[Federal Register: August 12, 1998 (Volume 63, Number 155)]
[Notices]
[Page 43187-43190]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr12au98-71]
[[Page 43187]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Health Care Financing Administration
Privacy Act of 1974; System of Records
AGENCY: Department of Health and Human Services (HHS), Health Care Financing Administration (HCFA).
ACTION: Notice of New System of Records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of 1974, we are proposing to establish a new system of records, called ``Health Plan Management System (HPMS),'' HHS/HCFA/CHPP, No. 09-70-4004. We have provided background information about the proposed new system in the Supplementary Information section below. Although the Privacy Act requires only that the ``routine uses'' portion of the system be published for comment, HCFA invites comments on all portions of this notice.
DATES: HCFA filed a new system report with the Chairman of the Committee on Government Reform and Oversight of the House of Representatives, the Chairman of the Committee on Governmental Affairs of the Senate, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB), on July 31,1998.
To ensure that all parties have adequate time in which to comment, the new system of records, including routine uses, will become effective 40 days from the publication of this notice or from the date it was submitted to OMB and the Congress, whichever is later, unless HCFA receives comments which require alteration to this notice.
ADDRESSES: The public should address comments to Director, Division of Freedom of Information & Privacy, Health Care Financing Administration, 7500 Security Boulevard, C2-01-11, Baltimore, Maryland 21244-1850. Comments received will be available for review at this location, by appointment, Monday through Friday 9 a.m.-3 p.m., eastern time zone.
FOR FURTHER INFORMATION CONTACT: Ms. Lori Robinson, Health Care Financing Administration, Center for Health Plans and Providers, 7500 Security Boulevard, N3-09-16, Baltimore, Maryland 21244-1850. Her telephone number is (410) 786-1826.
SUPPLEMENTARY INFORMATION: The Health Plan Management System is a data file containing rates for selected performance measures for each Medicare health plan. The data are compiled by HIC number, member month contribution, and a flag to indicate if the member was counted in the rate's numerator. The system will collect rate information on categories such as the following:
<bullet> ``Use of Services'' measures such as the frequency of selected procedures (e.g., percutaneous transluminal coronary artery angioplasty, prostatectomy, coronary artery bypass with graft, hysterectomy, cholecystectomy, cardiac catheterization, reduction of fracture of the femur, total hip and knee replacement, partial excision of the large intestine, carotid endarterectomy); percentage of members receiving inpatient, day/night and ambulatory mental health and chemical dependency services; readmission for chemical dependency, and specified mental health disorders.
<bullet> ``Effectiveness of Care'' measures such as breast cancer screening, beta blocker treatment after a heart attack, eye exams for people with diabetes, and follow-up after hospitalization for mental illness.
<bullet> ``Member Satisfaction'' measures related to quality, access, and general satisfaction.
<bullet> ``Functional Status'' measures which are patient centered and track actual outcomes or results of care, addressing both physical and mental well-being over time.
The information from HPMS will be augmented by being linked to other HCFA data and other administrative data to provide validation and greater analytic capacity. The HPMS will be used to:
<bullet> Develop and disseminate summary information required by the Balanced Budget Act of 1997 that will inform beneficiaries and the public of indicators of health plan performance to help beneficiaries choose among health plans. The information will include plan-to-plan comparisons of benefits and co-payments supplemented with consumer satisfaction information and plan performance data.
<bullet> Support quality improvement activities. Summary data will be useful for health plans' internal quality improvement, as well as to HCFA and Peer Review Organizations in monitoring and evaluating the care provided by health plans.
<bullet> Conduct research and demonstrations addressing managed care quality, access, and satisfaction issues.
<bullet> Provide guidance for program management and policy development.
HPMS is derived from population-based tools such as Health Plan Employer Data and Information Set (HEDIS) and the Consumer Assessment of Health Plans Study (CAHPS). The system will contain information on recipients of Medicare Part A and Part B services who are enrolled in health plans. The total number of current enrollees is approximately 5 million. We expect this number to grow over time as beneficiaries move from the original Medicare fee-for-service program.
HEDIS reflects a joint effort of public and private purchasers, consumers, labor unions, health plans, and measurement experts to develop a comprehensive set of performance measures for Medicare, Medicaid, and commercial populations enrolled in managed care plans. HEDIS measures eight aspects of health care: effectiveness of care; access/availability of care, satisfaction with the experience of care, health plan stability, use of services, cost of care, informed health care choices, and health plan descriptive information. In 1997, HCFA is
requiring reporting of a number of performance measures from HEDIS relevant to the Medicare managed care population. The HEDIS data is subject to audit, to ensure that plans submit accurate and complete data. Another aspect of the audit is to assess the reasonableness of
the HEDIS measures. For example, if all or most health plans have problems with a particular measure, the problem could be with the measure, not the plans.
Included in HEDIS is a functional status measure which tracks both physical health and mental health status over a 2-year period through a self-administered instrument in which the beneficiary indicates whether his/her health status has improved, stayed the same, or deteriorated. The measure is risk adjusted for co-morbid conditions, income, race, education, social support, age, and gender. It will be used to compare how well plans care for seniors. It reflects the belief that high quality health care can either improve or at least slow the rate of
decline in senior members' ability to lead active and independent lives.
In concert with the Agency for Health Care Policy and Research, HCFA sponsored the development of a Medicare specific version of the CAHPS consumer satisfaction survey. The survey will collect information about Medicare enrollees' satisfaction, access, and quality of care
within managed care plans. Beginning in 1997, HCFA is requiring all Medicare contracting plans to participate in an independent third party administration of an annual member satisfaction survey.
[[Page 43188]]
All performance measures are subject to modification as new performance measurement sets are developed with a stronger focus on outcomes and chronic disease issues, including patient satisfaction and quality of life measures relevant to specific diseases.
The Privacy Act permits us to disclose information without the consent of individuals for ``routine uses''--that is, disclosures that are compatible with the purpose for which we collected the information. The proposed routine uses in the new system meet the compatibility criteria since the information is collected to produce estimates of health care use and quality, and determinants thereof, by the aged and disabled enrolled in group health plans. We anticipate the disclosures under the routine uses will not result in any unwarranted adverse effects on personal privacy.
Dated: July 31, 1998.
Nancy-Ann Min DeParle,
Administrator, Health Care Financing Administration.
09-70-4004
SYSTEM NAME: Health Plan Management System (HPMS), HHS/HCFA/CHPP.
SECURITY CLASSIFICATION: None.
SYSTEM LOCATION: HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Recipients of Medicare Part A (Hospital Insurance) and Part B (supplementary medical insurance) services who are enrolled in Medicare health plans.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Authority for maintenance of the system is given under section 1875 of the Social Security Act (42 U.S.C. 1395ll), entitled Studies and Recommendations; section 1121 of the Social Security Act (42 U.S.C. 1121), entitled Uniform Reporting System for Health Services Facilities and Organizations; and section 1876 of the Social Security Act (42 U.S.C. 1395mm), entitled Payments to Health Maintenance Organizations and Competitive Medical Plans.
PURPOSES: To collect and maintain information on Medicare beneficiaries enrolled in Medicare Health Plans in order to develop and disseminate information required by the Balanced Budget Act of 1997 that will inform beneficiaries and the public of indicators of health plan
performance to help beneficiaries choose among health plans, support quality improvement activities within the plans, monitor and evaluate care provided by health plans; provide guidance to program management and policies, and provide a research data base for HCFA and other
researchers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: These routine uses specify additional circumstances under which HCFA may release information from the Health Plan Management System without the consent of the individual to whom such information
pertains. Each proposed disclosure of information under these routine uses will be evaluated to ensure that the disclosure is legally permissible, including but not limited to ensuring that the purpose of the disclosure is compatible with the purpose for which the information was collected. Also, HCFA will require each prospective recipient of such information to agree in writing to certain conditions to ensure the continuing confidentiality and security, including physical safeguards of the information. More specifically, as a condition of each disclosure under these routine uses, HCFA will, as necessary and appropriate:
(a) Determine that no other Federal statute specifically prohibits disclosure of the information;
(b) Determine that the use or disclosure does not violate legal limitations under which the information was provided, collected, or obtained;
(c) Determine that the purpose for which the disclosure is to be made;
(1) Cannot reasonably be accomplished unless the information is provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect on or the risk to the privacy of the individual(s) that additional exposure of the record(s) might bring; and
(3) There is a reasonable probability that the purpose of the disclosure will be accomplished;
(d) Require the recipient of the information to:
(1) Establish reasonable administrative, technical, and physical safeguards to prevent unauthorized access, use or disclosure of the record or any part thereof. The physical safeguards shall provide a level of security that is at least the equivalent of the level of security contemplated in OMB Circular No. A-130 (revised), Appendix III, Security of Federal Automated Information Systems which sets forth guidelines for security plans for automated information systems in Federal agencies;
(2) Remove or destroy the information that allows the subject individual(s) to be identified at the earliest time at which removal or destruction can be accomplished consistent with the purpose of the request;
(3) Refrain from using or disclosing the information for any purpose other than the stated purpose under which the information was disclosed, and
(4) Make no further uses or disclosure of the information except:
(i) To prevent or address an emergency directly affecting the health or safety of an individual;
(ii) For use on another project under the same conditions, provided HCFA has authorized the additional use(s) in writing; or
(iii) When required by law;
(e) Secure a written statement or agreement from the prospective recipient of the information whereby the prospective recipient attests to an understanding of and willingness to abide by the foregoing provisions and any additional provisions that HCFA deems appropriate in the particular circumstances; and
(f) Determine whether the disclosure constitutes a computer ``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the disclosure is determined to be a computer ``matching program,'' the
procedures for matching agreements as contained in 5 U.S.C. 552a(o) must be followed.
Disclosure may be made:
1. To a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.
2. To the Bureau of Census for use in processing research and statistical data directly related to the administration of programs under the Social Security Act.
3. To the Department of Justice, to a court or other tribunal, or to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the Department of Justice (or HHS where it is authorized to do so) has agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines that the litigation is likely to affect HHS or any of its components, is a party to litigation or has an interest in such litigation, and HHS determines
[[Page 43189]]
that the use of such records by the Department of Justice, the tribunal, or the other party is relevant and necessary to the litigation and would help in the effective representation of the
governmental party or interest provided, however, that in each case HHS determines that such disclosure is compatible with the purpose for which the records were collected.
4. To an individual or organization for a research, demonstration, evaluation, epidemiological or health care quality improvement project related to the prevention of disease or disability, or the restoration or maintenance of health.
5. To a contractor for the purpose of collating, analyzing, aggregating or otherwise refining or processing records in this system or for developing, modifying and/or manipulating automated information systems (AIS) software. Data would also be disclosed to contractors incidental to consultation, programming, operation, user assistance, or maintenance for AIS or telecommunications systems containing or supporting records in the system.
6. To a Peer Review Organization for health care quality improvement projects conducted in accordance with its contract with HCFA.
7. To state Medicaid agencies pursuant to agreements with the Department of Health and Human Services for determining Medicaid and Medicare eligibility of recipients of assistance under titles IV, XVIII, and XIX of the Social Security Act, and for the complete administration of the Medicaid program.
8. To an agency of a state Government, or established by state law, for purposes of determining, evaluating and/or assessing cost, effectiveness, and/or the quality of health care services provided in the state.
9. To another Federal or state (1) To contribute to the accuracy of HCFA's proper payment of Medicare health benefits, or (2) as necessary to enable such agency to fulfill a requirement of a Federal statute or regulation, or a state statute or regulation that implements a health benefits program funded in whole or in part with Federal funds.
10. To other Federal agencies or states to support the administration of other Federal or state health care programs, if funded in whole or in part by Federal funds.
11. To the Social Security Administration for its assistance in the implementation of HCFA's Medicare and Medicaid programs.
12. To a HCFA Contractor, including but not limited to fiscal intermediaries and carriers under title XVIII of the Social Security Act, to administer some aspect of a HCFA-administered health benefits program, or to a grantee of a HCFA-administered grant program, which program is or could be affected by fraud or abuse, for the purpose of preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating such fraud or abuse in such programs.
13. To another Federal agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States, including any state or local government agency, for the purpose of preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise combating such fraud or abuse in such health benefits programs funded in whole or in part by Federal funds.
14. To any entity that makes payment for or oversees administration of health care services, for the purpose of preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise
combating fraud or abuse against such entity or the program or services administered by such entity, provided:
(i) Such entity enters into an agreement with HCFA to share knowledge and information regarding actual or potential fraudulent or abusive practices or activities regarding the delivery or receipt of health care services, or regarding securing payment or reimbursement for health care services, or any practice or activity that, if directed toward a HCFA-administered program, might reasonably be construed as actually or potentially fraudulent or abusive;
(ii) Such entity does, on a regular basis, or at such times as HCFA may request, fully and freely share such knowledge and information with HCFA, or as directed by HCFA, with HCFA's contractors; and
(iii) HCFA determines that it may reasonably conclude that the knowledge or information it has received or is likely to receive from such entity could lead to preventing, deterring, discovering, detecting, investigating, examining, prosecuting, suing with respect to, defending against, correcting, remedying, or otherwise combating fraud or abuse in the Medicare, Medicaid or other health benefits program administered by HCFA or funded in whole or in part by Federal
funds.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE: All records are stored in file folders, magnetic tapes, or computer disks.
RETRIEVABILITY: The records are retrieved by health insurance claim number.
SAFEGUARDS: For computerized records, safeguards established in accordance with
Department standards and National Institute of Standards and Technology guidelines (e.g., security codes) will be used, limiting access to authorized personnel. System securities are established in accordance with HHS, Information Resource Management (IRM) Circular <greek-i>10, Automated Information Systems Security Program; and HCFA Automated Information Systems (AIS) Guide, Systems Securities Policies, and OMB Circular No. A-130 (revised), Appendix III.
RETENTION AND DISPOSAL: The records are maintained with identifiers as long as needed for program research.
SYSTEM MANAGER(S) AND ADDRESS: Director, Center for Health Plans and Providers, Health Care Financing Administration, 7500 Security Boulevard, Baltimore, Maryland
21244-1850.
NOTIFICATION PROCEDURE: For purpose of access, the subject individual should write the system manager, who will require the system name, health insurance claim number, and, for verification purposes, name, address, date of birth, and sex to ascertain whether or not the individual's record is in the system.
RECORD ACCESS PROCEDURE: Same as notification procedures. Requestors should also reasonably specify the record contents being sought. (These access procedures are in accordance with the Department regulations 45 CFR 5b.5(a)(2).)
CONTESTING RECORD PROCEDURES: Contact the system manager named above, and reasonably identify the record and specify the information to be contested. State the corrective action sought and the reasons for the correction with supporting justification. (These procedures are in accordance with Department regulation 45 CFR 5b.7.)
[[Page 43190]]
RECORD SOURCE CATEGORIES: The identifying information contained in these records is obtained from the health plans (which obtained the data from the individual concerned) or the individuals themselves. Also, these data will be linked with HCFA administrative data, such as claims and enrollment data.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: None.
[FR Doc. 98-21502 Filed 8-11-98; 8:45 am]
BILLING CODE 4120-03-P
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | CMS |
| File Modified | 0000-00-00 |
| File Created | 2021-02-02 |