Sie sind auf Seite 1von 6

63906 Federal Register / Vol. 72, No.

218 / Tuesday, November 13, 2007 / Notices

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS Information will be released to these administration of Federal and state HHA
OF THE ACT: organizations for only those facilities programs within the state; and (7)
None. that they accredit and that participate in monitor the continuity of care for
[FR Doc. E7–22079 Filed 11–9–07; 8:45 am] the Medicare program and if they meet patients who reside temporarily outside
the following requirements: (1) Provide of the state. Information maintained in
BILLING CODE 4120–03–P
identifying information for HHAs that this system will also be disclosed to: (1)
have an accreditation status with the Support regulatory, reimbursement, and
DEPARTMENT OF HEALTH AND requesting deemed organization, (2) policy functions performed within the
HUMAN SERVICES submission of a finder file identifying Agency or by a contractor, consultant, or
beneficiaries/patients receiving HHA grantee; (2) assist another Federal and/
Centers for Medicare & Medicaid services, (3) safeguard the or state agency, agency of a state
Services confidentiality of the data and prevent government, an agency established by
unauthorized access, and (4) upon state law, or its fiscal agent, for
Privacy Act of 1974; Report of a completion of a signed data exchange evaluating and monitoring the quality of
Modified or Altered System agreement or a CMS data use agreement. home health care and contribute to the
We will delete routine use number 7 accuracy of health insurance operations;
AGENCY: Department of Health and authorizing disclosure to support
Human Services (HHS), Centers for (3) support research, evaluation, or
constituent requests made to a epidemiological projects related to the
Medicare & Medicaid Services (CMS). congressional representative. If an
ACTION: Notice of a Modified or Altered
prevention of disease or disability, or
authorization for the disclosure has the restoration or maintenance of health,
System of Records (SOR). been obtained from the data subject, and for payment related projects; (4)
then no routine use is needed. The support the functions of Quality
SUMMARY: In accordance with the
Privacy Act allows for disclosures with Improvement Organizations (QIO); (5)
requirements of the Privacy Act of 1974, the ‘‘prior written consent’’ of the data
we are proposing to modify or alter an support the functions of national
subject. We will broaden the scope of
SOR titled ‘‘Home Health Agency (HHA) accrediting organizations; (6) support
published routine uses number 8 and 9,
Outcome and Assessment Information litigation involving the Agency; (7)
authorizing disclosures to combat fraud
Set (OASIS),’’ System No. 09–70–9002, combat fraud, waste, and abuse in
and abuse in the Medicare and
last modified at 66 Federal Register certain health care programs. We have
Medicaid programs to include
66903 (December 27, 2001). We propose provided background information about
combating ‘‘waste’’ which refers
to assign a new CMS identification the modified system in the
increasingly more to specific beneficiary
number to this system to simplify the SUPPLEMENTARY INFORMATION section
or recipient practices that result in
obsolete and confusing numbering unnecessary cost to Federally-funded below. Although the Privacy Act
system originally designed to identify health benefit programs. requires only that CMS provide an
the Bureau, Office, or Center that We are modifying the language in the opportunity for interested persons to
maintained information in the Health remaining routine uses to provide a comment on the routine uses, CMS
Care Financing Administration systems proper explanation as to the need for the invites comments on all portions of this
of records. The new assigned identifying routine use and to provide clarity to notice. See EFFECTIVE DATES section for
number for this system should read: CMS’s intention to disclose individual- comment period.
System No. 09–70–0522. specific information contained in this EFFECTIVE DATES: CMS filed a modified
We propose to modify existing routine system. The routine uses will then be or altered system report with the Chair
use number 1 that permits disclosure to prioritized and reordered according to of the House Committee on Government
agency contractors and consultants to their usage. We will also take the Reform and Oversight, the Chair of the
include disclosure to CMS grantees who opportunity to update any sections of Senate Committee on Homeland
perform a task for the agency. CMS the system that were affected by the Security & Governmental Affairs, and
grantees, charged with completing recent reorganization or because of the the Administrator, Office of Information
projects or activities that require CMS impact of the Medicare Prescription and Regulatory Affairs, Office of
data to carry out that activity, are Drug, Improvement, and Modernization Management and Budget (OMB) on
classified separate from CMS Act of 2003 (MMA) (Pub. L. 108–173) November 6, 2007. To ensure that all
contractors and/or consultants. The provisions and to update language in parties have adequate time in which to
modified routine use will remain as the administrative sections to comment, the modified system,
routine use number 1. We will modify correspond with language used in other including routine uses, will become
existing routine use number 4 that CMS SORs. effective 30 days from the publication of
permits disclosure to Peer Review The primary purposes of the SOR are the notice, or 40 days from the date it
Organizations (PRO). Organizations to collect and maintain information to: was submitted to OMB and Congress,
previously referred to as PROs will be (1) Study and help ensure the quality of whichever is later, unless CMS receives
renamed to read: Quality Improvement care provided by home health agencies
comments that require alterations to this
Organizations (QIO). Information will be (HHA); (2) aid in administration of the
notice.
disclosed to QIOs relating to assessing survey and certification of Medicare/
and improving HHA quality of care. The Medicaid HHAs; (3) enable regulators to ADDRESSES: The public should address
modified routine use will remain as provide HHAs with data for their comments to: CMS Privacy Officer,
routine use number 4. internal quality improvement activities; Division of Privacy Compliance,
CMS proposes to broaden the scope of (4) support agencies of the state Enterprise Architecture and Strategy
rfrederick on PROD1PC67 with NOTICES

the disclosure requirement for routine government to determine, evaluate and Group, Office of Information Services,
use number 5, authorizing disclosure to assess overall effectiveness and quality CMS, Room N2–04–27, 7500 Security
national accrediting organizations that of HHA services provided in the state; Boulevard, Baltimore, Maryland 21244–
have been approved by CMS for (5) provide for the validation, and 1850. Comments received will be
deeming authority for Medicare refinements of the Medicare Prospective available for review at this location, by
requirements for home health services. Payment System; (6) aid in the appointment, during regular business

VerDate Aug<31>2005 15:30 Nov 09, 2007 Jkt 214001 PO 00000 Frm 00034 Fmt 4703 Sfmt 4703 E:\FR\FM\13NON1.SGM 13NON1
Federal Register / Vol. 72, No. 218 / Tuesday, November 13, 2007 / Notices 63907

hours, Monday through Friday from 9 The OASIS information will be individual that additional exposure of
a.m.–3 p.m., eastern time zone. submitted by the HHA to the the record might bring; and
FOR FURTHER INFORMATION CONTACT: government for all patients, except pre- c. That there is a strong probability
Patricia Sevast, Nurse Consultant, partum and postpartum patients, that the proposed use of the data would
Division of Continuing Care Providers, patients under 18 years of age, and in fact accomplish the stated purpose(s).
Survey and Certification Group, Center patients receiving other than personal 3. Requires the information recipient
for Medicaid and State Operations, care or health care services; i.e., to:
CMS, 7500 Security Boulevard, S2–12– housekeeping services and chore a. Establish administrative, technical,
25, Baltimore, Maryland 21244–1850. services. Identifiers will be included for and physical safeguards to prevent
The telephone number is (410) 786– all patients receiving services paid for unauthorized use of disclosure of the
8135, or via e-mail at by Medicare traditional fee-for-service, record; and
patricia.sevast@cms.hhs.gov. Medicaid traditional fee-for-service, b. Remove or destroy at the earliest
Medicare HMO/managed care or time all patient-identifiable information.
SUPPLEMENTARY INFORMATION: Medicaid HMO/managed care. For 4. Determines that the data are valid
I. Description of the Modified or patients with only a non-Medicare or and reliable.
Altered System of Records non-Medicaid payment source, the HHA
will submit OASIS information with III. Proposed Routine Use Disclosures
A. Statutory and Regulatory Basis for masked identifiers and will retain the of Data in the System
System identifier and masked identifier at the A. The Privacy Act allows us to
Authority for maintenance of this HHA. In other words, the patient disclose information without an
system is given under Sections 1102(a), identifier for non-Medicare and non- individual’s consent if the information
1154, 1861(m), 1861(o), 1861(z), 1863, Medicaid patients will only be known is to be used for a purpose that is
1864, 1865, 1866, 1871, 1891, and 1902 and retained by the HHA and not by the compatible with the purpose(s) for
of the Social Security Act. These government. which the information was collected.
provisions of the Act authorize the II. Agency Policies, Procedures, and Any such compatible use of data is
Administrator of CMS to require HHAs Restrictions on Routine Uses known as a ‘‘routine use.’’ The proposed
participating in the Medicare and routine uses in this system meet the
Medicaid programs to complete a A. The Privacy Act permits us to compatibility requirement of the Privacy
standard, valid, patient assessment data disclose information without an Act. We are proposing to establish the
set; i.e., the OASIS, as part of their individual’s consent if the information following routine use disclosures of
comprehensive assessments and is to be used for a purpose that is information maintained in the system:
updates when evaluating adult, non- compatible with the purpose(s) for 1. To support agency contractors,
maternity patients as required by which the information was collected. consultants, or grantees, who have been
section 484.55 of the Conditions of Any such disclosure of data is known as engaged by the agency to assist in the
Participation. Authority is also given a ‘‘routine use.’’ The government will performance of a service related to this
under section 951 of the Medicare only release OASIS information that can collection and who need to have access
Prescription Drug, Improvement, and be associated with an individual as to the records in order to perform the
Modernization Act of 2003 (Pub. L. 108– provided for under ‘‘Section III. activity.
173). Proposed Routine Use Disclosures of We contemplate disclosing
Data in the System.’’ Both identifiable information under this routine use only
B. Collection and Maintenance of Data and non-identifiable data may be in situations in which CMS may enter
in the System disclosed under a routine use. into a contractual or similar agreement
The system collects and maintains We will only collect the minimum with a third party to assist in
information on all patients, except those personal data necessary to achieve the accomplishing CMS function relating to
in a category exempted by purpose of OASIS. CMS has the purposes for this system.
administrative policies and procedures, following policies and procedures CMS occasionally contracts out
who receive services from an HHA concerning disclosures of information certain of its functions when doing so
certified for Medicare and Medicaid that will be maintained in the system. would contribute to effective and
payments. The OASIS data set includes Disclosure of information from this efficient operations. CMS must be able
identifiers. It also includes information system will be approved only to the to give a contractor, consultant or
on: (1) Patient History, (2) Living extent necessary to accomplish the grantee whatever information is
Arrangements, (3) Supportive purpose of the disclosure and only after necessary for the contractor or
Assistance, (4) Sensory Status, (5) CMS: consultant to fulfill its duties. In these
Integumentary Status, (6) Respiratory 1. Determines that the use or situations, safeguards are provided in
Status, (7) Elimination Status, (8) disclosure is consistent with the reason the contract prohibiting the contractor,
Neuro/Emotional/Behavioral Status, (9) that the data is being collected, e.g., to consultant or grantee from using or
Activities of Daily Living/Instrumental evaluate and monitor the quality of disclosing the information for any
Activities of Daily Living (ADL/IADL), home health care and contribute to the purpose other than that described in the
(10) Medications, (11) Equipment accuracy of health insurance operations. contract and requires the contractor,
Management, (12) Emergent Care, and 2. Determines: consultant or grantee to return or
(13) Discharge. Identifiers are patient a. That the purpose for which the destroy all information at the
name, social security number, Medicare disclosure is to be made can only be completion of the contract.
rfrederick on PROD1PC67 with NOTICES

number and Medicaid number. A accomplished if the record is provided 2. To assist another Federal or state
masked identifier is one in which an in individually identifiable form; agency, agency of a state government, an
encrypted value is permanently b. That the purpose for which the agency established by state law, or its
substituted for an identifier to prevent disclosure is to be made is of sufficient fiscal agent to:
recipients of the information from importance to warrant the potential a. Contribute to the accuracy of CMS’s
identifying the individual. effect and/or risk on the privacy of the proper payment of Medicare benefits,

VerDate Aug<31>2005 15:30 Nov 09, 2007 Jkt 214001 PO 00000 Frm 00035 Fmt 4703 Sfmt 4703 E:\FR\FM\13NON1.SGM 13NON1
63908 Federal Register / Vol. 72, No. 218 / Tuesday, November 13, 2007 / Notices

b. Enable such agency to administer a request, and only for those facilities that accomplishing CMS functions relating
Federal health benefits program, or as they accredit and that participate in the to the purpose of combating fraud,
necessary to enable such agency to Medicare program and if they meet the waste, and abuse.
fulfill a requirement of a Federal statute following requirements: CMS occasionally contracts out
or regulation that implements a health a. Provide identifying information for certain of its functions and makes grants
benefits program funded in whole or in HHAs that have an accreditation status when doing so would contribute to
part with federal funds, and/or with the requesting deemed effective and efficient operations. CMS
c. Evaluate and monitor the quality of organization, must be able to give a contractor or
home health care and contribute to the b. submit a finder file identifying
grantee whatever information is
accuracy of health insurance operations. beneficiaries/patients receiving HHA
Other Federal or state agencies in necessary for the contractor or grantee to
services,
their administration of a Federal health c. complete a signed data exchange fulfill its duties. In these situations,
program may require OASIS agreement or a CMS data use agreement, safeguards are provided in the contract
information in order to support and prohibiting the contractor or grantee
evaluations and monitoring of d. safeguard the confidentiality of the from using or disclosing the information
reimbursement for services provided. data and prevent unauthorized access. for any purpose other than that
3. To assist an individual or CMS anticipates providing these described in the contract and requiring
organization for research, evaluation or national accrediting organizations with the contractor or grantee to return or
epidemiological projects related to the OASIS information to enable them to destroy all information.
prevention of disease or disability, or target potential or identified problems 8. To assist another Federal agency or
the restoration or maintenance of health, during the organization’s accreditation to an instrumentality of any
and for payment-related projects. review process of that facility. governmental jurisdiction within or
The collected data will provide the 6. To support the Department of under the control of the United States
research, evaluation and Justice (DOJ), court or adjudicatory body (including any State or local
epidemiological projects a broader, when: governmental agency), that administers,
longitudinal, national perspective of the a. The agency or any component or that has the authority to investigate
data. CMS anticipates that many thereof, or potential fraud, waste, or abuse in, a
researchers will have legitimate requests b. any employee of the agency in his health benefits program funded in
to use these data in projects that could or her official capacity, or whole or in part by Federal funds, when
ultimately improve the care provided to c. any employee of the agency in his
disclosure is deemed reasonably
Medicare patients and the policy that or her individual capacity where the
necessary by CMS to prevent, deter,
governs the care. CMS understands the DOJ has agreed to represent the
discover, detect, investigate, examine,
concerns about the privacy and employee, or
prosecute, sue with respect to, defend
confidentiality of the release of data for d. the United States Government is a
party to litigation or has an interest in against, correct, remedy, or otherwise
a research use. Disclosure of data for
such litigation, and by careful review, combat fraud, waste, or abuse in such
research and evaluation purposes may
CMS determines that the records are programs.
involve aggregate data rather than
individual-specific data. both relevant and necessary to the Other agencies may require OASIS
4. To support Quality Improvement litigation and that the use of such information for the purpose of
Organizations (QIO) in order to assist records by the DOJ, court or combating fraud, waste, and abuse in
the QIO to perform Title XI and Title adjudicatory body is compatible with such Federally-funded programs.
XVIII functions relating to assessing and the purpose for which the agency B. Additional Provisions Affecting
improving HHA quality of care. collected the records. Routine Use Disclosures. To the extent
QIOs will work with HHAs to Whenever CMS is involved in this system contains Protected Health
implement quality improvement litigation, and occasionally when Information (PHI) as defined by HHS
programs, provide consultation to CMS, another party is involved in litigation regulation ‘‘Standards for Privacy of
its contractors, and to state agencies. and CMS’ policies or operations could Individually Identifiable Health
The QIOs will provide a supportive role be affected by the outcome of the Information’’ (45 CFR Parts 160 and 164,
to HHAs in their endeavors to comply litigation, CMS would be able to Subparts A and E) 65 Fed. Reg. 82462
with Medicare Conditions of disclose information to the DOJ, court or (12–28–00). Disclosures of such PHI that
Participation; will assist the state adjudicatory body involved. are otherwise authorized by these
agencies in related monitoring and 7. To assist a CMS contractor
routine uses may only be made if, and
enforcement efforts; assist CMS and (including, but not necessarily limited
as, permitted or required by the
help regional home health to fiscal intermediaries and carriers) that
‘‘Standards for Privacy of Individually
intermediaries in home health program assists in the administration of a CMS-
Identifiable Health Information.’’ (See
integrity assessment; and prepare administered health benefits program,
45 CFR 164–512(a)(1)).
summary information about the nation’s or to a grantee of a CMS-administered
home health care for release to grant program, when disclosure is In addition, our policy will be to
beneficiaries. deemed reasonably necessary by CMS to prohibit release even of data not directly
5. To support national accrediting prevent, deter, discover, detect, identifiable, except pursuant to one of
organizations with approval for deeming investigate, examine, prosecute, sue the routine uses or if required by law,
authority for Medicare requirements for with respect to, defend against, correct, if we determine there is a possibility
home health services (i.e., the Joint remedy, or otherwise combat fraud, that an individual can be identified
rfrederick on PROD1PC67 with NOTICES

Commission on Accreditation of waste, or abuse in such program. through implicit deduction based on
Healthcare Organizations, Accreditation We contemplate disclosing small cell sizes (instances where the
Commission for Health Care, Inc., and information under this routine use only patient population is so small that
the Community Health Accreditation in situations in which CMS may enter individuals could, because of the small
Program). Information will be released into a contractual relationship or grant size, use this information to deduce the
to these organizations upon specific with a third party to assist in identity of the beneficiary).

VerDate Aug<31>2005 15:30 Nov 09, 2007 Jkt 214001 PO 00000 Frm 00036 Fmt 4703 Sfmt 4703 E:\FR\FM\13NON1.SGM 13NON1
Federal Register / Vol. 72, No. 218 / Tuesday, November 13, 2007 / Notices 63909

IV. Safeguards individual, or his/her legal updates when evaluating adult, non-
CMS has safeguards in place for representative, or in accordance with an maternity patients as required by
authorized users and monitors such applicable exception provision of the section 484.55 of the Conditions of
users to ensure against unauthorized Privacy Act. CMS, therefore, does not Participation. Authority is also given
use. Personnel having access to the anticipate an unfavorable effect on under section 951 of the Medicare
system have been trained in the Privacy individual privacy as a result of Prescription Drug, Improvement, and
Act and information security information relating to individuals. Modernization Act of 2003 (Pub. L. 108–
requirements. Employees who maintain Dated: November 7, 2007. 173).
records in this system are instructed not Charlene Frizzera, PURPOSE(S) OF THE SYSTEM:
to release data until the intended Chief Operating Officer, Centers for Medicare The primary purposes of the SOR are
recipient agrees to implement & Medicaid Services. to collect and maintain information to:
appropriate management, operational (1) Study and help ensure the quality of
and technical safeguards sufficient to SYSTEM NO. 09–70–0522
care provided by home health agencies
protect the confidentiality, integrity and SYSTEM NAME: (HHA); (2) aid in administration of the
availability of the information and ‘‘Home Health Agency (HHA) survey and certification of Medicare/
information systems and to prevent Outcome and Assessment Information Medicaid HHAs; (3) enable regulators to
unauthorized access. Set (OASIS),’’ HHS/CMS/CMSO. provide HHAs with data for their
This system will conform to all internal quality improvement activities;
applicable Federal laws and regulations SECURITY CLASSIFICATION:
(4) support agencies of the state
and Federal, HHS, and CMS policies Level Three Privacy Act Sensitive government to determine, evaluate and
and standards as they relate to Data. assess overall effectiveness and quality
information security and data privacy. of HHA services provided in the state;
SYSTEM LOCATION:
These laws and regulations may apply (5) provide for the validation, and
but are not limited to: The Privacy Act The Centers for Medicare & Medicaid
Services (CMS) Data Center, 7500 refinements of the Medicare Prospective
of 1974; the Federal Information Payment System; (6) aid in the
Security Management Act of 2002; the Security Boulevard, North Building,
First Floor, Baltimore, Maryland 21244– administration of Federal and state HHA
Computer Fraud and Abuse Act of 1986; programs within the state; and (7)
the Health Insurance Portability and 1850 and South Building, Baltimore,
Maryland 21244–1850. monitor the continuity of care for
Accountability Act of 1996; the E- patients who reside temporarily outside
Government Act of 2002, the Clinger- CATEGORIES OF INDIVIDUALS COVERED BY THE of the state. Information maintained in
Cohen Act of 1996; the Medicare SYSTEM: this system will also be disclosed to: (1)
Modernization Act of 2003, and the The system of records (SOR) will Support regulatory, reimbursement, and
corresponding implementing contain clinical assessment information policy functions performed within the
regulations. OMB Circular A–130, (OASIS) for all patients receiving the Agency or by a contractor, consultant, or
Management of Federal Resources, services of a Medicare and/or Medicaid grantee; (2) assist another Federal and/
Appendix III, Security of Federal approved HHA, except pre-partum and or state agency, agency of a state
Automated Information Resources also post-partum patients, patients under 18 government, an agency established by
applies. Federal, HHS, and CMS years of age, and patients receiving state law, or its fiscal agent, for
policies and standards include but are other than personal care or health care evaluating and monitoring the quality of
not limited to: All pertinent National services; i.e., housekeeping services and home health care and contribute to the
Institute of Standards and Technology chore services. Identifiable information accuracy of health insurance operations;
publications; the HHS Information will be maintained in the SOR only for (3) support research, evaluation, or
Systems Program Handbook and the those individuals whose payments come epidemiological projects related to the
CMS Information Security Handbook. from Medicare or Medicaid. prevention of disease or disability, or
V. Effects of the Modified System of the restoration or maintenance of health,
CATEGORIES OF RECORDS IN THE SYSTEM:
Records on Individual Rights and for payment related projects; (4)
This SOR will contain individual- support the functions of Quality
CMS proposes to modify this system level demographic and identifying data, Improvement Organizations (QIO); (5)
in accordance with the principles and as well as clinical status data for support the functions of national
requirements of the Privacy Act and will patients with the payment sources of accrediting organizations; (6) support
collect, use, and disseminate Medicare traditional fee for service, litigation involving the Agency; (7)
information only as prescribed therein. Medicaid traditional fee for service, combat fraud, waste, and abuse in
Data in this system will be subject to the Medicare HMO/managed care or certain health care programs.
authorized releases in accordance with Medicaid HMO/managed care.
the routine uses identified in this ROUTINE USES OF RECORDS MAINTAINED IN THE
system of records. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: SYSTEM, INCLUDING CATEGORIES OR USERS AND
CMS will take precautionary Authority for maintenance of this THE PURPOSES OF SUCH USES:
measures (see item IV above) to system is given under Sections 1102(a), A. The Privacy Act allows us to
minimize the risks of unauthorized 1154, 1861(m), 1861(o), 1861(z), 1863, disclose information without an
access to the records and the potential 1864, 1865, 1866, 1871, 1891, and 1902 individual’s consent if the information
harm to individual privacy or other of the Social Security Act. These is to be used for a purpose that is
personal or property rights of patients provisions of the Act authorize the compatible with the purpose(s) for
rfrederick on PROD1PC67 with NOTICES

whose data are maintained in the Administrator of CMS to require HHAs which the information was collected.
system. CMS will collect only that participating in the Medicare and Any such compatible use of data is
information necessary to perform the Medicaid programs to complete a known as a ‘‘routine use.’’ The proposed
system’s functions. In addition, CMS standard, valid, patient assessment data routine uses in this system meet the
will make disclosure from the proposed set; i.e., the OASIS, as part of their compatibility requirement of the Privacy
system only with consent of the subject comprehensive assessments and Act. We are proposing to establish the

VerDate Aug<31>2005 16:59 Nov 09, 2007 Jkt 214001 PO 00000 Frm 00037 Fmt 4703 Sfmt 4703 E:\FR\FM\13NON1.SGM 13NON1
63910 Federal Register / Vol. 72, No. 218 / Tuesday, November 13, 2007 / Notices

following routine use disclosures of c. any employee of the agency in his size, use this information to deduce the
information maintained in the system: or her individual capacity where the identity of the beneficiary).
1. To support agency contractors, DOJ has agreed to represent the
POLICIES AND PRACTICES FOR STORING,
consultants, or grantees, who have been employee, or
RETRIEVING, ACCESSING, RETAINING, AND
engaged by the agency to assist in the d. the United States Government is a
DISPOSING OF RECORDS IN THE SYSTEM:
performance of a service related to this party to litigation or has an interest in
collection and who need to have access such litigation, and by careful review, STORAGE:
to the records in order to perform the CMS determines that the records are All records are stored on paper and
activity. both relevant and necessary to the magnetic disk.
2. To assist another Federal or state litigation and that the use of such
agency, agency of a state government, an records by the DOJ, court or RETRIEVABILITY:
agency established by state law, or its adjudicatory body is compatible with The Medicare and Medicaid records
fiscal agent to: the purpose for which the agency are retrieved by health insurance claim
a. contribute to the accuracy of CMS’s collected the records. number, Social Security number (SSN)
proper payment of Medicare benefits, 7. To assist a CMS contractor or by state assigned Medicaid number.
b. enable such agency to administer a (including, but not necessarily limited
to fiscal intermediaries and carriers) that SAFEGUARDS:
Federal health benefits program, or as
necessary to enable such agency to assists in the administration of a CMS- CMS has safeguards in place for
fulfill a requirement of a Federal statute administered health benefits program, authorized users and monitors such
or regulation that implements a health or to a grantee of a CMS-administered users to ensure against unauthorized
benefits program funded in whole or in grant program, when disclosure is use. Personnel having access to the
part with federal funds, and/or deemed reasonably necessary by CMS to system have been trained in the Privacy
c. evaluate and monitor the quality of prevent, deter, discover, detect, Act and information security
home health care and contribute to the investigate, examine, prosecute, sue requirements. Employees who maintain
accuracy of health insurance operations. with respect to, defend against, correct, records in this system are instructed not
3. To assist an individual or remedy, or otherwise combat fraud, to release data until the intended
organization for research, evaluation or waste, or abuse in such program. recipient agrees to implement
epidemiological projects related to the 8. To assist another Federal agency or appropriate management, operational
prevention of disease or disability, or to an instrumentality of any and technical safeguards sufficient to
the restoration or maintenance of health, governmental jurisdiction within or protect the confidentiality, integrity and
and for payment related projects. under the control of the United States availability of the information and
4. To support Quality Improvement (including any State or local information systems and to prevent
Organizations (QIO) in order to assist governmental agency), that administers, unauthorized access.
the QIO to perform Title XI and Title or that has the authority to investigate This system will conform to all
XVIII functions relating to assessing and potential fraud, waste, or abuse in, a applicable Federal laws and regulations
improving HHA quality of care. health benefits program funded in and Federal, HHS, and CMS policies
5. To support national accrediting whole or in part by Federal funds, when and standards as they relate to
organizations with approval for deeming disclosure is deemed reasonably information security and data privacy.
authority for Medicare requirements for necessary by CMS to prevent, deter, These laws and regulations may apply
home health services (i.e., the Joint discover, detect, investigate, examine, but are not limited to: The Privacy Act
Commission on Accreditation of prosecute, sue with respect to, defend of 1974; the Federal Information
Healthcare Organizations, Accreditation against, correct, remedy, or otherwise Security Management Act of 2002; the
Commission for Health Care, Inc., and combat fraud, waste, or abuse in such Computer Fraud and Abuse Act of 1986;
the Community Health Accreditation programs. the Health Insurance Portability and
Program). Information will be released B. Additional Provisions Affecting Accountability Act of 1996; the E-
to these organizations upon specific Routine Use Disclosures. To the extent Government Act of 2002, the Clinger-
request, and only for those facilities that this system contains Protected Health Cohen Act of 1996; the Medicare
they accredit and that participate in the Information (PHI) as defined by HHS Modernization Act of 2003, and the
Medicare program and if they meet the regulation ‘‘Standards for Privacy of corresponding implementing
following requirements: Individually Identifiable Health regulations. OMB Circular A–130,
a. Provide identifying information for Information’’ (45 CFR Parts 160 and 164, Management of Federal Resources,
HHAs that have an accreditation status Subparts A and E) 65 Fed. Reg. 82462 Appendix III, Security of Federal
with the requesting deemed (12–28–00). Disclosures of such PHI that Automated Information Resources also
organization, are otherwise authorized by these applies. Federal, HHS, and CMS
b. Submit a finder file identifying routine uses may only be made if, and policies and standards include but are
beneficiaries/patients receiving HHA as, permitted or required by the not limited to: All pertinent National
services, ‘‘Standards for Privacy of Individually Institute of Standards and Technology
c. Complete a signed data exchange Identifiable Health Information.’’ (See publications; the HHS Information
agreement or a CMS data use agreement, 45 CFR 164–512(a)(1)). Systems Program Handbook and the
and In addition, our policy will be to CMS Information Security Handbook.
d. Safeguard the confidentiality of the prohibit release even of data not directly
data and prevent unauthorized access. identifiable, except pursuant to one of RETENTION AND DISPOSAL:
6. To support the Department of the routine uses or if required by law, CMS will retain identifiable OASIS
rfrederick on PROD1PC67 with NOTICES

Justice (DOJ), court or adjudicatory body if we determine there is a possibility assessment data for a total period not to
when: that an individual can be identified exceed fifteen (15) years.
a. The agency or any component through implicit deduction based on
thereof, or small cell sizes (instances where the SYSTEM MANAGER AND ADDRESS:
b. any employee of the agency in his patient population is so small that Director, Division of Continuing Care
or her official capacity, or individuals could, because of the small Providers, Survey and Certification

VerDate Aug<31>2005 15:30 Nov 09, 2007 Jkt 214001 PO 00000 Frm 00038 Fmt 4703 Sfmt 4703 E:\FR\FM\13NON1.SGM 13NON1
Federal Register / Vol. 72, No. 218 / Tuesday, November 13, 2007 / Notices 63911

Group, Center for Medicaid and State the reasons for the correction with Description: The Office of Community
Operations, CMS, 7500 Security supporting justification. (These Services (OCS) is a component of the
Boulevard, S2–12–25, Baltimore, Procedures are in accordance with Administration for Children and
Maryland 21244–1850. Department regulation 45 CFR 5b.7). Families (ACF), which is part of the U.S.
NOTIFICATION PROCEDURE:
Department of Health and Human
RECORDS SOURCE CATEGORIES:
Services (HHS). Part of OCS’
For purpose of access, the subject The data contained in this system of responsibilities is the program
individual should write to the system records are obtained from The Outcome administration of Federal grants
manager who will require the system and Assessment Information Set.
name, health insurance claim number, awarded through an annual competitive
and for verification purposes, the SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS process to support urban and rural
subject individual’s name (woman’s OF THE ACT: community economic development
maiden name, if applicable), SSN None. projects carried out by local, non-profit,
(furnishing the SSN is voluntary, but it [FR Doc. E7–22083 Filed 11–9–07; 8:45 am] community-based organizations. OCS is
may make searching for a record easier BILLING CODE 4120–03–P collecting key program information
and prevent delay), address, date of about the CED and the JOLI projects in
birth, and sex. the United States. The legislative
DEPARTMENT OF HEALTH AND requirement for these two programs is in
RECORD ACCESS PROCEDURE: HUMAN SERVICES Title IV of the Community
For purpose of access, use the same Opportunities, Accountability and
procedures outlined in Notification Administration for Children and Training and Educational Services Act
Procedures above. Requestors should Families (COATES Human Services
also specify the record contents being Reauthorization Act) of October 27,
sought. (These procedures are in Proposed Information Collection
1998, Pub. L. 105–285, section 680(b) as
accordance with department regulation Activity; Comment Request
amended. The information collection
45 CFR 5b.5(a)(2)). Proposed Projects questionnaire will gather significant
CONTESTING RECORDS PROCEDURES: Title: Office of Community Services updated information concerning
The subject individual should contact (OCS) Evaluation Initiative: Community program outcomes and management.
the system manager named above, and Economic Development (CED) and Job OCS will use the data to critically
reasonably identify the records and Opportunities for Low-Income (JOLI) review and improve the overall design
specify the information to be contested. Individuals. and effectiveness of each program.
State the corrective action sought and OMB Control No. 0907–0317. Respondents: OCS Grantees.

ANNUAL BURDEN ESTIMATES


Number of Average burden
Number of Total burden
Instrument responses per hours per
respondents hours
respondent response

Questionnaire for OCS–CED Grantees in the United States 147 1 1.5 220.5
Questionnaire for OCS–JOLI Grantees in the United States 25 1 1.5 37.5

Estimated Total Annual Burden whether the information shall have DEPARTMENT OF HEALTH AND
Hours: 258. practical utility; (b) the accuracy of the HUMAN SERVICES
In compliance with the requirements agency’s estimate of the burden of the
of section 3506(c)(2)(A) of the proposed collection of information; (c) Administration for Children and
Paperwork Reduction Act of 1995, the the quality, utility, and clarity of the Families
Administration for Children and information to be collected; and (d)
Families is soliciting public comment Proposed Information Collection
ways to minimize the burden of the
on the specific aspects of the Activity; Comment Request
collection of information on
information collection described above. respondents, including through the use Proposed Projects:
Copies of the proposed collection of of automated collection techniques or
information can be obtained and Title: Data Collection Plan for the
other forms of information technology. Customer Satisfaction Evaluation of
comments may be forwarded by writing Consideration will be given to
to the Administration for Children and Child Welfare Information Gateway.
comments and suggestions submitted
Families, Office of Administration, OMB No.: 0970–0303.
within 60 days of this publication.
Office of Information Services, 370 Description: The National
L’Enfant Promenade, SW., Washington, Dated: November 6, 2007. Clearinghouse on Child Abuse and
DC 20447, Attn: ACF Reports Clearance Robert Sargis, Neglect Information (NCCAN) and the
Officer. E-mail address: Reports Clearance Officer. National Adoption Information
infocollection@acf.hhs.gov. All requests [FR Doc. 07–5609 Filed 11–9–07; 8:45 am] Clearinghouse (NAIC) received OMB
should be identified by the title of the approval to collect data for a customer
BILLING CODE 4184–01–M
rfrederick on PROD1PC67 with NOTICES

information collection. satisfaction evaluation under OMB


The Department specifically requests control number 0970–0303. On June 20,
comments on: (a) Whether the proposed 2006, NCCAN and NAIC were
collection of information is necessary consolidated into Child Welfare
for the proper performance of the Information Gateway (CWIG). In
functions of the agency, including response to this consolidation, the

VerDate Aug<31>2005 15:30 Nov 09, 2007 Jkt 214001 PO 00000 Frm 00039 Fmt 4703 Sfmt 4703 E:\FR\FM\13NON1.SGM 13NON1