You are on page 1of 5

Federal Register / Vol. 71, No.

179 / Friday, September 15, 2006 / Notices 54495

5. Payment Safeguard Contractors 0573.’’ The program is mandated by 27, 2001)); and Integrated Data
• Medicare Coordinator, Aspen Systems Section 723 of the Medicare Repository, System No. 09–70–0571 (To
Corporation, 2277 Research Blvd., Rockville, Prescription Drug Improvement and be published).
MD 20850. Modernization Act of 2003 (MMA)
• Medicare Coordinator, DynCorp
The purpose of this system is to
(Public Law (Pub. L.) 108–173), which collect and maintain a person-level view
Electronic Data Systems (EDS), 11710 Plaza was enacted into law on December 8,
America Drive 5400 Legacy Drive, Reston, of identifiable data to establish a data
VA 20190–6017.
2003, and amended Title XVIII of the repository to study chronically ill
• Medicare Coordinator, Lifecare Social Security Act (the Act). The CCDR Medicare beneficiaries. This system will
management Partners Mutual of Omaha program seeks to establish a data utilize data extraction tools to support
Insurance Co., 6601 Little Rive Turnpike, repository to study chronically ill accessing data by chronic conditions
Suite 300 Mutual of Omaha Plaza, Omaha, Medicare beneficiaries. This data and process complex customized
NE 68175. repository will integrate existing data to
• Medicare Coordinator, Reliance research data requests related to chronic
support studies for improving the illnesses. Information retrieved from
Safeguard Solutions, Inc., P.O. Box 30207 quality of care and studies for reducing
400 South Salina Street, 2890 East this system may be disclosed to: (1)
Cottonwood Parkway, Syracuse, NY 13202.
the cost of care for chronically ill Support regulatory, reimbursement, and
• Medicare Coordinator, Science Medicare beneficiaries. The statute is
policy functions performed within the
Applications International Inc., 6565 designed to reduce program spending,
agency or by a contractor, grantee,
Arlington Blvd. P.O. Box 100282, Falls make current Medicare program data
consultant or other legal agent; (2) assist
Church, VA. more readily available to researchers to
• Medicare Coordinator, California
another Federal or state agency with
study chronic illness in the Medicare
Medical Review, Inc., Integriguard Division information to contribute to the
population, improve process time for
Federal Sector Civil Group One Sansome accuracy of CMS’s proper payment of
research data request, focus on analytic
Street, San Francisco, CA 94104–4448. Medicare benefits, enable such agency
prospective verses operational, and
• Medicare Coordinator, Computer to administer a Federal health benefits
Sciences Corporation Suite 600 3120 utilize data extraction tools to organize
program, or to enable such agency to
Timanus Lane, Baltimore, MD 21244. the data.
fulfill a requirement of Federal statute
• Medicare Coordinator, Electronic Data The data collected and maintained in or regulation that implements a health
System (EDS), 11710 Plaza American Drive, this system are retrieved from the
5400 Legacy Drive, Plano, TX 75204.
benefits program funded in whole or in
following databases: Medicare Drug part with Federal funds; (3) support an
• Medicare Coordinator, TriCenturion, Data Processing System, System No. 09–
L.L.C., P.O. Box 100282, Columbia, SC individual or organization for a research
70–0553 (70 Federal Register (FR) project or in support of an evaluation
29202.
58436 (October 6, 2005)); Medicare project related to the prevention of
6. Qualified Independent Contractors Beneficiary Database, System No. 09– disease or disability, the restoration or
• Medicare Contractor, Maximus Federal 70–0536 (66 FR 63392 (December 6, maintenance of health, or payment
Services, Inc., 1040 First Avenue, Suite 400, 2001)); Medicare Advantage related projects; (4) support Quality
King of Prussia, PA 19406. Prescription Drug System, System No.
• Medicare Contractor, Maximus Federal Improvement Organizations (QIO); (5)
09–70–4001 (70 FR 60530 (October 18,
Services, Inc., 50 Square Drive, Victor, NY support litigation involving the agency;
2005)); Medicaid Statistical Information
19406. and (6) combat fraud, waste, and abuse
System, System No. 09–70–6001 (67 FR
• Medicare Contractor, Q2 Administrators, in certain Federally-funded health
17 Technology Circle, Columbia, SC 29203. 48906 (July 26, 2002)); Retiree Drug
benefits programs. We have provided
• Medicare Contractor, Q2 Administrators, Subsidy Program, System No. 09–70–
background information about the new
5150 East Dublin-Granville Road, Suite 200, 0550 (70 FR 41035 (July 15, 2005));
system in the SUPPLEMENTARY
Westerville, OH 43081. Common Working File, System No. 09–
INFORMATION section below. Although
• Medicare Contractor, First Coast Service 70–0526 (67 FR 3210 (January 23,
Options, 532 Riverside Avenue, Jacksonville,
the Privacy Act requires only that CMS
2002)); National Claims History, System
FL 32202. provide an opportunity for interested
No. 09–70–0005 (67 FR 57015
persons to comment on the proposed
[FR Doc. E6–15128 Filed 9–14–06; 8:45 am] (September 6, 2002)); Enrollment
routine uses, CMS invites comments on
Database, System No. 09–70–0502 (67
BILLING CODE 4120–03–P all portions of this notice. See ‘‘Effective
FR 3203 (January 23, 2002)); Carrier
Dates’’ section for comment period.
Medicare Claims Record, System No.
DEPARTMENT OF HEALTH AND 09–70–0501 (67 FR 54428 (August 22, DATES: Effective Date: CMS filed a new
HUMAN SERVICES 2002)); Intermediary Medicare Claims SOR report with the Chair of the House
Record, System No. 09–70–0503 (67 FR Committee on Government Reform and
Centers for Medicare & Medicaid 65982 (October 29, 2002)); Unique Oversight, the Chair of the Senate
Services Physician/Provider Identification Committee on Homeland Security &
Number, System No. 09–70–0525 (69 FR Governmental Affairs, and the
Privacy Act of 1974; Report of a New 75316 (December 16, 2004)); Medicare Administrator, Office of Information
System of Records Supplier Identification File, System No. and Regulatory Affairs, Office of
AGENCY: Department of Health and 09–70–0530 (67 FR 48184 (July 23, Management and Budget (OMB) on
Human Services (HHS), Center for 2002)), A Current Beneficiary Survey, September 6, 2006. To ensure that all
Medicare & Medicaid Services (CMS). System No. 09–70–6002 (66 FR 15496 parties have adequate time in which to
ACTION: Notice of a New System of (March 19, 2001)); National Plan & comment, the new system will become
Records (SOR). Provider Enumerator System, System effective 30 days from the publication of
No. 09–70–0008, (63 FR 40297 (July 28, the notice, or 40 days from the date it
jlentini on PROD1PC65 with NOTICES

SUMMARY: In accordance with the 1998)); Long Term Care MDS, System was submitted to OMB and the
requirements of the Privacy Act of 1974, No. 09–70–1517 (67 FR 6714 (February Congress, whichever is later. We may
we are proposing to establish a new 13, 2002)); HHA Outcome and defer implementation of this system or
system titled, ‘‘Chronic Condition Data Assessment Information Set, System No. one or more of the routine use
Repository (CCDR), System No. 09–70– 09–70–9002 (66 FR 66903 (December statements listed below if we receive

VerDate Aug<31>2005 14:51 Sep 14, 2006 Jkt 208001 PO 00000 Frm 00043 Fmt 4703 Sfmt 4703 E:\FR\FM\15SEN1.SGM 15SEN1
54496 Federal Register / Vol. 71, No. 179 / Friday, September 15, 2006 / Notices

comments that persuade us to defer telephone number, health insurance the stated purpose under which the
implementation. claims number, social security number, information was disclosed.
ADDRESSES: The public should address race/ethnicity, gender, date of birth, 4. Determines that the data are valid
comment to the CMS Privacy Officer, date of death, enrollment in Part A and and reliable.
Division of Privacy Compliance, Part B information, provider name,
III. Proposed Routine Use Disclosures
Enterprise Architecture and Strategy unique provider identification number,
of Data in the System
Group, CMS, Mail-stop N2–04–27, 7500 as well as clinical, demographic, health/
Security Boulevard, Baltimore, well-being, and background information The Privacy Act allows us to disclose
Maryland 21244–1850. Comments relating to Medicare issues. information without an individual’s
received will be available for review at consent if the information is to be used
II. Agency Policies, Procedures, and
this location by appointment during for a purpose that is compatible with the
Restrictions on the Routine Use
regular business hours, Monday through purpose(s) for which the information
Friday from 9 a.m.–3 p.m., eastern time. The Privacy Act permits us to disclose was collected. Any such compatible use
information without an individual’s of data is known as a ‘‘routine use.’’ The
FOR FURTHER INFORMATION CONTACT: Linh
consent if the information is to be used proposed routine uses in this system
Phuong, Health Insurance Specialist,
for a purpose that is compatible with the meet the compatibility requirement of
Information and Methods Group, Office
purpose(s) for which the information the Privacy Act. We are proposing to
of Research, Development &
was collected. Any such disclosure of establish the following routine use
Information, Mail Stop C3–18–06,
data is known as a ‘‘routine use.’’ The disclosures of information maintained
Centers for Medicare & Medicaid
Services, 7500 Security Boulevard, Government will only release CCDR in the system:
Baltimore, MD 21244–1849. She can be information that can be associated with 1. To agency contractors, consultants
reached by telephone at 410–786–7055 an individual as provided for under or grantees, who have been engaged by
or e-mail Linh.Phuong@cms.hhs.gov. ‘‘Section III. Proposed Routine Use the agency to assist in the performance
Disclosures of Data in the System.’’ Both of a service related to this collection and
SUPPLEMENTARY INFORMATION: The CCDR
identifiable and non-identifiable data who need to have access to the records
will house data that will be easily
may be disclosed under a routine use. in order to perform the activity.
linked, at the individual patient level,
We will only collect the minimum We contemplate disclosing
for all Medicare claims, eligibility data,
personal data necessary to achieve the information under this routine use only
nursing home and home health
purpose of CCDR. in situations in which CMS may enter
assessments, and CMS beneficiary CMS has the following policies and
survey data. This data repository will into a contractual or similar agreement
procedures concerning disclosures of with a third party to assist in
transform and summarize this
information that will be maintained in accomplishing CMS function relating to
administrative health insurance
the system. Disclosure of information purposes for this system. CMS
information into research data. Part of
from the system will be approved only occasionally contracts out certain of its
this process involves transforming
to the extent necessary to accomplish functions when doing so would
diagnostic information on a
the purpose of the disclosure and only contribute to effective and efficient
beneficiary’s Medicare claims into
after CMS: operations. CMS must be able to give a
information about their chronic medical
1. Determines that the use or contractor, consultant or grantee
conditions. The data repository will be
disclosure is consistent with the reason whatever information is necessary for
designed to support research, policy
that the data is being collected; e.g., to the contractor or consultant to fulfill its
analysis, quality improvement activities,
collect and maintain a person-level view duties. In these situations, safeguards
and demonstrations that attempt to
of identifiable data to establish a data are provided in the contract prohibiting
foster a better understanding of how to
repository to study chronically ill the contractor, consultant or grantee
improve the quality of life and contain
Medicare beneficiaries. from using or disclosing the information
the health care costs of the chronically
2. Determines that: for any purpose other than that
ill. a. The purpose for which the
described in the contract and requires
I. Description of the Proposed System of disclosure is to be made can only be
the contractor, consultant or grantee to
Records accomplished if the record is provided
return or destroy all information at the
in individually identifiable form;
A. Statutory and Regulatory Basis for completion of the contract.
b. The purpose for which the
SOR disclosure is to be made is of sufficient 2. To another Federal or state agency
The statutory authority for this system importance to warrant the effect and/or to:
is given under the provisions of Section risk on the privacy of the individual that a. Contribute to the accuracy of CMS’s
723 of the Medicare Prescription Drug additional exposure of the record might proper payment of Medicare benefits;
Improvement, and Modernization Act of bring; and b. Enable such agency to administer a
2003. c. There is a strong probability that Federal health benefits program, or, as
the proposed use of the data would in necessary, to enable such agency to
B. Collection and Maintenance of Data fulfill a requirement of a Federal statute
in the System fact accomplish the stated purpose(s).
3. Requires the information recipient or regulation that implements a health
This system will collect and maintain to: benefits program funded in whole or in
individually identifiable and other data a. Establish administrative, technical, part with Federal funds; and/or
collected on Medicare beneficiaries and and physical safeguards to prevent c. Assist Federal/state Medicaid
their providers who provide service to unauthorized use of disclosure of the programs within the state.
such beneficiaries. Data will be record; Other Federal or state agencies, in
jlentini on PROD1PC65 with NOTICES

collected from Medicare administrative b. Remove or destroy, at the earliest their administration of a Federal health
and claims records. The collected time, all patient-identifiable program, may require CCDR information
information will include, but is not information; and in order to support evaluations and
limited to Medicare claims and c. Agree to not use or disclose the monitoring of Medicare claims
eligibility data, name, address, information for any purpose other than information of beneficiaries, including

VerDate Aug<31>2005 14:51 Sep 14, 2006 Jkt 208001 PO 00000 Frm 00044 Fmt 4703 Sfmt 4703 E:\FR\FM\15SEN1.SGM 15SEN1
Federal Register / Vol. 71, No. 179 / Friday, September 15, 2006 / Notices 54497

proper reimbursement for services in the administration of a CMS- In addition, our policy will be to
provided. administered health benefits program, prohibit release even of data not directly
3. To an individual or organization for or to a grantee of a CMS-administered identifiable, except pursuant to one of
a research project or in support of an grant program, when disclosure is the routine uses or if required by law,
evaluation project related to the deemed reasonably necessary by CMS to if we determine there is a possibility
prevention of disease or disability, the prevent, deter, discover, detect, that an individual can be identified
restoration or maintenance of health, or investigate, examine, prosecute, sue through implicit deduction based on
payment related projects. with respect to, defend against, correct, small cell sizes (instances where the
The CCDR data will provide for remedy, or otherwise combat fraud, patient population is so small that
research or support of evaluation waste, or abuse in such program. because of the small size, use of this
projects and a broader, longitudinal, We contemplate disclosing information could allow for the
national perspective of the status of information under this routine use only deduction of the identity of the
Medicare beneficiaries. CMS anticipates in situations in which CMS may enter beneficiary).
that many researchers will have into a contractual, grantee, cooperative
legitimate requests to use these data in agreement or consultant relationship IV. Safeguards
projects that could ultimately improve with a third party to assist in CMS has safeguards in place for
the care provided to Medicare accomplishing CMS functions relating authorized users and monitors of such
beneficiaries and the policies that to the purpose of combating fraud, users to ensure against excessive or
govern their care. waste, and abuse. CMS occasionally unauthorized use. Personnel having
4. To Quality Improvement contracts out certain of its functions or access to the system have been trained
Organizations (QIO) in connection with makes grants or cooperative agreements in the Privacy Act and information
review of claims, or in connection with when doing so would contribute to security requirements. Employees who
studies or other review activities effective and efficient operations. CMS maintain records in this system are
conducted pursuant to Part B of Title XI must be able to give a contractor, instructed not to release data until the
of the Act, and in performing affirmative grantee, consultant or other legal agent intended recipient agrees to implement
outreach activities to individuals for the whatever information is necessary for appropriate management, operational
purpose of establishing and maintaining the agent to fulfill its duties. In these and technical safeguards sufficient to
their entitlement to Medicare benefits or situations, safeguards are provided in protect the confidentiality, integrity and
health insurance plans. the contract prohibiting the agent from availability of the information and
QIOs will work to implement quality using or disclosing the information for information systems and to prevent
improvement programs, provide any purpose other than that described in unauthorized access.
consultation to CMS, its contractors, the contract and requiring the agent to
return or destroy all information. This system will conform to all
and to state agencies. QIOs will assist
7. To another Federal agency or to an applicable Federal laws and regulations
state agencies in related monitoring and
instrumentality of any governmental and Federal, HHS, and CMS policies
enforcement efforts, assist CMS and
jurisdiction within or under the control and standards as they relate to
intermediaries in program integrity
of the United States (including any State information security and data privacy.
assessment, and prepare summary
or local governmental agency), that These laws and regulations may apply
information for release to CMS.
administers, or that has the authority to but are not limited to: the Privacy Act
5. To the Department of Justice (DOJ),
investigate potential fraud, waste, or of 1974; the Federal Information
court or adjudicatory body when:
a. The agency or any component abuse in, a health benefits program Security Management Act of 2002; the
thereof, or funded in whole or in part by Federal Computer Fraud and Abuse Act of 1986;
b. Any employee of the agency in his funds, when disclosure is deemed the Health Insurance Portability and
or her official capacity, or reasonably necessary by CMS to Accountability Act of 1996; the E-
c. Any employee of the agency in his prevent, deter, discover, detect, Government Act of 2002, the Clinger-
or her individual capacity where the investigate, examine, prosecute, sue Cohen Act of 1996; the Medicare
DOJ has agreed to represent the with respect to, defend against, correct, Modernization Act of 2003, and the
employee, or remedy, or otherwise combat fraud, corresponding implementing
d. The United States Government, is waste, or abuse in such programs. regulations. OMB Circular A–130,
a party to litigation or has an interest in Other agencies may require CCDR Management of Federal Resources,
such litigation, and, by careful review, information for the purpose of Appendix III, Security of Federal
CMS determines that the records are combating fraud, waste, and abuse in Automated Information Resources also
both relevant and necessary to the such Federally-funded programs. applies. Federal, HHS, and CMS
litigation and that the use of such policies and standards include but are
B. Additional Provisions Affecting not limited to: all pertinent National
records by the DOJ, court or
Routine Use Disclosures Institute of Standards and Technology
adjudicatory body is compatible with
the purpose for which the agency To the extent this system contains publications; the HHS Information
collected the records. Protected Health Information (PHI) as Systems Program Handbook and the
Whenever CMS is involved in defined by HHS regulation ‘‘Standards CMS Information Security Handbook.
litigation, and occasionally when for Privacy of Individually Identifiable
V. Effects of the Proposed System of
another party is involved in litigation Health Information’’ (45 CFR parts 160
Records on Individual Rights
and CMS policies or operations could be and 164, subparts A and E) 65 FR 82462
affected by the outcome of the litigation, (12–28–00). Disclosures of such PHI that CMS proposes to establish this system
CMS would be able to disclose are otherwise authorized by these in accordance with the principles and
jlentini on PROD1PC65 with NOTICES

information to the DOJ, court or routine uses may only be made if, and requirements of the Privacy Act and will
adjudicatory body involved. as, permitted or required by the collect, use, and disseminate
6. To a CMS contractor (including, but ‘‘Standards for Privacy of Individually information only as prescribed therein.
not necessarily limited to, fiscal Identifiable Health Information.’’ (See Data in this system will be subject to the
intermediaries and carriers) that assists 45 CFR 164.512(a)(1)). authorized releases in accordance with

VerDate Aug<31>2005 14:51 Sep 14, 2006 Jkt 208001 PO 00000 Frm 00045 Fmt 4703 Sfmt 4703 E:\FR\FM\15SEN1.SGM 15SEN1
54498 Federal Register / Vol. 71, No. 179 / Friday, September 15, 2006 / Notices

the routine uses identified in this Improvement, and Modernization Act of necessary, to enable such agency to
system of records. 2003. fulfill a requirement of a Federal statute
CMS will take precautionary or regulation that implements a health
PURPOSE(S) OF THE SYSTEM:
measures to minimize the risks of benefits program funded in whole or in
unauthorized access to the records and The purpose of this system is to part with Federal funds; and/or
the potential harm to individual privacy collect and maintain a person-level view c. Assist Federal/state Medicaid
or other personal or property rights of of identifiable data to establish a data programs within the state.
patients whose data are maintained in repository to study chronically ill 3. To an individual or organization for
this system. CMS will collect only that Medicare beneficiaries. This system will a research project or in support of an
information necessary to perform the utilize data extraction tools to support evaluation project related to the
system’s functions. In addition, CMS accessing data by chronic conditions prevention of disease or disability, the
will make disclosure from the proposed and process complex customized restoration or maintenance of health, or
system only with consent of the subject research data requests related to chronic payment related projects.
individual, or his/her legal illnesses. Information retrieved from 4. To Quality Improvement
representative, or in accordance with an this system may be disclosed to: (1) Organizations (QIO) in connection with
applicable exception provision of the Support regulatory, reimbursement, and review of claims, or in connection with
Privacy Act. CMS, therefore, does not policy functions performed within the studies or other review activities
anticipate an unfavorable effect on agency or by a contractor, grantee, conducted pursuant to Part B of Title XI
individual privacy as a result of consultant or other legal agent; (2) assist of the Act, and in performing affirmative
information relating to individuals. another Federal or state agency with outreach activities to individuals for the
information to contribute to the purpose of establishing and maintaining
Dated: September 1, 2006.
accuracy of CMS’s proper payment of their entitlement to Medicare benefits or
Charlene Frizzera, Medicare benefits, enable such agency health insurance plans.
Acting Chief Operating Officer, Centers for to administer a Federal health benefits 5. To the Department of Justice (DOJ),
Medicare & Medicaid Services. program, or to enable such agency to court or adjudicatory body when:
System No.: 09–70–0573. fulfill a requirement of Federal statute a. The agency or any component
or regulation that implements a health thereof, or
SYSTEM NAME: benefits program funded in whole or in b. Any employee of the agency in his
‘‘Chronic Condition Data Repository part with Federal funds; (3) support an or her official capacity, or
(CCDR),’’ HHS/CMS/ORDI. individual or organization for a research c. Any employee of the agency in his
project or in support of an evaluation or her individual capacity where the
SECURITY CLASSIFICATION: DOJ has agreed to represent the
project related to the prevention of
Level Three Privacy Act Sensitive disease or disability, the restoration or employee, or
Data. maintenance of health, or payment d. The United States Government, is
related projects; (4) support Quality a party to litigation or has an interest in
SYSTEM LOCATION:
Improvement Organizations (QIO); (5) such litigation, and, by careful review,
CMS Data Center, 7500 Security CMS determines that the records are
Boulevard, North Building, First Floor, support litigation involving the agency;
and (6) combat fraud and abuse in both relevant and necessary to the
Baltimore, Maryland 21244–1850 and at litigation and that the use of such
various other contractor locations. certain Federally-funded health benefits
programs. records by the DOJ, court or
CATEGORIES OF INDIVIDUALS COVERED BY THE adjudicatory body is compatible with
SYSTEM: ROUTINE USES OF RECORDS MAINTAINED IN THE the purpose for which the agency
SYSTEM, INCLUDING CATEGORIES OF USERS AND collected the records.
This system will collect and maintain THE PURPOSES OF SUCH USES: 6. To a CMS contractor (including, but
individually identifiable and other data
The Privacy Act allows us to disclose not necessarily limited to, fiscal
collected on Medicare beneficiaries and
information without an individual’s intermediaries and carriers) that assists
their providers who provide service to
consent if the information is to be used in the administration of a CMS-
such beneficiaries. Data will be
for a purpose that is compatible with the administered health benefits program,
collected from Medicare administrative
purpose(s) for which the information or to a grantee of a CMS-administered
and claims records.
was collected. Any such compatible use grant program, when disclosure is
CATEGORIES OF RECORDS IN THE SYSTEM: of data is known as a ‘‘routine use.’’ The deemed reasonably necessary by CMS to
The collected information will proposed routine uses in this system prevent, deter, discover, detect,
include, but is not limited to Medicare meet the compatibility requirement of investigate, examine, prosecute, sue
claims and eligibility data, name, the Privacy Act. We are proposing to with respect to, defend against, correct,
address, telephone number, health establish the following routine use remedy, or otherwise combat fraud or
insurance claims number, social disclosures of information maintained abuse in such program.
security number, race/ethnicity, gender, in the system: 7. To another Federal agency or to an
date of birth, date of death, enrollment 1. To agency contractors, consultants instrumentality of any governmental
in Part A and Part B information, or grantees, who have been engaged by jurisdiction within or under the control
provider name, unique provider the agency to assist in the performance of the United States (including any State
identification number, as well as of a service related to this collection and or local governmental agency), that
clinical, demographic, health/well- who need to have access to the records administers, or that has the authority to
being, and background information in order to perform the activity. investigate potential fraud or abuse in,
relating to Medicare issues. 2. To another Federal or state agency a health benefits program funded in
jlentini on PROD1PC65 with NOTICES

to: whole or in part by Federal funds, when


AUTHORITY FOR MAINTENANCE OF THE SYSTEM: a. Contribute to the accuracy of CMS’s disclosure is deemed reasonably
The statutory authority for this system proper payment of Medicare benefits; necessary by CMS to prevent, deter,
is given under the provisions of Section b. Enable such agency to administer a discover, detect, investigate, examine,
723 of the Medicare Prescription Drug Federal health benefits program, or, as prosecute, sue with respect to, defend

VerDate Aug<31>2005 14:51 Sep 14, 2006 Jkt 208001 PO 00000 Frm 00046 Fmt 4703 Sfmt 4703 E:\FR\FM\15SEN1.SGM 15SEN1
Federal Register / Vol. 71, No. 179 / Friday, September 15, 2006 / Notices 54499

against, correct, remedy, or otherwise Security Management Act of 2002; the procedures are in accordance with
combat fraud or abuse in such programs. Computer Fraud and Abuse Act of 1986; Department regulation 45 CFR 5b.7).
B. Additional Provisions Affecting the Health Insurance Portability and
RECORDS SOURCE CATEGORIES:
Routine Use Disclosures. Accountability Act of 1996; the E–
To the extent this system contains Government Act of 2002, the Clinger- The data collected and maintained in
Protected Health Information (PHI) as Cohen Act of 1996; the Medicare this system are retrieved from the
defined by HHS regulation ‘‘Standards Modernization Act of 2003, and the following databases: Medicare Drug
for Privacy of Individually Identifiable corresponding implementing Data Processing System, Medicare
Health Information’’ (45 CFR parts 160 regulations. OMB Circular A–130, Beneficiary Database, Medicare
and 164, subparts A and E) 65 FR 82462 Management of Federal Resources, Advantage Prescription Drug System,
(12–28–00). Disclosures of such PHI that Appendix III, Security of Federal Medicaid Statistical Information
are otherwise authorized by these Automated Information Resources also System, Retiree Drug Subsidy Program,
routine uses may only be made if, and applies. Federal, HHS, and CMS Common Working File, National Claims
as, permitted or required by the policies and standards include but are History, Enrollment Database, Carrier
‘‘Standards for Privacy of Individually not limited to: All pertinent National Medicare Claims Record, Intermediary
Identifiable Health Information.’’ (See Institute of Standards and Technology Medicare Claims Record, Unique
45 CFR 164.512(a)(1)). publications; the HHS Information Physician/Provider Identification
In addition, our policy will be to Systems Program Handbook and the Number, Medicare Supplier
prohibit release even of data not directly CMS Information Security Handbook. Identification File, a Current Beneficiary
identifiable, except pursuant to one of Survey, National Plan & Provider
the routine uses or if required by law, RETENTION AND DISPOSAL: Enumerator System, Long Term Care
if we determine there is a possibility CMS will retain information for a total MDS, HHA Outcome and Assessment
that an individual can be identified period not to exceed 6 years and 3 Information Set, and Integrated Data
through implicit deduction based on months. All claims-related records are Repository.
small cell sizes (instances where the encompassed by the document SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS
patient population is so small that preservation order and will be retained OF THE ACT:
because of the small size, use of this until notification is received from DOJ. None.
information could allow for the
SYSTEM MANAGER AND ADDRESS: [FR Doc. E6–15130 Filed 9–14–06; 8:45 am]
deduction of the identity of the
beneficiary). Director, Division of Survey BILLING CODE 4120–03–P
Management & Data Release,
POLICIES AND PRACTICES FOR STORING, Information and Methods Group, Office
RETRIEVING, ACCESSING, RETAINING, AND DEPARTMENT OF HEALTH AND
of Research, Development &
DISPOSING OF RECORDS IN THE SYSTEM: HUMAN SERVICES
Information, Mail Stop C3–16–07,
STORAGE: Centers for Medicare & Medicaid
All records are stored on electronic Services, 7500 Security Boulevard, Administration for Children and
media. Baltimore, MD 21244–1849. Families

RETRIEVABILITY: NOTIFICATION PROCEDURE: Administration on Children, Youth and


The collected data are retrieved by an For purposes of access, the subject Families
individual identifier; e.g., beneficiary individual should write to the system AGENCY: Administration on Children,
name or HICN, and unique provider manager who will require the system Youth and Families, Administration for
identification number. name, employee identification number, Children and Families, HHS.
tax identification number, national ACTION: Noncompetitive Successor
SAFEGUARDS:
provider number, and for verification Grantee Award.
CMS has safeguards in place for purposes, the subject individual’s name
authorized users and monitors such (woman’s maiden name, if applicable), CFDA#: 93.616.
users to ensure against excessive or HICN, and/or SSN (furnishing the SSN Legislative Authority: Public Law
unauthorized use. Personnel having is voluntary, but it may make searching (Pub. L.) 107–133, Promoting Safe and
access to the system have been trained for a record easier and prevent delay). Stable Families Amendments of 2001,
in the Privacy Act and information Subtitle B.
security requirements. Employees who RECORD ACCESS PROCEDURE: Amount of Award: $82,000 for one
maintain records in this system are For purposes of access, use the same year.
instructed not to release data until the procedures outlined in Notification Project Period: 7/30/2006–7/29/2007.
intended recipient agrees to implement Procedures above. Requestors should Justification for the Exception to
appropriate management, operational also reasonably specify the record Competition: In a letter dated June 19,
and technical safeguards sufficient to contents being sought. (These 2006, Mr. Neil J. Hufnagel, Board
protect the confidentiality, integrity and procedures are in accordance with President/Interim Director of Big
availability of the information and Department regulation 45 CFR Brothers Big Sisters of Clinton and Ionia
information systems and to prevent 5b.5(a)(2)). Counties voluntarily relinquished the
unauthorized access. agency’s grant funds to ACF as a result
This system will conform to all CONTESTING RECORD PROCEDURES: of their merger with Big Brothers Big
applicable Federal laws and regulations The subject individual should contact Sisters of Michigan Capital Region. To
and Federal, HHS, and CMS policies the system manager named above, and ensure that grant monies are obligated
jlentini on PROD1PC65 with NOTICES

and standards as they relate to reasonably identify the record and and that services provided by the grant
information security and data privacy. specify the information to be contested. funds may continue, Big Brothers of
These laws and regulations may apply State the corrective action sought and Michigan Capital Region, submitted an
but are not limited to: the Privacy Act the reasons for the correction with application dated July 31, 2006 to
of 1974; The Federal Information supporting justification. (These become the permanent successor

VerDate Aug<31>2005 14:51 Sep 14, 2006 Jkt 208001 PO 00000 Frm 00047 Fmt 4703 Sfmt 4703 E:\FR\FM\15SEN1.SGM 15SEN1