Department of Health and Human Services (HHS), Centers for Medicare & Medicaid Services (CMS).
Notice of a New System of Records (SOR).
In accordance with the requirements of the Privacy Act of 1974, CMS is establishing a new SOR titled, “Hospice Item Set (HIS) System,” System No. 09-70-0548. The new system will support the collection of data required for the Hospice Quality Reporting Program (HQRP) pursuant to Section 3004(c) of the Patient Protection and Affordable Care Act of 2010 (ACA) (Pub. L. 111-148), which amended the Social Security Act (the Act) (42 U.S.C. 1814(i)). HIS is a standardized, patient-level data collection vehicle consisting of data elements confirming that the appropriate assessments were made and inquiries or concerns were addressed for each patient at the time of admission for the following domains of care: (1) Pain; (2) Respiratory Status; (3) Medications; (4) Patient Preferences; and (5) Beliefs & Values.
Effective Dates: Effective 30 days after publication. Written comments should be submitted on or before the effective date. HHS/CMS/CCSQ may publish an amended SORN in light of any comments received.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Caroline Gallaher, Nurse Consultant, CMS, Centers for Clinical Standards and Quality, Quality Measurement & Health Assessment Group, Division of Chronic & Post-Acute Care, 7500 Security Boulevard, Mail Stop S3-02-01, Baltimore, MD 21244-1850. Office: 410-786-8705, Facsimile: (410) 786-8532, Email address: email@example.com.
End Further Info
Start Supplemental Information
I. Background and Introduction
Section 3004(c) of the ACA directed the Secretary of HHS to establish a quality reporting program for hospices for the purpose of collecting, compiling and eventually publishing data measuring the quality of care provided to patients receiving hospice care. The quality measure data is required to be valid, meaningful, and feasible to collect, and to address symptom management, patient preferences and care coordination. Although CMS administers the HIS, information is also collected on hospice patients who may not be Medicare beneficiaries.
A hospice is a public agency or private organization or a subdivision of either that is primarily engaged in providing care to terminally ill individuals, meets the conditions of participation for hospices, and has a valid Medicare provider agreement. Hospice care is an approach to caring for terminally ill individuals that stresses palliative care (relief of pain and uncomfortable symptoms), as opposed to curative care. In addition to meeting the patient's medical needs, hospice care addresses the physical, psychosocial, and spiritual needs of the patient, as well as the psychosocial needs of the patient's family/caregiver. The HIS is not a patient assessment instrument and will not be administered to the patient and/or family or caregivers. In contrast, HIS is a standardized mechanism for abstracting data from the medical record.
The HIS was developed specifically for use by hospices and contains data elements that can be used by CMS to collect the patient-level data required for seven National Quality Forum—(NQF) endorsed quality measures and a modification of one NQF-endorsed measure. These measures include: (1) Hospice and Palliative Care—Pain Screening (NQF #1634); (2) Hospice and Palliative Care—Pain Assessment (NQF #1637); (3) Hospice and Palliative Care—Dyspnea Screening (NQF #1639); (4) Hospice and Palliative Care—Dyspnea Treatment (NQF #1638); (5) Patients Treated With an Opioid who are Given a Bowel Regimen (NQF #1617); (6) Hospice and Palliative Care—Treatment Preferences (NQF #1641); and (7) Beliefs/values addressed (modified version of the NQF #1647 measure).
Hospices will begin using the HIS for all patients beginning July 1, 2014. Hospices will be required to submit two HIS records for each patient admitted to their organization—a HIS-Admission record and a HIS-Discharge record. The HIS-Admission contains both administrative items for patient identification and clinical items for calculating the seven quality measures. The HIS-Discharge is a limited set of administrative items also used for patient identification, as well as discharge information, which will be used primarily to determine patient exclusions for some of the seven quality measures.
II. The Privacy Act
The Privacy Act (5 U.S.C. 552a) governs the means by which the United States Government collects, maintains, and uses personally identifiable information (PII) in a SOR. A SOR is a group of any records under the control of a Federal agency from which information about individuals is retrieved by name or other personal identifier. The Privacy Act requires each agency to publish in the Federal Register a system of records notice (SORN) identifying and describing each system of records the agency maintains, including the purposes for which the agency uses information about individuals in the system, the routine uses for which the agency discloses such information outside the agency, and how individual record subjects can exercise their rights under the Privacy Act (e.g., to determine if the system contains information about them).
System Number: 09-70-0548
“Hospice Item Set (HIS) System” HHS/CMS/CCSQ.
CMS Data Center, 7500 Security Boulevard, North Building, First Floor, Baltimore, Maryland 21244-1850, and at various Hospices and contractor sites.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The system will contain information about the following categories of individuals who participate in or are involved with the HQRP: (1) Hospice patients and Medicare beneficiaries, who receive health care services coordinated and managed by hospices; and, (2) any individual providers and/or any contact persons for a hospice whose personal information (such as, home or personal contact information, or Social Security Number (SSN) if used for business purposes) is provided as business-identifying information on the collection instrument.
CATEGORIES OF RECORDS IN THE SYSTEM:
Information in the HIS about hospice patients includes but not limited to information related to condition, selected covariates about the condition, and patient/beneficiary demographic records containing the patient/beneficiary's name, gender, beneficiary's Health Insurance Claim Number (HICN), SSN, Medicaid number (MA number), race, and date of birth. Information collected about providers who work in hospices considered to be PII includes records containing the provider's name, address, National Provider Identifier (NPI), and CMS Certification Number (CCN), personal contact information, tax identification number, and SSN if used for business purposes.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Authority for the SOR is given at Section 3004(c) of the Patient Protection and Affordable Care Act of 2010 (Pub. L. 111-148), amending the Social Security Act (42 U.S.C. 1814(i)).
PURPOSE(S) OF THE SYSTEM:
The purpose(s) of this SOR is to create a hospice item set that is used as a standardized mechanism for abstracting data from the medical record to address symptom management, patient preferences and care coordination; to house the data needed for the HQRP, and to maintain a quality reporting program for hospices for the purpose of collecting, compiling and eventually publishing data measuring the quality of care provided to patients receiving hospice care. CMS will or may use personally identifiable information from this system to: (1) Support regulatory, reimbursement, and policy functions performed by Agency contractors, consultants, or CMS grantees; (2) assist Federal and state agencies and their fiscal agents to perform the statutory functions of the HQRP; (3) assist hospices with the statutory reporting requirements; (4) support research, Start Printed Page 19343evaluation, or epidemiological projects related to end of life care, and for payment related projects; (5) support the functions of Quality Improvement Organizations; (6) support the functions of national accrediting organizations; (7) support litigation involving the agency; (8) combat fraud, waste, and abuse in certain health benefits programs, (9) assist agencies, entities, contractors, or persons tasked with the response and remedial efforts in the event of a breach of information, and (10) assist the U.S. Department of Homeland Security (DHS) cyber security personnel.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OR USERS AND THE PURPOSES OF SUCH USES:
A. Entities Who May Receive Disclosures Under Routine Use
These routine uses specify circumstances, in addition to those provided by statute in the Privacy Act of 1974, under which CMS may release information from HIS without the consent of the individual to whom such information pertains. Each proposed disclosure of information under these routine uses will be evaluated to ensure that the disclosure is legally permissible, including but not limited to ensuring that the purpose of the disclosure is compatible with the purpose for which the information was collected. We propose to establish the following routine use disclosures of information maintained in the system:
1. To support Agency contractors, consultants, or CMS grantees who have been engaged by the Agency to assist in accomplishment of a CMS function relating to the purposes for this collection and who need to have access to the records in order to assist CMS.
2. To assist another Federal Agency, agency of a State government, an agency established by State law, or its fiscal agents with information that is necessary and/or required in order to perform the statutory functions of the HQRP;
3. To provide hospices with information they need to meet any statutory requirements of the program, assist with other reports as required by CMS, and to assist in the implementation of quality standards;
4. To support an individual or organization for research, as well as evaluation or epidemiological projects related to end of life care, or for understanding and improving payment projects;
5. To support Quality Improvement Organizations (QIOs) in connection with review of claims, or in connection with studies or other review activities conducted pursuant to Part B of Title XI of the Act, and in performing affirmative outreach activities to individuals for the purpose of establishing and maintaining their entitlement to Medicare benefits or health insurance plans;
6. To assist national accrediting organization(s) whose accredited providers are presumed to meet certain Medicare requirements (e.g., the Joint Commission for the Accreditation of Healthcare Organizations, the Community Health Accreditation Program (CHAP), or the Accreditation Commission for Health Care (ACHC);
7. To provide information to the U.S. Department of Justice (DOJ), a court, or an adjudicatory body when (a) the Agency or any component thereof, or (b) any employee of the Agency in his or her official capacity, or (c) any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee, or (d) the United State Government, is a party to litigation or has an interest in such litigation, and by careful review, CMS determines that the records are both relevant and necessary to the litigation and that the use of such records by the DOJ, court, or adjudicatory body is compatible with the purpose for which the agency collected the records;
8. To assist a CMS contractor (including, but not limited to Medicare Administrative Contractors, fiscal intermediaries, and carriers) that assists in the administration of a CMS-administered health benefits program, or to a grantee of a CMS-administered grant program, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud, waste or abuse in such program;
9. To assist another Federal agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States (including any state or local governmental agency), that administers or that has the authority to investigate potential fraud, waste or abuse in a health benefits program funded in whole or in part by Federal funds, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud, waste or abuse in such programs;
10. To disclose records to appropriate Federal agencies and Department contractors that have a need to know the information for the purpose of assisting the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, and the information disclosed is relevant and necessary for that assistance; and
11. To assist the U.S. Department of Homeland Security (DHS) cyber security personnel, if captured in an intrusion detection system used by HHS and DHS (e.g., pursuant to the Einstein 2 program).
B. ADDITIONAL CIRCUMSTANCES AFFECTING DISCLOSURE OF PII DATA:
To the extent that the individual claims records in this system contain Protected Health Information (PHI) as defined by HHS regulation “Standards for Privacy of Individually Identifiable Health Information” (45 CFR Parts 160 and 164, Subparts A and E), disclosures of such PHI that are otherwise authorized by these routine uses may only be made if, and as, permitted or required by the “Standards for Privacy of Individually Identifiable Health Information” (see 45 CFR 164-512(a)(1)).
In addition, HHS policy will be to prohibit release even of data not directly identifiable with a particular individual, except pursuant to one of the routine uses or if required by law, if CMS determines there is a possibility that a particular individual can be identified through implicit deduction based on small cell sizes (instances where the patient population is so small that individuals could, because of the small size, use this information to deduce the identity of a particular individual).
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
All records are stored on magnetic media.
Information may be retrieved by any of these personal identifiers: provider's TIN (which could be a SSN); NPI; CMS Certification Number (CCN); Patient's SSN or a Beneficiary's HICN; a patient's or beneficiary's name in combination with the patient's or beneficiary's date of birth.
Personnel having access to the system have been trained in the Privacy Act and information security requirements. Employees who maintain records in this system are instructed not to release data until the intended recipient agrees to implement appropriate management, operational and technical safeguards sufficient to protect the confidentiality, Start Printed Page 19344integrity and availability of the information and information systems and to prevent unauthorized access.
Access to records in the hospice database system will be limited to CMS personnel and contractors through password security, encryption, firewalls, and secured operating system. Any electronic or hard copies of financial-related records containing PII at CMS and contractor locations will be kept in secure electronic files or in file folders locked in secure file cabinets during non-duty hours.
RETENTION AND DISPOSAL:
Retention and disposal of these records are in accordance with published record schedules of the Centers for Medicare & Medicaid Services and as approved by the National Archives and Records Administration. Beneficiary claims records are currently subject to a document preservation order and will be preserved indefinitely pending further notice from the U.S. Department of Justice.
SYSTEM MANAGER AND ADDRESS:
Director, Division of Chronic & Post-Acute Care, Quality Measurement & Health Assessment Group, Center for Clinical Standards and Quality, Centers for Medicare & Medicaid Services, 7500 Security Boulevard, Mail Stop S3-02-01, Baltimore, MD 21244-1850.
An individual record subject who wishes to know if this system contains records about him or her should write to the system manager who will require the system name, HICN, and for verification purposes, the subject individual's name (woman's maiden name, if applicable), and SSN. Furnishing the SSN is voluntary, but it may make searching for a record easier and prevent delay.
RECORD ACCESS PROCEDURE:
An individual seeking access to records about him or her in this system should use the same procedures outlined in Notification Procedures above. The requestor should also reasonably specify the record contents being sought. (These procedures are in accordance with Department regulation 45 CFR 5b.5(a)(2).)
CONTESTING RECORD PROCEDURES:
To contest a record, the subject individual should contact the system manager named above, and reasonably identify the record and specify the information to be contested. The individual should state the corrective action sought and the reasons for the correction with supporting justification. (These procedures are in accordance with Department regulation 45 CFR 5b.7)
RECORD SOURCE CATEGORIES:
Information about individuals collected and maintained in this database is collected by means of the HIS. Hospices may transmit HIS data to CMS using free software that is provided by CMS. In the alternative, hospice providers may submit HIS data via customized computer programs which are created by private vendors in accordance with technical data specifications issued by CMS. Information transmitted about hospice patients is collected by hospice providers directly from the patients or from the patients' medical records. Any information about an individual provider or contact person for a provider that is included as the provider's business-identifying information on the collection instrument is provided by the provider or contact person.
EXEMPTIONS CLAIMED FOR THIS SYSTEM:
End Supplemental Information
Dated: March 26, 2014.
Timothy P. Love,
Chief Operating Officer, Centers for Medicare & Medicaid Services.
[FR Doc. 2014-07552 Filed 4-7-14; 8:45 am]
BILLING CODE 4120-03-P