[Federal Register Volume 63, Number 99 (Friday, May 22, 1998)]
[Notices]
[Pages 28396-28398]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-13856]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Health Care Financing Administration
Privacy Act of 1974; Report of New System
AGENCY: Health Care Financing Administration (HCFA), Department Health
and Human Services (HHS).
ACTION: Notice of New System of Records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, we are proposing to establish a new system of records, ``Long
Term Care Minimum Data Set (LTC MDS),'' HHS/HCFA/CMSO System No. 09-70-
1516. We have provided background information about the proposed system
in the ``Supplementary Information'' section below. Although the
Privacy Act requires only that the ``routine use'' portion of the
system be published for comment, HCFA invites comments on all portions
of this notice. See ``Effective Dates'' section for comment period.
EFFECTIVE DATES: HCFA filed a new system report with the Chair of the
House Committee on Government Reform and Oversight, the Chair of the
Senate Committee on Governmental Affairs, and the Administrator, Office
of Information and Regulatory Affairs, Office of Management and Budget
(OMB) on May 19, 1998. To ensure that all parties have adequate time in
which to comment, the new system of records, including routine uses,
will become effective 40 days after the publication of this notice or
from the date submitted to OMB and the Congress, whichever is later,
unless HCFA receives comments which require alterations to this notice.
ADDRESSES: The public should address comments to the HCFA Privacy Act
Officer, Division of Freedom of Information and Privacy, Office of
Information Services, C2-01-11, Baltimore, Maryland 21244-1850.
Comments received will be available for review at this location, by
appointment, Monday through Friday from 9 am.--3 pm., eastern time
zone.
FOR FURTHER INFORMATION CONTACT: Helene Fredeking, Director, Division
of Outcomes and Improvements, Center for Medicaid and State Operations,
HCFA, 7500 Security Boulevard, S2-11-07, Baltimore, Maryland 21244-
1850. The telephone number is (410) 786-7304.
SUPPLEMENTARY INFORMATION: Sections 1819(b)(3)(A) and 1919(b)(3)(A) of
the Social Security Act require LTC facilities participating in the
Medicare and Medicaid programs to conduct comprehensive, accurate,
standardized, reproducible assessments of each resident's functional
capacity. Sections 1819(f) and 1919(f) of the Social Security Act
require the Secretary to specify an MDS of core elements and common
definitions for use by the facilities, to establish guidelines for use
of the data set, and to designate one or more assessment instruments
which a state requires facilities to use.
A notice of proposed rulemaking (NPRM) was published in the Federal
Register, Vol. 57, No. 249, page 61626 on December 28, 1992. A final
rule was published, in the Federal Register, Vol. 62, No. 246, page
67174--67213, on December 23, 1997. The rule requires facilities
certified to participate in Medicare and/or Medicaid to encode and
transmit the information contained in the MDS to the state using a
format that conforms to standard record layouts and data dictionaries.
The state is subsequently required to transmit the data to HCFA using
the same standard record layouts and data dictionaries.
This new system of records shall contain the assessment information
(MDS records) for each individual residing in LTC facilities that are
certified to participate in the Medicare and/or Medicaid programs
(including private pay individuals). Each state's resident assessment
instrument must contain the assessment instrument designated by HCFA,
which includes the MDS and its common definitions, triggers, and
utilization guidelines.
The LTC MDS includes standard demographic data for identification
such as resident name, Social Security Number, Medicare number,
Medicaid number, gender, race/ethnicity, and birth date. The MDS may
also contain data elements that describe the resident's health status
in the following areas:
Customary Routines
Cognitive Patterns
Communication/Hearing Patterns
Vision Patterns
Mood and Behavior Patterns
Psychosocial Well-being
Physical Functioning and Structural Problems
Continence Status
Disease Diagnoses
Health Conditions
Oral/Nutritional Status
Oral/Dental Status
Skin Condition
Activity Pursuit Patterns
Medications
Special Treatments and Procedures
Discharge Potential and Overall Status
Participation in Assessment
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
which is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' The proposed routine uses in this system meet the compatibility
requirement of the Privacy Act.
Dated: May 19, 1998.
Nancy-Ann Min DeParle,
Administrator, Health Care Financing Administration.
09-70-1516
SYSTEM NAME:
Long Term Care Minimum Data Set (LTC MDS), HHS/HCFA/CMSO.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
HCFA Data Center, 7500 Security Boulevard, Baltimore, Maryland
21244-1850.
HCFA contractors and agents at various locations.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Residents in all LTC facilities that are Medicare and/or Medicaid
certified, including private pay individuals.
CATEGORIES OF RECORDS IN THE SYSTEM:
Individual-level demographic and identifying data as well as
clinical status data.
[[Page 28397]]
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Sections 1102(a), 1819(f), 1919(f), 1819(b)(3)(A), 1919(b)(3)(A),
and 1864 of the Social Security Act.
PURPOSE(S):
To aid in the administration of the survey and certification of
Medicare/Medicaid LTC facilities and to study the effectiveness and
quality of care given in those facilities. This system will also
support regulatory, reimbursement, policy, and research functions, and
enable regulators to provide long term care facility staff with outcome
data for providers' internal quality improvement activities.
ROUTINE USE OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
These routine uses specify additional circumstances under which
HCFA may release information from the LTC MDS system without the
consent of the individual to whom such information pertains. Each
proposed disclosure of information under these routine uses will be
evaluated to ensure that the disclosure is legally permissible,
including but not limited to ensuring that the purpose of the
disclosure is compatible with the purpose for which the information was
collected. Also, HCFA will require each prospective recipient of such
information to agree in writing to certain conditions to ensure the
continuing confidentiality and physical safeguards of the information.
More specifically, as a condition of each disclosure under these
routine uses, HCFA will, as necessary and appropriate:
(a) Determine that no other Federal statute specifically prohibits
disclosure of the information;
(b) Determine that the use or disclosure does not violate legal
limitations under which the information was provided, collected, or
obtained;
(c) Determine that the purpose for which the disclosure is to be
made;
(1) Cannot reasonably be accomplished unless the information is
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect on or the
risk to the privacy of the individual(s) that additional exposure of
the record(s) might bring; and
(3) There is a reasonable probability that the purpose of the
disclosure will be accomplished;
(d) Require the recipient of the information to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized access, use, or disclosure of the
record or any part thereof. The physical safeguards shall provide a
level of security that is at least the equivalent to the level of
security contemplated in OMB Circular No. A-130 (revised), Appendix
III, Security of Federal Automated Information Systems which sets forth
guidelines for security plans for automated information systems in
Federal agencies.
(2) Remove or destroy the information that allows subject
individual(s) to be identified at the earliest time at which removal or
destruction can be accomplished, consistent with the purpose of the
request;
(3) Refrain from using or disclosing the information for any
purpose other than the stated purpose under which the information was
disclosed; and
(4) Make no further use or disclosure of the information except:
(i) To prevent or address an emergency directly affecting the
health or safety of an individual;
(ii) For use on another project under the same conditions, provided
HCFA has authorized the additional use(s) in writing; or
(iii) When required by law;
(e) Secure a written statement or agreement from the prospective
recipient of the information whereby the prospective recipient attests
to an understanding of, and willingness to abide by, the foregoing
provisions and any additional provisions that HCFA deems appropriate in
the particular circumstance; and
(f) Determine whether the disclosure constitutes a computer
``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the
disclosure is determined to be a computer ``matching program,'' the
instructions regarding preparation and transmission of a matching
agreement as stated in 5 U.S.C. 552a(o) must be followed.
Disclosure may be made:
1. To a Congressional office from the record of an individual in
response to an inquiry from the Congressional office made at the
request of that individual.
2. To the Bureau of Census for use in processing research and
statistical data directly related to the administration of Agency
programs.
3. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when:
(a) HHS, or any component thereof;
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components;
is party to litigation or has an interest to such litigation, and HHS
determines that the use of such records by the Department of Justice,
the tribunal, or the other party is relevant and necessary to the
litigation and would help in the effective presentation of the
governmental party or interest, provided, however, that in each case
HHS determines that such disclosure is compatible with the purpose for
which the records were collected.
4. To an individual or organization for a research, evaluation, or
epidemiological project related to the prevention of disease or
disability, or the restoration or maintenance of health.
5. To a HCFA contractor for the purpose of collating, analyzing,
aggregating, or otherwise refining or processing records in this system
or for developing, modifying, and/or manipulating automated data
processing (ADP) software. Data could also be disclosed to contractors
incidental to consultation, programming, operation, user assistance, or
maintenance for ADP or telecommunications systems containing or
supporting records in the system.
6. To an agency of a state government, or established by state law,
for purposes of determining, evaluating, and/or assessing overall or
aggregate cost, effectiveness, and/or quality of health care services
provided in the state; or for the purpose of administration of federal-
state health care programs within the state. Data will be released to
the state only on those individuals who are either residents in long
term care facilities within the state or are legal residents of the
state irrespective of the location of the LTC facility wherein they are
residents. In effect, only data collected by the state for HCFA may be
released for this purpose.
7. To another Federal agency (1) To contribute to the accuracy of
HCFA's proper payment of Medicare health benefits, and/or (2) to enable
such agency to administer a Federal health benefits program, or as
necessary to enable such agency to fulfill a requirement of a Federal
statute or regulation that implements a health benefits program funded
in whole or in part with Federal funds.
8. To a HCFA contractor to perform Title XI or Title XVIII (of the
Social Security Act) functions. Records from the LTC MDS may be
released to a Peer Review Organization (PRO), or other HCFA contractor
respectively, for performing medical review functions under these
provisions of the law.
[[Page 28398]]
9. To a HCFA contractor, including but not limited to, fiscal
intermediaries and carriers under Title XVIII of the Social Security
Act, to administer some aspect of a HCFA-administered health benefits
program, or to a grantee of a HCFA-administered grant program, which
program is or could be affected by fraud or abuse, for the purpose of
preventing, deterring, discovering, detecting, investigating,
examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating such fraud or abuse in
such programs.
10. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States, including any state or local government agency, for the purpose
of preventing, deterring, discovering, detecting, investigating,
examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating such fraud or abuse in
such programs.
11. To any entity that makes payment for or oversees administration
of health care services, for the purpose of preventing, deterring,
discovering, detecting, investigating, examining, prosecuting, suing
with respect to, defending against, correcting, remedying, or otherwise
combating fraud or abuse against such entity or the program or services
administered by such entity, provided:
(i) Such entity enters into an agreement with HCFA to share
knowledge and information regarding actual or potential fraudulent or
abusive practices or activities regarding the delivery or receipt of
health care services, or regarding securing payment or reimbursement
for health care services, or any practice or activity that, if directed
toward a HCFA-administered program, might reasonably be construed as
actually or potentially fraudulent or abusive;
(ii) Such entity does, on a regular basis, or at such times as HCFA
may request, fully and freely share such knowledge and information with
HCFA, or as directed by HCFA, with HCFA's contractors; and
(iii) HCFA determines that it may reasonably conclude that the
knowledge or information it has received or is likely to receive from
such entity could lead to preventing, deterring, discovering,
detecting, investigating, examining, prosecuting, suing with respect
to, defending against, correcting, remedying, or otherwise combating
fraud or abuse in the Medicare, Medicaid, or other health benefits
program administered by HCFA or funded in whole or in part by Federal
funds.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
All records are stored on magnetic media.
RETRIEVABILITY:
All records are retrieved by Social Security Number or Health
Insurance Claim Number or by state-assigned Medicaid number.
SAFEGUARDS:
For computerized records, safeguards established in accordance with
Department standards and National Institute of Standards and Technology
guidelines (e.g., security codes) will be used, limiting access to
authorized personnel. System securities are established in accordance
with HHS, Information Resource Management (IRM) Circular #10, Automated
Information Systems (AIS) Guide, Systems Security Policies, and OMB
Circular No. A-130 (revised), Appendix III.
RETENTION AND DISPOSAL:
Records are maintained with identifiers as long as needed for
program research.
SYSTEM MANAGER(s) AND ADDRESS:
Director, Center for Medicaid and State Operations, 7500 Security
Boulevard, Baltimore, Maryland, 21244-1850.
NOTIFICATION PROCEDURE:
To determine whether the individual's record is in the system, the
subject individual should write to the system manager and furnish the
following information: Name of system; health insurance claim number;
and for verification purposes, the subject individual's name (woman's
maiden name, if applicable), social security number, address, date of
birth, and sex.
RECORD ACCESS PROCEDURES:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Individuals in the system should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with the Department regulations 45 CFR
5b.5.)
CONTESTING RECORD PROCEDURES:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons for
the correction with supporting justification. (These procedures are in
accordance with Department regulations 45 CFR 5b.7.)
RECORD SOURCE CATEGORIES:
LTC Resident Assessment Instrument which includes the minimum data
set and resident assessment protocols.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
None.
[FR Doc. 98-13856 Filed 5-21-98; 8:45 am]
BILLING CODE 4120-03-P
