[Federal Register Volume 63, Number 155 (Wednesday, August 12, 1998)]
[Notices]
[Pages 43187-43190]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-21502]
[[Page 43187]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Health Care Financing Administration
Privacy Act of 1974; System of Records
AGENCY: Department of Health and Human Services (HHS), Health Care
Financing Administration (HCFA).
ACTION: Notice of New System of Records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, we are proposing to establish a new system of records, called
``Health Plan Management System (HPMS),'' HHS/HCFA/CHPP, No. 09-70-
4004. We have provided background information about the proposed new
system in the Supplementary Information section below. Although the
Privacy Act requires only that the ``routine uses'' portion of the
system be published for comment, HCFA invites comments on all portions
of this notice.
DATES: HCFA filed a new system report with the Chairman of the
Committee on Government Reform and Oversight of the House of
Representatives, the Chairman of the Committee on Governmental Affairs
of the Senate, and the Administrator, Office of Information and
Regulatory Affairs, Office of Management and Budget (OMB), on July
31,1998.
To ensure that all parties have adequate time in which to comment,
the new system of records, including routine uses, will become
effective 40 days from the publication of this notice or from the date
it was submitted to OMB and the Congress, whichever is later, unless
HCFA receives comments which require alteration to this notice.
ADDRESSES: The public should address comments to Director, Division of
Freedom of Information & Privacy, Health Care Financing Administration,
7500 Security Boulevard, C2-01-11, Baltimore, Maryland 21244-1850.
Comments received will be available for review at this location, by
appointment, Monday through Friday 9 a.m.-3 p.m., eastern time zone.
FOR FURTHER INFORMATION CONTACT: Ms. Lori Robinson, Health Care
Financing Administration, Center for Health Plans and Providers, 7500
Security Boulevard, N3-09-16, Baltimore, Maryland 21244-1850. Her
telephone number is (410) 786-1826.
SUPPLEMENTARY INFORMATION: The Health Plan Management System is a data
file containing rates for selected performance measures for each
Medicare health plan. The data are compiled by HIC number, member month
contribution, and a flag to indicate if the member was counted in the
rate's numerator. The system will collect rate information on
categories such as the following:
``Use of Services'' measures such as the frequency of
selected procedures (e.g., percutaneous transluminal coronary artery
angioplasty, prostatectomy, coronary artery bypass with graft,
hysterectomy, cholecystectomy, cardiac catheterization, reduction of
fracture of the femur, total hip and knee replacement, partial excision
of the large intestine, carotid endarterectomy); percentage of members
receiving inpatient, day/night and ambulatory mental health and
chemical dependency services; readmission for chemical dependency, and
specified mental health disorders.
``Effectiveness of Care'' measures such as breast cancer
screening, beta blocker treatment after a heart attack, eye exams for
people with diabetes, and follow-up after hospitalization for mental
illness.
``Member Satisfaction'' measures related to quality,
access, and general satisfaction.
``Functional Status'' measures which are patient centered
and track actual outcomes or results of care, addressing both physical
and mental well-being over time.
The information from HPMS will be augmented by being linked to
other HCFA data and other administrative data to provide validation and
greater analytic capacity. The HPMS will be used to:
Develop and disseminate summary information required by
the Balanced Budget Act of 1997 that will inform beneficiaries and the
public of indicators of health plan performance to help beneficiaries
choose among health plans. The information will include plan-to-plan
comparisons of benefits and co-payments supplemented with consumer
satisfaction information and plan performance data.
Support quality improvement activities. Summary data will
be useful for health plans' internal quality improvement, as well as to
HCFA and Peer Review Organizations in monitoring and evaluating the
care provided by health plans.
Conduct research and demonstrations addressing managed
care quality, access, and satisfaction issues.
Provide guidance for program management and policy
development.
HPMS is derived from population-based tools such as Health Plan
Employer Data and Information Set (HEDIS) and the Consumer Assessment
of Health Plans Study (CAHPS). The system will contain information on
recipients of Medicare Part A and Part B services who are enrolled in
health plans. The total number of current enrollees is approximately 5
million. We expect this number to grow over time as beneficiaries move
from the original Medicare fee-for-service program.
HEDIS reflects a joint effort of public and private purchasers,
consumers, labor unions, health plans, and measurement experts to
develop a comprehensive set of performance measures for Medicare,
Medicaid, and commercial populations enrolled in managed care plans.
HEDIS measures eight aspects of health care: effectiveness of care;
access/availability of care, satisfaction with the experience of care,
health plan stability, use of services, cost of care, informed health
care choices, and health plan descriptive information. In 1997, HCFA is
requiring reporting of a number of performance measures from HEDIS
relevant to the Medicare managed care population. The HEDIS data is
subject to audit, to ensure that plans submit accurate and complete
data. Another aspect of the audit is to assess the reasonableness of
the HEDIS measures. For example, if all or most health plans have
problems with a particular measure, the problem could be with the
measure, not the plans.
Included in HEDIS is a functional status measure which tracks both
physical health and mental health status over a 2-year period through a
self-administered instrument in which the beneficiary indicates whether
his/her health status has improved, stayed the same, or deteriorated.
The measure is risk adjusted for co-morbid conditions, income, race,
education, social support, age, and gender. It will be used to compare
how well plans care for seniors. It reflects the belief that high
quality health care can either improve or at least slow the rate of
decline in senior members' ability to lead active and independent
lives.
In concert with the Agency for Health Care Policy and Research,
HCFA sponsored the development of a Medicare specific version of the
CAHPS consumer satisfaction survey. The survey will collect information
about Medicare enrollees' satisfaction, access, and quality of care
within managed care plans. Beginning in 1997, HCFA is requiring all
Medicare contracting plans to participate in an independent third party
administration of an annual member satisfaction survey.
[[Page 43188]]
All performance measures are subject to modification as new
performance measurement sets are developed with a stronger focus on
outcomes and chronic disease issues, including patient satisfaction and
quality of life measures relevant to specific diseases.
The Privacy Act permits us to disclose information without the
consent of individuals for ``routine uses''--that is, disclosures that
are compatible with the purpose for which we collected the information.
The proposed routine uses in the new system meet the compatibility
criteria since the information is collected to produce estimates of
health care use and quality, and determinants thereof, by the aged and
disabled enrolled in group health plans. We anticipate the disclosures
under the routine uses will not result in any unwarranted adverse
effects on personal privacy.
Dated: July 31, 1998.
Nancy-Ann Min DeParle,
Administrator, Health Care Financing Administration.
09-70-4004
SYSTEM NAME:
Health Plan Management System (HPMS), HHS/HCFA/CHPP.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Recipients of Medicare Part A (Hospital Insurance) and Part B
(supplementary medical insurance) services who are enrolled in Medicare
health plans.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Authority for maintenance of the system is given under section 1875
of the Social Security Act (42 U.S.C. 1395ll), entitled Studies and
Recommendations; section 1121 of the Social Security Act (42 U.S.C.
1121), entitled Uniform Reporting System for Health Services Facilities
and Organizations; and section 1876 of the Social Security Act (42
U.S.C. 1395mm), entitled Payments to Health Maintenance Organizations
and Competitive Medical Plans.
PURPOSES:
To collect and maintain information on Medicare beneficiaries
enrolled in Medicare Health Plans in order to develop and disseminate
information required by the Balanced Budget Act of 1997 that will
inform beneficiaries and the public of indicators of health plan
performance to help beneficiaries choose among health plans, support
quality improvement activities within the plans, monitor and evaluate
care provided by health plans; provide guidance to program management
and policies, and provide a research data base for HCFA and other
researchers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
These routine uses specify additional circumstances under which
HCFA may release information from the Health Plan Management System
without the consent of the individual to whom such information
pertains. Each proposed disclosure of information under these routine
uses will be evaluated to ensure that the disclosure is legally
permissible, including but not limited to ensuring that the purpose of
the disclosure is compatible with the purpose for which the information
was collected. Also, HCFA will require each prospective recipient of
such information to agree in writing to certain conditions to ensure
the continuing confidentiality and security, including physical
safeguards of the information. More specifically, as a condition of
each disclosure under these routine uses, HCFA will, as necessary and
appropriate:
(a) Determine that no other Federal statute specifically prohibits
disclosure of the information;
(b) Determine that the use or disclosure does not violate legal
limitations under which the information was provided, collected, or
obtained;
(c) Determine that the purpose for which the disclosure is to be
made;
(1) Cannot reasonably be accomplished unless the information is
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect on or the
risk to the privacy of the individual(s) that additional exposure of
the record(s) might bring; and
(3) There is a reasonable probability that the purpose of the
disclosure will be accomplished;
(d) Require the recipient of the information to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized access, use or disclosure of the
record or any part thereof. The physical safeguards shall provide a
level of security that is at least the equivalent of the level of
security contemplated in OMB Circular No. A-130 (revised), Appendix
III, Security of Federal Automated Information Systems which sets forth
guidelines for security plans for automated information systems in
Federal agencies;
(2) Remove or destroy the information that allows the subject
individual(s) to be identified at the earliest time at which removal or
destruction can be accomplished consistent with the purpose of the
request;
(3) Refrain from using or disclosing the information for any
purpose other than the stated purpose under which the information was
disclosed, and
(4) Make no further uses or disclosure of the information except:
(i) To prevent or address an emergency directly affecting the
health or safety of an individual;
(ii) For use on another project under the same conditions, provided
HCFA has authorized the additional use(s) in writing; or
(iii) When required by law;
(e) Secure a written statement or agreement from the prospective
recipient of the information whereby the prospective recipient attests
to an understanding of and willingness to abide by the foregoing
provisions and any additional provisions that HCFA deems appropriate in
the particular circumstances; and
(f) Determine whether the disclosure constitutes a computer
``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the
disclosure is determined to be a computer ``matching program,'' the
procedures for matching agreements as contained in 5 U.S.C. 552a(o)
must be followed.
Disclosure may be made:
1. To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
2. To the Bureau of Census for use in processing research and
statistical data directly related to the administration of programs
under the Social Security Act.
3. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and HHS
determines
[[Page 43189]]
that the use of such records by the Department of Justice, the
tribunal, or the other party is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party or interest provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
4. To an individual or organization for a research, demonstration,
evaluation, epidemiological or health care quality improvement project
related to the prevention of disease or disability, or the restoration
or maintenance of health.
5. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this system
or for developing, modifying and/or manipulating automated information
systems (AIS) software. Data would also be disclosed to contractors
incidental to consultation, programming, operation, user assistance, or
maintenance for AIS or telecommunications systems containing or
supporting records in the system.
6. To a Peer Review Organization for health care quality
improvement projects conducted in accordance with its contract with
HCFA.
7. To state Medicaid agencies pursuant to agreements with the
Department of Health and Human Services for determining Medicaid and
Medicare eligibility of recipients of assistance under titles IV,
XVIII, and XIX of the Social Security Act, and for the complete
administration of the Medicaid program.
8. To an agency of a state Government, or established by state law,
for purposes of determining, evaluating and/or assessing cost,
effectiveness, and/or the quality of health care services provided in
the state.
9. To another Federal or state (1) To contribute to the accuracy of
HCFA's proper payment of Medicare health benefits, or (2) as necessary
to enable such agency to fulfill a requirement of a Federal statute or
regulation, or a state statute or regulation that implements a health
benefits program funded in whole or in part with Federal funds.
10. To other Federal agencies or states to support the
administration of other Federal or state health care programs, if
funded in whole or in part by Federal funds.
11. To the Social Security Administration for its assistance in the
implementation of HCFA's Medicare and Medicaid programs.
12. To a HCFA Contractor, including but not limited to fiscal
intermediaries and carriers under title XVIII of the Social Security
Act, to administer some aspect of a HCFA-administered health benefits
program, or to a grantee of a HCFA-administered grant program, which
program is or could be affected by fraud or abuse, for the purpose of
preventing, deterring, discovering, detecting, investigating,
examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating such fraud or abuse in
such programs.
13. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States, including any state or local government agency, for the purpose
of preventing, deterring, discovering, detecting, investigating,
examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating such fraud or abuse in
such health benefits programs funded in whole or in part by Federal
funds.
14. To any entity that makes payment for or oversees administration
of health care services, for the purpose of preventing, deterring,
discovering, detecting, investigating, examining, prosecuting, suing
with respect to, defending against, correcting, remedying, or otherwise
combating fraud or abuse against such entity or the program or services
administered by such entity, provided:
(i) Such entity enters into an agreement with HCFA to share
knowledge and information regarding actual or potential fraudulent or
abusive practices or activities regarding the delivery or receipt of
health care services, or regarding securing payment or reimbursement
for health care services, or any practice or activity that, if directed
toward a HCFA-administered program, might reasonably be construed as
actually or potentially fraudulent or abusive;
(ii) Such entity does, on a regular basis, or at such times as HCFA
may request, fully and freely share such knowledge and information with
HCFA, or as directed by HCFA, with HCFA's contractors; and
(iii) HCFA determines that it may reasonably conclude that the
knowledge or information it has received or is likely to receive from
such entity could lead to preventing, deterring, discovering,
detecting, investigating, examining, prosecuting, suing with respect
to, defending against, correcting, remedying, or otherwise combating
fraud or abuse in the Medicare, Medicaid or other health benefits
program administered by HCFA or funded in whole or in part by Federal
funds.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
All records are stored in file folders, magnetic tapes, or computer
disks.
RETRIEVABILITY:
The records are retrieved by health insurance claim number.
SAFEGUARDS:
For computerized records, safeguards established in accordance with
Department standards and National Institute of Standards and Technology
guidelines (e.g., security codes) will be used, limiting access to
authorized personnel. System securities are established in accordance
with HHS, Information Resource Management (IRM) Circular 10,
Automated Information Systems Security Program; and HCFA Automated
Information Systems (AIS) Guide, Systems Securities Policies, and OMB
Circular No. A-130 (revised), Appendix III.
RETENTION AND DISPOSAL:
The records are maintained with identifiers as long as needed for
program research.
SYSTEM MANAGER(S) AND ADDRESS:
Director, Center for Health Plans and Providers, Health Care
Financing Administration, 7500 Security Boulevard, Baltimore, Maryland
21244-1850.
NOTIFICATION PROCEDURE:
For purpose of access, the subject individual should write the
system manager, who will require the system name, health insurance
claim number, and, for verification purposes, name, address, date of
birth, and sex to ascertain whether or not the individual's record is
in the system.
RECORD ACCESS PROCEDURE:
Same as notification procedures. Requestors should also reasonably
specify the record contents being sought. (These access procedures are
in accordance with the Department regulations 45 CFR 5b.5(a)(2).)
CONTESTING RECORD PROCEDURES:
Contact the system manager named above, and reasonably identify the
record and specify the information to be contested. State the
corrective action sought and the reasons for the correction with
supporting justification. (These procedures are in accordance with
Department regulation 45 CFR 5b.7.)
[[Page 43190]]
RECORD SOURCE CATEGORIES:
The identifying information contained in these records is obtained
from the health plans (which obtained the data from the individual
concerned) or the individuals themselves. Also, these data will be
linked with HCFA administrative data, such as claims and enrollment
data.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
None.
[FR Doc. 98-21502 Filed 8-11-98; 8:45 am]
BILLING CODE 4120-03-P
