[Federal Register Volume 64, Number 206 (Tuesday, October 26, 1999)]
[Proposed Rules]
[Pages 57619-57620]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-27587]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
Office of Inspector General
45 CFR Part 5b
RIN 0991-AA99
Privacy Act; Exempt Record System
AGENCY: Office of Inspector General (OIG), HHS.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: This proposed rule would exempt the new system of records, the
Healthcare Integrity and Protection Data Bank (HIPDB), from certain
provisions of the Privacy Act (5 U.S.C. 552a). The establishment of the
HIPDB is required by section 1128E of the Social Security Act (the
Act), as added by section 221(a) of the Health Insurance Portability
and Accountability Act (HIPAA) of 1996. Section 1128E of the Act
directed the Secretary to establish a national health care fraud and
abuse data collection program for the reporting and disclosing of
certain final adverse actions taken against health care providers,
suppliers or practitioners, and to maintain a data base of final
adverse actions taken against health care providers, suppliers and
practitioners. The new HIPDB system of records is being established by
separate Federal Register notice. The proposed exemption being set
forth in this rule would apply to investigative materials compiled for
law enforcement purposes in anticipation of civil or criminal
proceedings. This rule specifically seeks public comments on the
proposed exemption.
DATES: To assure consideration, public comments must be delivered to
the address provided below by no later than 5 p.m. on November 26,
1999.
ADDRESSES: Please mail or deliver your written comments to the
following address: Department of Health and Human Services, Office of
Inspector General, 330 Independence Avenue, SW, Room 5246, Attention:
OIG-60-P, Washington, DC 20201.
Because of staffing and resource limitations, we cannot accept
comments by facsimile (FAX) transmission. In commenting, please refer
to file code OIG-60-P.
FOR FURTHER INFORMATION CONTACT: Rick Burguieres, Investigative Policy
and Information Management Staff, Office of Investigations, (202) 205-
5200.
SUPPLEMENTARY INFORMATION: The Health Insurance Portability and
Accountability Act (HIPAA) of 1996, Public Law 104-191, requires the
Secretary, acting through the Office of Inspector General (OIG) and the
United States Attorney General, to establish a new health care fraud
and abuse control program to combat health care fraud and abuse (see
section 1128C of the Act, as enacted by section 201(a) of HIPAA). Among
the major steps in this program is the establishment of a national data
bank to receive and disclose certain final adverse actions against
health care providers, suppliers, or practitioners (see section
1128C(a)(1)(E) of the Act). The establishment of the data bank is
required by section 1128E of the Act (added by section 221(a) of
HIPAA), which directs the Secretary to maintain a data base of such
final adverse actions. Final adverse actions include: (1) Civil
judgments against a health care provider, supplier, or practitioner in
Federal or State court related to the delivery of a health care item or
service; (2) Federal or State criminal convictions against a health
care provider, supplier, or practitioner related to the delivery of a
health care item or service; (3) actions by Federal or State agencies
responsible for the licensing and certification of health care
providers, suppliers, or practitioners; (4) exclusion of a health care
provider, supplier, or practitioner from participation in Federal or
State health care programs; and (5) any other adjudicated actions or
decisions that the Secretary establishes by regulations. Settlements in
which no findings or admissions of liability have been made will be
excluded from reporting. However, any final adverse action that
emanates from such settlements, and that would otherwise be reportable
under the statute, is to be reported to the data bank. Final adverse
actions are to be reported, regardless of whether such actions are
being appealed by the subject of the report (see section 1128E(b)(2)(C)
of the Act).
[[Page 57620]]
Groups that have access to this new data bank system include
Federal and State government agencies; health plans; and self queries
from health care suppliers, providers and practitioners. Reporting is
limited to the same groups that have access to the information. One of
the primary purposes of these data will be use of this information by a
Federal or State government agency charged with the responsibility of
investigating or prosecuting a case where there is an indication of a
violation or potential violation of law, whether civil, criminal or
regulatory in nature. The information in this system may also be used
in the preparation for a trial or hearing for such violation.
Specifically, this proposed rule would exempt this new records
system from certain provisions of the Privacy Act.1 This
exemption is intended to protect, from release to the record subject,
information on law enforcement queries to the data bank. It would also
exempt the data bank from Privacy Act access and amendment procedures
in order to establish access and amendment procedures in the HIPDB
regulations.
---------------------------------------------------------------------------
\1\ Subsections (c)(3), (d)(1)-(4), and (e)(4)(G) and (H) of the
Privacy Act, in accordance with 5 U.S.C. 522a(k)(2) and 45 CFR
5b.11(b)(ii)(F).
---------------------------------------------------------------------------
While subjects will have access to information on all other queries
to the data bank, disclosure of law enforcement queries could
compromise ongoing investigation activities. The premature disclosure
of the existence of a law enforcement activity to an outside party (who
may also be the subject of the investigation) could lead to, among
other things, the destruction or alteration of evidence and the
tampering with witnesses.
Record subjects are guaranteed access to, and correction rights
for, substantive information reported to the HIPDB. The procedures, set
out in 45 CFR part 61, use the Privacy Act access and correction
procedures as a basic framework while, at the same time, providing
significant additional rights (such as automatic notification to the
record subject of any report filed with the data bank). Data bank
subjects also have broader rights on HIPDB correction procedures,
including the right to file a statement of disagreement as soon as a
report is filed with the data bank.
Regulatory Impact Statement
The Office of Management and Budget has reviewed this proposed rule
in accordance with the provisions of Executive Order 12866 and the
Regulatory Flexibility Act (5 U.S.C. 601-612), and has determined that
it does not meet the criteria for a significant regulatory action.
Executive Order 12866 directs agencies to assess all costs and benefits
of available regulatory alternatives and, when rulemaking is necessary,
to select regulatory approaches that maximize net benefits, including
potential economic, environmental, public health, safety distributive
and equity effects. In addition, under the Small Business Enforcement
Act (SBEA) of 1996, if a rule has a significant economic effect on a
substantial number of small businesses, the Secretary must specifically
consider the economic effect of a rule on small business entities and
analyze regulatory options that could lessen the impact of the rule.
The Secretary has reviewed this proposed exemption in accordance with
the provisions of the SBEA, and certifies that this proposed exemption
will not have a significant impact on a substantial number of small
entities. Specifically, as indicated above, while the reports of
adverse actions to the HIPDB will be known to the subjects of the
records in the data bank, the access and use of such information by law
enforcement agencies would not be known to the subjects of the records.
As a result, we believe that disclosure of this information could
compromise ongoing law enforcement activities.
Public Inspection of Comments and Response to Comments
Comments will be available for public inspection November 9, 1999,
in Room 5518, Office of Counsel to the Inspector General, at 330
Independence Avenue, SW, Washington, DC on Monday through Friday of
each week (Federal holidays excepted) between the hours of 9 a.m. and 4
p.m., (202) 619-0089.
Because of the large number of items of correspondence we normally
receive on Federal Register documents published for comment, we are not
able to acknowledge or respond to them individually. We will consider
all comments we receive by the date and time specified in the DATES
section of this preamble, and will respond to the comments in the
preamble of the final rule.
List of Subjects in 5 CFR Part 5b
Privacy.
Accordingly, the Department's Privacy Act regulations at 45 CFR
part 5b would be amended follows:
PART 5b--[AMENDED]
Part 5b would be amended as follows:
1. The authority citation for part 5b would continue to read as
follows:
Authority: 5 U.S.C. 301, 5 U.S.C. 552a.
2. Section 5b.11 would be amended by adding a new paragraph
(b)(2)(ii)(F) to read as follows:
Sec. 5b. 11 Exempt systems.
* * * * *
(b) Specific systems of records exempt. * * *
(2) * * *
(ii) * * *
(F) The Healthcare Integrity and Protection Data Bank (HIPDB) of
the Office of Inspector General. (See Sec. 61.15 of this title for
access and correction rights under the HIPDB by subjects of the Data
Bank.)
* * * * *
Dated: June 3, 1999.
June Gibbs Brown,
Inspector General.
Approved: July 2, 1999.
Donna E. Shalala,
Secretary.
[FR Doc. 99-27587 Filed 10-25-99; 8:45 am]
BILLING CODE 4160-15-P
