Federal Register: November 10, 2008 (Volume 73, Number 218)
DOCID: fr10no08-63 FR Doc E8-26725
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Inspector General Office, Health and Human Services Department
NOTICE: NOTICES
DOCID: fr10no08-63
DOCUMENT ACTION: Notice of proposed new Privacy Act System of Records.
SUBJECT CATEGORY:
Privacy Act of 1974; New OIG Privacy Act System of Records: Consolidated Data Repository
DATES: Effective Date: This system of records will become effective without further notice on December 22, 2008, unless comments received on or before that date result in a contrary determination.
Comment Date: Comments on this new system of records will be considered if we receive them at the addresses provided below no later than 5 p.m. Eastern Standard Time on December 10, 2008.
DOCUMENT SUMMARY:
The Privacy Act of 1974 (5 U.S.C. 552(e)(4)) requires that all agencies publish in the Federal Register a notice of the existence and character of their system of records. Notice is hereby given that OIG is adding a new system of records entitled ``Consolidated Data RepositoryHHSOIG'' (09901000).
SUMMARY:
Privacy Act; Systems of Records,
SUPPLEMENTAL INFORMATION
Under Section 2 of the Inspector General Act of 1978, as amended, OIG is required to conduct audits and investigations relating to programs and operations of the Department. In performing these required functions, OIG must collect, collate, and analyze claims information relating to services rendered to Medicare beneficiaries and Medicaid recipients. For this reason, OIG is establishing a new system of records which combines information from several existing HHS systems of records with information from State sources. This combined system of records is necessary for OIG to perform timely and independent audits, evaluations and inspections, and investigations of the Medicare and Medicaid programs.
In addition, in compliance with the ``Incident Reporting and Handling Requirements'' set forth in the Office of Management and Budget Memoranda 0716, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, OIG is incorporating the routine use language into this new system of records as part of our normal System of Records Notice (SORN) review development process. Description of the Proposed System of Records
Records from the Centers for Medicare & Medicaid Services and State
Medicaid agencies will be incorporated into this new system of records.
The new system of records will be created by including Medicare and
Medicaid enrollment, eligibility, and claims data records on all
beneficiaries and recipients. Data in the system of records will
include names; Social Security numbers (SSNs); health insurance
identification numbers; and claims information relating to inpatient,
outpatient, physician/supplier, skilled nursing facilities, nursing
home, hospice, home health, durable medical equipment, dental, prescription drug, and managed care.
Agency Policies, Procedures and Restrictions on the Routine Use
The Privacy Act permits OIG to disclose information outside HHS without an individual's consent if the information is to be used for a purpose that is compatible with the purposes for which the information was collected. Any such disclosure of data is known as a routine use. Accordingly, we are proposing to establish the following routine use disclosures of records maintained in the system:
1. Disclosure may be made to Federal, State, and local agencies for the purpose of better identifying the total current health care usage of the Medicare and Medicaid patient population.
2. Disclosure may be made to Federal, State, and local government agencies and national health organizations to assist in the development of programs that will be beneficial to claimants and to protect their rights under law and assure that they are receiving all benefits to which they are entitled.
3. Disclosure may be made to a Federal department or agency or to a contractor of a Federal department or agency in order to conduct Federal audits, evaluations and inspections, or investigations necessary to accomplish a statutory purpose of an agency. OIG must be able to disclose information for purposes needed to accomplish a statutory purpose of a Federal agency.
4. Disclosure may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.
5. In the event of litigation, information from the system of records may be disclosed to the Department of Justice, to a judicial or administrative tribunal, opposing counsel, and witnesses in the course of proceedings involving HHS, any HHS employee (where the matter pertains to the employee's official duties), or the United States, or any agency thereof where the litigation is likely to affect HHS, or HHS is a party or has an interest in the litigation and the use of the information is relevant and necessary to the litigation.
6. In the event that a system of records maintained by OIG to carry out its functions indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether Federal, State, local, or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, rule, regulation, or order issued pursuant thereto.
7. In the event the that Department deems it desirable or necessary in determining whether particular records are required to be disclosed under the Freedom of Information Act, disclosure may be made to the Department of Justice for the purpose of obtaining its advice.
8. A record from this system of records may be disclosed to a Federal agency in response to its request in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the record is relevant and necessary to the requesting agency's decision on the matter.
9. The system of records may be disclosed to student volunteers and other individuals performing functions for the Department but technically not having the status of agency employees, if they need access to the records to perform their assigned agency functions.
10. A record may be disclosed to appropriate Federal agencies and Department contractors that have a need to know the information for the purpose of assisting the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, and the information disclosed is relevant and necessary for that assistance.
Safeguards
OIG has safeguards in place for authorized users and monitors users
to ensure against unauthorized use. The system will conform to all
applicable Federal laws and regulations and Federal, HHS, and OIG
policies and standards as they relate to information security and data privacy.
[[Page 66650]]
Effects of the Proposed System of Records on Individual Rights
This system is established in accordance with the principles and requirements of the Privacy Act and will collect, use, and disseminate information only as prescribed therein. Data in this system will be subject to the authorized releases in accordance with the routine uses identified in this system of records notice.
OIG will take precautionary measures to minimize the risks of
unauthorized access to the records and the potential harm to individual
privacy or other personal or property rights of beneficiaries and
recipients whose data are maintained in the system. OIG will make
disclosures from the proposed system in accordance with the Privacy
Act. OIG does not anticipate an unfavorable effect on individual
privacy as a result of the disclosure of information relating to
individuals. This proposed change will not otherwise increase access to these records.
Dated: October 28, 2008.
Daniel R. Levinson,
Inspector General.
09901000
FOR FURTHER INFORMATION CONTACT
Marco Villagrana, Department of Health & Human Services, Office of Inspector General, Office of External Affairs, (202) 4012206; or Stephen Conway, Department of Health & Human Services, Office of Inspector General, Office of Audit Services, (617) 5652946.