and FIS systems of records are exempted from the following subsections for the reasons set forth below:

  • Subsection (c)(3). CMS investigative files are records that we compile for law enforcement purposes. In the course of investigations, we often have a need to obtain confidential information involving individuals other than the individual who is the subject of the file. In these cases, it is necessary for us to preserve the confidentiality of the information to avoid unwarranted invasions of personal privacy and to assure recipients of Federal financial assistance that this information will be kept confidential. This assurance is often central to resolving disputes concerning access by CMS to the recipient's records, and is necessary to facilitate prompt and effective completion of investigations. Disclosure of confidential information to the subject individual could impede ongoing investigations, invade the personal privacy of individuals, reveal the identities of confidential sources, or otherwise impair our ability to conduct investigations.
  • Subsections (d)(1) through (d)(4). CMS investigative files are records that we compile for law enforcement purposes. In the course of investigations, we often have a need to obtain confidential information involving individuals other than the individual who is the subject of the file. In these cases, it is necessary for us to preserve the confidentiality of the information to avoid unwarranted invasions of personal privacy and to assure recipients of Federal financial assistance that this information will be kept confidential. This assurance is often central to resolving disputes concerning access by CMS to the recipient's records, and is necessary to facilitate prompt and effective completion of investigations. Unrestricted disclosure of confidential information in CMS files could impede ongoing investigations, invade the personal privacy of individuals, reveal the identities of confidential sources, or otherwise impair our ability to conduct investigations.
  • Subsection (e)(4)(G). CMS investigative files are records that we compile for law enforcement purposes. In the course of investigations, we often have a need to obtain confidential information involving individuals other than the individual who is the subject of the file. In these cases, it is necessary for us to preserve the confidentiality of the information to avoid unwarranted invasions of personal privacy and to assure recipients of Federal financial assistance that this information will be kept confidential. This assurance is often central to resolving disputes concerning access by CMS to the recipient's records, and is necessary to facilitate prompt and effective completion of investigations. Notification of existence of CMS investigative files could impede ongoing investigations, invade the personal privacy of individuals, reveal the identities of confidential sources, or otherwise impair our ability to conduct investigations.
  • From subsection (e)(4)(H). CMS investigative files are records that we compile for law enforcement purposes. In the course of investigations, we often have a need to obtain confidential information involving individuals other than the individual who is the subject of the file. In these cases, it is necessary for us to preserve the confidentiality of the information to avoid unwarranted invasions of personal privacy and to assure recipients of Federal financial assistance that this information will be kept confidential. This assurance is often central to resolving disputes concerning access by CMS to the recipient's records, and is necessary to facilitate prompt and effective completion of investigations. Access and correction by subject individuals to CMS files could impede ongoing investigations, invade the personal privacy of individuals, reveal the identities of confidential sources, or otherwise impair our ability to conduct investigations.
  • Subsection (f). CMS investigative files are records that we compile for law enforcement purposes. In the course of investigations, we often have a need to obtain confidential information involving individuals other than the individual who is the subject of the file. In these cases, it is necessary for us to preserve the confidentiality of the information to avoid unwarranted invasions of personal privacy and to assure recipients of Federal financial assistance that this information will be kept confidential. This assurance is often central to resolving disputes concerning access by CMS to the recipient's records, and is necessary to facilitate prompt and effective completion of investigations. Unrestricted disclosure of confidential information in CMS files to subject individuals could impede ongoing investigations, invade the personal privacy of individuals, reveal the identities of confidential sources, or otherwise impair our ability to conduct investigations.

Accordingly, this proposed rule would amend 45 CFR 5b.11(b)(2)(ii) of the Privacy Act regulations by—

  • Adding a new paragraph (H) that exempts investigative materials compiled for law enforcement purposes from ACTS;
  • Adding a new paragraph (I) that exempts investigative materials compiled for law enforcement purposes from HITS;
  • Adding a new paragraph (J) that exempts investigative materials compiled for law enforcement purposes from OPOS; and
  • Adding a new paragraph (K) that exempts investigative materials compiled for law enforcement purposes from FID.

We request public comment on these proposed exemptions.

III. Collection of Information Requirements

This proposed rule does not impose any information collection or recordkeeping requirements. Consequently, it need not be reviewed by the Office of Management and Budget under the authority of the Paperwork Reduction Act of 1995.

IV. Response to Comments

Because of the large number of public comments we normally receive on Federal Register documents, we are not able to acknowledge or respond to them individually. We will consider all comments we receive by the date and time specified in the DATES section of this preamble, and, when we proceed with a subsequent document, we will respond to the comments in the preamble to that document.

V. Regulatory Impact Statement

We have examined the impact of this rule as required by Executive Order 12866 (September 1993, Regulatory Planning and Review), the Regulatory Flexibility Act (RFA) (September 19, 1980, Pub. L. 96-354), section 1102(b) of the Social Security Act, the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4), and Executive Order 13132. Start Printed Page 29292

Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). A regulatory impact analysis (RIA) must be prepared for major rules with economically significant effects ($100 million or more in any 1 year). This rule does not reach the economic threshold and thus is not considered a major rule.

The RFA requires agencies to analyze options for regulatory relief of small businesses. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and small governmental jurisdictions. Most hospitals and most other providers and suppliers are small entities, either by nonprofit status or by having revenues of $6 million to $29 million in any 1 year. Individuals and States are not included in the definition of a small entity. We are not preparing an analysis for the RFA because we have determined that this rule will not have a significant economic impact on a substantial number of small entities.

In addition, section 1102(b) of the Act requires us to prepare a regulatory impact analysis if a rule may have a significant impact on the operations of a substantial number of small rural hospitals. This analysis must conform to the provisions of section 603 of the RFA. For purposes of section 1102(b) of the Act, we define a small rural hospital as a hospital that is located outside of a Metropolitan Statistical Area and has fewer than 100 beds. We are not preparing an analysis for section 1102(b) of the Act because we have determined that this rule will not have a significant impact on the operations of a substantial number of small rural hospitals.

Section 202 of the Unfunded Mandates Reform Act of 1995 also requires that agencies assess anticipated costs and benefits before issuing any rule whose mandates require spending in any 1 year of $100 million in 1995 dollars, updated annually for inflation. That threshold level is currently approximately $120 million. This rule will have no consequential effect on State, local, or tribal governments or on the private sector.

Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a proposed rule (and subsequent final rule) that imposes substantial direct requirement costs on State and local governments, preempts State law, or otherwise has Federalism implications. Since this regulation does not impose any costs on State or local governments, the requirements of E.O. 13132 are not applicable.

In accordance with the provisions of Executive Order 12866, this regulation was reviewed by the Office of Management and Budget.

Start List of Subjects

List of Subjects for 45 CFR Part 5b

End List of Subjects

For the reasons set forth in the preamble, the Department of Health and Human Services would amend 45 CFR part 5b as set forth below:

Start Part

PART 5b—PRIVACY ACT REGULATIONS

1. The authority citation for part 5b continues to read as follows:

Start Authority

Authority: 5 U.S.C. 301, 5 U.S.C. 552a.

End Authority

2. Section 5b.11 is revised by adding paragraphs (b)(2)(ii)(H), (I), (J), and (K) to read as follows:

Exempt Systems
* * * * *

(b) * * *

(2) * * *

(ii) * * *

(H) Investigative materials compiled for law enforcement purposes from the Automated Survey Processing Environment (ASPEN) Complaints/Incidents Tracking System (“ACTS”), HHS/CMS.

(I) Investigative materials compiled for law enforcement purposes from the Health Insurance Portability and Accountability Act (HIPAA) Information Tracking System (“HITS”), HHS/CMS.

(J) Investigative materials compiled for law enforcement purposes from the Organ Procurement Organizations System (“OPOS”), HHS/CMS.

(K) Investigative materials compiled for law enforcement purposes from the CMS Fraud Investigation Database (“FID”), HHS/CMS.

* * * * *
Start Authority

Authority: 5 U.S.C. 552a.

End Authority
Start Signature

Dated: September 29, 2006.

Mark B. McClellan,

Administrator, Centers for Medicare & Medicaid Services.

Approved: January 26, 2007.

Michael O. Leavitt,

Secretary.

End Signature

Editorial Note:

This document was received at the Office of the Federal Register on Tuesday, May 22, 2007.

End Part End Supplemental Information

[FR Doc. E7-10143 Filed 5-24-07; 8:45 am]

BILLING CODE 4120-01-P