Supporting Statement A
National
Practitioner Data Bank (NPDB) Attestation of Reports by Hospitals,
Medical Malpractice Payers, Health Plans, and Certain Other Health
Care Entities
OMB Control No. 0906-xxxx
Terms of Clearance: New Collection
A. Justification
This is a request for OMB approval of a new National Practitioner Data Bank (NPDB) information collection activity; the attestation of reports by hospitals, medical malpractice payers, health plans, and certain other health care entities1. The NPDB protects the public, and reduces health care fraud and abuse in the United States by preventing incompetent practitioners from moving state to state without disclosure or discovery of previous damaging or incompetent performance. Responsibility for the NPDB implementation and operation resides in the Division of Practitioner Data Bank (DPDB), Bureau of Health Workforce, Health Resources and Services Administration (HRSA), Department of Health and Human Services (HHS).
In order to achieve this, the NPDB regulations mandate that multiple entity types including state licensing boards, health plans, medical malpractice payers, government agencies, and other health care entities, report certain adverse actions taken against practitioners, providers, or suppliers.
The NPDB engages in compliance activities to ensure the accuracy and completeness of the information in the NPDB. Evaluating and measuring certain entities’ compliance with the NPDB reporting requirements is difficult due to constraints discussed below. However, to adequately serve our mission, the NPDB is committed to ensuring that required reporters understand and adhere to the legally mandated reporting requirements. This requires ongoing education, outreach and compliance work. The NPDB does engage in regular compliance activities with state boards, as described in more detail below; however, there is no current process for reviewing the compliance of hospitals, medical malpractice payers, health centers, or health plans.
There is speculation and often great variance in opinion amongst different interest groups about the level of adherence to the NPDB’s reporting responsibilities. Without a method for cross-referencing data in a way that provides valuable insight into an entity’s compliance, the NPDB has been unable to gauge entities’ understanding or commitment to their reporting requirements. Through the Attestation process, the NPDB can better determine which medical malpractice payers, health plans, hospitals and health centers, are meeting the reporting requirements, and which of these entities may require additional outreach and assistance. The biennial Attestation process will strengthen the robustness of the data in the NPDB, improving the accuracy of query responses for entities with access to the NPDB reports.
As discussed below, there are multiple legal authorities governing the NPDB. The NPDB regulations are applicable to entities in all 50 States, the District of Columbia, and the U.S. territories of American Samoa, Guam, Northern Marianas, Puerto Rico, and the Virgin Islands. For simplicity, any reference to a state or entity in this Supporting Statement should be interpreted to include the District of Columbia and the five U.S. territories.
The three significant laws that currently govern the NPDB operations are summarized below. The NPDB regulations implementing these laws are codified at 45 CFR Part 60.
Title IV of Public Law 99-660, Health Care Quality Improvement Act of 1986
The intent of Title IV is to improve the quality of health care by encouraging State licensing boards, professional societies, hospitals, and other health care entities to restrict the ability of incompetent physicians, dentists, and other health care practitioners to move from State to State without disclosure or discovery of previous medical malpractice payment and adverse action history. These adverse actions include certain licensure, clinical privileges, and professional society membership actions, as well as Drug Enforcement Administration (DEA) controlled-substance registration actions and exclusions from participation in Medicare, Medicaid, and other Federal health care programs.
Section 1921 of the Social Security Act
Section 1921 was enacted to provide protection from unfit health care practitioners to beneficiaries participating in Medicare and State health care programs and to improve the anti-fraud provisions of these programs. Information collected and disclosed by the NPDB under Section 1921 includes State licensure and certification actions against health care practitioners, entities, providers, and suppliers; negative actions or findings by peer review organizations and private accreditation organizations; and certain final adverse actions taken by certain State
Agencies, including State law enforcement agencies, State Medicaid fraud control units, and State agencies administering or supervising the administration of State health care programs. These final adverse actions include exclusions from a State health care program, health care-related criminal convictions and civil judgments in State court, and other adjudicated actions or decisions specified in regulations.
Section 1128E of the Social Security Act
The original purpose of Section 1128E was to establish a national data collection program, formerly known as the HIPDB, to combat health care fraud and abuse. Section 1128E information is now collected and disclosed by the NPDB and includes certain final adverse actions taken by Federal agencies and health plans against health care practitioners, providers, and suppliers. These actions consist of Federal licensure and certification actions, exclusions from participation in a Federal health care program, health care-related criminal convictions and civil judgments, and other adjudicated actions or decisions specified in regulations. Table A-1 outlines these statutes.
II. Information Collection and Compliance
The regulations in part 45 CFR 60 establish reporting requirements applicable to hospitals, health care entities, Boards of Medical Examiners, and professional societies of health care practitioners which take adverse licensure or professional review actions; state licensing or certification authorities, peer review organizations, and private accreditation entities that take licensure or certification actions or negative actions or findings against health care practitioners, health care entities, providers, or suppliers; entities (including insurance companies) making payments as a result of medical malpractice actions or claims; and Federal government agencies, state law and fraud enforcement agencies and health plans that take final adverse actions against health care practitioners, providers, and suppliers.
Information must be reported to the NPDB as required under §§ 60.7, 60.8, 60.9, 60.10, 60.11, 60.12, 60.13, 60.14, 60.15 and 60.16. Information required under §§ 60.7, 60.8, and 60.12 must be submitted to the NPDB within 30 days following the action to be reported, beginning with actions occurring on or after September 1, 1990; information required under § 60.11 must be submitted to the NPDB within 30 days following the action to be reported, beginning with actions occurring on or after January 1, 1992; and information required under §§ 60.9, 60.10, 60.13, 60.14, 60.15, and 60.16 must be submitted to the NPDB within 30 days following the action to be reported, beginning with actions occurring on or after August 21, 1996. Below is the list of reportable actions:
Malpractice payments (§ 60.7);
Licensure and certification actions (§§ 60.8, 60.9, and 60.10);
Negative actions or findings (§ 60.11);
Adverse actions (§ 60.12);
Health care-related criminal convictions (§ 60.13);
Health care-related civil judgments (§ 60.14);
Exclusions from Federal or State health care programs (§ 60.15); and
Other adjudicated actions or decisions (§ 60.16).
Persons or entities responsible for submitting reports of malpractice payments (§ 60.7), negative actions or findings (§ 60.11), or adverse actions (§ 60.12) must additionally provide to their respective State authorities a copy of the report they submit to the NPDB. There are over 1,289,000 reports in the NPDB, with an average of 9,000 new reports processed every month.
The NPDB engages in regular state licensing compliance activities. In addition to Attestation, state licensing boards are subject to regular, comprehensive review of adverse licensure and certification actions reported to the NPDB. The Attestation effort is automated and requires little additional effort of registered entities. Like the Attestation process discussed in this OMB package, the current Attestation process for state licensing boards occurs biennially at the time of registration renewal.
The comprehensive licensing board compliance activities involve case management, targeted outreach, and matching of publically available information to that in the NPDB. While the effort has been largely automated to reduce burden on the registered entities and the NPDB staff, the review and matching process can be time consuming for the NPDB staff and contractors. Duplicating this effort with other entities such as hospitals, medical malpractice payers, health plans and health centers would not be possible, due to the lack of publically available information on the types of actions taken by those entities, and the volume of reports. In the face of these constraints, the NPDB determined that an Attestation process would be the most effective and efficient way to evaluate and address the compliance of other entities.
Through Attestation, hospitals, medical malpractice payers, health plans, and certain other health care entities (i.e., health centers) will be required to attest that they understand and have met their responsibility to submit all required reports to the NPDB. The Attestation process will be completely automated through the secure the NPDB system (OMB No. 0915-0054) (https://www.npdb.hrsa.gov), using both secure email messaging and system notifications to alert entities registered with the NPDB of their responsibility to attest. All entities with reporting requirements and querying access to the NPDB must register with the NPDB before gaining access to the secure The NPDB system for all reporting and querying transactions.
Although the Attestation process and forms are new, the secure NPDB system currently used by hospitals, medical malpractice payers, health plans, and health care entities to conduct reporting and querying will not change, ensuring that these entities are familiar with the interface needed to complete the Attestation process. The NPDB will ask these entities to attest their reporting compliance every two years. If the organization is responsible for privileging or credentialing individuals who provide services for other sites, those sites will be included in the Attestation process.
As the health care industry continues to evolve, the structures of our reporting entities have changed. There is a need to understand entity reporting operations in the context of these new environments. Through the Attestation process, the NPDB will have the opportunity to learn more about entities and further gauge their understanding and compliance with the NPDB reporting requirements. In turn, the NPDB will be in a better position to improve its operations, maintain a complete and accurate repository of information, and contribute to protecting public safety.
The NPDB serves as a single flagging system; its principal purpose is to facilitate comprehensive review of health care practitioners' professional credentials and background. The Attestation process will aid the NPDB in fulfilling its mission by assuring that reporting entities are appropriately meeting the NPDB reporting requirements, in turn providing valuable information about a healthcare practitioner’s background to the NPDB’s users throughout the United States. The Attestation process will serve as an accountability measure that will enable the NPDB to better fulfill its mission to collect and provide complete, accurate, timely, and reliable information on the nation’s health care practitioners, providers, and suppliers to improve health care quality, promote patient safety, and deter fraud and abuse.
Users of the NPDB include reporters (entities that are required to submit reports) and queriers (entities that are authorized to request for information). Data collected through the Attestation process will inform the NPDB operations and facilitate the structuring of compliance efforts in a manner that is the most effective. The Attestation process will also serve as a catalyst to collect meaningful data about reporting entities which can later be transformed into actionable information and serve as a platform for future initiatives. The Attestation forms will collect the following information: information regarding sub-sites and entity relationships; contact information for the Attesting Official; and a statement attesting whether or not all required reports have been submitted.
In addition to strengthening the NPDB ’s efforts to establish accountability, Attestation will contribute to the NPDB’s ability to meet its mission and help maintain a quality health workforce by encouraging hospitals, health centers, and health plans, to identify and discipline those who engage in unprofessional behavior; and to restrict the ability of incompetent health care practitioners, providers, or suppliers to move from state to state without disclosure of previous damaging or incompetent performance. Attestation for medical malpractice payers will ensure standardized reporting across different adjudicative processes and models, in response to a changing industry with variability in the application of the NPDB reporting requirements.
Attestation will be an entirely automated process completed via the secure the NPDB system (https://www.npdb.hrsa.gov). The secure system will use both secure email messaging and system notifications to alert entities registered with the NPDB of their responsibility to attest. All entities with attestation requirements to the NPDB must first register with the NPDB before gaining access to the secure the NPDB system. All Attestation processes are performed through this secure website.
There is a large amount of confidential information in the NPDB that is not available from any other source. Prior to 1990, when the NPDB began operations, a single, consolidated, national repository of information on medical malpractice payments, State licensure disciplinary actions, adverse actions on clinical privileges and professional society membership did not exist. The Federation of State Medical Boards (FSMB) has maintained a data bank of information on State Medical Board licensure actions. Although all States report, participation in this data bank is voluntary.
The majority of States require some form of reporting of medical malpractice payments, usually to State Medical Boards, but such information is not routinely compiled on a national basis. In some States, information on adverse actions taken by health care entities is reported to the State licensing board, but it has never been collected systematically or been generally available. Similarly, there has been no centralized reporting of professional society membership adverse actions. HRSA drew on the experience of similar existing information collection systems to the extent feasible when developing the NPDB. For example, the classification system used in reporting licensure disciplinary actions is a modification of the system used by the FSMB. The classification system used for acts or omissions that resulted in a medical malpractice insurance payment is adapted from a coding system developed by the Harvard Risk Management Foundation. Standardized methods of collecting the required information typically do not exist.
The information collected is not expected to have a significant effect on small businesses. The electronic forms are incorporated into web interfaces which all end-users routinely use when fulfilling querying and reporting requirements.
Attempts are made to keep data collections to the minimum needed to differentiate adequately among entities with different reporting requirements and identify if entities are compliant with statutory requirements. An eligible entity may use an authorized agent to respond to the Attestation process if it uses an authorized agent for reporting to the NPDB.
Attestation of compliance with reporting requirements will be collected by the NPDB biennially. Determining options for frequency of attestation was thoroughly discussed, taking the following operational variables into consideration:
The projected amount of adverse action reports by reporting entities
Amount of time and effort required of each entity in order to respond to the Attestation process.
Correlating follow-up actions required of the NPDB for each attestation submitted by an entity.
Amount of time and workload required of the NPDB staff for follow-up actions on attestations.
Impact of frequency on overall deployment, introduction, and acceptance of the new Attestation process by entities.
It was determined that it would be most effective to introduce the new Attestation process with an biennial frequency which would ensure adequate involvement and understanding of compliance requirements by entities, while not creating burdensome and overwhelming tasks for involved parties. Biennial frequency would also increase acceptance of the new process by entities and in-turn further enable DPDB’s effectiveness and efficiency in meeting its overall objectives.
HCQIA requires timely reporting to the NPDB to increase its capacity to provide current information on health care providers to its users. In order to sufficiently track information reported by entities and ensure timely reporting and reliability of the NPDB data, biennial collection of attestation by entities, at the minimum, would be necessary.
Less frequent collection would compromise the quality and integrity of the NPDB data and its related operations, as it would deny access to valuable information and observable evidence that entities are compliant with the NPDB reporting requirements. Furthermore, it would increase the risk to the NPDB end-users and the patient safety within their entities. Consequently, it would also place HHS at risk of being non-compliant with HCQIA, as well as expose HHS to vulnerability of public scrutiny.
This request fully complies with the aforementioned regulations.
8A: A 60-day Federal Register Notice was published in the Federal Register on June 10, 2016, Vol. 81, No. 112; pp. 37613-14. There were no public comments.
8B: In preparing this request, DPDB consulted with users of the NPDB to detect any problems they may have had with the electronic Attestation process. As part of this effort, we collected feedback from 6 users in usability evaluation sessions (approved through HRSA generic clearance, OMB 0915-0212, exp. 5/31/18). See Table 1 for specific event details. These sessions allowed DPDB to gather feedback from users and get suggestions on areas for improvement.
Table 1: User Feedback Gathering Events
Usability Event Topic |
Date/Time Frame |
Number of Attendees/Participants |
Health Center Form Usability Testing |
January 2016 – February 2016 |
6 |
TOTAL |
6 |
|
A summary of the comments received are provided below. As noted, the NPDB has resolved some of the problems identified by users. Despite user testing only occurring on the Health Center Form, all suggestions were incorporated into both the Health Center and Generic Forms given their strong similarities
Suggestions that have been implemented:
Displayed an alert for all users that the Attestation is required and must be completed by the administrator
Streamlined attestation screens to enable better self-service, reduce errors, and enable faster transactions with fewer steps
Reduced extraneous text
Reduced or hid extra fields on the attestation forms
Made it easier to find an error on the form
Allowed attesting users to save all data in the attestation workflow, instead of losing the data when they go back to a previous step
Eliminated requirement to add comments for missing reports; only requested the reason rather than details of the missing reports
Included an option for users to exit attestation and enter missing reports at a later, convenient time
There will be no compensation to respondents.
A number of security features are employed to assure the confidentiality of the information transmitted as well as to prevent unauthorized access. HRSA follows the National Institute of Standards and Technology security guidelines. More specifically, the NPDB has extensive operational, management, and technical controls that ensure the security of the system and protect the data in the system. The NPDB contains information classified under the Privacy Act that is considered personally identifiable information (PII). On a biennial basis, the NPDB conducts a detailed security review process that tests the effectiveness of the security controls to ensure the PII in the system remains safe. In accordance with HHS policy, a Privacy Impact Assessment has been completed for the NPDB and is attached to this package. Finally, every three years, the NPDB is Certified and Accredited as a requirement to have an Authority to Operate, in order to function as a Federal system.
Data will be kept private to the extent allowed by law. Should the Attestation process lead to activities which establish a failure to report by a reporting entity, to include licensure and certification actions taken by states, or other adjudicated actions, pursuant to procedures at 45 CFR Part 60, the Secretary is authorized to provide for a publication of a public report that identifies failures to report information to the NPDB as required to be reported under 45 CFR Part 60, Sections 60.9, 60.10, 60.13, 60.14, 60.15 and 60.16. Pursuant to 45§60.12, the Secretary is authorized to publish the name of the health care entity in the Federal Register if the Secretary has reason to believe that a health care entity has substantially failed to report information in accordance with 45 CFR §60.12 and all requirements under 45CFR §60.12 (1-2) are met.
Nothing in this section will prevent the disclosure of information by a party from its own files used to create such reports where disclosure is otherwise authorized under applicable State or Federal law.
The Attestation process in itself does not contain questions pertaining to sex, behavior, attitude, religious beliefs, or any other matters that are commonly considered private or sensitive in nature.
This section summarizes the total estimated burden hours for information collection and the cost associated with those hours. Table 2 provides the estimated annualized burden hours and Table 3 shows the estimated annualized cost burden.
12A.
Estimated Annualized Burden Hours
There are approximately 6,800
hospitals, 575 medical malpractice payers, 1,400 health plans, and
2,200 health centers registered with the NPDB. However, the
reporting entities may include multiple sites that are registered
independently in the system, thereby increasing the total number of
respondents. Therefore, we estimate there will be 7,500 respondents
for hospitals, 750 respondents for medical malpractice payers, 1,500
respondents for health plans, and 3,000 respondents for health
centers for 12,750 total respondents. Given that entities will only
be required to complete attestation biennially, these estimates are
divided in half for the annualized burden hours.
Table 2: Estimated Annualized Burden Hours
Type of Respondent |
Form Name |
Number of Respondents |
Responses per Respondent |
Total Responses |
Average Burden per Response (in hours) |
Total Burden Hours |
Health Centers |
Health Center Form2 |
1,500 |
1 |
1,500 |
1 |
1,500 |
Medical Malpractice Payers |
Generic Form3
|
375 |
1 |
375 |
1 |
375 |
Health Plans |
Generic Form |
750 |
1 |
750 |
1 |
750 |
Hospitals |
Generic Form |
3,750 |
1 |
3,750 |
1 |
3,750 |
Totals |
|
6,3754 |
|
6,375 |
|
6,375 |
Although the Attestation process and forms are new, the secure NPDB system currently used by hospitals, medical malpractice payers, health plans, and certain other health care entities to conduct reporting and querying will not change, ensuring that these entities are familiar with the interface needed to complete the Attestation process. The NPDB will ask these entities to attest to their reporting compliance every two years. If the organization is responsible for privileging or credentialing individuals who provide services for other sites, those sites will be included in the Attestation process.
12B. Estimated Annualized Cost Burden
The
Department of Labor website was used to determine appropriate wage
rates for respondents (http://www.bls.gov/bls/blswage.htm).
The mean hourly wages for the following professions were selected as
samples from the website:
Claims Adjusters, Appraisers, Examiners, and Investigators ($30.32)
Administrative Services Managers ($41.40)
Management Occupations ($55.30)
Attesting entities will likely
utilize varying levels of professionals to complete the Attestation
process. In order to provide an adequate estimated annualized cost
burden, the highest occupational rate (Management Occupations $55.30)
was selected to perform this estimate.
Table 3: Estimated Annualized Cost Burden
Respondent |
Form Name |
Total Burden Hours |
Hourly Wage Rate |
Total Respondent Costs |
Management Occupations |
Health Center Form |
1,500 |
$55.30 |
$82,950 |
Generic Form
|
4,875 |
$55.30 |
$269,588 |
|
TOTAL |
|
6,375 |
|
$352,538 |
Estimates of Other Total Annual Cost Burden to Respondents or Record-keepers/Capital Costs
Other
than their time, there is no cost to respondents.
Table 4 details the specific items that are included in the calculation of the estimated annualized cost to the Federal government.
Table 4: Estimated Annualized Cost to Federal Government
Item |
Details |
Annual Value |
The NPDB Program Staff
|
30 government full-time equivalent staff involved in various aspects of support including contract management and oversight, IT investments, disputes, compliance, policy, and general oversight and management of DPDB operations. ($6,000,000 FY2016 salary expense for 30 FTE @25% effort) |
$1,500,000 |
The NPDB Support Contract |
Support contract for the operation, maintenance, and enhancement of the NPDB IT system, customer service center, maintenance of the public the NPDB website, and related technical services.($12,000,000 contract expense in FY2016 @ 15% effort) |
$1,800,000 |
Estimated Annualized Cost to Federal Government |
$3,300,000 |
|
This is a new information collection.
The data set will be analyzed by the NPDB for purposes of anticipating, shaping, and executing compliance efforts as well as developing appropriate strategies to achieve the NPDB objectives.
Ultimately, data stripped of identifiers will be available to HRSA for use in preparation of Reports to Congress, HRSA, and others for research purposes.
Should the Attestation process lead to activities which establish a failure to report by a reporting entity, to include licensure and certification actions taken by states, or other adjudicated actions, pursuant to procedures at 45 CFR Part 60, the Secretary is authorized to provide for a publication of a public report that identifies failures to report information to the NPDB as required to be reported under 45 CFR Part 60, Sections 60.9, 60.10, 60.13, 60.14, 60.15 and 60.16. Pursuant to 45§60.12, the Secretary is authorized to publish the name of the health care entity in the Federal Register if the Secretary has reason to believe that a health care entity has substantially failed to report information in accordance with 45 CFR §60.12 and all requirements under 45CFR §60.12 (1-2) are met.
The OMB number and expiration date will be displayed on every page of every form/instrument.
There are no exceptions to the certification.
1 Unless otherwise noted, the term “certain other health care entities” refers to health centers whose access and reporting obligations for are addressed in the NPDB statutory and regulatory requirements for health care entities. In this document, “health center” refers to organizations that receive grants under the HRSA Health Center Program as authorized under section 330 of the Public Health Service Act, as amended (referred to as “grantees”) and FQHC Look-Alike organizations, which meet all the Health Center Program requirements but do not receive Health Center Program grants. It does not refer to FQHCs that are sponsored by tribal or Urban Indian Health Organizations, except for those that receive Health Center Program grants.
2 Certain other health care entities, as defined previously, will use the Health Center Form to attest. It provides additional information and guidance for those entities less familiar with NPDB reporting.
3 Hospitals, medical malpractice payers, and health plans will attest using the generic form.
4 There are approximately 6,800 hospitals, 575 medical malpractice payers, 1,400 health plans, and 2,200 health centers registered with the NPDB. However, the reporting entities may include multiple sites that are registered independently in the system, thereby increasing the total number of respondents. Therefore, we estimate there will be 7,500 respondents for hospitals, 750 respondents for medical malpractice payers, 1,500 respondents for health plans, and 3,000 respondents for health centers for 12,750 total respondents. Given that entities will only be required to complete attestation biennially, these estimates are divided in half for the annualized burden hours.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | Supporting Statement |
| Author | DNguyen |
| File Modified | 0000-00-00 |
| File Created | 2021-01-23 |