AGENCY:

Health Resources and Services Administration (HRSA), HHS.

ACTION:

Final rule.

SUMMARY:

This final rule exempts the system of records (09-15-0054, the National Practitioner Data Bank for Adverse Information on Physicians and Other Health Care Practitioners, HHS/HRSA/BHPr) for the National Practitioner Data Bank (NPDB) from certain provisions of the Privacy Act (5 U.S.C. 552a). The exemption is necessary due to the recent expansion of the NPDB under section 1921 of the Social Security Act to include the investigative materials compiled for law enforcement purposes reported to the Healthcare Integrity and Protection Data Bank (HIPDB). The system of records for the HIPDB is exempt from certain provisions of the Privacy Act (see 45 CFR 5b.11(b)(2)(ii)(F)). In order to maintain the exemption for the HIPDB investigative materials, which will now also be available through the NPDB, it is necessary to extend the same exemption to the NPDB.

DATES:

The effective date of this rule is December 23, 2011.

FOR FURTHER INFORMATION CONTACT:

Cynthia Grubbs, Director, Division of Practitioner Data Banks, Bureau of Health Professions, Health Resources and Services Administration, Parklawn Building, 5600 Fishers Lane, Room 8-103, Rockville, MD 20857; telephone number: (301) 443-2300.

SUPPLEMENTARY INFORMATION:

I. Background

The NPDB was established by Title IV of Public Law 99-660, the Health Care Quality Improvement Act of 1986, as amended. The NPDB is primarily an alert or flagging system intended to facilitate a comprehensive review of health care practitioners' professional credentials. On January 28, 2010, HRSA published a final rule in the Federal Register (75 FR 4656) designed to implement section 1921 of the Social Security Act (herein referred to as section 1921). Section 1921 expands the scope of the NPDB. Section 1921 requires each State to adopt a system of reporting to the Secretary certain adverse licensure actions taken against health care practitioners and health care entities by any authority of the State responsible for the licensing of such practitioners or entities. It also requires each State to report any negative action or finding that a State licensing authority, a peer review organization, or a private accreditation entity has finalized against a health care practitioner or entity. Practically speaking, section 1921 resulted in, among other consequences, the transfer of the vast majority of information contained in the HIPDB, a companion data bank, to the NPDB.

The HIPDB was created by the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law (Pub. L. 104-191), which required the Secretary, acting through the Office of Inspector General (OIG) and the United States Attorney General, to establish a new health care fraud and abuse control program, to combat health care fraud and abuse. Together, the HIPDB and NPDB serve to facilitate review of health care practitioners' and entities' backgrounds.

II. Summary of the Proposed Rule

In the February 17, 2011 Federal Register (76 FR 9295), HRSA published a proposed rule that would exempt the NPDB system of records from subsection (c)(3), (d)(1) through (d)(4), (e)(4)(G) and (H), and (f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(2). These exemptions are necessary to deal with the expansion of NPDB information after implementation of section 1921 on March 1, 2010. Groups that have access to the section 1921 information in the NPDB include all organizations eligible to query the NPDB under the Health Care Quality Improvement Act of 1986 (hospitals, other health care entities that conduct peer review and provide health care services, State medical or dental boards, and other health care practitioner State boards), other State licensing authorities, agencies administering Federal health care programs (including private entities administering such programs under contract), State agencies administering or supervising the administration of State health care programs, State Medicaid Fraud Control Units, certain law enforcement agencies, utilization and quality control peer review organizations (referred to as QIOs), as defined in Part B of title XI of the Social Start Printed Page 72326Security Act, and appropriate entities with contracts under section 1154(a)(4)(C) of the Social Security Act. Individual health care practitioners and entities can self-query.

One of the purposes of these data will be use of this information by a Federal or State government agency charged with the responsibility of investigating or prosecuting a case where there is an indication of a violation or potential violation of law, whether civil, criminal, or regulatory in nature. The information in this system may also be used in the preparation for a trial or hearing for such violation.

Specifically, this final rule now exempts the NPDB from the following subsections of the Privacy Act for the reasons set forth below:

• Subsection (c)(3). This provision requires that individuals be provided an accounting of disclosures of their records from a Privacy Act system, if requested. Providing an accounting of disclosures (i.e., an accounting of queries made by law enforcement agencies) to an individual who is the subject of an investigation could reveal the nature and scope of the investigation and could lead to the destruction or alteration of evidence, tampering with witnesses, and other evasive actions that could impede or compromise an investigation.
• Subsections (d)(1) through (d)(4). These provisions require that individuals be allowed to access and correct or amend their records in a Privacy Act system, if requested. Release of investigative records to an individual who is the subject of an investigation could interfere with pending or prospective law enforcement proceedings, or could reveal sensitive investigative techniques and procedures. Report subjects will have access to information on all other queries to the data bank. Report subjects are guaranteed access to, and correction rights for, substantive information reported to the NPDB. The procedures, appearing in 45 CFR part 60, use the Privacy Act access and correction procedures as a basic framework while, at the same time, providing significant additional rights (such as automatic notification to the record subject of any report filed with the data bank). Data bank subjects also have broader rights on NPDB correction procedures, including the right to file a statement of disagreement as soon as a report is filed with the data bank.
• Subsections (e)(4)(G) and (H), and (f). These provisions require that the system of records notice for a Privacy Act system provide the procedures whereby individuals can be notified at their request if the system contains records about them and can request and gain access to, and contest the content of, their records. Notifying an individual who is the subject of an investigation or a witness that a system of records contains information about him or her could reveal the nature and scope of the investigation and could result in the altering or destruction of evidence, improper influencing of witnesses, and other evasive actions that could impede or compromise an investigation. Report subjects are guaranteed access to, and correction rights for, substantive information reported to the NPDB. The same correction procedures apply (contained in 45 CFR part 60) as mentioned in the earlier bullet for subsections (d)(1) through (d)(4).

Accordingly, HRSA proposes to amend 45 CFR 5b.11(b)(2)(ii) of the HHS Privacy Act regulations by adding the following:

• A new paragraph (L) that exempts investigative materials compiled for law enforcement purposes for the National Practitioner Data Bank from requirements (c)(3), (d)(1) through (d)(4), (e)(4)(G) and (H), and (f) of the Privacy Act (5 U.S.C. 552a).

The system of records for the NPDB, which was last published in the Federal Register on October 1, 2010 (75 FR 60763), will be re-published promptly to reflect this change.

III. Summary and Response to Public Comments

The proposed rule set forth a 60-day public comment period, ending April 18, 2011. HRSA received one response from a national association representing physicians. Following are two concerns highlighted by the commenter and our responses to those concerns.

Issue #1: Commenter believes that shielding law enforcement queries from a NPDB physician subject's review would result in wasted law enforcement resources and would deny physicians due process.

Response: The restriction on revealing law enforcement queries to data bank report subjects has been in place for the last 15 years for the Healthcare Integrity and Protection Data Bank (HIPDB). Law enforcement queries constitute less than one percent of the total queries to the data bank and on average there are only 20 law enforcement queries per year. The act of querying the data bank does not deny providers due process rights or bar them from availing themselves of correction procedures, if a report is filed against them in the data bank. Law enforcement agencies are not required to notify subjects that they are under investigation and doing so would most likely compromise an investigation. The commenter additionally claims that law enforcement resources are being wasted. This claim has no evidentiary support, and HRSA feels it is best left to law enforcement officials to make this determination.

Issue #2: When commenting on the exemption of the NPDB from Privacy Act access and amendment procedures, commenter expressed support maintaining NPDB access and correction procedures so that NPDB subjects are guaranteed access to, and correction rights for, information reported to the NPDB. However, the commenter feels that shielding law enforcement queries from disclosure to physicians would hamper the physician's ability to ensure the accuracy of the information that has been reported to the NPDB.

Response: NPDB access and correction procedures, which guarantee access to, and correction rights for, information reported to the NPDB, are maintained. HRSA disagrees with the statement that disclosure of law enforcement queries would affect a physician's ability to ensure the accuracy of information reported to the data bank. Data bank reports and data bank queries are two separate things. Data bank reports reflect an adverse action taken by a reporting entity, whereas a data bank query is a request for information on a practitioner. Practitioners receive a copy of all reports submitted by a reporting entity along with instructions on correction procedures. If a practitioner elects, they can receive an accounting of entities that have queried them by submitting a self- query. Shielding law enforcement query history does not affect a practitioner's ability to use the report correction procedures. Information on how to dispute the accuracy of a data bank report can be accessed on page F-1 of the NPDB Guidebook at: http://www.npdb-hipdb.hrsa.gov/​resources/​NPDBGuidebook.pdf.

Based on HRSA's review of the public comments, no revisions have been made to the final rule.

Economic and Regulatory Impact

We have reviewed this final rule in accordance with the provisions of Executive Orders 13563 and 12866 and the Regulatory Flexibility Act (5 U.S.C. 601-612) and have determined that it will have no major effect on the economy or Federal expenditures. Executive Orders 13563 and 12866 direct agencies to assess all costs and benefits of available regulatory alternatives and, when rulemaking is necessary, to select regulatory Start Printed Page 72327approaches that maximize net benefits, including potential economic, environmental, public health, safety distributive, and equity effects.

The Secretary has determined that this final rule is not a “major rule” within the meaning of the statute providing for Congressional Review of Agency Rulemaking, 5 U.S.C. 801, and has determined that it does not meet the criteria for a significant regulatory action. In addition, under the Small Business Enforcement Act (SBEA) of 1996, if a rule has a significant economic effect on a substantial number of small businesses, the Secretary must specifically consider the economic effect of a rule on small business entities and analyze regulatory options that could lessen the impact of the rule. The Secretary has reviewed this exemption in accordance with the provisions of the SBEA and certifies that this exemption will not have a significant impact on a substantial number of small entities. Specifically, as indicated above, while the reports of adverse actions to the NPDB will be known to the subjects of the records in the data bank, the access and use of such information by law enforcement agencies would not be known to the subjects of the records, because HRSA believes that disclosure of this information could compromise ongoing law enforcement activities.

Similarly, the final rule will not have effects on State, local, and Tribal governments, and on the private sector such as to require consultation under the Unfunded Mandates Reform Act of 1995.

The Secretary has reviewed this final rule in accordance with Executive Order 13132 regarding federalism and has determined that it does not have “federalism implications.” This rule would not “have substantial direct effects on the States, or on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government.”

The proposals made in this final rule would not adversely affect the following family elements: Family safety, family stability, marital commitment; parental rights in the education, nurture and supervision of their children; family functioning, disposable income, or poverty; or the behavior and personal responsibility of youth, as determined under section 654(c) of the Treasury and General Government Appropriations Act of 1999.

In accordance with the provisions of Executive Order 12866, this final rule was not reviewed by the Office of Management and Budget.

Paperwork Reduction Act

This final rule does not have any information collection requirements.

List of Subjects in 45 CFR Part 5b

• Privacy

PART 5b—PRIVACY ACT REGULATIONS

Accordingly, 45 CFR part 5b is amended as set forth below:

1. The authority citation for part 5b continues to read as follows:

Authority: 5 U.S.C. 301, 5 U.S.C. 552a.

2. Add § 5b.11(b)(2)(ii)(L) to read as follows: