SupportingStatementA_DPDB

Download: docx | pdf

Supporting Statement A

National Practitioner Data Bank (NPDB) Attestation of Reports by Hospitals, Medical Malpractice Payers, Health Plans, Health Centers, and Other Eligible Entities

OMB Control No. 0906-0028

Revision

Terms of Clearance: Revision

A. Justification

1. Circumstances Making the Collection of Information Necessary

This is a request for Office of Management and Budget (OMB) approval of a revised National Practitioner Data Bank (NPDB) information collection activity; the attestation of reports, queries, and confidentiality compliance by eligible entities such as hospitals, medical malpractice payers, health plans, health centers¹ and other eligible entities². The NPDB protects the public, and reduces health care fraud and abuse in the United States by preventing incompetent practitioners from moving state to state without disclosure or discovery of previous damaging or incompetent performance. Responsibility for the NPDB implementation and operation resides in the Division of Practitioner Data Bank (DPDB), Bureau of Health Workforce, Health Resources and Services Administration (HRSA), Department of Health and Human Services (HHS).

NPDB regulations mandate that multiple entity types including state licensing boards, health plans, government agencies, health centers, and other eligible entities report certain adverse actions taken against practitioners, providers, or suppliers. NPDB regulations mandate medical malpractice payers to report to the NPDB payments made on behalf of practitioners. State licensing boards, health plans, government agencies, other health care entities, and other eligible entities have the option to query on practitioners. The NPDB regulations also mandate that hospitals report certain adverse actions taken against practitioners, providers, or suppliers, and are required by federal law to query the NPDB.

The NPDB engages in compliance activities to ensure the accuracy and completeness of the information in the NPDB. Evaluating and measuring certain entities’ compliance with the NPDB regulatory requirements is difficult due to constraints discussed below. Attestation is the NPDB’s national outreach and education initiative to ensure that all eligible organizations are meeting their NPDB regulatory requirements (e.g., reporting, querying, and confidentiality). During attestation, entities will confirm that they have submitted all reportable actions and medical malpractice payments to the NPDB. Entities will also attest to their querying and confidentiality compliance, as applicable. Attestation will occur when entities renew their registration with the NPDB every two years. To adequately serve our mission, the NPDB is committed to ensuring that NPDB users understand and adhere to the legally mandated reporting, querying, and confidentiality requirements.

There is speculation, and often great variance in opinion amongst different interest groups, about the level of adherence to the NPDB’s reportingresponsibilities. Without a method for cross-referencing data in a way that provides valuable insight into an entity’s compliance, the NPDB has been unable to gauge entities’ understanding or commitment to their reporting requirements. Through the Attestation process, the NPDB can better determine which medical malpractice payers, health plans, hospitals, health centers, and other eligible entities are meeting the reporting, querying, and confidentiality requirements, and which of these entities may require additional outreach and assistance. The biennial Attestation process will strengthen the robustness of the data in the NPDB, improving the accuracy of query responses for entities with access to the NPDB reports.

Summary of the proposed changes since the last clearance:

1. Add Query and Confidentiality language to the instruments.

Beyond attesting to meeting NPDB reporting requirements, entities will also attest to querying and confidentiality compliance.

2. Change Title of ICR

Current Title: National Practitioner Data Bank Attestation of Reports by Hospitals, Medical Malpractice Payers, Health Plans, and Certain Other Health Care Entities

Proposed New Title: National Practitioner Data Bank Attestation of Reports by Hospitals, Medical Malpractice Payers, Health Plans, Health Centers, and Other Eligible Entities

3. Add NPDB Guidebook definition for Eligible Entities in footnote.

4. Discontinue use of the Generic Form.

Currently Hospitals, Medical Malpractice Payers, and Health Plans use the Generic Form to attest. This revision includes making each attestation form specific to entity type based on reporting/querying requirements.

5. Revise attestation question so that all entities will receive the same question.

1. Current question for health centers:

Has your organization reported all adverse actions taken from Month DD, YYYY to Month DD, YYYY affecting the clinical privileges of a physician or dentist as defined above?

• Yes, all required reports are submitted

• No, some required reports have not been submitted

If “no”, why not? ________

2. Current question for hospitals, health plans, medical malpractice payers:

Has your organization submitted all reports, as required by law, from <MM DD, YYYY>, to <MM DD, YYYY>?

• Yes, all required reports are submitted

• No, some required reports have not been submitted

If “no”, why not? ________

3. New question for all registered entities:

Has your organization complied with all NPDB regulatory requirements as outlined above?

• Yes

• No

If “no”, why not? ____

I. Legal Authorities Governing the NPDB

As discussed below, there are multiple legal authorities governing the NPDB. The NPDB regulations are applicable to entities in all 50 States, the District of Columbia, and the U.S. territories of American Samoa, Guam, Northern Marianas, Puerto Rico, and the Virgin Islands. For simplicity, any reference to a state or entity in this Supporting Statement should be interpreted to include the District of Columbia and the five U.S. territories.

The four significant laws that currently govern the NPDB operations are summarized below. The NPDB regulations implementing these laws are codified at 45 CFR Part 60.

1. Title IV of Public Law 99-660, Health Care Quality Improvement Act (HCQIA) of 1986

The intent of Title IV is to improve the quality of health care by encouraging State licensing boards, professional societies, hospitals, and other health care entities to restrict the ability of incompetent physicians, dentists, and other health care practitioners to move from State to State without disclosure or discovery of previous medical malpractice payment and adverse action history. These adverse actions include certain licensure, clinical privileges, and professional society membership actions, as well as Drug Enforcement Administration (DEA) controlled-substance registration actions and exclusions from participation in Medicare, Medicaid, and other Federal health care programs.

1. Section 1921 of the Social Security Act

Section 1921 was enacted to provide protection from unfit health care practitioners to beneficiaries participating in Medicare and State health care programs and to improve the anti-fraud provisions of these programs. Information collected and disclosed by the NPDB under Section 1921 includes State licensure and certification actions against health care practitioners, entities, providers, and suppliers; negative actions or findings by peer review organizations and private accreditation organizations; and certain final adverse actions taken by certain State

Agencies, including State law enforcement agencies, State Medicaid fraud control units, and State agencies administering or supervising the administration of State health care programs. These final adverse actions include exclusions from a State health care program, health care-related criminal convictions and civil judgments in State court, and other adjudicated actions or decisions specified in regulations.

3. Section 1128E of the Social Security Act

The original purpose of Section 1128E was to establish a national data collection program, formerly known as the HIPDB, to combat health care fraud and abuse. Section 1128E information is now collected and disclosed by the NPDB and includes certain final adverse actions taken by Federal agencies and health plans against health care practitioners, providers, and suppliers. These actions consist of Federal licensure and certification actions, exclusions from participation in a Federal health care program, health care-related criminal convictions and civil judgments, and other adjudicated actions or decisions specified in regulations. Table A-1 outlines these statutes.

4. Section 6403 of the Patient Protection and Affordable Care Act of 2010

Section 6403 of the Patient Protection and Affordable Care Act of 2010 (hereinafter referred to as Section 6403), Public Law 111-148, amended sections 1921 and 1128E to eliminate duplication between the former HIPDB and the NPDB, and required the Secretary to establish a transition period for transferring data collected in the HIPDB to the NPDB and to cease HIPDB operations, which occurred on May 6, 2013.

II. Information Collection and Compliance

The regulations in part 45 CFR 60 establish reporting requirements applicable to hospitals, health care entities, Boards of Medical Examiners, and professional societies of health care practitioners which take adverse licensure or professional review actions; state licensing or certification authorities, peer review organizations, and private accreditation entities that take licensure or certification actions or negative actions or findings against health care practitioners, health care entities, providers, or suppliers; entities (including insurance companies) making payments as a result of medical malpractice actions or claims; and Federal government agencies, state law and fraud enforcement agencies and health plans that take final adverse actions against health care practitioners, providers, and suppliers.

Information must be reported to the NPDB as required under §§ 60.7, 60.8, 60.9, 60.10, 60.11, 60.12, 60.13, 60.14, 60.15 and 60.16. Information required under §§ 60.7, 60.8, and 60.12 must be submitted to the NPDB within 30 days following the action to be reported, beginning with actions occurring on or after September 1, 1990; information required under § 60.11 must be submitted to the NPDB within 30 days following the action to be reported, beginning with actions occurring on or after January 1, 1992; and information required under §§ 60.9, 60.10, 60.13, 60.14, 60.15, and 60.16 must be submitted to the NPDB within 30 days following the action to be reported, beginning with actions occurring on or after August 21, 1996. Below is the list of reportable actions:

1. Malpractice payments (§ 60.7);

2. Licensure and certification actions (§§ 60.8, 60.9, and 60.10);

3. Negative actions or findings (§ 60.11);

4. Adverse actions (§ 60.12);

5. Health care-related criminal convictions (§ 60.13);

6. Health care-related civil judgments (§ 60.14);

7. Exclusions from Federal or State health care programs (§ 60.15); and

8. Other adjudicated actions or decisions (§ 60.16).

Persons or entities responsible for submitting reports of malpractice payments (§ 60.7), negative actions or findings (§ 60.11), or adverse actions (§ 60.12) must additionally provide to their respective State authorities a copy of the report they submit to the NPDB. In 2019, the NPDB provided more than 9.3 million query responses and received more than 87,000 reports.

The NPDB engages in regular state licensing compliance activities. The comprehensive licensing board compliance activities involve case management, targeted outreach, and matching of publically available information to that in the NPDB. While the effort has been largely automated to reduce burden on the registered entities and the NPDB staff, the review and matching process can be time consuming for the NPDB staff and contractors. Duplicating this effort with other entities such as hospitals, medical malpractice payers, health plans, certain other health care entities and other eligible entities would not be possible, due to the lack of publically available information on the types of actions taken by those entities, and the volume of reports. In the face of these constraints, the NPDB determined that an Attestation process would be the most effective and efficient way to evaluate and address the compliance of other entities.

Through Attestation, hospitals, medical malpractice payers, health plans, health centers, and other eligible entities, will be required to attest that they complied with all NPDB regulatory requirements (e.g., reporting, querying, confidentiality). The Attestation process will be completely automated through the secure NPDB system (OMB No. 0915-0054) (https://www.npdb.hrsa.gov), using both secure email messaging and system notifications to alert entities registered with the NPDB of their responsibility to attest. All entities with reporting requirements and querying access to the NPDB must register with the NPDB before gaining access to the secure NPDB system for all reporting and querying transactions.

All registered entities will use the secure NPDB system to submit their Attestation. NPDB will ask these entities to attest to their reporting, querying, and confidentiality compliance every two years.

As the health care industry continues to evolve, the structures of our reporting entities have changed. There is a need to understand entity reporting operations in the context of these new environments. Through the Attestation process, the NPDB will have the opportunity to learn more about entities and further gauge their understanding and compliance with the NPDB regulatory requirements. In turn, the NPDB will be in a better position to improve its operations, maintain a complete and accurate repository of information, and contribute to protecting public safety.

2. Purpose and Use of Information Collection

The NPDB serves as a single flagging system; its principal purpose is to facilitate comprehensive review of health care practitioners' professional credentials and background. The Attestation process will aid the NPDB in fulfilling its mission by assuring that reporting entities are appropriately meeting the NPDB regulatory requirements, in turn providing valuable information about a healthcare practitioner’s background to the NPDB’s users throughout the United States. The Attestation process will serve as an accountability measure that will enable the NPDB to better fulfill its mission to collect and provide complete, accurate, timely, and reliable information on the nation’s health care practitioners, providers, and suppliers to improve health care quality, promote patient safety, and deter fraud and abuse.

Users of the NPDB include reporters (entities that are required to submit reports) and queriers (entities that are authorized to request for information). Data collected through the Attestation process will inform the NPDB operations and facilitate the structuring of compliance efforts in a manner that is the most effective. The Attestation process will also serve as a catalyst to collect meaningful data about reporting entities which can later be transformed into actionable information and serve as a platform for future initiatives. The Attestation forms will collect the following information: information regarding sub-sites and entity relationships; contact information for the person authorized to attest; and a statement attesting whether or not all qualified entities have complied with all reporting, querying, and confidentiality requirements.

In addition to strengthening the NPDB’s efforts to establish accountability, Attestation will contribute to the NPDB’s ability to meet its mission and help maintain a quality health workforce by encouraging hospitals, medical malpractice payers, health plans, certain other health care entities, and other eligible entities, to identify and discipline those who engage in unprofessional behavior; and to restrict the ability of incompetent health care practitioners, providers, or suppliers to move from state to state without disclosure of previous damaging or incompetent performance. Attestation for medical malpractice payers will ensure standardized reporting across different adjudicative processes and models, in response to a changing industry with variability in the application of the NPDB regulatory requirements.

3. Use of Improved Information Technology and Burden Reduction

Attestation will be an entirely automated process completed via the secure the NPDB system (https://www.npdb.hrsa.gov). The secure system will use both secure email messaging and system notifications to alert entities registered with the NPDB of their responsibility to attest. All entities with attestation requirements to the NPDB must first register with the NPDB before gaining access to the secure the NPDB system. All Attestation processes are performed through this secure website.

4. Efforts to Identify Duplication and Use of Similar Information

There is a large amount of confidential information in the NPDB that is not available from any other source. Prior to 1990, when the NPDB began operations, a single, consolidated, national repository of information on medical malpractice payments, State licensure disciplinary actions, adverse actions on clinical privileges and professional society membership did not exist. The Federation of State Medical Boards (FSMB) has maintained a data bank of information on State Medical Board licensure actions. Although all States report, participation in this data bank is voluntary.

The majority of States require some form of reporting of medical malpractice payments, usually to State Medical Boards, but such information is not routinely compiled on a national basis. In some States, information on adverse actions taken by health care entities is reported to the State licensing board, but it has never been collected systematically or been generally available. Similarly, there has been no centralized reporting of professional society membership adverse actions. HRSA drew on the experience of similar existing information collection systems to the extent feasible when developing the NPDB. For example, the classification system used in reporting licensure disciplinary actions is a modification of the system used by the FSMB. The classification system used for acts or omissions that resulted in a medical malpractice insurance payment is adapted from a coding system developed by the Harvard Risk Management Foundation. Standardized methods of collecting the required information typically do not exist.

5. Impact on Small Businesses or Other Small Entities

The information collected is not expected to have a significant effect on small businesses.

The electronic forms are incorporated into web interfaces which all end-users routinely use when fulfilling querying and reporting requirements.

Attempts are made to keep data collections to the minimum needed to differentiate adequately among entities with different reporting requirements and identify if entities are compliant with statutory requirements. An eligible entity may use an authorized agent to respond to the Attestation process if it uses an authorized agent for reporting to the NPDB.

6. Consequences of Collecting the Information Less Frequently

Attestation of compliance with reporting, querying, and confidentiality requirements will be collected by the NPDB biennially. Determining options for frequency of attestation was thoroughly discussed, taking the following operational variables into consideration:

1. The projected amount of adverse action reports by reporting entities

2. Amount of time and effort required of each entity in order to respond to the Attestation process.

3. Correlating follow-up actions required of the NPDB for each attestation submitted by an entity.

4. Amount of time and workload required of the NPDB staff for follow-up actions on attestations.

5. Impact of frequency on overall deployment, introduction, and acceptance of the new Attestation process by entities.

It was determined that it would be most effective to revise the biennial Attestation process which would ensure adequate involvement and understanding of compliance requirements by entities, while not creating burdensome and overwhelming tasks for involved parties. Biennial frequency would also increase acceptance of the new process by entities and in-turn further enable DPDB’s effectiveness and efficiency in meeting its overall objectives.

HCQIA requires timely reporting to the NPDB to increase its capacity to provide current information on health care providers to its users. In order to sufficiently track information reported by entities and ensure timely reporting and reliability of the NPDB data, biennial collection of attestation by entities, at the minimum, would be necessary.

Less frequent collection would compromise the quality and integrity of the NPDB data and its related operations, as it would deny access to valuable information and observable evidence that entities are compliant with the NPDB regulatory requirements. Furthermore, it would increase the risk to the NPDB end-users and the patient safety within their entities. Consequently, it would also place HHS at risk of being non-compliant with HCQIA, as well as expose HHS to vulnerability of public scrutiny.

7. Special Circumstances Relating to the Guidelines of 5 CFR 1320.5

This request fully complies with the aforementioned regulations.

8. Comments in Response to the Federal Register Notice/Outside Consultation

8A: A 60-day Federal Register Notice was published in the Federal Register on (December 19, 2019), Vol. 84, No. 244; pp. 69751 - 69753. There were no public comments.

8B: In 2016, per the PRA guidance, DPDB consulted with users of the NPDB to detect any problems they may have had with the established electronic Attestation process. At that time, consultation efforts were done with persons outside of the agency and feedback was collected from 6 users in usability evaluation sessions (approved through HRSA generic clearance, OMB 0915-0212). See Table 1 for specific event details. These sessions allowed DPDB to gather feedback from users and get suggestions on areas for improvement, which have been implemented. In addition to this formal feedback, pretesting of the attestation forms, including extensive review and editing was done by DPDB staff, including usability testing to ensure content was clear and the navigation of all forms were both user-friendly and efficient. Revising the attestation forms to customize content based on entity type

Table 1: OMB 0915-0212 User Feedback Gathering Events

Usability Event Topic	Date/Time Frame	Number of Attendees/Participants
Health Center Form Usability Testing	January 2016 – February 2016	6
TOTAL		6

A summary of the comments received are provided below. As noted, the NPDB has resolved some of the problems identified by users. Despite user testing only occurring on the Health Center Form, all suggestions were incorporated across all attestation forms given their strong similarities.

Suggestions that have been implemented:

• Displayed an alert for all users that the Attestation is required and must be completed by the administrator

• Streamlined attestation screens to enable better self-service, reduce errors, and enable faster transactions with fewer steps

• Reduced extraneous text

• Reduced or hid extra fields on the attestation forms

• Made it easier to find an error on the form

• Allowed attesting users to save all data in the attestation workflow, instead of losing the data when they go back to a previous step

• Eliminated requirement to add comments for missing reports; only requested the reason rather than details of the missing reports

• Included an option for users to exit attestation and enter missing reports at a later, convenient time

9. Explanation of any Payment/Gift to Respondents

There will be no compensation to respondents.

10. Assurance of Confidentiality Provided to Respondents

A number of security features are employed to assure the confidentiality of the information transmitted as well as to prevent unauthorized access. HRSA follows the National Institute of Standards and Technology security guidelines. More specifically, the NPDB has extensive operational, management, and technical controls that ensure the security of the system and protect the data in the system. The NPDB contains information classified under the Privacy Act that is considered personally identifiable information (PII). On a biennial basis, the NPDB conducts a detailed security review process that tests the effectiveness of the security controls to ensure the PII in the system remains safe. In accordance with HHS policy, a Privacy Impact Assessment has been completed for the NPDB. Finally, every three years, the NPDB is Certified and Accredited as a requirement to have an Authority to Operate, in order to function as a Federal system.

Data will be kept private to the extent allowed by law. Should the Attestation process lead to activities which establish a failure to report by a reporting entity, to include licensure and certification actions taken by states, or other adjudicated actions, pursuant to procedures at 45 CFR Part 60, the Secretary is authorized to provide for a publication of a public report that identifies failures to report information to the NPDB as required to be reported under 45 CFR Part 60, Sections 60.9, 60.10, 60.13, 60.14, 60.15 and 60.16. Pursuant to 45§60.12, the Secretary is authorized to publish the name of the health care entity in the Federal Register if the Secretary has reason to believe that a health care entity has substantially failed to report information in accordance with 45 CFR §60.12 and all requirements under 45CFR §60.12 (1-2) are met.

Nothing in this section will prevent the disclosure of information by a party from its own files used to create such reports where disclosure is otherwise authorized under applicable State or Federal law.

11. Justification for Sensitive Questions

The Attestation process in itself does not contain questions pertaining to sex, behavior, attitude, religious beliefs, or any other matters that are commonly considered private or sensitive in nature.

12. Estimates of Annualized Hour and Cost Burden

This section summarizes the total estimated burden hours for information collection and the cost associated with those hours. Table 2 provides the estimated annualized burden hours and Table 3 shows the estimated annualized cost burden.

12A. Estimated Annualized Burden Hours

Table 2: Estimated Annualized Burden Hours

Form Name	Number of Respondents	Number of Responses per Respondent	Total Responses	Average Burden per Response (in hours)	Total Burden Hours3
Authorized Agent Attestation	350	1	350	1	350
Health Center Attestation	650	1	650	1	650
Hospital Attestation	3,250	1	3,250	1	3,250
Medical Malpractice, Peer Review Organization, or Private Accreditation Organization Attestation	250	1	250	1	250
Other Eligible Entity Attestation Agencies administering federal programs, including contract entities Federal law enforcement officials and agencies (including DEA, HHS OIG, and federal prosecutors) Federal licensing or certification agencies Health Plans Other health care entities with formal peer review Other Health care service providers Professional Societies with formal peer review State agencies administering or supervising state programs State law or fraud enforcement agencies (including Medicaid fraud control units & state prosecutors)	7,100	1	7,100	1	7,100
Total	11,600		11,600		11,600

12B. Estimated Annualized Cost Burden

The Department of Labor website was used to determine appropriate wage rates for respondents (http://www.bls.gov/bls/blswage.htm). The mean hourly wages for the following professions were selected as samples from the website:

• Education, Training, and Library Occupations ($27.22)

• Claims Adjusters, Appraisers, Examiners, and Investigators ($32.47)

• Business and Financial Operations Occupations ($36.98)

• Healthcare Practitioners and Technical Occupations ($39.42)

• Administrative Services Managers ($46.24)

• Management Occupations ($58.44)

Attesting entities will likely utilize varying levels of professionals to complete the Attestation process. In order to provide an adequate estimated annualized cost burden, the highest occupational rate (Management Occupations $58.44) was selected to perform this estimate.

Table 3: Estimated Annualized Cost Burden

Respondent	Form Name	Total Burden Hours	Hourly Wage Rate	Total Respondent Costs
Management Occupations	Agent Attestation	350	$58.44	$677,904.00
	Health Center Attestation	650
	Hospital Attestation	3,250
	Medical Malpractice Payer Attestation, Peer Review Organizations, or Private Accreditation Organizations	250
	Other Eligible Entity Attestation	7,100
TOTAL		11,600		$677,904.00

13. Estimates of Other Total Annual Cost Burden to Respondents or Record-keepers/Capital Costs

Other than their time, there is no cost to respondents.

14. Annualized Cost to Federal Government

Table 4 details the specific items that are included in the calculation of the estimated annualized cost to the Federal government.

Table 4: Estimated Annualized Cost to Federal Government

Item	Details	Annual Value
The NPDB Program Staff	27 government full-time equivalent staff involved in various aspects of support including contract management and oversight, IT investments, disputes, compliance, policy, and general oversight and management of DPDB operations. ($5,800,00 FY2019 salary expense for 27 FTE @ 25% effort)	$1,450,000
The NPDB Support Contract	Support contract for the operation, maintenance, and enhancement of the NPDB IT system, customer service center, maintenance of the public the NPDB website, and related technical services.($13,300,000 contract expense in FY2019 @ 15% effort)	$1,995,000
Estimated Annualized Cost to Federal Government		$3,445,000

15. Explanation for Program Changes or Adjustments

There is an expected increase in burden from 6,735 hours to 11,600 hours due to the Attestation effort expanding to all entities who are registered with the NPDB.

16. Plans for Tabulation, Publication, and Project Time Schedule

The data set will be analyzed by the NPDB for purposes of anticipating, shaping, and executing compliance efforts as well as developing appropriate strategies to achieve the NPDB objectives.

Ultimately, data stripped of identifiers will be available to HRSA for use in preparation of Reports to Congress, HRSA, and others for research purposes.

Should the Attestation process lead to activities which establish a failure to report by a reporting entity, to include licensure and certification actions taken by states, or other adjudicated actions, pursuant to procedures at 45 CFR Part 60, the Secretary is authorized to provide for a publication of a public report that identifies failures to report information to the NPDB as required to be reported under 45 CFR Part 60, Sections 60.9, 60.10, 60.13, 60.14, 60.15 and 60.16. Pursuant to 45§60.12, the Secretary is authorized to publish the name of the health care entity in the Federal Register if the Secretary has reason to believe that a health care entity has substantially failed to report information in accordance with 45 CFR §60.12 and all requirements under 45CFR §60.12 (1-2) are met.

17. Reason(s) Display of OMB Expiration Date is Inappropriate

The OMB number and expiration date will be displayed on every page of every form/instrument.

18. Exceptions to Certification for Paperwork Reduction Act Submissions

There are no exceptions to the certification.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Title	Supporting Statement
Author	DNguyen
File Modified	0000-00-00
File Created	2021-01-14