[Federal Register Volume 63, Number 210 (Friday, October 30, 1998)]
[Proposed Rules]
[Pages 58341-58358]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-29147]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
Office of Inspector General
45 CFR Part 61
RIN 0991-AA98
Health Care Fraud and Abuse Data Collection Program: Reporting of
Final Adverse Actions
AGENCY: Office of Inspector General (OIG), HHS.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: This proposed rule would establish a new 45 CFR part 61 to
implement the statutory requirements of section 1128E of the Social
Security Act, as added by section 221(a) of the Health Insurance
Portability and Accountability Act (HIPAA) of 1996. Section 221(a) of
HIPAA specifically directed the Secretary to establish a national
health care fraud and abuse data collection program for the reporting
and disclosing of certain final adverse actions taken against health
care providers, suppliers, or practitioners, and maintain a data base
of final adverse actions taken against health care providers, suppliers
and practitioners.
DATES: To assure consideration, public comments must be delivered to
the address provided below by no later than 5 p.m. on December 29,
1998.
ADDRESSES: Please mail or deliver your written comments to the
following address: Health Resources and Services Administration, Bureau
of Health Professions, Division of Quality Assurance, Room 8A-55,
Attention: OIG-46-P, 5600 Fishers Lane, Rockville, Maryland 20857.
Because of staffing and resource limitations, we cannot accept
comments by facsimile (FAX) transmission. In commenting, please refer
to file code OIG-46-P.
FOR FURTHER INFORMATION CONTACT: Thomas C. Croft, (301) 443-2300,
Director, Division of Quality Assurance/BHPr/HRSA.
SUPPLEMENTARY INFORMATION:
I. Background
The National Practitioner Data Bank
The National Practitioner Data Bank (NPDB) was established under
the Health Care Quality Improvement Act (HCQIA) of 1986, as amended (42
U.S.C. 11101). The NPDB contains adverse licensure action reports on
physician and dentists (including revocations, suspensions, reprimands,
censures, probations and surrenders for quality purposes); adverse
clinical privilege actions against physicians and dentists; adverse
professional society membership actions against physicians and
dentists; and medical malpractice payments made on all health care
practitioners. Groups that have access to this data system include
hospitals, other health care entities that conduct peer review and
provide or arrange for care, State Boards of Medical or Dental
examiners and other health care practitioner State boards. Individual
practitioners are able to self-query. The reporting of information
under the NPDB is limited to medical malpractice payers, State
licensing medical boards and dental examiners, professional societies
with formal peer review and hospitals and health care entities.
Establishment of the Healthcare Integrity and Protection Data Bank
The Health Insurance Portability and Accountability Act (HIPAA) of
1996, Public Law 104-191, requires the Secretary, acting through the
Office of Inspector General (OIG) and the United States Attorney
General, to establish a new health care fraud and abuse control program
to combat health care fraud and abuse (see section 1128C of the Act, as
enacted by section 201(a) of HIPAA). Among the major steps in this
program is the establishment of a national data bank to receive and
disclose certain final adverse actions against health care providers,
suppliers, or practitioners (see section 1128C(a)(1)(E) of the Act).
The data bank is specifically provided for by section 1128E of the Act
(added by section 221(a) of HIPAA), which directs the Secretary to
maintain a data base of such final adverse actions. Final adverse
actions include: (1) civil judgments against a health care provider,
supplier, or practitioner in Federal or State court related to the
delivery of a health care item or service; (2) Federal or State
criminal convictions against a health care provider, supplier, or
practitioner related to the delivery of a health care item or service;
(3) actions by Federal or State agencies responsible for the licensing
and certification of health care providers, suppliers, or
practitioners; (4) exclusion of a health care provider, supplier, or
practitioner from participation in Federal or State health care
programs; and (5) any other adjudicated actions or decisions that the
Secretary establishes by regulations. Settlements in which no findings
or admissions of liability have been made will be excluded from
reporting. However, any final adverse action that emanates from such
settlements and consent judgments, and that would otherwise be
reportable under the statute, is to be reported to the data bank. Final
adverse actions are to be reported, regardless of whether such actions
are being appealed by the subject of the report (see section
1128E(b)(2)(C) of the Act). Groups that have access to this new data
bank system include Federal and State government agencies; health
plans; and self queries from health care suppliers, providers and
practitioners. Reporting is limited to the same groups that have access
to the information.
The range of reportable final adverse actions specified in the
statute clearly indicates that Congress intended a broad interpretation
of the terms ``health care fraud and abuse.'' For purposes of the
statute, we believe all reportable final adverse actions include
actions related to provider, supplier and practitioner practices that
are inconsistent with
[[Page 58342]]
accepted sound fiscal, business or medical practices, directly or
indirectly, resulting in: (1) unnecessary costs to the program; (2)
improper payment; (3) services that fail to meet professionally
recognized standards of care or that are medically unnecessary; or (4)
adverse patient outcomes, failure to provide covered or needed care in
violation of contractual arrangements, or delays in diagnosis or
treatment. The statute also requires the Secretary to implement the
national health care fraud and abuse data collection program in such a
manner as to avoid duplication with the reporting requirements
established for the NPDB. This proposed rulemaking is intended to
establish such a fraud and abuse data bank, to be known as the
Healthcare Integrity and Protection Data Bank (HIPDB).
Coordination and Distinctions Between the HIPDB and the NPDB
With regard to the importation of State licensing board actions
reported to the NPDB prior to the enactment of HIPAA, we intend to
include in the HIPDB only such NPDB information about licensing actions
which were effective on or after August 21, 1996. In accordance with
the statute, the reporter responsible for reporting adverse actions to
the HIPDB and the NPDB will only be asked to submit the report one
time. The system is being designed to sort the appropriate actions into
the HIPDB, NPDB, or both. The system is being configured to account for
the statutory differences in the type of actions and groups eligible to
query the two data banks.
The NPDB does not collect information on Federal criminal
convictions and medicare and Medicaid exclusions, except to the extent
that they lead to State licensing board, medical malpractice payment or
privilege restriction actions. Further, while civil judgments included
in the NPDB would be those that resulted in malpractice payments, the
HIPDB explicitly does not include medical malpractice civil judgments.
As a result, these items will not be part of the NPDB data to be
imported into the HIPDB.
Data Elements To Be Reported to the HIPDB
Section 1128E(b)(2) of the Act cites a number of required elements
or types of data that must be reported to the HIPDB. These elements
include: (1) the name of the individual or entity; (2) a taxpayer
identification number; (3) the name of any affiliated or associated
health care entity; (4) the nature of the final adverse action, and
whether the action is on appeal; (5) a description of the acts or
omissions, and injuries, upon which a final adverse action is based;
and (6) any other additional information deemed appropriate by the
Secretary.
With respect to this last element, we are exercising this
discretion and are proposing to add additional reportable data
elements. The additional elements reflect much of the information that
is already routinely collected by the Federal and State reporting
agencies. Therefore, in adding these elements, the Secretary believes
this does not impose any additional burden on State government agencies
and health plans. Furthermore, the Secretary is protecting health care
providers, suppliers and practitioners from being erroneously
identified without imposing additional gathering burdens on reporters
of information. The addition of this information also will serve to:
(1) recognize the multiple purposes to which eligible users will apply
the data, such as licensing decisions by professional licensing boards,
credentialing and contracting decisions by health plans, and
investigation by law enforcement agencies, investigative units and
health plan special investigative units of health care fraud
perpetrators and schemes; (2) maximize the accuracy of a match between
the names of queried practitioners, providers, or suppliers and
existing reports in the HIPDB; (3) provide access to information about
health care fraud and abuse activities nationwide by promoting
efficient coordination of investigative efforts among insurers and law
enforcement agencies; (4) support the intent of the statute to address
issues related to fraud and abuse, including quality of health care and
patient safety; and (5) prevent the erroneous reporting and identifying
of health care providers, suppliers and practitioners. Through this
proposed rulemaking, we are specifically seeking the views of Federal
and State officials and of health plans about whether the proposed
information collection requirements will be necessary for the proper
performance of the HIPDB system. In addition, we are soliciting
comments as to whether the proposed data elements set forth in this
rule will be useful in preventing fraud and abuse and in improving the
quality of patient care.
Immunity Provisions Under the HIPDB
Immunity provisions in section 1128E(e) of the Act protect
individuals and entities from being held liable in civil actions for
reports made to the HIPDB unless they have knowledge of the falsity of
the information contained in the report. The statute provides similar
immunity to the Department in maintaining the HIPDB. We are
interpreting the term ``knowledge of falsity'' to require actual
knowledge of falsity by the submitting entity.
II. Provisions of the Proposed Rule
These proposed regulations would implement the requirements for
reporting of specific data elements to, and procedures for obtaining
information from, the HIPDB (and are applicable to Federal and State
government agencies and health plans). Set forth below is a brief
description of the major provisions of the proposed rule, including,
among other things, proposed definitions for certain terms associated
with the HIPDB, a discussion of the specific reporting requirements and
when such information must be reported, the fees applicable to requests
for information, the issues of the confidentiality of information, and
how to dispute the accuracy of information in the HIPDB.
1. Definitions
These proposed regulations would expand on previous regulatory
definitions and clarify aspects of definitions set forth in the
statute. Congress intended that the HIPDB play a significant role in
reducing public and private health care expenditures that result in
health care fraud and abuse, by alerting system users to previous
relevant adverse actions. Therefore, we believe that the reportable
range of activities and the individuals and entities that engage in
them should as broadly as possible capture the portion of expenditures
lost each year to fraud and abuse. Towards this end, this proposed rule
sets forth definitions for certain terms that may appear more expansive
than some previous regulatory definitions. One such example would
include the definitions of health care provider and supplier. While
definitions of these terms existed in other Departmental regulations,
we believe it is significant that Congress chose not to use those
definitions. In fact, earlier versions of section 1128E of the Act
contained some of these previous definitions, but deleted them from the
final statute. The absence of these references strongly suggests that
Congress intended that these terms be developed based on the breadth of
health care expenditures in mind when applied to the HIPDB program. We
believe these expanded definitions are fully consistent with
congressional intent and accurately reflect the range of subjects and
activities currently considered by government agencies and health plans
in fraud and abuse prevention efforts. This proposed rule
[[Page 58343]]
also, in certain instances, clarifies existing statutory definitions.
These clarifications merely provide additional examples of the scope of
the definitions, but do not go beyond the range that Congress intended.
As a result, in Sec. 61.3 of these regulations, we are proposing
the inclusion of the following definition of terms--
A. Affiliated or Associated
The term ``affiliated or associated'' would include, but would not
be limited to, health care entities such as organizations,
associations, corporations, or partnerships that are affiliated or
associated with a subject of a final adverse action. It also would
include a professional corporation or other business entity composed of
a single individual. For example, if the subject is an individual, the
affiliated or associated health care entities would include, among
other things, the subject's employer, businesses owned or managed by
the subject, partnerships, memberships in health maintenance
organizations or health care networks, or institutions granting the
subject clinical privileges. If the subject is an entity, its
affiliated or associated entities would include parent corporations,
subsidiaries, and joint ventures, among other things. We believe that
this definition supports congressional intent to enable authorized
users who are conducting fraud and abuse investigations to identify
other business affiliations through which the subject may have
committed other acts of wrongdoing and to aid with subject
identification. Inclusion of an entity in this category by a reporter
would in no way imply that the entity was a party to the act(s) or
omission(s) that led to a reportable final adverse action.
B. Government Agency
The definition of the term ``government agency'' is set forth in
accordance with section 1128E(g)(3) of the Act, and would serve to set
out the range of government agencies that are required to report to,
and authorized to receive information from, the HIPDB. For purposes of
these regulations, the term ``government agency'' would include, but
would not be limited to: (1) the Department of Justice; (2) the
Department of Health and Human Services; (3) any other Federal or State
agency that either administers or provides payment for the delivery of
health care services ( including, but not limited to, the Department of
Defense and the Department of Veterans Affairs); (4) State law
enforcement agencies; (5) State Medicaid Fraud Control Units; and (6)
other Federal or State agencies responsible for the licensing and
certification of health care providers, suppliers, or licensed health
care practitioners. Examples of such State agencies include Departments
of Professional Regulation, Health, Social Services (including State
Survey and Certification and Medicaid Single State agencies), Commerce,
and Insurance.
We believe there are two key aspects each State may need to
consider with respect to the data: who will report such information and
how the information will be reported to the data bank. First, with
respect to who is to report, we invite comments from States delineating
specific agencies that are responsible for the licensing and
certification of health care providers, suppliers and practitioners
that will be subject to the section 1128E reporting requirements. In
addition, we invite comments identifying the specific State law
enforcement agencies that will be responsible for reporting to the
HIPDB.
Second, we also recognize the States' prerogative in determining
the manner in which they will report. For example, one option may be
that States may elect to have one centralized point for reporting, or
elect to have multiple agencies (including, at their option,
municipalities, county agencies and local law enforcement agencies such
as District and County attorneys ) report independently to the HIPDB.
Another option for reducing the reporting burden of State licensing and
certification boards would be to have their respective professional
organizations serve as their authorized agents for reporting to the
HIPDB. It has been brought to our attention that similar data reports
are being provided to the professional organizations. The ability to
report the same information one time through a designated authorized
agent would streamline State reporting. We believe this would be an
acceptable option for meeting reporting obligations of State boards and
is raised for consideration when meeting their reporting obligations to
the HIPDB. We invite comments from each State regarding the manner in
which it intends to report to the HIPDB.
C. Health Care Provider and Health Care Supplier
The statute does not define the terms ``health care provider'' and
``health care supplier'' for purposes of this data bank. Since there is
considerable overlap in the roles of practitioners, providers and
suppliers (e.g., a skilled nursing facility is an institutional
provider, but also can be a supplier of health care items and
equipment), we believe that these terms--as well as the term
``practitioner'' defined below--are not intended to describe distinct,
mutually exclusive categories nor are the examples provided in this
section intended to be exhaustive. We believe that these overlapping
roles do not necessarily represent the categories in which subjects'
information will be collected, maintained and disseminated in the
HIPDB.
Accordingly, in keeping with congressional intent that the
Department coordinate this program closely with the NPDB, we would
define the term ``health care provider'' to mean (1) a provider of
services as defined in section 1861(u) of the Act; (2) any health care
entity (including a health maintenance organization (HMO), preferred
provider organization, ambulatory care clinic and group medical
practice) that provides health care services and follows a formal peer
review process for the purpose of furthering quality health care; and
(3) and any other health care entity that, directly or through
contracts, provides health care services. That definition encompasses
institutional providers such as hospitals, home health care agencies,
skilled nursing facilities, and comprehensive outpatient rehabilitation
facilities.
``Health care supplier'' would be defined as a provider of medical
and other health care services, as described in section 1861(s) of the
Act, and would include Medicare facilities and practitioners as well as
medical equipment suppliers (including clinical laboratories, certain
licensed or certified health care practitioners, and suppliers of
durable medical equipment). In addition, to ensure that this definition
captures other entities that may be the subject of health care fraud
investigations by the State or Federal Government or health plans, this
term would further include any individual or entity, other than a
provider, who furnishes or provides access to health care services,
supplies, items or ancillary services (including, but not limited to,
durable medical equipment suppliers and manufacturers of health care
related items; pharmaceutical suppliers and manufacturers; health
record services, such as medical, dental and other patient records;
health data suppliers; and billing and transportation service
suppliers), and any individual or entity under contract to provide
health care supplies, items or ancillary services, and any group,
organization or company providing health benefits whether directly, or
indirectly through insurance, reimbursements or otherwise. The term
``health care
[[Page 58344]]
supplier'' also would include, but would not be limited to, insurance
producers, such as agents, brokers, solicitors, consultants and
reinsurance intermediaries; insurance companies; self-insured
employers; and health care purchasing groups or entities.
This definition of ``health care supplier'' reflects congressional
intent that the Government not pay for items and services of
untrustworthy individuals and entities, regardless of whether the
individual or entity is paid by the programs directly or whether the
items and services are reimbursed indirectly through claims of a direct
provider. Individuals and entities that provide such indirect services
have a significant impact on the cost and quality of health care, and
have been the subject of final adverse actions related to health care
fraud and abuse.
D. Health Plan
The definition of the term ``health plan'' in section 1128E of the
Act is not meant to be exclusive or exhaustive. Rather, by using the
word ``includes,'' the statutory definition contemplates that
additional entities may be recognized as ``health plans'' if they meet
the basic definition of ``providing health benefits.'' Thus, health
plans may include those plans funded by Federal and State governments,
including Medicare, Medicaid, the Department of Defense, the Department
of Veterans Affairs, the Federal Employees Health benefits Plan of the
Office of Personnel Management, and the Bureau of Indian Affairs
programs. Under these regulations, the term ``health plan'' would be
defined as a plan, program or organization that provides health
benefits, whether directly or through insurance, reimbursement or
otherwise. The term would include, but would not be limited to: (1) a
policy of health insurance; (2) a contract of a service benefit
organization; (3) a membership agreement with an HMO or other prepaid
health plan; (4) a plan, program or agreement established, maintained
or made available by an employer or group of employers, a practitioner,
provider or supplier group, third-party administrator, integrated
health care delivery system, employee welfare association, public
service group or organization, or professional association; and (5) an
insurance company, insurance service, self-insured employer or
insurance organization which is licensed to engage in the business of
selling health care insurance in a State and which is subject to State
law which regulates health insurance. We have added the word
``organization'' to the description of the term ``health plan'' since
health plans are generally offered by organizations, and we believe
that Congress intended those organizations to be users of the HIPDB. In
addition, credential reviews and fraud investigations are often
conducted at the corporate level by organizations offering and managing
managed care plans or other health benefit plans or services.
We also are including in this definition additional examples of
other health plans which reflect both the wide variety of health
benefit plans that are currently offered and the wide range of
organizations that provide them. These examples include employers or
other organizations that provide health care benefits for their
employees or members, provider/supplier/practitioner groups that offer
health care benefit plans under contract with an organization, and
organizations that sell health care insurance. We invite public comment
on the inclusion of additional examples in this listing for purposes of
clarification and guidance.
In addition, to more clearly define this term, we are including two
clarifying phrases in the regulatory definition. First, we would add
the word ``reimbursement'' to the description of the methods by which
health plans provide benefits. For example, some employers directly
reimburse employees for their health care expenditures through a
voucher system. We also propose including the phrase ``but is not
limited to'' to the description of types of arrangements included in
the definition. We believe that this clarification of the statutory
language is important to ensure that, as arrangements and mechanisms
used by health plans to provide health care benefits evolve, they will
not be excluded by the language in the definition.
E. Licensed Health Care Practitioner, Licensed Practitioner, and
Practitioner
While section 1128E of the Act refers to the terms health care
``provider, practitioner or supplier'' as the subject of reports to the
HIPDB, the statute only provides a definition of ``practitioner.'' We
are proposing to define ``practitioner'' consistent with section
1128E(g)(2) of the Act. As a result, for purposes of these regulations,
with respect to a State, a ``licensed health care practitioner,'' a
``licensed practitioner'' or ``practitioner'' would mean an individual
who is licensed or otherwise authorized by the State to provide health
care services (or any individual who, without authority, holds himself
or herself out to be so licensed or authorized). This definition
includes, but is not limited to, physicians, nurses, chiropractors,
podiatrists, emergency medical technicians, physical therapists,
pharmacists, clinical psychologists, acupuncturists, dieticians, aides,
and licensed or certified alternative medicine practitioners such as
homeopaths and naturopaths.
F. Other Adjudicated Actions or Decisions
We are including a definition to clarify the types of ``other
adjudicated actions or decisions'' that Congress authorized the
Department to collect under section 1128E(g)(A)(v) of the Act. We
believe that this term should encompass actions that are consistent
with the characteristics of the specific final adverse actions already
listed in the statute. Accordingly, the term ``other adjudicated
actions or decisions'' would refer to an official action taken by a
Federal or State governmental agency or health plan against a health
care provider, supplier, or practitioner based on acts or omissions
that affect, or could significantly affect, the delivery of a health
care item or service. For example, an official action taken by a
Federal or State governmental agency includes, but is not limited to, a
personnel-related action such as suspensions without pay, reductions in
pay, reductions in grade, terminations or other comparable actions. A
hallmark of any valid adjudicated action or decision is the existence
of a due process mechanism. In general, if an ``adjudicated action or
decision'' follows an agency's established administrative procedures
(which ensure due process is available to the subject of the final
adverse action), it would qualify as a reportable action under this
definition. For health plans that are not government entities, an
action taken following adequate notice and hearing requirements that
meet the standards of due process set out in section 412(b) of the
HCQIA (42 U.S.C. 11112(b)) also would qualify as a reportable action
under this definition. Under section 412(b) of HCQIA, the procedure
should involve provision (or voluntary waiver by the subject) of the
notice of the proposed action, notice of a hearing, and conduct of the
hearing. The fact that a subject elects not to use the due process
mechanism provided by the authority bringing the action is immaterial,
as long as such a process is available to the subject before the
adjudicated action or decision is made final.
In these regulations, the word ``adjudicated'' is not viewed as a
restriction that limits these actions only to those resulting from a
governmental
[[Page 58345]]
judicial process. Rather, the word implies that in order for an action
or decision to be reportable it must adhere to basic guidelines of due
process. Examples of ``other adjudicated actions or decisions'' include
administrative agency sanctions and clinical privilege actions.
We believe that any final adverse action included in accordance
with this language must be final, have been subject to adjudication,
and be related to delivery of a health care item or service. We also
believe that the inclusion of actions taken against a practitioner's
clinical privileges, including those taken by health plans, should be
included if they meet the above tests. Discussions with health plan
representatives, and examination of reporting patterns by health plans
to the NPDB, indicate that health plans do take final actions against a
practitioner's clinical privileges which meet these three criteria. It
should be noted that final adverse actions taken against clinical
privileges must result from acts of commission or omission related to
professional competence or professional conduct. Matters unrelated to
the professional competence or professional conduct of a health care
practitioner resulting in a final adverse action against clinical
privileges should not be reported to the HIPDB. We believe that in the
absence of statutory language regarding the definition of
``adjudicated,'' this interpretation recognizes the evolving mechanisms
by which final adverse actions are taken by reporting entities, such as
State agencies and health plans, to protect the public against health
care fraud and abuse. Moreover, it recognizes the substantial shift in
care from inpatient facilities to the outpatient arena and the
concomitant shift in the meaning of ``clinical privileges'' from that
associated with inpatient care, to that associated with outpatient
care, especially in the managed care setting.
In addition to proposing these definitions in Sec. 61.3, we also
have contemplated including a definition for the term ``health care
abuse.'' The statute does not define this term, and we are electing not
to define the term at this time. The range of reportable final adverse
actions specified in the statute suggests that the Congress intended a
broad interpretation of ``health care abuse.'' There is wide variation
in the term's meaning within the law enforcement and health care
communities. For the purposes of this statute, we believe ``health care
abuse'' relates to provider, supplier and practitioner practices that
are inconsistent with accepted sound fiscal, business or medical
practices which directly or indirectly may result in (1) unnecessary
costs to the program; (2) improper payment; (3) services that fail to
meet professionally recognized standards of care or are medically
unnecessary; or (4) services that directly or indirectly result in
adverse patient outcomes or delays in appropriate diagnosis or
treatment. We believe health care abuse also would include verbal,
sexual, physical or mental abuse, corporal punishment, involuntary
seclusion or patient neglect, or misappropriation of patient property
or funds. We specifically invite comments on whether a definition of
the term ``health care abuse'' should be included in the regulations
and, if so, what definition would most clearly capture the range of
reportable final adverse actions specified by Congress.
For health plans that are not government entities, an action taken
following adequate notice and hearing requirements that meet the
standards of due process set out in section 412(b) of the HCQIA also
would qualify as a reportable action under this definition. Under
section 412(b) of the HCQIA, the procedure should involve provision (or
voluntary waiver by the subject) of notice of the proposed action,
notice of a hearing and conduct of the hearing.
2. When Information Must be Reported
The statute requires that Federal and State government agencies and
health plans report final adverse actions ``regularly but not less
often than monthly.'' Because an exclusion or licensing action may be
effectuated at a later date than when the action is actually taken, we
are proposing giving maximum flexibility to agencies in reporting final
adverse actions in a timely manner. According, we are proposing in
Sec. 61.5 that information be submitted to the HIPDB within 30 calendar
days from (1) the date the final adverse action was taken, (2) the date
when the reporting entity became aware of the final adverse action, or
(3) by the close of the entity's next monthly reporting cycle,
whichever is later. To capture any differing dates, the date of the
final adverse action was taken, its effective date and duration would
all be contained in the information reported to the HIPDB to be set
forth in our discussion of the specific reporting requirements in
proposed Secs. 61.7, 61.8, 61.9, 61.10 and 61.11 below.
We acknowledge that reporters currently may not be able to provide
all of the proposed data elements. We are proposing to set forth in
Secs. 61.7, 61.8, 61.9, 61.10, and 61.11 a list of mandatory data
elements. In addition, in these sections, we also would list data
elements that should be reported to the data bank when known.
It should be noted, however, that the statute requires the
reporting and disclosure of Social Security numbers and Federal
Employer Identification numbers. Specifically, section 1128E(b)(2)(A)
of the Act mandates that Federal and State government agencies and
health care plans collect and report Social Security numbers and
Federal Employer Identification numbers for the purposes of reporting
to the HIPDB. As a result, the Secretary intends to request Social
Security numbers and Federal Employer Identification numbers for all
reporters and queriers requiring explicit matching of specific names to
HIPDB adverse action reports. We recognize the possibility that
providing these identifiers for purposes of requesting information may
present a burden for some classes of users. However, the collection of
Social Security numbers and Federal Employer Identification numbers
will provide a greater confidence level in the system's matching
algorithm of health care providers, suppliers and practitioners. It
also will maximize the system's ability to prevent the erroneous
reporting and disclosure of health care providers, suppliers and
practitioners. The proper matching of individuals based on personal
identifiers, such as Social Security numbers, strengthens the State's
ability to detect individuals who move from State to State without
disclosure or discovery of previous damaging performance.
3. Reporting Errors, Omissions, Revisions and Actions on Appeal
Section 1128E (c)(2) of the Act requires that each government
agency and health plan report corrections to information previously
submitted to the HIPDB in such form and manner as the Secretary
prescribes by regulation. Accordingly, the HIPDB has been designed to
comply with the statutory requirements and the Department's principles
of fair information practice. In proposed Sec. 61.6 of these
regulations, we are indicating that if any errors or omissions in the
final adverse action are discovered after the information has been
reported, the person or entity that reported such information must send
an addition or correction to the HIPDB within 60 calendar days of the
discovery. Any revision to the action or to appeal status must
similarly be reported within 30 calendar days after the reporting
entity learns of such revision. In turn, as indicated above, each
subject of a report will receive a copy when it is entered into the
HIPDB
[[Page 58346]]
and a copy of all revisions and corrections to the report. It should be
noted that this is not an opportunity for the subjects to request
readjudication of their cases; it is only for the reporting entity to
correct any errors or omissions in the information.
4. Reporting Licensure Actions Taken by Federal or State Licensing and
Certification Agencies
Under section 1128E(g)(1)(A)(iii) of the Act, Federal and State
licensing and certification agencies must report to the HIPDB all of
the following final adverse actions that are taken against a health
care provider, supplier, or practitioner--
(1) Formal or official actions, such as revocation or suspension of
a license (and the length of any such suspension), reprimand, censure,
or probation;
(2) Any other loss of the license or the right to apply for, or
renew, a license of the provider, supplier, or practitioner, whether by
operation of law, voluntary surrender, non-renewability, or otherwise;
and
(3) Any other negative action or finding by such Federal or State
agency that is publicly available information.
Proposed Sec. 61.7 is intended to address these reporting licensure
actions taken by Federal and State licensing and certification
agencies. In Sec. 61.7, the phrase ``other negative action or finding''
by a Federal or State licensing and certification authority would mean
any action or finding that is publicly available and rendered by a
licensing or certification authority. These actions or findings
include, but are not limited to, imposition of civil money penalties
(CMPs) and administrative fines, limitations on the scope of practice,
injunctions and forfeitures.
This definition also would include final adverse actions occurring
in conjunction with settlements in which no findings or admissions of
liability have been made, and that would otherwise be reportable under
the statute. By defining ``other negative action or finding'' in this
way, we believe that Federal or State licensing and certification
authorities will accommodate State to State variation when determining
adverse actions in reporting negative actions or findings to the HIPDB,
provided that those actions or findings are available publicly.
The statute specifically requires reporting of a health care
provider, supplier or practitioner who voluntarily surrenders a license
or certification. Based on extensive discussions with various State
agencies, we have been advised that voluntary surrender and non-renewal
of licensure and provider participation agreements are used as means to
exclude questionable health care providers, suppliers and practitioners
from participating in Federal and State health care programs. These
voluntary surrenders and non-renewal actions result in allowing health
care providers, suppliers or practitioners to move from State to State
without detection. Therefore, for reporting purposes, the term
``voluntary surrender'' is defined to include a surrender made after a
notification of investigation or a formal official request by Federal
or State licensing or certification authorities for a health care
provider, supplier or practitioner to surrender the license or
certification (including certification agreements or contracts for
participation in Federal or State health care programs). The definition
also includes those instances where a health care provider, supplier or
practitioner voluntarily surrenders a license or certification
(including program participation agreements or contracts) in exchange
for a decision by the licensing or certification authority to cease an
investigation or similar proceeding, or in return for not conducting an
investigation or proceeding, or in lieu of a disciplinary action. We
are seeking guidance and public comment on the frequency of such
actions taken in lieu of sanctions, as well as the utility of such
information to eligible queriers of the HIPDB.
We recognize that many voluntary surrenders are not a result of the
type of adverse action that are intended for inclusion in the HIPDB.
Therefore, we are proposing that voluntary surrenders and licensure
non-renewals due to nonpayment of licensure fees, changes to inactive
status and retirements be excluded from reporting to the HIPDB unless
they are taken in combination with one or more of the circumstances
listed above, in which case they would be reportable.
In addition, we note that the NPDB currently receives adverse
action reports on sanction and disciplinary actions concerning
physicians and dentists related to professional competence or conduct.
Under section 1128E of the Act, however, the only limitation on a
reportable disciplinary action is that it must be a formal or official
action; it need not be specifically related to professional competence
or conduct. The Department recognizes that licensure actions reported
by Boards of Medical and Dental Examiners concerning physicians and
dentists in the NPDB overlap with the reportable actions under this
statute. Therefore, we are proposing to implement this section in a
manner to avoid duplication with the reporting requirements established
for the NPDB under the HCQIA. Consistent with congressional intent, we
will ensure that the reports required under both Acts will only be
required to be reported once.
5. Reporting Federal or State Criminal Convictions Related to the
Delivery of a Health Care Item or Service
Under section 1128E(g)(i)(A)(ii) of the Act, Federal and State law
enforcement and investigative agencies must report criminal convictions
against health care providers, suppliers, or practitioners. Because the
statute requires that a criminal conviction must be related to the
delivery of a health care item or service to be reportable, we believe
that the congressional intent is to limit the types of convictions
reported to the HIPDB. Thus, under proposed Sec. 61.8, we are
indicating that criminal convictions unrelated to the delivery of
health care items or services would not be reported under this section.
6. Reporting of Civil Judgments in Federal or State Court Related to
the Delivery of a Health Care Item or Service
In accordance with section 1128E(g)(1)(A)(i) of the Act, proposed
Sec. 61.9 would indicate that Federal and State law enforcement and
investigative agencies, and health plans must report civil judgments
related to the delivery of a health care item or service (except those
resulting from medical malpractice) against health care providers,
suppliers or practitioners. Civil judgments must be entered or approved
by a Federal or State court. This reporting requirement does not
include Consent Judgments that have been agreed upon and entered to
provide security for civil settlements in which there was no finding or
admission of liability.
7. Reporting Exclusion From Participation in Federal or State Health
Care Programs
Proposed Sec. 61.10, in accordance with section 1128E(g)(1)(A)(iv)
of the Act, states that the Office of Inspector General (OIG) must
report health care providers, suppliers or practitioners excluded from
participating in Federal or State health care programs. This includes
exclusions that were made in a matter in which there also was a
settlement that is not reported because no findings or admissions of
liability had been made.
8. Reporting Other Adjudicated Actions or Decisions
Proposed Sec. 61.11 would address the reporting of other
adjudicated actions or
[[Page 58347]]
decisions. Although not specifically required by the statute, we
believe that ``any other adjudicated actions or decisions'' should
relate to the delivery of a health care item or service, as do criminal
convictions and civil judgments collected under the statute. In
addition, we are proposing in this section that a due process mechanism
is available with all adjudicated actions or decisions. Examples of an
adjudicated action or decision would include, but would not be limited
to, orders by an administrative law judge, CMPs and assessments,
revocations, debarments or other restrictions from participating in
Federal or State government contracts or programs, liquidation,
dissolution, license cancellation, or revocations or limitations on
clinical privileges or staff privileges by a health plan. We believe
that this definition encompasses actions that are consistent with the
characteristics of the specific final adverse actions already defined
by statute.
9. Fees Applicable to Requests for Information
Section 61.13 proposes fees that would apply to all requests for
information from the HIPDB. However, for purposes of verification and
dispute resolution, the HIPDB does intend to provide a copy--
automatically, without a request and free of charge--of every record to
the health care provider, supplier or practitioner who is the subject
of the report. The Act exempts Federal agencies from these fees.
The fees to be charged would be based on the full costs of
operating the database, as authorized in section 1128E(d)(2) of the
Act; criteria for assessing fees would be based on the guidelines set
forth in OMB Circular A-25. These costs would encompass all direct and
indirect costs of disclosure and of providing such information,
including but not limited to, (1) direct and indirect personnel costs;
(2) physical overhead, consulting, and other indirect costs; (3) agency
management and supervisory costs; and (4) costs of enforcement,
collection, research, establishment, regulations and guidance. For
maximum efficiency, we intend for the HIPDB to be an all-electronic
system, with all fees collected through the most cost-effective methods
(such as credit card and electronic funds transfer).
While these regulations are intended to set forth the criteria for
establishing the fees and the procedures for establishing and
collecting fees, the actual amounts of the fees will be published in
periodic notices issued by the Department in the Federal Register.
10. Confidentiality of HIPDB Information
Proposed Sec. 61.14 addresses the confidentiality requirements that
would apply to all information obtained from the HIPDB. We believe that
these confidentiality requirements are clearly specified in sections
1128E(b)(3) and (d)(1) and 1128C(a)(3)(B)(ii) of the Act. Specifically,
section 1128E(b)(3) of the Act requires the Secretary to protect the
privacy of individuals receiving health care services when determining
what information is required. Section 1128E(d)(1) of the Act provides
that information in the HIPDB will be available to Federal and State
government agencies and health plans. Section 1128C(a)(3)(B)(ii) of the
Act requires the Secretary to assure that HIPDB information is provided
and utilized in a manner that appropriately protects the
confidentiality of the information. As a result, we are proposing that
information from this system be confidential and disclosed only for the
purpose for which it was provided. Appropriate uses of the information
would include the prevention of fraud and abuse activities and
improving the quality of patient care.
We believe that this proposed provision does not go beyond the
requirements set forth in the Act. The requirements would not prevent
an authorized user from sharing information from the HIPDB within the
entity that requested it, as long as the information is used solely for
the purpose for which it was provided. However, in accordance with
section 1128E(b)(3) of the Act, information obtained by a government
contractor, e.g., a Medicare carrier, an intermediary or auditor, may
only be used in the furtherance of its contractual responsibilities and
in conformity with protecting the identity of individuals receiving
health care services.
We recognize that this data bank is subject to the Privacy Act (5
U.S.C. 552a), which protects the privacy of individually identifiable
records held by a Federal agency that relate to the subject of the
final adverse action. We will publish a notice for public comment for
purposes of establishing a Privacy Act exception for the HIPDB. We are
not including in the data bank any individually identifiable patient
records.
11. How To Dispute the Accuracy of HIPDB Information
Section 61.15 of these proposed regulations sets forth the
procedures for submitting a statement, filing a dispute, and revising
disputed information in a previously submitted report. The subject may
dispute only the factual accuracy of the information contained in the
HIPDB report concerning the individual or entity. We note that the
Secretary will not review issues regarding the merits of the case, or
the due process that the subject received. The dispute process affords
the subject an opportunity to bring relevant factual information,
including reversals of criminal convictions by an appeals court, to the
attention of the reporter. If the reporter does not revise the
information, the subject can request in writing, within 60 calendar
days after receipt of the report, that the Secretary review the matter.
After such review, the Secretary can remove the dispute status, correct
the information, leave the information unchanged, void the report from
the HIPDB or add a statement to the record for reports that are not
voided. This dispute process is consistent with that for the NPDB.
12. Sanctions for Failure To Report
In addition to addressing the provisions from section 221(a) of
Public Law 104-191, we also are proposing to incorporate into these
regulations the new CMP sanctions provision for failure to report
information to the data bank, as set forth in section 4331 of Public
Law 105-33, the Balanced Budget Act of 1997. As a result, in
Secs. 61.9(d) and 61.11(d) we are indicating that any health plan that
fails to report information on a final adverse action that is required
to be reported will be subject to a CMP of not more than $25,000 for
each such adverse action not reported. Such penalty would be imposed
and collected in the same manner as CMPs under section 1128A(a) of the
Act. We also intend to amend 42 CFR part 1003 in separate rulemaking to
reflect this new CMP authority.
III. Implementation Schedule
Implementation of these regulations will be incremental and will
begin by first including the following actions: (1) final adverse
licensure actions taken against health care practitioners by Federal or
State agencies responsible for the licensing and certification of such
practitioners; (2) Federal criminal convictions and civil judgments
related to the delivery of health care items or services against health
care providers, suppliers or practitioners; and (3) exclusions of
health care providers, suppliers or practitioners from participation in
Federal and State health care programs. This phased-in process does not
exempt reporters from collecting and maintaining information
[[Page 58348]]
required under the statute as of August 21, 1996. It also affords the
reporter an opportunity to internally develop a mechanism for
collecting all mandatory data elements. The Department will announce
through issuance of notice(s) in the Federal Register a schedule when
reporters are to begin reporting to, and when information will be
available from, the HIPDB. Reporters to both the HIPDB and the NPDB
will not be required to report their actions separately to each data
bank. A revised reporting form will be used to accommodate both
systems, thus only requiring one report of each action that is
reportable to both the HIPDB and the NPDB when this form is approved by
the Office of Management and Budget in accordance with the Paperwork
Reduction Act of 1995.
All final adverse action information as of August 21, 1996 will be
reported to the HIPDB.
IV. Regulatory Impact Statement
Executive Order 12866, the Unfunded Mandates Reform Act and the
Regulatory Flexibility Act
The Office of Management and Budget (OMB) has reviewed this
proposed rule in accordance with the provisions of Executive Order
12866 and the Regulatory Flexibility Act (5 U.S.C. 601-612), and has
determined that it does not meet the criteria for a significant
regulatory action. Executive Order 12866 directs agencies to assess all
costs and benefits of available regulatory alternatives and, when
rulemaking is necessary, to select regulatory approaches that maximize
net benefits (including potential economic, environmental, public
health, safety, distributive and equity effects). The Unfunded Mandates
Reform Act, Public Law 104-4, requires that agencies prepare an
assessment of anticipated costs and benefits on any rulemaking that may
result in an annual expenditure by State, local or tribal government,
or by the private sector of $100 million or more. In addition, under
the Regulatory Flexibility Act, if a rule has a significant economic
effect on a substantial number of small entities, the Secretary must
specifically consider the economic effect of a rule on small entities
and analyze regulatory options that could lessen the impact of the
rule.
Executive Order 12866 requires that all regulations reflect
consideration of alternatives, costs, benefits, incentives, equity, and
available information. Regulations must meet certain standards, such as
avoiding unnecessary burden. Regulations that are ``significant''
because of cost, adverse effects on the economy, inconsistency with
other agency actions, effects on the budget, or novel legal or policy
issues, require special analysis. We believe that the resources
required to implement the requirements in these regulations would be
minimal. Consistent with the statute, these proposed regulations
identify certain data elements for reporting that are mandatory and
specify other discretionary data elements for reporting. Many of the
mandatory and discretionary data elements being set forth in this
proposed rulemaking are already collected and maintained on a routine
basis for a variety of purposes, and should not result in additional
costs or in new and significant burdens on reporting entities. In
consultation with States, the Department has been made aware that
States routinely collect and maintain much of this information and are
already reporting information on health care practitioners to the NPDB.
Many licensing boards also routinely collect and report much of this
information to national organizations such as the National Council of
State Boards of Nursing, Federation of Chiropractic Licensing Boards,
American Association of State Social Work Boards, Federation of State
Medical Boards and the Association of State and Provincial Psychology
Boards. In addition, State Survey and Certification agencies also are
required to report adverse information to HCFA on certain health care
providers, suppliers and practitioners. Additionally, on a continuous
basis, the OIG routinely collects and maintains sanction data on health
care providers, suppliers and practitioners excluded from government
health care programs. Since we recognize that some classes of reporters
may not collect or maintain the full array of data elements
contemplated for inclusion into the data bank (e.g., names of
affiliated or associated health care entities, or a DEA registration
number), we are classifying certain data elements to be reported when
known. We intend not to impose new or added burdens on reporters and
are proposing to give reporters the option of omitting certain
discretionary data elements that they do not maintain or to which they
do not have access.
We have determined that this proposed rulemaking would not meet the
criteria for a major rule, as defined by Executive Order 12866. As
indicated above, these proposed regulations are designed to establish
procedures for reporting to and releasing from the HIPDB, information
on health care providers, suppliers or practitioners against whom final
adverse actions have been taken. According to the National District
Attorneys Association, the annual number of criminal convictions is
approximately 13 per State and civil judgments are approximately 9 per
State each year. Based on the reporting patterns of health plans to the
NPDB, we also believe that less than 0.1 percent (19) of the estimated
20,000 health plans will report to the HIPDB each year. As such, we do
not anticipate that the data collection process will have a significant
impact on State government agencies and health plans, and we believe
that this rule would not have a major effect on the economy or on
Federal and State expenditures.
Additionally, in accordance with the Unfunded Mandates Reform Act
of 1995, we have determined the only costs (which we believe will not
be significant) would include the ability to transmit the information
electronically (e.g., Internet service) and additional staff hours
needed to transmit the information. While we do not have sufficient
information at this time to provide estimates of the number of State
agencies impacted, the State licensing and certification agencies have
estimated that the initial start-up cost will be $5,000 per State
licensing and certification agency ($5,000 per State licensing and
certification agency x 216 State agencies=$1,080,000). The Department
estimates that the initial start-up cost will be less than $100 per
health plan ($100 per health plan x 20,000 health plans=$2,000,000).
Section 221(a) of HIPAA intends that the Federal government will not
incur any costs for the operation and maintenance of the HIPDB; user
fees are intended to cover the full costs of the HIPDB. For the reasons
stated above, the Department has determined that this rule does not
impose any mandates on State, local or tribal governments, or the
private sector that will result in an annual expenditure of $100
million or more, and that a full analysis under the Act is not
necessary.
In addition, in accordance with the Regulatory Flexibility Act of
1980 (RFA), and the Small Business Regulatory Enforcement Act of 1996,
which amended the RFA, we are required to determine if this rule will
have a significant economic effect on a substantial number of small
entities and, if so, to identify regulatory options that could lessen
the impact. For purposes of this rule, we have defined small entities
as nonprofit organizations and local government agencies; individuals
and States are not included in this definition of small entities.
Although the statute does not specify local government agencies as
reporters,
[[Page 58349]]
we also have given States the option to decide the manner in which they
will report, i.e., having one centralized point for reporting or having
multiple agencies such as municipalities and local government agencies
(including District and County attorneys) report independently to the
HIPDB. If States elect to have multiple agencies reporting
independently to the HIPDB, we have determined that both the burden and
costs associated with reporting to the HIPDB will be minimal. According
to the National District Attorneys Association, there are approximately
2,700 District Attorneys throughout the country and, as indicated
above, there are approximately 13 criminal convictions per State each
year related to health care violations and 9 civil judgments per State
each year related to health care violations. Based on discussions with
health plans and examination of reporting patterns of health plans to
the NPDB, we also believe that less than 0.1 percent (19) of the
estimated 20,000 health plans will report to the HIPDB each year. As a
result, we have determined that this rule would affect less than 100
nonprofit and local government agencies overall. Thus, the Secretary
certifies that these proposed regulations would not have a significant
impact on a substantial number of small entities.
Paperwork Reduction Act
This proposed rule contains information collection requirements
necessitating clearance by OMB. As required by the Paperwork Reduction
Act (PRA) of 1995 (44 U.S.C. 3507(d)), the Department has submitted a
copy of this proposed rule to OMB for its review of these information
collection requirements.
Collection of Information: The Healthcare Integrity and Protection
Data Bank for Final Adverse Information on Health Care Providers,
Suppliers and Practitioners.
Description: Information collected under Secs. 61.6, 61.7, 61.8,
61.9, 61.11, 61.12 and 61.15 of this proposed rule would be used by
authorized parties, specified in the proposed rule, to prevent health
care fraud and abuse activities and to improve the quality of patient
care.
Description of Respondents: Federal and State government agencies
and health plans. The reports from Federal agencies are not subject to
the PRA.
Estimated Annual Reporting: The Department estimates that the
public reporting burden for this proposed rule is 132,733 hours.
The estimated annual reporting and querying burden is as follows:
----------------------------------------------------------------------------------------------------------------
Hours per
Section No. Number of Responses per Total response Total burden
respondents respond't responses (min) hours
----------------------------------------------------------------------------------------------------------------
Sec. 61.6, Errors & Omissions.. \1\ 1,200 1 1,200 25 500
Sec. 61.6, Revisions/Appeal
Status......................... \1\ 1,000 1 1,000 75 1,250
Sec. 61.7:
Licensure Actions:
Disclosure by State
Licensing Boards........... \2\ 1,836 3 5,500 75 6,875
Reporting by State Licensing
Authorities................ 216 25.46 5,500 15 1,375
Sec. 61.8, Criminal Convictions \3\ 54 13 700 75 875
Sec. 61.9, Civil Judgments..... \4\ 62 8 500 75 625
Sec. 61.11, Other Adjudicated
Action or Decision............. \5\ 66 12 800 75 1,000
Sec. 61.12:
Queries..................... \6\ 5,601 201 1,127,512 5 93,959
Self-queries................ 60,000 1 60,000 25 25,000
Entity verification......... \7\ 5,000 1 5,000 10 833
Entity update............... 250 1 250 5 20
Sec. 61.12, Authorized agent
designation \8\................ 100 1 100 10 16
Sec. 61.12, Authorized agent
designation update............. 5 1 5 5 0.42
Sec. 61.15:
Disputed Reports &
Secretarial Review
Initial Request............. \9\ 750 1 750 10 125
Request for Secretarial
Review..................... 37 1 37 480 296
-------------------------------------------------------------------------------
Total....................... 76,177 1,208,854 132,749
----------------------------------------------------------------------------------------------------------------
\1\ Section 61.6 requires each government agency or health plan that reports information to the HIPDB to ensure
the accuracy of the information. If there are any errors or omissions to the reports previously submitted to
the HIPDB, the individual or entity that submitted the report to the HIPDB is also responsible for making the
necessary correction or revision to the original report. If there is any revision to the action or the action
is on appeal, the individual or entity that submitted the original report to the HIPDB is also responsible for
reporting revisions and whether the action is on appeal. Based on corrections and revisions made to
information contained in the NPDB, we have estimated that a total of 1,200 respondents will need to correct
their reports each year and that a total of 1,000 respondents will need to revise actions originally reported,
or to report whether an action is on appeal each year. Based on experience with the NPDB, a correction is
expected to take 25 minutes to complete and submit. A revision is expected to take somewhat longer (75
minutes) because it involves completing a new report form rather that just correcting the individual items
that are in error.
\2\ Section 61.7 requires Federal and State agencies responsible for the licensing and certification of health
care providers, suppliers and practitioners to report all disciplinary licensure actions to the HIPDB.
Therefore, we estimate that approximately 34 State licensing boards in each State will report to the State
licensing and certification authorities (54 States and territories x 34 licensing boards/per State = 1,836
State licensing and certification boards), and the State licensing and certification authorities (4 per State)
will be responsible for reporting information to the HIPDB (54 States and territories x 4 State licensing
and certification authorities/per State = 216 State licensing and certification authorities). We estimate that
5,500 reports will be submitted directly to the HIPDB each year, for an average of 25 reports per State
licensing and certification authority and 3 reports per State licensing board. Since disciplinary licensure
actions by State licensing authorities in the NPDB overlap with this statute, this estimate does not include
the licensure actions that will be reported directly to the NPDB and transmitted from there to the HIPDB. The
estimates include only those actions which are reported solely to the HIPDB, such as actions taken against
certain health care providers and suppliers. The HIPDB will use similar forms and procedures for reporting as
the NPDB. As a result, we estimate that it will take a State licensing board 75 minutes to complete and submit
an initial report. We also estimate that it will take a State licensing and certification authority 15 minutes
to verify the accuracy and completeness of the information contained in the initial report before
electronically submitting the information to the HIPDB.
\3\ Section 61.8 requires Federal and State prosecutors and investigative agencies to report criminal
convictions related to the delivery of a health care item or service. Based on the number of health care
providers, suppliers and practitioners convicted by the Federal government, we estimate that there will be an
approximate total of 700 State criminal convictions reported to the HIPDB each year, for an average of 13
convictions per State. Based on experience with the NPDB, we estimate that it will take 75 minutes to complete
and submit each report.
[[Page 58350]]
\4\ Section 61.9 requires Federal and State attorneys and investigative agencies and health care plans to report
civil judgments against health care providers, suppliers and practitioners related to the delivery of a health
care item or service. We estimate that there will be an approximate total of 500 civil judgments each year
that will be reported by the 54 States Attorneys and an estimated 8 health plans, for a total of 62 reporters.
Based on experience with the NPDB, we estimate that it will take 75 minutes to complete and submit each
report.
\5\ Section 61.11 requires Federal and State governmental agencies and health plans to report any adjudicated
action or decision related to the delivery of a health care item or service against health care providers,
suppliers and practitioners. We estimate that there will be an approximate total of 800 other adjudicated
actions or decision reports submitted to the HIPDB each year by 54 State governmental agencies and an
estimated 12 health plans, for a total of 66 reporters. Based on experience with the NPDB, we estimate that it
will take 75 minutes to complete and submit each report.
\6\ Certain queriers have access to both the NPDB and the HIPDB. When these entities query one data bank, they
will automatically receive reports from both. The Department estimates that there will be 1,127,512 queries
submitted to the HIPDB per year on health care providers, suppliers and practitioners, including an estimated
60,000 self-queries. These estimates include only queries submitted directly to the HIPDB; it does not include
those transferred from the NPDB. The estimates of burden per response are based on experience with similar
querying of the NPDB.
\7\ To access the HIPDB, entities are required to certify that they meet section 1128E reporting and querying
requirements by completing an Entity Registration form and submitting it to the HIPDB. The information
collected on this form provides the HIPDB with essential information concerning the entity, such as name,
address and entity type. Eligible entities, such as State licensing agencies or certain managed care
organizations, that have access to both the NPDB and the HIPDB have already registered for the NPDB and are
not required to register separately for the HIPDB. Entities eligible to access only the HIPDB must complete
and submit the Entity Registration form. We estimate that it will take an entity 10 minutes to complete and
submit the Entity Registration form to the HIPDB. If there are any changes in the entity's name, address,
telephone, entity type designation, or query and report point of contact, the entity representative must
update the information on the Entity Information Update form and submit it to the HIPDB. Of the 5,000 new
registrants, we estimate 250 entities (5 percent of all new registrants) will need to update their
organization's information each year.
\8\ An eligible entity may elect to have an outside organization query or report to the HIPDB on its behalf.
This organization is referred to as an authorized agent. Before an authorized agent acts on behalf of an
entity, the eligible entity must complete and submit an Agent Designation form to the HIPDB Help Line. The
information collected on this form provides the HIPDB with essential information concerning the agent, such as
name address and telephone number. We estimate that 100 entities (2 percent of all new registrants) will elect
an authorized agent to query or report to the HIPDB on their behalf. We estimate that it will take an entity
10 minutes to complete and submit the Agent Designation form to the HIPDB. Any changes to the authorized agent
designation, such as routing of responses to queries or termination of an authorized agent, the eligible
entity must update the information on the Agent Designation Update form and submit it to the HIPDB. We
estimate that five of the 100 eligible entities will need to update their agent's information each year.
\9\ Section 61.15 describes the process to be followed by a health care provider, supplier or practitioner in
disputing the factual accuracy of information in a report and requesting Secretarial review of the disputed
report. Based on experience with the NPDB, we estimate that 750 (10 percent of all new reports) will be
entered into the ``disputed status.'' We estimate that it will take a health care provider, supplier or
practitioner 10 minutes to notify the HIPDB to enter the report into ``disputed status.'' Of the 750 disputed
reports, we estimate that only 37 reports (5 percent) will be forwarded to the Secretary for review. We
estimate that it will take a health care provider, supplier or practitioner 8 hours to describe in writing
which facts are in dispute and to gather supporting documentation related to the dispute.
Forms to be used in the day-to-day management of the HIPDB would
include the following:
--------------------------------------------------------------------------------------------------------------------------------------------------------
Hrs. per Total
Form name No. of Respon per Total respon. burden Wage rate Total cost
respond respond respons (min) hours
--------------------------------------------------------------------------------------------------------------------------------------------------------
Account Discrepancy.......................................... 2,000 1 2,000 5 166 $ 15 $2,490
Electronic Funds Transfer Authorization...................... 850 1 850 5 70 15 1,050
Entity Reactivation.......................................... 500 1 500 5 41 15 615
------------------------------------------------------------------------------------------
Total.................................................... 3,350 ........... 3,350 ........... 277 ........... $4,155
--------------------------------------------------------------------------------------------------------------------------------------------------------
Request for Comment: In accordance with the requirement of section
3506(c)(2)(A) of the PRA for opportunity for public comment on proposed
data collection projects, comments are invited on: (1) whether the
proposed collection of information is necessary for the proper
performance of the functions of the Department, including whether the
information will have practical utility; (2) the accuracy of the
Department's estimate of the burden of the proposed collection of
information; (3) ways to enhance the quality, utility, and clarity of
the information to be collected; and (4) ways to minimize the burden of
the collection of information on respondents, including through the use
of automated collection techniques or other forms of information
technology.
Written comments and recommendations concerning the proposed
information collection requirements should be sent to: Allison Herron
Eydt, Human Resources and Housing Branch, Office of Management and
Budget, New Executive Office Building, Room 10235, Washington, D.C.
20503. The OMB is required to make a decision concerning the collection
of information contained in these proposed regulations between 30 and
60 days after publication of this document in the Federal Register.
Therefore, a comment to OMB is best assured of having its full effect
if OMB receives it within 30 days of publication. This does not affect
the deadline for the public to comment to the Department on the
proposed regulations.
V. Public Inspection of Comments and Response to Comments
Comments will be available for public inspection November 13, 1998
in Room 2A-44, Parklawn Building, Health Resources and Services
Administration, Bureau of Health Professions, Division of Quality
Assurance at 5600 Fishers Lane, Rockville, Maryland, on Monday through
Friday of each week (Federal holidays excepted) between the hours of
10:00 a.m. and 2:00 p.m., (301) 443-2300.
Because of the large number of items of correspondence we normally
receive on Federal Register documents published for comment, we are not
able to acknowledge or respond to them individually. We will consider
all comments we receive by the date and time specified in the DATES
section of this preamble, and will respond to the
[[Page 58351]]
comments in the preamble of the final rule.
List of Subjects in 45 CFR Part 61
Health professions, Hospitals, Home health care agencies, Skilled
nursing facilities, Durable medical equipment suppliers and
manufacturers, Billing and transportation services, Health maintenance
organizations, Health care insurers, Pharmaceutical suppliers and
manufacturers, Reporting and recordkeeping requirements.
Accordingly, a new 45 CFR part 61 would be added as set forth
below:
PART 61--HEALTHCARE INTEGRITY AND PROTECTION DATA BANK FOR FINAL
ADVERSE INFORMATION ON HEALTH CARE PROVIDERS, SUPPLIERS AND
PRACTITIONERS
Subpart A--General Provisions
Sec.
61.1 The Healthcare Integrity and Protection Data Bank.
61.2 Applicability of these regulations.
61.3 Definitions.
Subpart B--Reporting of Information
61.4 How information must be reported.
61.5 When information must be reported.
61.6 Reporting errors, omissions, revisions, or whether an action
is on appeal.
61.7 Reporting licensure actions taken by Federal or State
licensing and certification agencies.
61.8 Reporting Federal or State criminal convictions related to the
delivery of a health care item or service.
61.9 Reporting civil judgments related to the delivery of a health
care item or service.
61.10 Reporting exclusion from participation in Federal or State
health care programs.
61.11 Reporting other adjudicated actions or decisions.
Subpart C--Disclosure of Information by the Healthcare Integrity and
Protection Data Bank
61.12 Requesting information from the Healthcare Integrity and
Protection Data Bank.
61.13 Fees applicable to requests for information.
61.14 Confidentiality of Healthcare Integrity and Protection Data
Bank information.
61.15 How to dispute the accuracy of Healthcare Integrity and
Protection Data Bank information.
Authority: 42 U.S.C. 1320a-7e.
Subpart A--General Provisions
Sec. 61.1 The Healthcare Integrity and Protection Data Bank.
(a) Section 1128E of the Social Security Act (the Act) authorizes
the Secretary of Health and Human Services (the Secretary) to implement
a national health care fraud and abuse data collection program for the
reporting and disclosing of certain final adverse actions taken against
health care providers, suppliers, or practitioners. Section 1128E of
the Act also directs the Secretary to maintain a database of final
adverse actions taken against health care providers, suppliers, or
practitioners. This data bank will be known as the Healthcare Integrity
and Protection Data Bank (HIPDB). Settlements in which no findings or
admissions of liability have been made will be excluded from being
reported. However, any final adverse action that emanates from such
settlements, and that would otherwise be reportable under the statute,
will be reported to the HIPDB.
(b) Section 1128E of the Act also requires the Secretary to
implement the HIPDB in such a manner as to avoid duplication with the
reporting requirements established for the National Practitioner Data
Bank (NPDB). In accordance with the statute, the reporter responsible
for reporting the final adverse actions to both the HIPDB and the NPDB
will be required to submit only one report, provided that reporting is
made through the Department's consolidated reporting mechanism that
will sort the appropriate actions into the HIPDB, NPDB or both.
(c) These regulations set forth the reporting and disclosure
requirements for the HIPDB.
Sec. 61.2 Applicability of these regulations.
The regulations in this part establish reporting requirements
applicable to Federal and State government agencies and to health
plans, as the terms are defined under Sec. 61.3 of this part.
Sec. 61.3 Definitions.
Act means the Social Security Act.
Affiliated or associated means health care entities with which a
subject of a final adverse action has a business or professional
relationship. This includes, but is not limited to, organizations,
associations, corporations, or partnerships. It also includes a
professional corporation or other business entity composed of a single
individual.
Any other negative action or finding by a Federal or State
licensing and certification agency means any action or finding that is
a matter of public record and rendered by a licensing or certification
authority, including but not limited to, imposition of civil money
penalties and administrative fines, limitations on the scope of
practice, liquidations, injunctions, forfeitures, and criminal
convictions and civil judgments which, under that State's laws, are
reportable to that State's boards or agencies which license or certify
health care practitioners, providers or suppliers. This definition also
includes final adverse actions (such as civil money penalties and
administrative fees that occur in conjunction with settlements) in
which no findings or admissions of liability have been made, and that
would otherwise be reportable under the statute.
Civil judgment means a court-ordered action rendered in a Federal
or State court proceeding, other than a criminal proceeding. This
reporting requirement does not include consent judgments that have been
agreed upon and entered to provide security for civil settlements in
which there was no finding or admission of liability.
Clinical privileges includes, as appropriate to the organization,
privileges, membership on the medical staff and other circumstances
pertaining to the furnishing of medical care under which a physician,
dentist or other licensed health care practitioner is permitted to
furnish such care by a health plan or by a Federal or State agency that
either administers or provides payment for the delivery of health care
services.
Criminal conviction means a conviction as described in section
1128(i) of the Act.
Exclusion means a temporary or permanent debarment of an individual
or entity from participation in any Federal or State health-related
program, and that items or services furnished by such person or entity
will not be reimbursed under any Federal or State health-related
program.
Government agency includes, but is not limited to--
(1) The U.S. Department of Justice;
(2) The U.S Department of Health and Human Services;
(3) Any other Federal agency that either administers or provides
payment for the delivery of health care services, including, but not
limited to the U.S. Department of Defense and the U.S. Department of
Veterans Affairs;
(4) State law enforcement agencies, which include States Attorneys
General;
(5) State Medicaid Fraud Control Units; and
(6) Federal or State agencies responsible for the licensing and
certification of health care providers, suppliers or licensed health
care practitioners. Examples of such State agencies include Departments
of Professional Regulation, Health, Social Services (including State
Survey and Certification and Medicaid Single State agencies), Commerce
and Insurance.
[[Page 58352]]
Health care fraud means fraud as defined in section 241 of the
Health Insurance Portability and Accountability Act (HIPAA) of 1996,
Public Law 104-191.
Health care provider means a provider of services as defined in
section 1861(u) of the Act; any health care entity (including a health
maintenance organization, preferred provider organization or group
medical practice) that provides health care services and follows a
formal peer review process for the purpose of furthering quality health
care; or any other health care entity that, directly or through
contracts, provides health care services.
Health care supplier means a provider of medical and other health
care services as described in section 1861(s) of the Act; or any
individual or entity, other than a provider, who furnishes or provides
access to health care services, supplies, items or ancillary services
(including, but not limited to, durable medical equipment suppliers and
manufacturers of health care related items, pharmaceutical suppliers
and manufacturers, health record services such as medical, dental and
patient records, health data suppliers, and billing and transportation
service suppliers). The term also includes any individual or entity
under contract to provide such supplies, items or ancillary services,
and any group, organization or company providing health benefits
whether directly, or indirectly through insurance, reimbursements or
otherwise, (including but not limited to, insurance producers such as
agents, brokers, solicitors, consultants and reinsurance
intermediaries, insurance companies, self-insured employers and health
care purchasing groups or entities).
Health plan means a plan, program or organization that provides
health benefits, whether directly, through insurance, reimbursement or
otherwise, and includes but is not limited to--
(1) A policy of health insurance;
(2) A contract of a service benefit organization;
(3) A membership agreement with a health maintenance organization
or other prepaid health plan;
(4) A plan, program, or agreement established, maintained or made
available by an employer or group of employers, a practitioner,
provider or supplier group, third party administrator, integrated
health care delivery system, employee welfare association, public
service group or organization or professional association; and
(5) An insurance company, insurance service or insurance
organization that is licensed to engage in the business of selling
health care insurance in a State and which is subject to State law
which regulates health insurance.
Licensed health care practitioner, licensed practitioner, or
practitioner mean, with respect to a State, an individual who is
licensed or otherwise authorized by the State to provide health care
services (or any individual who, without authority, holds himself or
herself out to be so licensed or authorized).
Other adjudicated actions or decisions means an official action
taken by a Federal or State governmental agency or health plan against
a health care provider, supplier or practitioner based on acts or
omissions that affect or could significantly affect the delivery or
payment of a health care item or service. For example, an official
action taken by a Federal or State governmental agency includes, but is
not limited to, a personnel-related action such as suspensions without
pay, reductions in pay, reductions in grade, terminations or other
comparable actions. A hallmark of any valid adjudicated action or
decision is the existence of a due process mechanism. In general, if an
``adjudicated action or decision'' follows an agency's established
administrative procedures (which ensure that due process is available
to the subject of the final adverse action), it would qualify as a
reportable action under this definition. For health plans that are not
government entities, an action taken following adequate notice and
hearing requirement that meets the standards of due process set out in
section 412(b) of the HCQIA (42 U.S.C. 11112(b)) also would qualify as
a reportable action under this definition. The fact that the subject
elects not to use the due process mechanism provided by the authority
bringing the action is immaterial, as long as such a process is
available to the subject before the adjudicated action or decision is
made final.
Secretary means the Secretary of Health and Human Services and any
other officer or employee of the Department of Health and Human
Services to whom the authority involved has been delegated.
State means any of the fifty States, the District of Columbia, the
Commonwealth of Puerto Rico, the Virgin Islands and Guam.
Subpart B--Reporting of Information
Sec. 61.4 How information must be reported.
Information must be reported to the HIPDB as required under
Secs. 61.6, 61.7, 61.8, 61.9, 61.10 and 61.11 of this part in such form
and manner as the Secretary may prescribe.
Sec. 61.5 When information must be reported.
(a) Information required under Secs. 61.7, 61.8, 61.9, 61.10 and
61.11 of this part must be submitted to the HIPDB within 30 calendar
days from the date the final adverse action was taken; the date when
the reporting entity became aware of the final adverse action; or by
the close of the entity's next monthly reporting cycle, whichever is
later.
(b) The date of the final adverse action was taken, its effective
date and duration would be contained in the information reported to the
HIPDB under Secs. 61.7, 61.8, 61.9, 61.10 and 61.11 of this part.
Sec. 61.6 Reporting errors, omissions, revisions or whether an action
is on appeal.
(a) If errors or omissions are found after information has been
reported, the reporter must send an addition or correction to the
HIPDB. This is an opportunity only for the subjects to request the
reporting entity to correct any errors or omissions in the information,
and not for requests for readjudication of their cases.
(b) A reporter that reports information on licensure, exclusion,
criminal convictions, civil or administrative judgments, or adjudicated
actions or decisions under Secs. 61.7, 61.8, 61.9, 61.10 or 61.11 of
this part also must report any revision of the action originally
reported. Revisions include reversal of a criminal conviction, reversal
of a judgment or other adjudicated decisions or whether the action is
on appeal, and reinstatement of a license.
(c) The subject will receive a copy of all reports, including
revisions and corrections to the report.
(d) Upon receipt of a report, the subject--
(1) Can accept the report as written;
(2) May provide a statement to the HIPDB, either directly or
through a designated representative, that will permanently append the
report (The statement should be limited to 2,000 characters and will be
included in the record. The HIPDB will distribute the statement to
queriers (where identifiable), the reporting entity and the subject of
the report. The HIPDB will not edit the statement; only the subject
can, upon request, make changes to the statement.); or
(3) May follow the dispute process in accordance with Sec. 61.15 of
this part.
[[Page 58353]]
Sec. 61.7 Reporting licensure actions taken by Federal and State
licensing and certification agencies.
(a) What actions must be reported. Federal and State licensing and
certification agencies must report to the HIPDB the following final
adverse actions that are taken against a health care provider, supplier
or practitioner (regardless of whether the final adverse actions are
the subject of a pending appeal)--
(1) Formal or official actions, such as revocation or suspension of
a license (and the length of any such suspension), reprimand, censure
or probation;
(2) Any other loss of the license or the right to apply for, or
renew, a license of the provider, supplier, or practitioner, whether by
operation of law, voluntary surrender (including certification
agreements or contracts for participation in Federal or State health
care programs), non-renewability (excluding those due to nonpayment of
fees, retirement, or change to inactive status) or otherwise; and
(3) Any other negative action or finding by such Federal or State
agency that is publicly available information.
(b) Information to be reported on individuals. (1) Federal or State
licensing and certification agencies must report the following
information concerning a practitioner who is the subject of a final
adverse action (regardless of whether the final adverse actions are the
subject of a pending appeal)--
(i) Name;
(ii) Social Security number, and Federal Employer Identification
number for individuals who possess one;
(iii) Sex;
(iv) Date of birth;
(v) Occupation;
(vi) Organization name and type;
(vii) Primary work address;
(viii) Name of each professional school attended and year of
graduation;
(ix) With respect to professional license, certification or
registration, the license, certification or registration number, the
field of licensure, certification or registration and the name(s) of
the State or Territory in which the license, certification or
registration is held;
(x) Physician specialty, if applicable;
(xi) National Provider Identifier (NPI), when issued by the Health
Care Financing Administration (HCFA);
(xii) A description of the acts or omissions or other reasons for
the action taken;
(xiii) A description of the action, if applicable, the date the
action was taken, its effective date and duration, the amount of any
monetary penalty, and whether the action is on appeal;
(xiv) Classification of the action in accordance with a reporting
code adopted by the Secretary;
(xv) Name and address of the reporting entity, and the name of the
agency taking the action;
(xvi) The name, title and telephone number of the responsible
official submitting the report on behalf of the reporting entity; and
(xvii) Name(s) of any health care entity with which the subject is
affiliated or associated.
(2) Federal and State licensing and certification agencies should
report, when known, the following concerning a practitioner who is the
subject of a final adverse action--
(i) Other name(s) used;
(ii) If deceased, date of death;
(iii) Home address;
(iv) Federal license, certification or registration number(s) (such
as a Drug Enforcement Administration (DEA) registration number and
Medicare provider number(s));
(v) Type(s) of any health care entity with which the subject is
affiliated or associated;
(vi) Address of each associated or affiliated health care entity;
(vii) NPI of each associated or affiliated health care entity, when
issued by HCFA; and
(viii) Nature of subject's relationship to each associated or
affiliated health care entity.
(c) Information that must be reported on organizations. (1) Federal
or State licensing and certification agencies must report the following
information concerning a provider or supplier who is the subject of a
final adverse action (regardless of whether the final adverse actions
are the subject of a pending appeal)--
(i) Name and type of provider or supplier;
(ii) Federal Employer Identification number, and Social Security
number (when used as the Tax Identification number (TIN));
(iii) The provider's or supplier's address;
(iv) The provider's or supplier's license, certification, or
registration number(s) and name(s) of the State or Territory in which
the license, certification or registration is held (the license number
against which the action is taken should be specified);
(v) NPI, when issued by HCFA;
(vi) A description of the acts or omissions or other reason for the
action;
(vii) A description of the action, if applicable, the date the
action was taken, its effective date and duration, the amount of any
monetary penalty, and whether the action is on appeal;
(viii) Classification of the action in accordance with a reporting
code adopted by the Secretary;
(ix) Name and address of the reporting entity, and the name of the
agency taking the action;
(x) The name, title and telephone number of the responsible
official submitting the report on behalf of the reporting entity; and
(xi) Name(s) of any health care entity with which the subject is
affiliated or associated.
(2) Federal and State licensing and certification agencies should
report, when known, the following information concerning a provider or
supplier who is the subject of a final adverse action (regardless of
whether the final adverse actions are the subject of a pending
appeal)--
(i) Federal license, certification or registration number(s) (such
as a DEA registration number, Medicare provider number(s), Clinical
Laboratory Improvement Act (CLIA) number);
(ii) Type(s) of any health care entity with which the subject is
affiliated or associated;
(iii) Address of each associated or affiliated health care entity;
(iv) NPI of each affiliated or associated health care entity, when
issued by HCFA;
(v) Nature of subject's relationship to each associated or
affiliated health care entity; and
(vi) Total amount of monetary penalties and fines.
(d) Sanctions for failure to report. The Secretary will provide for
publication of a public report that identifies those Government
agencies that have failed to report information on adverse actions as
required to be reported under this section.
Sec. 61.8 Reporting Federal or State criminal convictions related to
the delivery of a health care item or service.
(a) Who must report. Federal and State prosecutors, including law
enforcement and investigative agencies, must report criminal
convictions against health care providers, suppliers and practitioners
related to the delivery of a health care item or service.
(b) Information to be reported on individuals. (1) Entities
described in paragraph (a) of this section must report the following
information--
(i) With respect to the individual who is the subject of a criminal
conviction--
(A) Full name;
(B) Social Security number, and Federal Employer Identification
number for individuals who possess one;
(C) Date of birth;
(D) Sex;
[[Page 58354]]
(E) Occupation;
(F) Organization name and type;
(G) Primary work address;
(H) NPI, when issued by HCFA;
(I) Court or judicial venue in which the action was taken;
(J) Docket or court file number;
(K) Name of primary prosecuting agency;
(L) Prosecuting agency's case number;
(M) Length of incarceration, detention, probation, community
service or other sentence;
(N) Amount of any monetary penalties, judgment, restitution or
other order;
(O) Date of sentence;
(P) Description of acts or omissions and injuries upon which the
action was based;
(Q) Nature of the final adverse action and whether such action is
on appeal;
(R) Name(s) of affiliated or associated health care entities; and
(S) Statutory offenses and count(s), and
(ii) With respect to the reporting entity--
(A) Name and address of the reporting entity and its file number
concerning the subject; and
(B) The name, title and telephone number of the responsible
official submitting the report on behalf of the reporting entity.
(2) Entities described in paragraph (a) of this section should
report, when known, the following information--
(i) With respect to the individual who is the subject of a criminal
conviction--
(A) Other name(s) used;
(B) Home address;
(C) Physician specialty;
(D) Medicare provider number(s);
(E) Medicaid provider number(s) and State(s);
(F) DEA registration number(s);
(G) Federal Bureau of Investigation (FBI) number;
(H) Name of each professional school attended and year of
graduation; and
(I) With respect to each professional license, certification or
registration, the license, certification or registration number, the
field of licensure, certification or registration, and the name(s) of
the State or Territory in which the license, certification or
registration is held, if known;
(ii) With respect to health care entities (if known) with which the
subject of the criminal conviction is affiliated or associated--
(A) Type(s) of affiliated or associated health care entities;
(B) Address of each associated or affiliated health care entity;
(C) NPI of each associated or affiliated health care entity, when
issued by HCFA; and
(D) Nature of subject's relationship to each associated or
affiliated health care entity; and
(iii) With respect to the action--
(A) Investigative agencies involved; and
(B) Investigative agencies' case or file number.
(c) Information to be reported on organizations. (1) Entities
described in paragraph (a) of this section must report the following
information--
(i) With respect to the organization that is the subject of a
criminal conviction--
(A) Entity's legal name;
(B) Name entity is doing business as;
(C) Business address;
(D) Federal Employer Identification number, and Social Security
number (when used as the TIN);
(E) NPI when issued by the HCFA;
(F) Type of entity;
(G) Court or judicial venue in which the action was taken;
(H) Docket or court file number;
(I) Name of primary prosecuting agency;
(J) Prosecuting agency's case number;
(K) Length of sentence (e.g., for probation);
(L) Amount of any monetary penalty, judgment, restitution, or other
orders;
(M) Date of sentence;
(N) Description of acts or omissions and injuries upon which the
action was based;
(O) Nature of the final adverse action and whether such action is
on appeal;
(P) Name(s) of affiliated or associated health care entities; and
(Q) Statutory offenses and count(s), and
(ii) With respect to the reporting entity--
(A) Name and address of the reporting entity and its file number
concerning the subject; and
(B) The name, title and telephone number of the responsible
official submitting the report on behalf of the reporting entity.
(2) Entities described in paragraph (a) of this section should
report, when known, the following information--
(i) With respect to the organization that is the subject of a
criminal conviction--
(A) Medicare provider number(s);
(B) Medicaid provider number(s) and State(s);
(C) DEA registration number(s);
(D) Health care provider's or supplier's license, certification or
registration number(s), and the name(s) of the State or Territory in
which the license, certification or registration is held;
(E) Names and titles of principal officers and owners;
(F) Investigative agencies involved; and
(G) Investigative agencies' case or file number; and
(ii) With respect to any health care entities (if known) with which
the subject of the criminal conviction is affiliated or associated--
(A) Type(s) of affiliated or associated health care entities;
(B) Address of each associated or affiliated health care entity;
(C) NPI of each associated or affiliated health care entity, when
issued by HCFA; and
(D) Nature of subject's relationship to each associated or
affiliated health care entity.
(d) Sanctions for failure to report. The Secretary will provide for
publication of a public report that identifies those Government
agencies that have failed to report information on adverse actions as
required to be reported under this section.
Sec. 61.9 Reporting civil judgments related to the delivery of a
health care item or service.
(a) Who must report. Federal and States Attorneys, investigative
agencies and health plans must report civil judgments against health
care providers, suppliers or practitioners related to the delivery of a
health care item or service (regardless of whether the civil judgment
is the subject of a pending appeal), with the exception of those
resulting from medical malpractice.
(b) Information to be reported on individuals. (1) Entities
described in paragraph (a) of this section must report the following
information--
(i) With respect to the individual who is the subject of a
judgment--
(A) Full name;
(B) Social Security number, and Federal Employer Identification
number for individuals who possess one;
(C) Date of birth;
(D) Sex;
(E) Occupation;
(F) Organization name and type;
(G) Primary work address;
(H) NPI, when issued by HCFA;
(I) Court or judicial venue in which the action was taken;
(J) Docket or court file number;
(K) Name of primary prosecuting agency or civil plaintiff;
(L) Prosecuting agency's case number;
(M) Date of judgment;
(N) Amount of any monetary penalty, judgment, restitution, or other
orders;
(O) Description of acts or omissions and injuries upon which the
action was based;
(P) Nature of final adverse action and whether such action is on
appeal;
(Q) Name(s) of affiliated or associated health care entities; and
[[Page 58355]]
(R) Statutory offenses and count(s), and
(ii) With respect to the reporting entity--
(A) Name and address of the reporting entity and its file number
concerning the subject; and
(B) The name, title and telephone number of the responsible
official submitting the report on behalf of the reporting entity.
(2) Entities described in paragraph (a) of this section should
report, when known, the following information--
(i) With respect to the individual who is the subject of a
judgment--
(A) Physician specialty, if applicable;
(B) Other name(s) used;
(C) Home address;
(D) Medicare provider number(s);
(E) Medicaid provider number(s) and State(s);
(F) DEA registration number(s);
(G) FBI number;
(H) Name of each professional school attended and year of
graduation;
(I) With respect to each professional license, certification or
registration, the license, certification, or registration number, the
field of licensure, certification, or registration, and the name(s) of
the State or Territory in which the license, certification or
registration is held;
(J) Investigative agencies involved; and
(K) Investigative agencies' case or file number; and
(ii) With respect to any health care entities (if known) with which
the subject of the judgment is affiliated or associated--
(A) Type(s) of affiliated or associated health care entities;
(B) Address of each associated or affiliated health care entity;
(C) NPI of each associated or affiliated health care entity, when
issued by HCFA; and
(D) Nature of subject's relationship to each associated or
affiliated health care entity.
(c) Information to be reported on organizations. (1) Entities
described in paragraph (a) of this section must report the following
information--
(i) With respect to the organization that is the subject of a
judgment--
(A) Entity's legal name, if known;
(B) Name entity is doing business as;
(C) Business address;
(D) Federal Employer Identification number, and Social Security
number (when used as the TIN);
(E) NPI, when issued by HCFA;
(F) Type of entity;
(G) Court or judicial venue in which the action was taken;
(H) Docket or court file number;
(I) Name of primary prosecuting agency or civil plaintiff;
(J) Prosecuting agency's case number;
(K) Date of judgment;
(L) Amount of any monetary penalty, judgment, restitution or other
orders;
(M) Description of acts or omissions and injuries upon which the
action was based;
(N) Nature of final adverse action and whether such action is on
appeal;
(O) Name(s) of affiliated or associated health care entities; and
(P) Statutory offenses and count(s), and
(ii) With respect to the reporting entity--
(A) Name and address of the reporting entity and its file number
concerning the subject; and
(B) The name, title and telephone number of the responsible
official submitting the report on behalf of the reporting entity.
(2) Entities described in paragraph (a) of this section should
report, when known, the following information--
(i) With respect to the organization that is the subject of a
judgment--
(A) Medicare provider number(s);
(B) Medicaid provider number(s) and State(s);
(C) DEA registration number(s);
(D) Health care provider or supplier license, certification or
registration number, and the name(s) of the State or Territory in which
the license, certification or registration is held;
(E) Names and titles of principal officers and owners;
(F) Investigative agencies involved; and
(G) Investigative agencies' case or file number; and
(ii) With respect to any health care entities (if known) with which
the subject of the judgment is affiliated or associated--
(A) Type(s) of affiliated or associated health care entities;
(B) Address of each associated or affiliated health care entity;
(C) NPI of each associated or affiliated health care entity, when
issued by HCFA; and
(D) Nature of subject's relationship to each associated or
affiliated health care entity.
(d) Sanctions for failure to report. Any health plan that fails to
report information on an adverse action required to be reported under
this section will be subject to a civil money penalty (CMP) of not more
than $25,000 for each such adverse action not reported. Such penalty
will be imposed and collected in the same manner as CMPs under
subsection (a) of section 1128A of the Act. The Secretary will provide
for publication of a public report that identifies those Government
agencies that have failed to report information on adverse actions as
required to be reported under this section.
Sec. 61.10 Reporting exclusion from participation in Federal or State
health care programs.
(a) Who must report. Federal and State government agencies must
report health care providers, suppliers or practitioners excluded from
participating in Federal or State health care programs, including
exclusions that were made in a matter in which there was also a
settlement that is not reported because no findings or admissions of
liability have been made (regardless of whether the exclusion is the
subject of a pending appeal) .
(b) Information to be reported on individuals. (1) The entity
described in paragraph (a) of the section must report the following
information--
(i) Name;
(ii) Social Security number, and Federal Employer Identification
number for individuals who possess one;
(iii) Date of birth;
(iv) Sex;
(v) Occupation;
(vi) Primary work address;
(vii) Organization name and type;
(viii ) NPI, when issued by HCFA;
(ix) Professional school and year of graduation;
(x) With respect to each professional license, certification or
registration, the license, certification or registration number, the
field of licensure, certification or registration, and the name(s) of
the State or Territory in which the license, certification or
registration is held;
(xi) Description of the action, the date the action was taken, its
effective date and duration, and whether the action is on appeal;
(xii) Classification of the action in accordance with a reporting
code adopted by the Secretary;
(xiii) Description of acts or omissions, and injuries, upon which
the action was based;
(xiv) Name and address of the reporting entity, and the name of the
agency taking the action;
(xv) The name, title and telephone number of the responsible
official submitting the report on behalf of the reporting entity; and
(xvi) Name(s) of any health care entity with which the subject is
affiliated or associated.
(2) The entity described in paragraph (a) of this section should
report, when known, the following information--
[[Page 58356]]
(i) Other name(s) used;
(ii) Home address;
(iii) Physician specialty;
(iv) Federal license, certification or registration number(s) (such
as a DEA registration number, Medicare provider number(s));
(v) Type(s) of any health care entity with which the subject is
affiliated or associated;
(vi) Address of each associated or affiliated health care entity;
(vii) NPI of each associated or affiliated health care entity, when
issued by HCFA; and
(viii) Nature of subject's relationship to each associated or
affiliated health care entity.
(c) Information to be reported on organizations. (1) An entity
described in paragraph (a) of this section must report the following
information for a health care provider or supplier--
(i) Name and type of provider or supplier;
(ii) Federal Employer Identification number, and Social Security
number (when used as the TIN);
(iii) NPI, when issued by HCFA;
(iv) The provider's or supplier's address;
(v) The provider's or supplier's license, certification or
registration number(s) and the name of the State or Territory in which
the license, certification or registration is held (the license number
against which the action is taken should be specified);
(vi) Description of the acts or omissions or other reason for the
action;
(vii) Classification of the action in accordance with a reporting
code adopted by the Secretary;
(viii) Description of the action, the date the action was taken,
its effective date and duration;
(ix) Name and address of the reporting entity, and the name of the
agency taking the action;
(x) The name, title and telephone number of the responsible
official submitting the report on behalf of the reporting entity; and
(xi) Name(s) of any health care entity with which the subject is
affiliated or associated.
(2) An entity described in paragraph (a) of this section should
report, when known, the following information for a health care
provider or supplier--
(i) Federal license, certification or registration number(s) (such
as a DEA registration number, Medicare provider number(s), CLIA
number);
(ii) Type(s) of any health care entity with which the subject is
affiliated or associated;
(iii) Address of each associated or affiliated health care entity;
(iv) NPI of each associated or affiliated health care entity, when
issued by HCFA; and
(v) Nature of subject's relationship to each associated or
affiliated health care entity.
(d) Sanctions for failure to report. The Secretary will provide for
publication of a public report that identifies those Government
agencies that have failed to report information on adverse actions as
required to be reported under this section.
Sec. 61.11 Reporting other adjudicated actions or decisions.
(a) Who must report. Federal and State governmental agencies and
health plans must report other adjudicated actions or decisions related
to the delivery of a health care item or service against health care
providers, suppliers and practitioners (regardless of whether the other
adjudicated actions or decisions are subject to a pending appeal).
(b) Information to be reported on individuals. (1) Entities
described in paragraph (a) of this section must report the following
information on individuals--
(i) Name;
(ii) Social Security number, and Federal Employer Identification
number for individuals who possess one;
(iii) Sex;
(iv) Date of birth;
(v) Occupation;
(vi) Primary work address;
(vii) Organization name and type;
(viii) Name of each professional school attended and year of
graduation;
(ix) With respect to each professional license, certification or
registration, the license, certification or registration number, the
field of licensure, certification or registration, and the name of the
State or Territory in which the license, certification or registration
is held;
(x) NPI, when issued by HCFA;
(xi) Description of the acts or omissions or other reason for the
action;
(xii) Classification of the action in accordance with a reporting
code adopted by the Secretary;
(xiii) Description of the action, date the action was taken, its
effective date and duration, amount of any monetary penalty, and
whether the action is on appeal;
(xiv) Name and address of the reporting entity, and the name of the
agency taking the action;
(xv) The name, title and telephone number of the responsible
official submitting the report on behalf of the reporting entity; and
(xvi) Name(s) of any health care entities with which the subject is
affiliated or associated.
(2) Entities described in paragraph (a) of this section should
report, when known, the following information on individuals--
(i) Other name(s) used;
(ii) Home address;
(iii) Physician specialty;
(iv) Federal license, certification or registration number(s) (such
as a DEA registration number, Medicare provider number(s));
(v) Type(s) of any health care entity with which the subject is
affiliated or associated;
(vi) Address of each associated or affiliated health care entity;
(vii) NPI of each associated or affiliated health care entity, when
issued by HCFA; and
(viii) Nature of subject's relationship to each associated or
affiliated health care entity.
(c) Information to be reported on organizations. (1) Entities
described in paragraph (a) of this section must report the following
information on organizations--
(i) Name and type of provider or supplier;
(ii) Federal Employer Identification number, and Social Security
number (when used as the TIN);
(iii) The provider's or supplier's address;
(iv) NPI, when issued by HCFA;
(v) The provider's or supplier's license, certification or
registration number(s) and the name of the State or Territory in which
the license, certification or registration is held (the license number
against which the action is taken should be specified);
(vi) Description of the acts or omissions or other reason for the
action;
(vii) Description of action, date the action was taken, its
effective date and duration, and amount of any monetary penalty;
(viii) Classification of the action in accordance with a reporting
code adopted by the Secretary;
(ix) Name and address of reporting entity, and the name of the
agency taking the action;
(x) The name, title, and telephone number of the responsible
official submitting a report on behalf of the reporting entity; and
(xi) Name(s) of any health care entities with which the subject is
affiliated or associated.
(2) Entities described in paragraph (a) of this section should
report, when known, the following information on organizations--
(i) Federal license, certification or registration number(s) (such
as a DEA
[[Page 58357]]
registration number, Medicare provider number(s), CLIA number);
(ii) Type(s) of any health care entity with which the subject is
affiliated or associated;
(iii) Address of each associated or affiliated health care entity,
if known;
(iv) NPI of each associated or affiliated health care entity, when
issued by HCFA;
(v) Nature of subject's relationship to each associated or
affiliated health care entity; and
(vi) Name and titles of principal officers and owners.
(d) Sanctions for failure to report. Any health plan that fails to
report information on an adverse action required to be reported under
this section will be subject to a CMP of not more than $25,000 for each
such adverse action not reported. Such penalty will be imposed and
collected in the same manner as CMPs under section 1128A(a) of the Act.
The Secretary will provide for publication of a public report that
identifies those Government agencies that have failed to report
information on adverse actions as required to be reported under this
section.
Subpart C--Disclosure of Information by the Healthcare Integrity
and Protection Data Bank
Sec. 61.12 Requesting information from the Healthcare Integrity and
Protection Data Bank.
(a) Who may request information and what information may be
available. Information in the HIPDB will be available, upon request, to
the following persons or entities, or their authorized agents--
(1) Federal and State government agencies;
(2) Health plans;
(3) A health care practitioner, provider, or supplier requesting
information concerning himself, herself or itself; and
(4) A person or entity who requests aggregate information, which
does not permit the identification of any particular patient, health
care provider, supplier or practitioner. (For example, researchers can
use the aggregate information to identify the total number of
practitioners excluded from the Medicare and Medicaid programs.
Similarly, health plans can use aggregate information to develop
outcome measures in their efforts to monitor and improve quality care.)
(b) Procedures for obtaining HIPDB information. Eligible persons
and entities may obtain information from the HIPDB by submitting a
request in such form and manner as the Secretary may prescribe. These
requests are subject to fees set forth in Sec. 61.13 of this part. The
HIPDB will comply with the Department's principles of fair information
practice by providing each subject of a report with a copy when the
report is entered into the HIPDB.
Sec. 61.13 Fees applicable to requests for information.
(a) Policy on fees. The fees described in this section apply to all
requests for information from the HIPDB. However, for purposes of
verification and dispute resolution, the HIPDB will provide a copy--
automatically, without a request and free of charge--of every record to
the health care provider, supplier or practitioner who is the subject
of the report. The fees are authorized by section 1128E(d)(2) of the
Act, and they reflect the full costs of operating the database. The
actual fees will be announced by the Secretary in periodic notices in
the Federal Register.
(b) Criteria for determining the fee. The amount of each fee will
be determined based on the following criteria--
(1) Direct and indirect personnel costs;
(2) Physical overhead, consulting, and other indirect costs
including rent and depreciation on land, buildings and equipment;
(3) Agency management and supervisory costs;
(4) Costs of enforcement, research and establishment of regulations
and guidance;
(5) Use of electronic data processing equipment to collect and
maintain information--the actual cost of the service, including
computer search time, runs and printouts; and
(6) Any other direct or indirect costs related to the provision of
services.
(c) Assessing and collecting fees. The Secretary will announce
through periodic notice in the Federal Register the method of payment
of fees. In determining these methods, the Secretary will consider
efficiency, effectiveness and convenience for users and for the
Department. Methods may include credit card, electronic funds transfer
and other methods of electronic payment.
Sec. 61.14 Confidentiality of Healthcare Integrity and Protection Data
Bank information.
Information reported to the HIPDB is considered confidential and
will not be disclosed outside the Department, except as specified in
Secs. 61.12 and 61.15 of this part. Persons and entities receiving
information from the HIPDB, either directly or from another party, must
use it solely with respect to the purpose for which it was provided.
Nothing in this paragraph will prevent the disclosure of information by
a party from its own files used to create such reports where disclosure
is otherwise authorized under applicable State or Federal law.
Sec. 61.15 How to dispute the accuracy of Healthcare Integrity and
Protection Data Bank information.
(a) Who may dispute the HIPDB information. The HIPDB will routinely
mail or transmit electronically to the subject a copy of the report
filed in the HIPDB. The subject of the report or a designated
representative may dispute the accuracy of a report concerning himself,
herself or itself within 60 calendar days of receipt of the report.
(b) Procedures for disputing a report with the reporting entity.
(1) If the subject disagrees with the reported information, the subject
must request, in writing within 60 calendar days of receipt of the
report, that the HIPDB enter the report into ``disputed status.''
(2) The HIPDB will send the report, with a notation that the report
has been placed in ``disputed status,'' to queriers (where
identifiable), the reporting entity and the subject of the report.
(3) The subject must attempt to enter into discussion with the
reporting entity to resolve the dispute. If the reporting entity
revises the information originally submitted to the HIPDB, the HIPDB
will notify the subject and all entities to whom reports have been sent
that the original information has been revised. If the reporting entity
does not revise the reported information, the subject may request that
the Secretary review the report for accuracy.
(c) Procedures for requesting a Secretarial review. (1) The subject
must request, in writing, that the Secretary of the Department review
the report for accuracy. The subject must return this request to the
HIPDB along with appropriate materials that support the subject's
position. The Secretary will only review the accuracy of the reported
information, and will not consider the merits or appropriateness of the
action or the due process that the subject received.
(2) After the review, if the Secretary--
(i) Concludes that the information is accurate and reportable to
the HIPDB, the Secretary will inform the subject and the HIPDB of the
determination. The Secretary will include a brief statement
(Secretarial Statement) in the report that describes the basis for the
decision. The report will be removed from ``disputed status.'' The
HIPDB will
[[Page 58358]]
distribute the corrected report and statement(s) to previous queriers
(where identifiable), the reporting entity and the subject of the
report.
(ii) Concludes that the information contained in the report is
inaccurate, the Secretary will inform the subject of the determination
and direct the HIPDB or the reporting entity to revise the report. The
Secretary will include a brief statement (Secretarial Statement) in the
report describing the findings. The HIPDB will distribute the corrected
report and statement (s) to previous queriers (where identifiable), the
reporting entity and the subject of the report.
(iii) Determines that the disputed issues are outside the scope of
the Department's review, the Secretary will inform the subject and the
HIPDB of the determination. The Secretary will include a brief
statement (Secretarial Statement) in the report describing the
findings. The report will be removed from ``disputed status.'' The
HIPDB will distribute the report and the statement(s) to previous
queriers (where identifiable), the reporting entity and the subject of
the report.
(iv) Determines that the adverse action was not reportable and
therefore should be removed from the HIPDB, the Secretary will inform
the subject and direct the HIPDB to void the report.
The HIPDB will distribute a notice to previous queriers (where
identifiable), the reporting entity and the subject of the report that
the report has been voided.
Dated: April 10, 1998.
June Gibbs Brown,
Inspector General.
Approved: June 9, 1998.
Donna E. Shalala,
Secretary.
[FR Doc. 98-29147 Filed 10-29-98; 8:45 am]
BILLING CODE 4160-15-P
