2024-23225. Privacy Act of 1974; Matching Program  

  • AGENCY:

    Department of Veterans Affairs (VA).

    ACTION:

    Notice of a new matching program.

    SUMMARY:

    In accordance with the Privacy Act of 1974, as amended, VA is providing notice of a new matching program between VA and the Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) entitled “Disclosure of Information to Support the Veterans Affairs' “Seek to Prevent Fraud, Waste, and Abuse Initiative.”

    DATES:

    Comments on this matching program must be received no later than November 7, 2024. If no public comment is received during the period allowed for comment or unless otherwise published in the Federal Register by VA, the new agreement will become effective a minimum of 30 days after date of publication in the Federal Register . If VA receives public comments, VA shall review the comments to determine whether any changes to the notice are necessary. This matching program will be valid for 18 months from the effective date of this notice.

    ADDRESSES:

    Comments may be submitted through www.Regulations.gov or mailed to VA Privacy Service, 810 Vermont Avenue NW, (005X6F), Washington, DC 20420. Comments should indicate that they are submitted in response to “Disclosure of Information to Support the Veteran Affairs' Seek to Prevent Fraud, Waste, and Abuse Initiative.” Comments received will be available at regulations.gov for public viewing, inspection, or copies.

    FOR FURTHER INFORMATION CONTACT:

    Elizabeth Morales, Director, VA Office of Business Oversight Program Integrity Office, 1615 Woodward Street, Austin, TX 78772, (512) 673-8960.

    SUPPLEMENTARY INFORMATION:

    This Agreement establishes the terms, conditions, and procedures under which CMS will provide certain data to VA that supports the VA's Seek to Prevent Fraud, Waste, and Abuse initiative. The data will be provided from CMS' database of enrolled Medicare providers and suppliers (System of Records Notice [SORN] No. 09-70-0532, Provider Enrollment, Chain, and Ownership System [PECOS]). Using PECOS data in a matching program for this purpose will provide VA prompt access to extant information, using an efficient process that both eliminates the need to manually compare substantial numbers of data-intensive files and enables VA to leverage, instead of duplicating, the costly Advance Provider Screening process that CMS uses to check suitability of Medicare providers and generate the data in PECOS.

    Participating Agencies: VA and CMS.

    Authority for Conducting the Matching Program: This Agreement is executed pursuant to the Privacy Act (5 United Stated Code [U.S.C.] 552a) and the regulations and guidance promulgated thereunder; Office of Management and Budget (OMB) Circular A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act, published at 81 Federal Register (FR) 94424 (December 23, 2016); and OMB guidelines pertaining to computer matching published at 54 FR 25818 (June 19, 1989). Title 38 U.S.C. 7301(b) states that the primary function of VA is to provide a complete medical and hospital service for the care of eligible Veterans. In carrying out this function, including through contracts with external entities and providers, VA has an obligation to (1) ensure providers furnish care that is appropriate and safe and meets or exceeds professional standards for quality and (2), in the case of external providers, maintain billing integrity and compliance with contractual terms.

    Purpose(s): Under this matching program, VA internal and external providers will be matched against the database of Medicare providers and suppliers who have been revoked by CMS pursuant to 42 Code of Federal Regulations (CFR) section 424.535. VA intends to review the information provided, perform additional validation, and if deemed appropriate, conduct further investigation, or refer the matter to the VA Office of the Inspector General (OIG) for further investigation. Based on additional validation or investigation, should VA determine VA program requirements have been violated, VA intends to take action (or refer to the OIG for action) against the VA internal and external providers. Such action may be based on activities that endanger VA patients and/or reflect improper or erroneous billing practices related to claims for health care provided to VA beneficiaries. Actions VA may take include (1) terminating or modifying existing contractual or provider agreements; (2) stopping referral of VA patients to the VA external providers; (3) referring the VA internal and external providers to the ( print page 81617) OIG; (4) performing pre- or post-payment reviews of claims paid or submitted; or (5) taking disciplinary actions or removing, demoting, or suspending VA internal providers.

    Categories of Individuals: VA internal and external health care providers will be matched against the database of Medicare providers who have been revoked by CMS under 42 CFR 424.535. “Provider” is defined by 42 CFR 400.202 as a “hospital, a Critical Access Hospital, a skilled nursing facility, a comprehensive outpatient rehabilitation facility, a home health agency, or a hospice that has in effect an agreement to participate in Medicare, or a clinic, a rehabilitation agency, or a public health agency that has in effect a similar agreement but only to furnish outpatient physical therapy or speech pathology services, or a community mental health center that has in effect a similar agreement but only to furnish partial hospitalization services.”

    Categories of Records: VA will provide CMS electronic files, in a format defined by CMS, containing identifying information required to match VA records with CMS records. Data fields will include one or more of the following elements: (1) Name of Provider/Business; (2) Tax Identification Number (TIN) (EIN, ITIN or SSN); (3) National Provider Identifier (NPI); (4) State(s) in which the provider is providing services; and (5) Specialty Code or Taxonomy Code. Upon matching the TIN or NPI, CMS will provide VA the matched data elements above and the following additional fields: (1) NPI (for individuals) where VA provided a TIN; (2) Current Enrollment Status; (3) Current Enrollment Status Effective Date; (4) Status Reason (PECOS codes used to denote the specific reason(s) on which the final revocation was based); and (5) All NPIs associated with a revoked TIN to include all above fields (1-4) and Enrollment State, Specialty, Role, Enrollment Bar status, and Enrollment Bar Expiration Date (if applicable).

    System(s) of Records: VA will provide information covered by SOR 77VA10E2E, Health Care Provider Credentialing and Privileging Records-VA, last published in full at 85 FR 7395 (February 7, 2020), routine uses 1 and 2; SOR 23VA10NB3, Non-VA Care (Fee) Records-VA, last published in full at 80 FR 45590 (July 30, 2015), routine use 2 and 30; SOR 02VA135, Applicants for Employment under Title 38, U.S.C.-VA, last published in full at 42 FR 49728 (September 27, 1977), and updated at 51 FR 25969 (July 17, 1986), 55 FR 42534 (October 19, 1990), and 58 FR 40852 (July 30, 1993), see routine uses 1 and 2 published at 42 FR 49728; and SOR 186VA10D, entitled “Community Care Provider Profile Management System,” last published in full at 86 FR 6979 (January 25, 2021). See routine use 10. CMS will provide information covered by Provider Enrollment Chain and Ownership System (PECOS), System No. 09-70-0532, last published in full at 71 FR 60536 (Oct. 13, 2006) and updated at 78 FR 32257 (May 29, 2013) and 83 FR 6591 (Feb. 14, 2018), see routine use 6 published at 71 FR 60536 and the unnumbered routine use published at 78 FR 32257; and National Plan and Provider Enumeration System (NPPES), System No. 09-70-0555, last published in full at 75 FR 30411 (June 1, 2010) and updated at 78 FR 32257 (May 29, 2013) and 83 FR 6591 (Feb. 14, 2018), see routine use 5 published at 75 FR 30411 and the unnumbered routine use published at 78 FR 32257.

    Signing Authority

    The Senior Agency Official for Privacy, or designee, approved this document and authorized the undersigned to sign and submit the document to the Office of the Federal Register for publication electronically as an official document of the Department of Veterans Affairs. John Oswalt, Chief Privacy Officer and Chair of the Data Integrity Board, Department of Veterans Affairs approved this document on August 27, 2024 for publication.

    Dated: October 3, 2024.

    Amy L. Rose,

    Government Information Specialist, VA Privacy Service, Office of Compliance, Risk and Remediation, Office of Information and Technology, Department of Veterans Affairs.

    [FR Doc. 2024-23225 Filed 10-7-24; 8:45 am]

    BILLING CODE P