[Federal Register Volume 78, Number 66 (Friday, April 5, 2013)]
[Rules and Regulations]
[Pages 20473-20495]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-07521]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

45 CFR Parts 60 and 61

RIN 0906-AA87


National Practitioner Data Bank

AGENCY: Health Resources and Services Administration (HRSA), HHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This final rule revises existing regulations under sections 
401-432 of the Health Care Quality Improvement Act of 1986 and section 
1921 of the Social Security Act, governing the National Practitioner 
Data Bank, to incorporate statutory requirements under the Patient 
Protection and Affordable Care Act of 2010 (Affordable Care Act). The 
Department of Health and Human Services (HHS) also is removing 
regulations which implemented the Healthcare Integrity and Protection 
Data Bank. Section 6403 of the Affordable Care Act, the statutory 
authority for this regulatory action, was designed to eliminate 
duplicative data reporting and access requirements between the 
Healthcare Integrity and Protection Data Bank (HIPDB) (established 
under section 1128E of the Social Security Act) and the National 
Practitioner Data Bank (NPDB). It requires the Secretary to establish a 
transition period to transfer all data in the Healthcare Integrity and 
Protection Data Bank to the National Practitioner Data Bank, and, once 
completed, to cease operations of the Healthcare Integrity and 
Protection Data Bank. Information previously collected and disclosed to 
eligible parties through the HIPDB will then be collected and disclosed 
to eligible parties through the NPDB. This regulatory action 
consolidates the collection and disclosure of information from both 
data banks into one part of the CFR.

DATES: The effective date of this rule is May 6, 2013.

FOR FURTHER INFORMATION CONTACT: Director, Division of Practitioner 
Data Banks, Bureau of Health Professions, Health Resources and Services 
Administration, Parklawn Building, 5600 Fishers Lane, Room 8-103, 
Rockville, MD 20857; telephone number: (301) 443-2300.

SUPPLEMENTARY INFORMATION: 

I. Background

A. Legal Authorities Governing the Data Banks

    The paragraphs below provide a summary of the legal authorities 
governing the NPDB and the HIPDB.
(1) The Health Care Quality Improvement Act of 1986 (42 U.S.C. 11101 et 
seq.)
    The NPDB was established by the Health Care Quality Improvement Act 
of 1986 (HCQIA), as amended (42 U.S.C. 11101 et seq.). The HCQIA 
authorizes the NPDB to collect reports of adverse licensure actions 
against physicians and dentists (including revocations, suspensions, 
reprimands, censures, probations, and surrenders); adverse clinical 
privileges actions against physicians and dentists; adverse 
professional society membership actions against physicians and 
dentists; Drug Enforcement Administration (DEA) certification actions; 
Medicare/Medicaid exclusions; and medical malpractice payments made for 
the benefit of any health care practitioner. Organizations that have 
access to this data system include hospitals, other health care 
entities that have formal peer review processes and provide health care 
services, state medical or dental boards and other health care 
practitioner state boards. Individual practitioners may self-query. 
Information under the HCQIA is reported by medical malpractice payers, 
state medical and dental boards, professional societies with formal 
peer review, and hospitals and other health care entities (such as 
health maintenance organizations).
(2) Section 1921 of the Social Security Act (42 U.S.C. 1396r-2) (Prior 
to the Passage of the Affordable Care Act)
    Section 1921 of the Social Security Act (herein referred to as 
section 1921), as amended by section 5(b) of the Medicare and Medicaid 
Patient and Program Protection Act of 1987, Public Law 100-93, and as 
amended by the Omnibus Budget Reconciliation Act of 1990, Public Law 
101-508, expanded the scope of the NPDB. Section 1921 requires each 
state to adopt a system for reporting to the Secretary certain adverse 
licensure actions taken against health care practitioners and entities 
by any authority of the state responsible for the licensing of such 
practitioners or entities. It also requires each state to report any 
negative action or finding that a state licensing authority, a peer 
review organization, or a private accreditation entity had taken 
against a health care practitioner or health care entity.
    Groups with access to this information include all organizations 
eligible to query the NPDB under the HCQIA (hospitals, other health 
care entities that have formal peer review and provide health care 
services, state medical or dental boards, and other health care 
practitioner state boards), other state licensing authorities, agencies 
administering government health care programs (including private 
entities administering such programs under contract), state agencies 
administering or supervising the administration of government health 
care programs, state Medicaid fraud control units, certain law 
enforcement agencies, and utilization and quality control Quality 
Improvement Organizations (QIOs). Individual health care practitioners 
and entities may self-query. Information under section 1921 is reported 
by state licensing and certification authorities, peer review 
organizations, and private accreditation entities.
    Final regulations implementing section 1921 were issued on January 
28, 2010 (75 FR 4656). The NPDB began collecting and disclosing section 
1921 information on March 1, 2010.
(3) Section 1128E of the Social Security Act (42 U.S.C. 1320a-7e) 
(Prior to the Passage of the Affordable Care Act)
    Section 1128E of the Social Security Act (herein referred to as 
section 1128E), as added by section 221(a) of the Health Insurance 
Portability and Accountability Act of 1996, Public Law 104-191, 
directed the Secretary to establish and maintain a national health care 
fraud and abuse data collection

[[Page 20474]]

program for the reporting and disclosing of certain final adverse 
actions taken against health care practitioners, providers, or 
suppliers. This data bank is known as the HIPDB. Section 1128E required 
Federal and state government agencies and health plans to report to the 
HIPDB the following final adverse actions: licensing and certification 
actions; criminal convictions and civil judgments related to the 
delivery of health care services; exclusions from government health 
care programs; and other adjudicated actions or decisions. Federal and 
state government agencies and health plans have access to this 
information. Individual practitioners, providers, and suppliers may 
self-query the HIPDB.
    The HIPDB began collecting reports in November 1999. Requirements 
of both HCQIA and section 1921 overlap with the requirements under 
section 1128E, although each law has unique characteristics, including 
differences in the types of reportable actions and the types of 
agencies, entities, and officials with access to information. For 
example, all three reporting schemes require the reporting of state 
licensure actions. The HCQIA, however, only requires the reporting of 
licensure actions taken against physicians and dentists that are based 
on professional competence or conduct. In contrast, sections 1921 and 
1128E do not have a requirement that reportable adverse licensure 
actions be based on professional competence or conduct and also differ 
in the types of subjects reported. In addition, sections 1921 and 1128E 
authorize access to many of the same types of agencies, organizations, 
and officials. For example, both statutes authorize access by law 
enforcement agencies, agencies that administer or pay for health care 
services or programs, and state licensing authorities. Private-sector 
hospitals and health care service providers are only able to access 
information reported under the HCQIA and section 1921, but not under 
section 1128E.
(4) Section 6403 of the Patient Protection and Affordable Care Act of 
2010
    Section 6403 of the Patient Protection and Affordable Care Act of 
2010 (hereinafter referred to as section 6403), Public Law 111-148, 
amends sections 1921 and 1128E to eliminate duplication between the 
HIPDB and the NPDB, and requires the Secretary to establish a 
transition period for transferring data collected in the HIPDB to the 
NPDB and to cease HIPDB operations. Information previously collected 
and disclosed through the HIPDB will then be collected and disclosed 
through the NPDB. No new data elements have been added as a result of 
section 6403. All actions currently reported in the NPDB and HIPDB will 
be reported to the NPDB.
    All security standards that are currently in place to protect the 
confidentiality of information in the Data Banks will be retained. HRSA 
follows the National Institute of Standards and Technology (NIST) 
security guidelines. More specifically, the Data Bank has extensive 
operational, management, and technical controls that ensure the 
security of the system and protect the data in the system. The Data 
Bank contains information classified under the Privacy Act that is 
considered personally identifiable information (PII). On an annual 
basis, the Data Bank conducts a detailed security review process that 
tests the effectiveness of the security controls to ensure the PII in 
the system remains safe. Finally, every three years, the Data Bank is 
Certified and Accredited (C&A) as a requirement to have an Authority to 
Operate (ATO), in order to function as a Federal system.
    The specific amendments section 6403 makes to sections 1921 and 
1128E are described in greater detail in the paragraphs below.
    Subsection (a) of section 6403 amends section 1128E to require 
reporting to the NPDB instead of the HIPDB. Subsection (a) also 
eliminates requirements in section 1128E related to reporting by state 
agencies; conforms the requirements for reporting Federal licensing and 
certification actions to those that apply to state agencies under 
section 1921; provides that the information reported pursuant to 
section 1128E will be available to the agencies, entities, and 
officials authorized to access information reported pursuant to section 
1921; and authorizes the Secretary to establish reasonable fees for the 
disclosure of the information, with no exception from the fee for 
Federal Government agencies. Finally, subsection (a) requires the 
Secretary, in implementing the amendments to section 1128E, to provide 
for the maximum appropriate coordination between part B of the HCQIA 
and section 1921.
    Subsection (b) of section 6403 adds to section 1921 the state 
agency reporting requirements that were eliminated from section 1128E 
by subsection (a). These state actions, taken against health care 
practitioners, providers, and suppliers, include state licensing and 
certification actions, state health care-related criminal convictions 
and civil judgments, exclusions from government health care programs, 
and other adjudicated actions or decisions. Subsection (b) also 
conforms the requirements for reporting state licensing and 
certification actions to those that apply to Federal agencies under 
section 1128E and makes amendments to expand the data access provisions 
of section 1921(b) so that entities that were authorized to access 
final adverse action information reported to the HIPDB by state 
agencies under section 1128E will retain access to that information 
when it is reported to the NPDB under section 1921. Subsection (b) also 
adds new provisions under section 1921 that are modeled on similar 
provisions in section 1128E. These new provisions require the Secretary 
to disclose reported information to a subject of a report and establish 
other requirements designed to ensure that the information reported 
pursuant to section 1921 is accurate; authorize the Secretary to 
establish or approve reasonable fees for the disclosure of information 
reported pursuant to section 1921; and provide protection against 
liability in a civil action for entities reporting information as 
required by section 1921 (so long as such entities have no knowledge of 
the falsity of the information). Subsection (b) also provides 
definitions for the following terms: (1) ``State licensing or 
certification agency;'' (2) ``State law or fraud enforcement agency;'' 
and (3) ``final adverse action.'' Finally, subsection (b) requires the 
Secretary, in implementing the amendments to section 1921, to provide 
for the maximum appropriate coordination with HCQIA and section 1128E.
    Subsection (c) of section 6403 amends section 1128C of the Social 
Security Act regarding the HHS Office of Inspector General's 
responsibilities with respect to section 1128E by deleting the HHS 
Office of Inspector General's responsibility to provide for the 
reporting and disclosure of certain final adverse actions against 
health care providers, suppliers, or practitioners pursuant to the data 
collection system established under section 1128E. Subsection (d) 
establishes requirements for a transition process; authorizes the 
Department of Veterans Affairs to access, free of charge for one year, 
information that was formerly reported only to the HIPDB; describes the 
availability of additional funds for the transition process, if 
necessary; and includes the effective date for the section.
    Effectively, in addition to transferring HIPDB data and operations 
to the NPDB, section 6403 transfers all section 1128E reporting 
requirements by state agencies to section 1921, thereby eliminating

[[Page 20475]]

duplication in certain state agency reporting requirements under both 
statutes, while leaving Federal agency and health plan reporting 
requirements under the authority of section 1128E. Section 6403 also 
creates a common list of queriers for section 1921 and section 1128E 
data. There are exceptions to this common querier list. Hospitals and 
other health care entities, professional societies, and QIOs have 
access to section 1128E data as well as licensing and certification 
actions under section 1921, but have no additional access to data as a 
result of section 6403. By maintaining many of the same reporting 
requirements and by maintaining different levels of access depending on 
who is requesting information in section 6403, Congress further 
indicated its intent that, despite the transition of HIPDB operations 
to the NPDB, original reporting and querying requirements remain the 
same to the greatest extent possible, while ensuring the maximum 
coordination among the three statutes. Section 6403 does not affect 
reporting requirements or query access under the HCQIA, so existing 
requirements under the HCQIA for hospitals, other health care entities, 
professional societies, or medical malpractice payers will not change.
    The reporting and querying requirements of sections 1921 and 1128E, 
as amended by section 6403, are described in greater detail below.

B. Section 1921 as Amended by Section 6403

    As amended by section 6403, section 1921 requires each state to 
have in effect a system of reporting licensure and certification 
actions taken against a health care practitioner or entity by a state 
licensing or certification agency. Section 6403 defines a state 
licensing or certification agency to include state licensing 
authorities, peer review organizations, and private accreditation 
entities. Licensing and certification actions include certain adverse 
actions taken by a state licensing authority as well as any negative 
action or finding that a state licensing authority, a peer review 
organization, or a private accreditation entity has concluded against a 
health care practitioner or entity. Each state also must have in effect 
a system of reporting information with respect to any final adverse 
action (not including settlements in which no findings of liability 
have been made) taken against a health care practitioner, provider, or 
supplier by a state law or fraud enforcement agency. These final 
adverse actions include criminal convictions or civil judgments in 
state court related to the delivery of health care services, exclusions 
from participation in a government health care program, and any other 
adjudicated action or decision. In addition, final adverse actions 
include any licensure or certification action taken against a supplier 
by a state licensing or certification agency. Section 1921 information 
is now available to agencies administering government health care 
programs, including private entities administering such programs under 
contract; state licensing or certification agencies, and Federal 
agencies responsible for the licensing and certification of health care 
practitioners, providers, and suppliers; state agencies administering 
or supervising the administration of government health care programs; 
health plans; state law or fraud enforcement agencies; and the U.S. 
Attorney General and other law enforcement officials as the Secretary 
deems appropriate. In addition, QIOs, as well as hospitals, 
professional societies, and other health care entities have access to 
``licensure and certification actions'' reported under section 1921. 
These entities do not have access to ``final adverse actions'' added to 
section 1921 by section 6403. Potential subjects of section 1921 
reports, including health care practitioners, health care entities, 
providers, and suppliers, may self-query.

C. Section 1128E, as Amended by Section 6403

    Section 6403 amends section 1128E to require the Secretary to 
maintain a national health care fraud and abuse data collection program 
under this section for the reporting of certain final adverse actions 
against health care practitioners, providers, and suppliers. The 
Secretary shall furnish the information collected under section 1128E 
to the NPDB. Federal Government agencies and health plans are required 
to report to the NPDB the following final adverse actions: licensing 
and certification actions; criminal convictions and civil judgments in 
Federal or state court related to the delivery of health care services; 
exclusions from government health care programs; and other adjudicated 
actions or decisions.
    The information collected under section 1128E shall be available 
from the NPDB to all agencies, authorities, and officials which are 
authorized under the amended section 1921 access provisions. However, 
under the section 1921 access provisions, hospitals, other health care 
entities, professional societies, and QIOs are only authorized to 
receive certain section 1921 information. Individual practitioners, 
providers, and suppliers may self-query the NPDB to receive section 
1128E information.
    The table below further illustrates the impact that section 6403 
has on current data bank requirements, presenting the requirements for 
the HCQIA, sections 1921 and 1128E before the passage of section 6403, 
and the updated requirements after passage of section 6403.
    The table is only a summary of the statutory reporting and querying 
requirements before and after passage of section 6403. All elements in 
the table, including definitions of terms used, are detailed in various 
sections of this final rule.

 Table 1--Data Banks Statutory Requirements Before and After Passage of
                              Section 6403*
------------------------------------------------------------------------
   Statutory Requirements before       Reporting/Querying Requirements
      Passage of Section 6403           after Passage  of Section 6403
------------------------------------------------------------------------
WHO REPORTS?                         WHO REPORTS?
 
HCQIA (NPDB)                         HCQIA (NPDB)
    [ssquf] Medical malpractice         [ssquf] Medical malpractice
     payers                              payers
    [ssquf] Boards of Medical/       [ssquf] Boards of Medical/Dental
     Dental Examiners                 Examiners
    [ssquf] Hospitals and other      [ssquf] Hospitals and other
     healthcare entities              healthcare entities
    [ssquf] Professional societies   [ssquf] Professional societies with
     with formal peer review          formal peer review
    [ssquf] Drug Enforcement         [ssquf] Drug Enforcement
     Administration                   Administration
    [ssquf] Health and Human         [ssquf] Health and Human Services-
     Services-Office of Inspector     Office of Inspector General
     General
 
SECTION 1921 (NPDB)                  SECTION 1921 (NPDB)

[[Page 20476]]

 
    [ssquf] Peer review                 [ssquf] Peer review
     organizations                       organizations
    [ssquf] Private accreditation    [ssquf] Private accreditation
     organizations                    organizations
    [ssquf] State authorities that   [ssquf] State authorities that
     license practitioners and        license or certify practitioners,
     entities                         entities, providers, suppliers
                                     [ssquf] State law or fraud
                                      enforcement agencies
 
SECTION 1128E (HIPDB)                SECTION 1128E (NPDB)
    [ssquf] Federal and state           [ssquf] Federal Government
     government agencies (including      agencies
     state law or fraud enforcement  [ssquf] Health plans
     agencies)
    [ssquf] Health plans
------------------------------------------------------------------------
 
WHAT INFORMATION IS REPORTED?        WHAT INFORMATION IS REPORTED?
 
HCQIA (NPDB)                         HCQIA (NPDB)
    [ssquf] Medical malpractice         [ssquf] Medical malpractice
     payments                            payments
    [ssquf] Adverse licensure        [ssquf] Adverse licensure actions
     actions (physicians/dentists):   (physicians/dentists):
    --revocation, suspension,        --revocation, suspension,
     reprimand, probation,            reprimand, probation, surrender,
     surrender, censure              censure
    [ssquf] Adverse clinical         [ssquf] Adverse clinical privileges
     privileges actions (primarily    actions (primarily physicians/
     physicians/dentists)             dentists)
    [ssquf] Adverse professional     [ssquf] Adverse professional
     society membership (primarily    society membership (primarily
     physicians/dentists)             physicians/dentists)
    [ssquf] DEA certification        [ssquf] DEA certification actions
     actions                         [ssquf] Medicare/Medicaid
    [ssquf] Medicare/Medicaid         exclusions
     exclusions
 
SECTION 1921 (NPDB)                  SECTION 1921 (NPDB)
   [ssquf] Licensing actions            [ssquf] Licensing or
    (practitioners and entities):.       certification actions
--revocation, reprimand, censure,        (practitioners, entities,
 suspension, probation.                  providers, and suppliers):
--any dismissal or closure of the    --revocation, reprimand, censure,
 proceedings by reason of             suspension, probation
 surrendering the license or         --any dismissal or closure of the
 leaving the state or jurisdiction.   proceedings by reason of
--any other loss of the license....   surrendering the license or
--any negative action or finding by   leaving the state or jurisdiction
 a state licensing authority, peer   --any other loss of, or loss of the
 review organization, or private      right to apply for, or renew a
 accreditation entity.                license
 
SECTION 1128E (HIPDB)                   --any negative action or finding
                                         by a state licensing or
                                         certification
   [ssquf] Licensing and                 authority, peer review
    certification actions                 organization, or private
    (practitioners, providers, and        accreditation entity
    suppliers).                      [ssquf] Health care-related state
--revocation, reprimand,              criminal convictions
 suspension, censure,.                (practitioners, providers,
--any other loss of license, or       suppliers)
 right to apply for, or renew, a     [ssquf] Health care-related civil
 license, whether by voluntary        judgments in Federal or state
 surrender, non-renewability, or      court (practitioners, providers,
 otherwise.                           suppliers)
--any other negative action or       [ssquf] Exclusions from government
 finding that is publicly available   health care programs
 information.                         (practitioners, providers,
[ssquf] Health care-related civil     suppliers)
 judgments in state court            [ssquf] Other adjudicated actions
 (practitioners, providers,           or decisions (practitioners,
 suppliers).                          providers, suppliers)
[ssquf] Exclusions from government   ...................................
 health care programs                SECTION 1128E (NPDB)
 (practitioners, providers,          [ssquf] Federal licensing/
 suppliers).                          certification actions
[ssquf] Other adjudicated actions     (practitioners, providers, and
 or decisions (practitioners,         suppliers):
 providers, suppliers).              --revocation, reprimand, censure,
                                      suspension, probation
                                     --any dismissal or closure of the
                                      proceedings by reason of
                                      surrendering the license or
                                      leaving the state or jurisdiction
                                        --any other loss of, or right to
                                         apply for, or renew, a license,
                                         whether by voluntary surrender,
                                         non-renewability, or otherwise
                                     --any negative action or finding
                                      that is publicly available
                                      information
                                     [ssquf] Health care-related civil
                                      judgments in Federal or state
                                      court (practitioners, providers,
                                      suppliers)
                                     [ssquf] Health care-related Federal
                                      or state criminal convictions
                                      (practitioners, providers,
                                      suppliers)
                                     [ssquf] Exclusions from government
                                      health care programs
                                      (practitioners, providers,
                                      suppliers)
                                     [ssquf] Other adjudicated actions
                                      or decisions (practitioners,
                                      providers, suppliers)
------------------------------------------------------------------------
WHO CAN QUERY?                       WHO CAN QUERY?
 
HCQIA (NPDB)                         HCQIA (NPDB)

[[Page 20477]]

 
    [ssquf] Hospitals                   [ssquf] Hospitals
    [ssquf] Other health care        [ssquf] Other health care entities
     entities with formal peer        with formal peer review
     review                          [ssquf] Professional societies with
    [ssquf] Professional societies    formal peer review
     with formal peer review         [ssquf] Boards of Medical/Dental
    [ssquf] Boards of Medical/        Examiners
     Dental Examiners                [ssquf] Other health care
    [ssquf] Other health care         practitioner state licensing
     practitioner state licensing     boards
     boards                          [ssquf] Plaintiff's attorney/pro se
    [ssquf] Plaintiff's attorney/     plaintiffs (limited circumstances)
     pro se plaintiffs (limited      [ssquf] Health care practitioners
     circumstances)                   (self-query)
    [ssquf] Health care              [ssquf] Researchers (statistical
     practitioners (self-query)       data only)
    [ssquf] Researchers
     (statistical data only)
 
SECTION 1921 (NPDB)                  SECTION 1921 and SECTION 1128E
                                      (NPDB)
    [ssquf] Hospitals and other         [ssquf] Hospitals and other
     health care entities (HCQIA)        health care entities (HCQIA)**
    [ssquf] Professional societies   [ssquf] Professional societies with
     with formal peer review          formal peer review**
    [ssquf] Quality Improvement      [ssquf] Quality Improvement
     Organizations                    Organizations**
    [ssquf] State licensing          [ssquf] State licensing or
     agencies that license            certification agencies that
     practitioners and entities       license or certify practitioners,
    [ssquf] Agencies administering    entities, providers, or suppliers
     government health care          [ssquf] Agencies administering
     programs, or their contractors   (including those providing payment
    [ssquf] State agencies            for services) government health
     administering government         care programs and their
     health care programs             contractors
    [ssquf] State Medicaid fraud     [ssquf] State agencies
     control units                    administering government health
    [ssquf] U.S. Comptroller          care programs
     General                         [ssquf] Federal agencies that
    [ssquf] U.S. Attorney General     license or certify practitioners,
     and other law enforcement        providers, suppliers
    [ssquf] Health care              [ssquf] Health plans
     practitioners/entities (self-   [ssquf] State law or fraud
     query)                           enforcement agencies (including
    [ssquf] Researchers               state medicaid fraud control
     (statistical data only)          units)
SECTION 1128E (HIPDB)                   [ssquf] U.S. Comptroller General
[ssquf] Federal and state            [ssquf] U.S. Attorney General and
 government agencies                  other Federal law enforcement
[ssquf] Health plans                 [ssquf] Health care practitioners,
[ssquf] Health care practitioners/    entities, providers, suppliers
 providers/suppliers                  (self-query)
(self-query)                         [ssquf] Researchers (statistical
[ssquf] Researchers (statistical      data only).
 data only)
------------------------------------------------------------------------
* For NPDB requirements, the term ``practitioners'' is used throughout
  this table to mean ``practitioners, physicians, and dentists.''
** Under Section 1921, these entities only have access to reported
  licensing or certification actions, which is consistent with these
  entities' access prior to enactment of the Affordable Care Act.

D. Maximum Coordination When Implementing Section 6403

    Sections 6403(a)(3) and 6403(b)(4) require the Secretary to provide 
for the maximum appropriate coordination among HCQIA, section 1921, and 
section 1128E when implementing the provisions of section 6403. We have 
made significant efforts to develop this final rule in a manner that 
minimizes the burden on reporters. Reporters previously responsible for 
reporting adverse actions to both the NPDB and HIPDB only needed to 
submit one report per action, provided that reporting was done through 
the Department's web-based system that sorted the appropriate actions 
into the HIPDB, the NPDB, or both. Similarly, under the revised 
regulations, reporters will only need to submit one report per action.
    Congress's mandate that the Secretary provide for the maximum 
appropriate coordination among the statutes makes it necessary, in 
certain cases, to make slight modifications when combining sometimes 
overlapping statutory requirements. These instances are described in 
the paragraphs below, and in the discussion of the final regulatory 
definitions.

E. Terms Used To Describe Subjects of Reports Under Sections 1921 and 
1128E

    We clarified statutory language used to describe report subjects in 
several ways. First, we use the term ``health care practitioner'' 
throughout these regulations to refer to physicians, dentists, and 
other health care practitioners. The HIPDB definition of ``health care 
practitioner'' includes physicians and dentists. However, prior to 
implementation of this regulation, the NPDB definition of ``health care 
practitioner'' specifically excluded physicians and dentists. 
Therefore, when combining the HIPDB and NPDB definition in this rule, a 
decision had to be made about which definition to use. For the purposes 
of clarity, HRSA has decided to use the HIPDB definition. This decision 
does not expand or contract reporting requirements and does not make 
any substantive changes to the rule, but simply affects how certain 
subjects are described in the regulation. Further, this is consistent 
with how HRSA uses the term in guidance documents. We continue to 
define and use the terms ``physician'' and ``dentist'' in the Rule when 
there are specific references to physicians and dentists.
    Second, we clarified statutory language with respect to report 
subjects by consistently using the term ``entity, provider, and 
supplier'' in referring to section 1921 entity report subjects. Both 
original and amended section 1921 reporting requirements include 
certain adverse actions taken against a ``health care practitioner or 
entity,'' and NPDB regulations use the HCQIA definition of ``health 
care entity'' to define the range of these report subjects. It is clear 
from the context of section 6403 that the use of the term ``entity'' 
also includes ``supplier'' subjects. Specifically, section 6403(b), 
which added the disclosure and correction provision in section 1921(d), 
refers only to ``health care practitioner'' and ``entity'' report 
subjects. It is not reasonable to conclude that Congress intended to 
prevent providers and suppliers from having access to their own reports 
or being able to dispute a report, while giving that ability to health 
care practitioners and entities. Although the provision only uses the 
terms practitioner and entity, it must be read broadly to keep the 
congressional intent of not making significant changes to current 
reporting and querying requirements. Therefore, we apply this provision 
to all section

[[Page 20478]]

1921 report subjects, including health care practitioners, entities, 
providers, and suppliers.
    Finally, the proposed rule sometimes refers to ``practitioner, 
provider, and supplier'' as one grouping. The manner in which the 
regulation defines supplier may be read to include physicians and 
dentists. In the final rule, where physicians and dentists are 
specified, but other suppliers are not, it is intended that other 
suppliers are not included in those instances. Where suppliers are 
mentioned along with physicians and dentists, the intent is not to 
imply that suppliers do not include physicians and dentists, but that 
all terms were included for the sake of clarity.

F. Sanction Authority

    HIPDB regulations include sanctions against Federal and state 
agencies and health plans for failure to report as required. For 
Federal and state government agencies, the Secretary provides for 
publication of a public report that identifies those agencies that have 
failed to report information as required. Health plans that fail to 
report information as required under section 1128E are subject to a 
civil money penalty of up to $25,000 for each action not reported. 
While section 6403 transfers state agency reporting requirements from 
section 1128E to section 1921, we plan to maintain existing sanction 
authority (publication of a public report) for those state agencies 
that are required to report licensure and certification actions, 
exclusions from government health care programs, criminal convictions 
and civil judgments in a state court, and other adjudicated actions or 
decisions. Further, we plan to maintain existing sanction authority, as 
stated above, and which currently exists in section 1128E, for those 
Federal agencies that fail to report. These sanctions are currently 
part of the agency's compliance plan, and we are attempting to maintain 
consistency between current and future Data Bank operational policy.

G. Authorization Dates for Collecting Reports

    The authorization dates for collecting adverse actions under 
section 1921 and section 1128E are based on the original legislation 
for the requirements and are unchanged by the passage of section 6403. 
Amendments made by section 6403 represent a reorganization of existing 
statutory requirements and not an imposition of new actions. Therefore, 
the passage of section 6403 does not affect reporters' obligations to 
report action back to the dates currently in use for the system. 
Actions taken by state agencies transferred from section 1128E to 
section 1921 will retain their original authorization dates.

II. Summary of the Proposed Rule

    The proposed regulation published on February 15, 2012 (77 FR 9138) 
amended the following sections of the regulations.

60.1 The National Practitioner Data Bank

    The proposed rule amended this section by incorporating the 
statutory provisions for section 1128E of the Social Security Act.

60.2 Applicability of These Regulations

    The proposed rule amended this section by revising the reporting 
requirements to include those organizations and agencies required to 
report under section 1921 and section 1128E (both as amended by section 
6403).

60.3 Definitions

    In the proposed rule, we incorporated existing definitions from the 
HIPDB regulations and added new statutory definitions created by 
section 6403. We also modified existing regulatory definitions by 
combining similar regulatory definitions for the same term where NPDB 
and HIPDB terms overlapped and were inconsistent, or deleted terms 
where a combination would not make sense. For example, the term ``Act'' 
was deleted because it was vague and could not be used to distinguish 
between the three statutes that now govern the operation of the NPDB. 
We believe this approach is consistent with the mandate that the 
Secretary provide for the maximum appropriate coordination among the 
HCQIA, section 1921, and section 1128E. The proposed rule also 
clarified new statutory definitions by providing additional examples of 
the scope of the definitions.
    As a result, we added the following new terms to this section, 
which are in the current HIPDB regulations: ``civil judgment,'' 
``criminal conviction,'' ``exclusion,'' ``Federal Government agency,'' 
``health care provider,'' ``health care supplier,'' ``health plan,'' 
``other adjudicated actions or decisions,'' ``state law or fraud 
enforcement agency,'' and ``state licensing or certification agency.''
    In addition to the new terms we added in this section, we also 
slightly amended the definitions of the following existing terms to 
ensure the maximum appropriate coordination among requirements for the 
HCQIA, and sections 1921 and 1128E of the Social Security Act: ``board 
of medical examiners, or board,'' ``health care entity,'' ``health care 
practitioner, licensed health care practitioner, licensed practitioner, 
or practitioner,'' ``hospital,'' ``negative action or finding,'' ``peer 
review organization,'' ``physician,'' ``private accreditation entity,'' 
and ``voluntary surrender of license or certification.''
    In addition to the definitions we have added or clarified, we also 
eliminated the term ``Act'' from section 60.3. We chose this approach 
to avoid confusion when referencing the different statutes governing 
NPDB operations. NPDB regulations currently define ``Act'' as the 
Health Care Quality Improvement Act of 1986, title IV of Public Law 99-
660, as amended. HIPDB regulations define ``Act'' as the Social 
Security Act. We instead reference each of these statutes (as well as 
other governing statutes) by name where they appear in the regulations.
    We also used the NPDB definition for the term, ``state,'' as it 
relates to all requirements under the HCQIA and sections 1921 and 
1128E.

60.4 How Information Must Be Reported

    The proposed rule sought to amend this section by changing the 
reference to ``Sec.  60.11'' to read ``Sec.  60.12'' and including 
references to the newly added Sec. Sec.  60.10, 60.11, 60.13, 60.14, 
60.15, and 60.16. The reference to reporting to the Board of Medical 
Examiners was also removed.

60.5 When Information Must Be Reported

    The proposed rule sought to amend this section of the existing NPDB 
regulations by:
    a. Revising the introductory text of this section to include 
references to the newly added Sec. Sec.  60.10, 60.13, 60.14, 60.15, 
and 60.16 and redesignated Sec. Sec.  60.11 and 60.12;
    b. Adding the August 21, 1996, legacy reporting date for section 
1128E actions; and
    c. Removing paragraphs (a)--(d) and replacing them with a list of 
reportable actions. This list reflects the combination of reporting 
categories from the NPDB and the HIPDB regulations.
    The proposed rule brought the HIPDB reporting time frame in line 
with the NPDB and eliminated references from the current HIPDB 
regulation to reporting by the close of an entity's next monthly 
reporting cycle. The proposed rule also eliminated from the current 
NPDB regulation the requirement for

[[Page 20479]]

reporting within a 15-day window for those entities that have a dual 
obligation to report to a state authority. Thus, all reports must be 
made within 30-calendar days from the date the final adverse action was 
taken. This rule also sought to clarify the state reporting obligations 
for persons or entities responsible for submitting malpractice payments 
(Sec.  60.7), negative actions or findings (Sec.  60.11), and adverse 
actions (Sec.  60.12). Reports for these three categories are submitted 
directly to the NPDB and a copy of the report must be mailed to the 
appropriate state licensing or certification agency. This has been the 
operational practice of the NPDB since 1990 and fulfills the statutory 
state reporting obligation for these reporters.

60.6 Reporting Errors, Omissions, Revisions or Whether an Action is on 
Appeal

    The proposed rule sought to amend this section by:
    a. Revising the title to include reporting of whether an action is 
on appeal. This information currently must be reported for final 
adverse actions specified in HIPDB regulations;
    b. Revising the first and last sentences in paragraph (b) to 
include the requirement to report revisions to actions for all 
licensure and certification actions, criminal convictions, civil 
judgments, exclusions, and other adjudicated actions or decisions. The 
HIPDB regulations require reporting of revisions to these actions;
    c. Revising the third sentence of paragraph (b) to include the 
requirement to report when an action is on appeal for licensure and 
certification actions, criminal convictions, civil judgments, 
exclusions, and other adjudicated actions; and
    d. Adding a new sentence at the end of paragraph (a) and new 
paragraphs (c) and (d) to clarify current data bank policy regarding 
notifying subjects of a report and the steps subjects may take to 
ensure the information reported is accurate. These clarifications 
generally are included in HIPDB regulations, but the same policy has 
applied to the NPDB as well.

60.7 Reporting medical malpractice payments. (The proposed rule made no 
changes to this section.)

60.8 Reporting Licensure Actions Taken by Boards of Medical Examiners

    The proposed rule sought to amend this section by revising the 
reference to ``'Sec.  60.11'' in the last sentence of paragraph (c) to 
read ``'Sec.  60.12.'' This change reflects the fact that 60.11 was 
redesignated as Sec.  60.12 in these proposed rules. The proposed rule 
also added ``Individual Tax Identification Number (ITIN)'' to Sec.  
60.8(b)(4) after the word Social Security Number.

60.9 Reporting Licensure and Certification Actions Taken by States

    The proposed rule amended Sec.  60.9 to reflect the changes made by 
section 6403 to the section 1921 licensure action reporting 
requirements by state agencies. The title of this section was revised 
to include licensure and certification actions, as required under 
section 6403(b)(1)(A)(i). The term ``certification'' has two distinct 
meanings in both the NPDB and HIPDB regulations. First, in both sets of 
regulations, ``certification'' is related to licensure. Licensure 
includes certification and other forms of authorization to provide 
health care services, and, based on their individual laws and 
requirements, states may ``license,'' ``certify,'' or ``register'' 
certain types of health care practitioners, health care entities, 
providers, or suppliers. For example, states may certify nurse's aides. 
Second, in section 1128E and the HIPDB regulations, the term 
``certification'' is also used to refer to certification of a health 
care practitioner, provider, or supplier to participate in a government 
health care program. In this context, certification includes 
certification agreements and contracts for participation in a 
government health care program. State certification actions such as 
termination of a hospital's Medicaid participating provider agreement 
or contract are now being reported to the NPDB under this part.
    The proposed rule also modified paragraphs (a) and (b) to reflect 
the range of subjects reported under this section to include health 
care practitioners, health care entities, providers, and suppliers. In 
addition, the proposed rule amended paragraphs (a)(1) through (a)(4) to 
reflect changes to those reporting requirements made by section 
6403(b)(1)(A), which intended to harmonize state licensure and 
certification action reporting requirements with Federal licensure and 
certification action reporting requirements under section 1128E. To 
reflect the fact that section 6403 transferred state licensure and 
certification action reporting requirements from section 1128E to 
section 1921, the proposed rule made the following changes to ensure 
that the original reporting requirements from the HIPDB regulations 
remain unchanged. First, we amended language in paragraphs (a)(1) 
through (4) to clarify the range of reportable licensure and 
certification actions with respect to a license, certification 
agreement, or contract for participation in government health care 
programs. Second, in paragraph (c)(4)(ii), which was previously a 
reserved field, we added a data element for the date of any appeal. 
Third, we added paragraph (e) to incorporate the sanctions for failure 
to report that were included in the HIPDB regulations for state 
licensure and certification actions. Finally, we are also adding 
``Individual Tax Identification Number (ITIN)'' to Sec.  60.9(b)(1)(ii) 
after the word Social Security Number.

60.10 Reporting Licensure and Certification Actions Taken by Federal 
Agencies

    The proposed rule redesignated Sec.  60.10 as Sec.  60.11, and 
added a new Sec.  60.10 to implement the reporting requirements for 
Federal licensure and certification agencies. These agencies must 
report to the NPDB the following final adverse actions that are taken 
against a health care practitioner, provider, or supplier (regardless 
of whether the final adverse action is the subject of a pending 
appeal):
     Formal or official actions, such as revocation or 
suspension of a license or certification agreement or contract for 
participation in government health care programs (and the length of any 
such suspension), reprimand, censure, or probation;
     Any dismissal or closure of the proceedings by reason of 
the health care practitioner, provider, or supplier surrendering their 
license or certification agreement or contract for participation in 
government health care programs, or leaving the state or jurisdiction;
     Any other loss of the license or loss of the certification 
agreement or contract for participation in a government health care 
program, or the right to apply for, or renew, a license or 
certification agreement or contract of the health care practitioner, 
provider, or supplier, whether by operation of law, voluntary 
surrender, nonrenewal (excluding non-renewals due to nonpayment of 
fees, retirement, or change to inactive status), or otherwise; and
     Any other negative action or finding by such Federal 
agency that is publicly available information.
    Further, the proposed rule substituted the acronym ``ITIN'' in 
place of the word ``Individual Tax Identification Number'' in Sec.  
60.10(b)(1)(ii).

[[Page 20480]]

60.11 Reporting Negative Actions or Findings Taken by Peer Review 
Organizations or Private Accreditation Entities. [Redesignated]

    The proposed rule redesignated Sec.  60.11 as Sec.  60.12 and added 
redesignated Sec.  60.10 as Sec.  60.11. In accordance with the changes 
to the scope of ``entity'' report subjects required by section 6403, 
the proposed rule amended paragraph (a) of this section to include the 
reporting of health care practitioners, health care entities, 
providers, and suppliers. While peer review organizations will continue 
to report negative actions or findings taken against health care 
practitioners, private accreditation entities are required to report 
actions taken against health care entities, providers, or suppliers. 
Paragraph (a) is revised to reflect that the reporting entity, (i.e., 
peer review organization or private accreditation entity) not the 
state, must submit reports directly to the NPDB and then provide a copy 
of the report to the appropriate state licensing or certification 
authority by mail. The remaining paragraphs (b)-(d) are accordingly 
modified to reflect this reporting scheme.

60.12 Reporting Adverse Actions Taken Against Clinical Privileges. 
[Redesignated]

    The proposed rule redesignated Sec.  60.12 as Sec.  60.17 and added 
redesignated Sec.  60.11 as Sec.  60.12. As done with Sec.  60.11, the 
reporting scheme under paragraph (a) is revised to reflect that health 
care entities send reports directly to the NPDB and provide a copy of 
the report to the State Board of Medical Examiners.
    Further, the proposed rule slightly modified the heading of Sec.  
60.12(a) to read ``Reporting by Health Care Entities to the NPDB.''

60.13 Reporting Federal or State Criminal Convictions Related to the 
Delivery of a Health Care Item or Service

    The proposed rule redesignated Sec.  60.13 as Sec.  60.18, and 
added a new Sec.  60.13 to implement the requirements of section 6403. 
Under this provision, Federal and state prosecutors are required to 
report criminal convictions against health care practitioners, 
providers, or suppliers related to the delivery of a health care item 
or service (regardless of whether the conviction is the subject of a 
pending appeal).

60.14 Reporting Civil Judgments Related to the Delivery of a Health 
Care Item or Service

    The proposed rule redesignated Sec.  60.14 as Sec.  60.19, and 
added a new Sec.  60.14 to implement the requirements of section 6403. 
Under this provision Federal and state attorneys and health plans must 
report civil judgments against health care practitioners, providers, or 
suppliers related to the delivery of a health care item or service 
(regardless of whether the civil judgment is the subject of a pending 
appeal).

60.15 Reporting Exclusions From Participation in Government Health Care 
Programs

    The proposed rule redesignated Sec.  60.15 as Sec.  60.20, and 
added a new Sec.  60.15 to implement the requirements of section 6403. 
Under this provision, Federal Government agencies and state law and 
fraud enforcement agencies must report health care practitioners, 
providers, and suppliers excluded from participating in government 
health care programs, including exclusions resulting from a settlement 
that is not reported because no findings or admissions of liability 
have been made (regardless of whether the exclusion is the subject of a 
pending appeal).

60.16 Reporting Other Adjudicated Actions or Decisions

    The proposed rule redesignated Sec.  60.16 as Sec.  60.21, and 
added a new Sec.  60.16 to implement the requirements of section 6403. 
Under this provision, Federal Government agencies, state law and fraud 
enforcement agencies, and health plans must report other adjudicated 
actions or decisions as defined in Sec.  60.3 related to the delivery, 
payment or provision of a health care item or service against health 
care practitioners, providers, and suppliers (regardless of whether the 
other adjudicated action or decision is subject to a pending appeal).

60.17 Information Which Hospitals Must Request From the National 
Practitioner Data Bank [Redesignated]

    The proposed rule redesignated Sec.  60.12 as Sec.  60.17.

60.18 Requesting Information From the National Practitioner Data Bank 
[Redesignated]

    The proposed rule redesignated Sec.  60.13 as Sec.  60.18. The 
proposed rule sought to amend Sec.  60.18, paragraph (a) of the 
existing NPDB regulations to clarify to whom information under the 
HCQIA as well as the amended sections 1921 and 1128E components of the 
NPDB would be made available by:
    a. Redesignating Sec.  60.13 as Sec.  60.18 to implement the 
requirements of section 6403;
    b. Revising the reference to ``Sec.  60.11'' in paragraph (a)(1) to 
read ``Sec.  60.12;''
    c. Revising the reference to ``Sec.  60.12'' in paragraph (a)(1)(v) 
to read ``Sec.  60.17;''
    d. Adding the references to include Sec. Sec.  60.10, 60.11, 60.13, 
60.14, 60.15, and 60.16 in paragraph (a)(2);
    e. Revising paragraph (a)(2)(i) to include the following language 
in parentheses after the word administering: ``including those 
providing payment for services;''
    f. Replacing the text in paragraphs (a)(2), (ii), (iv), (v), (vi), 
and (vii) to reflect the revised list of entities which may receive 
information reported under Sec. Sec.  60.9, 60.10, 60.11, 60.13, 60.14, 
60.15 and 60.16; and
    g. Inserting paragraph (a)(2)(viii).
    Based on section 6403 amendments, state licensing or certification 
agencies and Federal agencies responsible for the licensing and 
certification of health care practitioners, providers and suppliers are 
authorized to query the NPDB under section 1921 and 1128E. We 
understand the statutory language to limit query access to those state 
licensing and certification agencies that license or certify health 
care practitioners, entities, providers, or suppliers. These agencies 
would include only authorities of the state responsible for licensure 
or certification and would exclude peer review organizations and 
private accreditation entities. Such an interpretation of the statutory 
language is consistent with the goal of maintaining existing NPDB and 
HIPDB reporting and querying requirements to the greatest extent 
possible.
    Consistent with section 6403 language, hospitals and other health 
care entities, professional societies, and QIOs will have access to 
section 1921 information reported in Sec. Sec.  60.9 and 60.11, and 
section 1128E information reported in Sec. Sec.  60.10, 60.13, 60.14, 
60.15, and 60.16. Access to the section 1921 information for these 
groups was not affected by the passage of section 6403. Section 6403 
expands the access that these groups have with respect to Federal 
information under section 1128E.

60.19 Fees Applicable to Requests for Information [Redesignated]

    The proposed rule amended redesignated Sec.  60.19(a) to reflect, 
based on section 6403 amendments, the full range of subjects that will 
be sent a copy of a report submitted about them.

[[Page 20481]]

60.20 Confidentiality of National Practitioner Data Bank Information 
[Redesignated]

    The proposed rule slightly amended redesignated Sec.  60.20 so that 
it reflects the limitations on disclosure provisions based on current 
NPDB and HIPDB regulatory language. These confidentiality requirements 
would apply to all information obtained from the NPDB.

60.21 How To Dispute the Accuracy of National Practitioner Data Bank 
Information [Redesignated]

    The dispute process for the NPDB and the HIPDB is identical; 
however, HIPDB regulations currently provide a more detailed account of 
the process than do the NPDB regulations. Therefore, the proposed rule 
amended this section to include the HIPDB regulatory provisions for 
disputing the accuracy of data bank information.

60.22 Immunity.

    Section 6403 added a provision to section 1921 that provides 
reporters of NPDB information immunity from liability in a civil action 
filed by the subject of a report, unless the individual, entity, or 
authorized agent submitting the report has actual knowledge of the 
falsity of the information contained in the report. HIPDB regulations 
also contain a similar immunity provision. The proposed rule added this 
provision, which will apply to all individuals who, and entities and 
authorized agents that, report information to the NPDB.

III. Summary and Response to Public Comments

    The proposed rule set forth a 60-day public comment period, ending 
April 16, 2012. HRSA received 11 public comments from several private 
citizens, a health care entity, a state department of public health, a 
consumer rights advocacy group, a health care accrediting body, and 
several national associations representing physicians, nurses, health 
insurers, and health plans. None of the public comments opposed the 
merger of the HIPDB with the NPDB. Four out of the 11 comments did not 
request any changes or clarifications and wrote expressly to commend 
HRSA for taking this step to improve efficiency and reduce duplication 
of effort by the government. The remaining seven comments touched upon 
the following issues: definitions (Sec.  60.3), the scope of the 
Secretary's access to documents related to private accreditation 
actions (Sec.  60.11), due process requirements for clinical privilege 
actions (Sec.  60.12), clarification on reporting civil judgments 
(Sec.  60.14), query fees (Sec.  60.19), and the confidentiality of 
NPDB information (Sec.  60.20).
    Set forth below is an overview of these comments and our responses 
by section number of the proposed rule.

Definitions (Sec.  60.3)

1. Health Care Entity, Health Care Provider, and Health Care Supplier
    Comment: One commenter requested that HRSA eliminate redundant and 
or conflicting definitions for health care provider, supplier, and 
entity. This commenter specifically urged HRSA to ``establish clear and 
explicit definitions and criteria for determining the subjects of 
private accreditation entity reporting.''
    Response: Accreditation entities should report only those 
organizations or business entities that they accredit and that meet the 
definition of entity, supplier, or provider. Our intention is not to 
expand who is subject to accreditation entity reporting. These 
definitions have not proven to be problematic in the past and we 
believe that the definitions for provider, supplier and entity are 
well-defined.
    Comment: Another commenter also required clarification regarding 
our usage of the term ``entity'' in a chart in the proposed rule and 
raised concern over whether HRSA intended to expand the scope of who 
may query the Data Bank by not providing a specific definition.
    Response: HRSA has provided a definition for ``health care 
entity,'' which is contained in Title IV of HCQIA and was carried over 
into the proposed rule. The proposed rule has not introduced any new 
categories of queriers. The section of the chart in question shows that 
entities could self-query under Section 1921 before the passage of 
section 6403, and also shows that entities have that same ability after 
the passage of section 6403.
2. Negative action or finding
    Comment: HRSA specifically invited comments on the definition of 
``negative action or finding'' in the proposed rule because this was a 
new definition resulting from the merger of the HIPDB definition with 
the NPDB definition. We received only two comments. One commenter 
requested a more detailed definition to avoid inconsistent reporting, 
while the other commenter requested that the definition not change 
without a separate rulemaking. The former commenter suggested revising 
the definition for negative action or finding to read, ``* * * any 
action or finding which in any way restricts a subject's ability to 
practice or engage in business or which a reasonable person would 
interpret as reflecting criticism in any way on the subject even if the 
subject's ability to practice or engage in business is not affected. 
This includes reprimands, letters of concern, consent orders, 
settlement agreements and any other similar item regardless of what it 
is called.''
    Response: HRSA acknowledges that a change in the definition of 
negative action or finding could have wide-spread implications. We do 
not believe that we received sufficient comments to warrant a change to 
the definition at this time. We also acknowledge that additional 
guidance on the application of this definition would be useful, in 
particular as the definition pertains to Federal or state licensing or 
certification authorities. While licensure actions such as revocation, 
suspension, probation, reprimand or censure that are the result of 
formal proceedings are clearly understood to be universally reportable, 
state laws determine how each state defines any additional negative 
action or finding. Each state must be prepared to justify their 
decisions, supported by state law, to report or decline to report these 
actions by referencing specific state statutes. Further, concerning the 
use of consent agreements or other vehicles through which a board takes 
formal action, it is our policy that the vehicle itself (i.e., consent 
agreement) does not make an action reportable or not. Rather, we look 
at the action taken. For example, if a board issues a reprimand in a 
consent agreement, the reprimand is reportable. Likewise, if a board 
issues a consent agreement and orders a person to pay an administrative 
fine but does not take any other actions, and the state law does not 
define this as a negative action or finding, this action is not 
reportable.
 3. Peer review organization
    Comment: One commenter requested that the definition for ``peer 
review organization'' be modified to remove the exclusion for Medicare 
Quality Improvement Organizations (QIOs). This commenter stated that 
excluding QIOs from reporting to the NPDB ``* * * is contrary to the 
statute [Section 1921] these proposed regulations are intended to 
implement.'' The argument for changing this definition hinges upon the 
use of the phrase ``any peer review organization'' in the statute. This 
commenter stated that, according to the statutory definition, a QIO is 
a kind of ``peer review organization'' and should not

[[Page 20482]]

have been excluded from reporting to the NPDB.
    Response: The issue regarding reporting requirements for QIOs was 
last addressed in a separate rulemaking that was published in the 
Federal Register on March 21, 2006 (71 FR 14135). At that time we 
invited comments related to the exemption of QIOs from reporting under 
Section 1921 and received four comments supporting this exemption and 
only one comment against this exemption. The final rule was published 
on January 28, 2010 (75 FR 4656), and the rationale for maintaining the 
exemption was explained in the preamble of that rule. Under the current 
rulemaking, specific comments were not elicited on this definition 
because it is not a new definition that resulted from the merger. 
Therefore, we find that this comment falls outside the scope of this 
rulemaking.
4. Other adjudicated actions or decisions
    Comment: One commenter requested that HRSA clarify the definition 
for ``Other adjudicated actions or decisions'' to exclude personnel 
terminations that are made for administrative or business reasons that 
are unrelated to health care fraud or abuse or quality of care. 
According to this commenter, some states and the Centers for Medicare & 
Medicaid Services (CMS) have mandated a due process mechanism for 
practitioners in situations where a health plan may have terminated 
contracts for business reasons (e.g., a health plan ceases operations 
in a certain geographic area and terminates provider contracts in that 
region). The commenter feels the current definition could be 
interpreted to require reporting to the NPDB because of the existence 
of a due process mechanism.
    Response: HRSA agrees with this commenter and has provided examples 
of business or administrative terminations that are excluded from this 
definition in the text of the final rule.
5. Professional review action
    Comment: One commenter requested that HRSA revise the definition of 
``professional review action'' under subsection (d)(4) to insert the 
word ``physician'' before the term ``health care practitioner'' when 
talking about the class of members. This request stems from a concern 
that leaving out this term might suggest that physicians are not 
excluded under this subsection because it is inconsistent with our 
practice throughout the proposed rule of spelling out the term 
``practitioner'' when talking about the full range of providers subject 
to the NPDB regulations.
    Response: HRSA made the decision to use the term ``health care 
practitioner'' to be inclusive of physicians and dentists. Therefore, 
there is no need to add the term ``physician'' to the referenced text.
6. State Law or Fraud Enforcement Agency
    Comment: One commenter requested that HRSA revise the proposed 
definition for ``state law or fraud enforcement agency'' to exclude 
state agencies administering a government health care program. This 
commenter specifically worries that HRSA is broadening the scope of the 
NPDB to include actions that may not be attributable to fraudulent 
activity and is trying to expand the class of queriers.
    Response: All state actions under Section 1128E were transferred to 
Section 1921 with the passage of section 6403 of the Affordable Care 
Act. State agencies administering a government health care program were 
already included under Section 1921 as reporters and queriers prior to 
the passage of section 6403. Thus these agencies do not constitute a 
new group of reporters or queriers. To ensure that this group continues 
to have the same reporting requirements it has always had, we included 
it under the definition of state law or fraud enforcement agency 
because the state agencies carry out investigative functions.

Reporting Negative Actions or Findings Taken by Peer Review 
Organizations or Private Accreditation Entities (Sec.  60.11)

    Comment: One commenter requested that HRSA establish a clear scope, 
purpose, and limitation on the access the Secretary has to documents 
related to private accreditation actions.
    Response: Access to documents by the Secretary or Secretary's 
designee in this section pertains solely to assuring compliance with 
NPDB reporting requirements. Thus, the authority to request documents 
is limited to the purpose of ensuring proper reporting of peer review 
and accreditation actions and we believe that such scope is clearly 
defined. The Secretary has similar access to documents related to other 
actions.

Reporting Adverse Actions Taken Against Clinical Privileges (Sec.  
60.12)

    Comment: One commenter requested that additional regulatory 
language be added to this section to require a due process mechanism 
for advanced practice registered nurses and other health care 
practitioners to ensure that these practitioners are afforded due 
process rights and procedures equal to those afforded physicians. This 
commenter suggested adding the following language: ``(d) Exception. 
Notwithstanding the foregoing, no adverse action taken against the 
clinical privileges of any health care practitioner shall be reported 
unless the health care practitioner received a due process hearing 
before adverse action was taken.''
    Response: As indicated in the proposed rule, the current 
regulations governing the NPDB that were not modified by section 6403 
of the Affordable Care Act are not subject to review and comment. The 
reporting requirements for clinical privileges continue to fall under 
Title IV of the HCQIA and were not modified by section 6403. Therefore, 
this comment falls outside the scope of this rulemaking.

Reporting Civil Judgments Related to the Delivery of a Health Care Item 
or Service (Sec.  60.14)

    Comment: One commenter requested clarification regarding the 
requirement that health plans must report civil judgments against 
health care practitioners, providers, or suppliers related to the 
delivery of a health care item or service. This commenter noted that 
during the course of a health plan's credentialing processes, the plan 
may become aware of civil judgments against a practitioner to which the 
health plan was not a party. The commenter specifically requests that 
the reporting requirement specify that health plans report only those 
civil judgments resulting from cases involving the health plan.
    Response: Health plans are required to report only those civil 
judgments to which they are a party. Health plans and other users of 
the NPDB may notify us if they identify actions that may not have been 
reported.

Fees Applicable to Requests for Information (Sec.  60.19)

    Comment: Two commenters requested clarification on whether query 
fees would be raised by the merger of the HIPDB with the NPDB.
    Response: Currently, each traditional query costs the querier $4.75 
per data bank. Self-queries are $8.00 and Continuous Query enrollments 
are $3.25 per data bank per year. Once the HIPDB and NPDB are 
consolidated, queriers who were authorized to query both data banks 
will need to pay only one single fee instead of two fees. Currently, 
there are no plans to raise these query fees. To the extent that the 
fees are changed in

[[Page 20483]]

the future, the Department will announce such changes in the Federal 
Register.

Confidentiality of National Practitioner Data Bank information (Sec.  
60.20)

    Comment: Two commenters asked HRSA to describe to what extent NPDB 
confidentiality would be protected and whether state Freedom of 
Information Acts (FOIA) would apply to the information contained in the 
NPDB. Another commenter asked HRSA to revise language in this section 
to strike the phrase ``from its own files to create such reports'' 
regarding the disclosure of information by a party under applicable 
state or Federal law. This third commenter expressed concerns that this 
inserted language might invite researchers and others to seek out the 
reporting entity to ask for information from the entities' own files 
and felt that the proposed change was ``superfluous''.
    Response: Information reported to the NPDB is considered 
confidential, and access to and use of the information is prescribed by 
the three statutes that govern the NPDB. As stated in Sec.  60.20, 
``Persons and entities receiving information from the NPDB, either 
directly or from another party, must use it solely with respect to the 
purpose for which it was provided.'' Both improper use and access to 
NPDB information may result in a civil monetary penalty that is 
currently set at up to $11,000 for each violation. The Privacy Act also 
protects the contents of Federal records on individuals from disclosure 
without the individual's consent, unless the disclosure is for a 
routine use of the system of records as published annually in the 
Federal Register. The published routine uses of NPDB information, which 
are based on the laws and the regulations under which the NPDB 
operates, do not allow disclosure to the general public. Given these 
statutory restrictions on NPDB information, NPDB information is not 
releasable through FOIA.
    The confidentiality provisions prohibit the release of the report 
submitted to the Data Bank. These provisions, though, do not apply to 
the original documents or records from which the reported information 
is obtained. The NPDB's confidentiality provisions do not impose any 
new confidentiality requirements or restrictions on those documents or 
records. Thus, the confidentiality provisions do not bar or restrict 
the release of the underlying documents, or the information itself, by 
the entity taking the adverse action or making the payment in 
settlement of a written medical malpractice complaint or claim. For 
this reason we inserted clarifying language in Sec.  60.20, which 
already existed in the HIPDB regulations, stating that an entity is 
free to release information ``from its own files'' provided that such 
disclosure is otherwise permitted by state and Federal law.
    This provision allows the disclosure of information used to create 
an NPDB report, consistent with other legal requirements, however it 
does not permit the release of the NPDB report itself. So, for 
instance, if a state FOIA law requires the release of records, while it 
may require the release of the records underlying the report, it would 
not permit the release of the NPDB report itself.
    Comment: One commenter raised concern over whether Tax 
Identification Numbers (TINs) would be viewable on NPDB query reports.
    Response: Social Security Numbers and TINs are masked and not 
viewable on query reports requested by authorized entities. This is 
done to protect health care practitioners and entities from potential 
identity theft or misuse of this sensitive information.

IV. Summary of Revisions in the Final Rule

    Based on our review and response to HHS and public comments, and on 
the discretionary authority granted to the Department under section 
6403 of the Affordable Care Act, we have made the following revisions 
to the proposed regulations.

Definitions. (Sec.  60.3)

    We are revising the definition of ``health care practitioner, 
licensed health care practitioner, licensed practitioner, or 
practitioner'' to include physicians and dentists.
    We are revising the definition of ``other adjudicated actions or 
decisions'' to include examples of non-reportable contract 
terminations.

Confidentiality of National Practitioner Data Bank information. (Sec.  
60.20)

    We modified language in this section to clarify that a Data Bank 
report itself may not be disclosed, except as permitted by Sec. Sec.  
60.17, 60.18, and 60.21. The final rule now states ``The Data Bank 
report may not be disclosed, but nothing in this section will prevent 
the disclosure of information by a party from its own files used to 
create such reports where disclosure is otherwise authorized under 
applicable state or Federal law.''

How to Dispute the Accuracy of National Practitioner Data Bank 
information. (Sec.  60.21)

    We slightly modified the language in section (b)(1) and (c)(1) to 
allow for procedural changes as a result of new technologies. Subjects 
currently dispute a report or request a review of a disputed report 
online, rather than in writing. We changed the phrase ``in writing'' to 
``in the format as determined by the Secretary.'' In addition, to add 
clarity, in section (c) we changed the phrase ``Procedures for 
requesting a Secretarial review'' to ``Procedures for requesting a 
review of a disputed report.''

V. Regulatory Impact Statement

A. Regulatory Analysis

    This final rule is technical in nature. It involves transferring 
data reporting requirements under 45 CFR part 61 for the Healthcare 
Integrity and Protection Data Bank (HIPDB) to 45 CFR part 60 for the 
National Practitioner Data Bank (NPDB), another data bank receiving 
like reports. The result of this transfer does not increase the 
regulatory burden on affected entities; it alleviates duplication.
1. Executive Orders 12866 and 13563
    Executive Orders 13563 and 12866 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distributive impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility. This rule is not being treated as a ``significant 
regulatory action'' under section 3(f) of Executive Order 12866. 
Accordingly, the rule has not been reviewed by the Office of Management 
and Budget.
2. Regulatory Flexibility Act
    The Regulatory Flexibility Act (RFA) and the Small Business 
Regulatory Enforcement and Fairness Act of 1996, which amended the RFA, 
require HRSA to analyze options for regulatory relief of small 
businesses. For purposes of the RFA, small entities include small 
businesses, nonprofit organizations, and government agencies. Further, 
in accordance with the RFA, if a rule has a significant economic effect 
on a substantial number of small entities, the Secretary must 
specifically consider the economic effect of the rule on small

[[Page 20484]]

entities and analyze regulatory options that could lessen the impact of 
the rule. The purpose of the final rule is to eliminate duplication 
between the HIPDB and the NPDB. The NPDB will serve as the sole 
repository for all information previously captured in the HIPDB. This 
will not substantially alter reporting requirements. Therefore, the 
Secretary certifies that these regulations will not have a significant 
impact on a substantial number of small entities.
3. Unfunded Mandates Reform Act
    Section 202 of the Unfunded Mandates Reform Act of 1995 (UMRA) 
(Pub. L. 104-4) requires agencies to assess anticipated costs and 
benefits for any rulemaking that may result in an annual expenditure of 
$139 million or more by state, local, or tribal governments, or the 
private sector. HRSA has determined that this rule does not impose any 
additional mandates on state, local, or tribal governments, or the 
private sector, that will result in an annual expenditure of $139 
million or more. A full analysis under the UMRA is not necessary.
4. Executive Order 13132--Federalism
    Executive Order 13132 establishes certain requirements that an 
agency must meet when it promulgates a rule imposing substantial direct 
requirements or costs on state and local governments, preempts state 
law, or otherwise has federalism implications. In reviewing this rule 
under the threshold criteria of Executive Order 13132, the Secretary 
has determined that this rule will not significantly affect the rights, 
roles, and responsibilities of state or local governments because the 
actions that are already reported under HIPDB are merely shifting to 
the NPDB.

B. Paperwork Reduction Act

    This final rule does not add any new reporter categories, but 
information-collection requirements may be expanded for some reporters. 
For instance, the final rule interprets statutory references to 
``entity'' reporting subjects under the amended section 1921 to include 
``health care providers and suppliers.'' As a result, accreditation 
entities will now be required to report actions taken against providers 
and suppliers in addition to those subjects that meet the definition of 
a ``health care entity.'' However, these sorts of expansions are subtle 
and will not significantly alter the current requirements under the 
HIPDB and NPDB regulations. The NPDB and HIPDB regulations contain 
information collection requirements that have been approved by OMB 
under the Paperwork Reduction Act of 1995 (PRA) and assigned control 
numbers 0915-0126 and 0915-0239, respectively.
    The only impact of the merging of 45 CFR part 61 with 45 CFR part 
60 is to eliminate duplication and streamline internal operations. By 
combining two data banks into a single data bank, the need to capture 
like information in two data bases is eliminated.

    Dated: March 20, 2013.
Mary Wakefield,
Administrator, Health Resources and Services Administration.
    Approved: March 26, 2013.
Kathleen Sebelius,
Secretary.

List of Subjects

45 CFR Part 60

    Billing and transportation services, Claims, Durable medical 
equipment suppliers and manufacturers, Fraud, Health care insurers, 
Health maintenance organizations (HMOs), Health professions, Hospitals, 
Home health care agencies, Hospitals, Insurance companies, Malpractice, 
Pharmaceutical suppliers and manufacturers, Reporting and recordkeeping 
requirements, Skilled nursing facilities.

45 CFR Part 61

    Confidential business information, Health care, Health professions, 
Penalties, Reporting and recordkeeping requirements
    For the reasons set forth in the preamble, HHS amends 45 CFR 
subtitle A as follows:

0
1. Part 60 is revised to read as follows:

PART 60--NATIONAL PRACTITIONER DATA BANK

Subpart A--General Provisions
Sec.
60.1 The National Practitioner Data Bank.
60.2 Applicability.
60.3 Definitions.
Subpart B--Reporting of Information
Sec.
60.4 How information must be reported.
60.5 When information must be reported.
60.6 Reporting errors, omissions, revisions or whether an action is 
on appeal.
60.7 Reporting medical malpractice payments.
60.8 Reporting licensure actions taken by Boards of Medical 
Examiners.
60.9 Reporting licensure and certification actions taken by states.
60.10 Reporting Federal licensure and certification actions.
60.11 Reporting negative actions or findings taken by peer review 
organizations or private accreditation entities.
60.12 Reporting adverse actions taken against clinical privileges.
60.13 Reporting Federal or state criminal convictions related to the 
delivery of a health care item or service.
60.14 Reporting civil judgments related to the delivery of a health 
care item or service.
60.15 Reporting exclusions from participation in government health 
care programs.
60.16 Reporting other adjudicated actions or decisions.
Subpart C--Disclosure of Information by the National Practitioner Data 
Bank
Sec.
60.17 Information which hospitals must request from the National 
Practitioner Data Bank.
60.18 Requesting information from the National Practitioner Data 
Bank.
60.19 Fees applicable to requests for information.
60.20 Confidentiality of National Practitioner Data Bank 
information.
60.21 How to dispute the accuracy of National Practitioner Data Bank 
information.
60.22 Immunity.

    Authority:  42 U.S.C. 11101-11152; 42 U.S.C. 1396r-2; 42 U.S.C. 
1320a-7e

Subpart A--General Provisions


Sec.  60.1  The National Practitioner Data Bank.

    The Health Care Quality Improvement Act of 1986 (HCQIA), as 
amended, title IV of Public Law 99-660 (42 U.S.C. 11101 et seq.) 
(hereinafter referred to as ``title IV''), authorizes the Secretary to 
establish (either directly or by contract) a National Practitioner Data 
Bank (NPDB) to collect and release certain information relating to the 
professional competence and conduct of physicians, dentists and other 
health care practitioners. Section 1921 of the Social Security Act 
(hereinafter referred to as ``section 1921''), as amended, (42 U.S.C. 
1396r-2) expanded the requirements under the NPDB and requires each 
state to adopt a system of reporting to the Secretary adverse licensure 
or certification actions taken against health care practitioners, 
health care entities, providers, and suppliers, as well as certain 
final adverse actions taken by state law and fraud enforcement agencies 
against health care practitioners, providers, and suppliers. Section 
1128E of the Social Security Act (hereinafter referred to as ``section 
1128E''), as amended, (42 U.S.C. 1320a-7e) authorizes the Secretary to 
implement a national healthcare fraud and abuse data collection program 
for the reporting and disclosing of certain final adverse actions taken 
by Federal Government agencies and health plans against health care 
practitioners, providers, and suppliers. Information from section 1921 
and section 1128E is to be reported and distributed through

[[Page 20485]]

the NPDB. The regulations in this part set forth the reporting and 
disclosure requirements for the NPDB, as well as procedures to dispute 
the accuracy of information contained in the NPDB.


Sec.  60.2  Applicability.

    The regulations in this part establish reporting requirements 
applicable to hospitals, health care entities, Boards of Medical 
Examiners, professional societies of health care practitioners which 
take adverse licensure or professional review actions; state licensing 
or certification authorities, peer review organizations, and private 
accreditation entities that take licensure or certification actions or 
negative actions or findings against health care practitioners, health 
care entities, providers, or suppliers; entities (including insurance 
companies) making payments as a result of medical malpractice actions 
or claims; Federal Government agencies, state law and fraud enforcement 
agencies and health plans that take final adverse actions against 
health care practitioners, providers, and suppliers. They also 
establish procedures to enable individuals or entities to obtain 
information from the NPDB or to dispute the accuracy of NPDB 
information.


Sec.  60.3  Definitions.

    Adversely affecting means reducing, restricting, suspending, 
revoking, or denying clinical privileges or membership in a health care 
entity.
    Affiliated or associated refers to health care entities with which 
a subject of a final adverse action has a business or professional 
relationship. This includes, but is not limited to, organizations, 
associations, corporations, or partnerships. This also includes a 
professional corporation or other business entity composed of a single 
individual.
    Board of Medical Examiners, or Board, means a body or subdivision 
of such body which is designated by a state for the purpose of 
licensing, monitoring, and disciplining physicians or dentists. This 
term includes a Board of Osteopathic Examiners or its subdivision, a 
Board of Dentistry or its subdivision, or an equivalent body as 
determined by the state. Where the Secretary, pursuant to section 
423(c)(2) of the HCQIA (42 U.S.C. 11112(c)), has designated an 
alternate entity to carry out the reporting activities of Sec.  60.12 
of this part due to a Board's failure to comply with Sec.  60.8 of this 
part, the term Board of Medical Examiners or Board refers to this 
alternate entity.
    Civil judgment means a court-ordered action rendered in a Federal 
or state court proceeding, other than a criminal proceeding. This 
reporting requirement does not include Consent Judgments that have been 
agreed upon and entered to provide security for civil settlements in 
which there was no finding or admission of liability.
    Clinical privileges means the authorization by a health care entity 
to a health care practitioner for the provision of health care 
services, including privileges and membership on the medical staff.
    Criminal conviction means a conviction as described in section 
1128(i) of the Social Security Act.
    Dentist means a doctor of dental surgery, doctor of dental 
medicine, or the equivalent who is legally authorized to practice 
dentistry by a state (or who, without authority, holds himself or 
herself out to be so authorized).
    Exclusion means a temporary or permanent debarment of an individual 
or entity from participation in any government health-related program, 
in accordance with which items or services furnished by such person or 
entity will not be reimbursed under any government health-related 
program.
    Federal Government agency includes, but is not limited to:
    (1) The U.S. Department of Justice;
    (2) The U.S. Department of Health and Human Services;
    (3) Federal law enforcement agencies, including law enforcement 
investigators;
    (4) Any other Federal agency that either administers or provides 
payment for the delivery of health care services, including, but not 
limited to the U.S. Department of Defense and the U.S. Department of 
Veterans Affairs; and
    (5) Federal agencies responsible for the licensing and 
certification of health care practitioners, providers, and suppliers.
    Formal peer review process means the conduct of professional review 
activities through formally adopted written procedures which provide 
for adequate notice and an opportunity for a hearing.
    Formal proceeding means a proceeding held before a state licensing 
or certification authority, peer review organization, or private 
accreditation entity that maintains defined rules, policies, or 
procedures for such a proceeding.
    Health care entity means, for purposes of this part:
    (1) A hospital;
    (2) An entity that provides health care services, and engages in 
professional review activity through a formal peer review process for 
the purpose of furthering quality health care, or a committee of that 
entity; or
    (3) A professional society or a committee or agent thereof, 
including those at the national, state, or local level, of health care 
practitioners that engages in professional review activity through a 
formal peer review process, for the purpose of furthering quality 
health care.
    (4) For purposes of paragraph (2) of this definition, an entity 
includes: a health maintenance organization which is licensed by a 
state or determined to be qualified as such by the Department of Health 
and Human Services; and any group or prepaid medical or dental practice 
which meets the criteria of paragraph (2).
    Health care practitioner, licensed health care practitioner, 
licensed practitioner, or practitioner means an individual who is 
licensed or otherwise authorized by a state to provide health care 
services (or any individual who, without authority, holds himself or 
herself out to be so licensed or authorized).
    Health care provider means, for purposes of this part, a provider 
of services as defined in section 1861(u) of the Social Security Act; 
any organization (including a health maintenance organization, 
preferred provider organization or group medical practice) that 
provides health care services and follows a formal peer review process 
for the purpose of furthering quality health care, and any other 
organization that, directly or through contracts, provides health care 
services.
    Health care supplier means, for purposes of this part, a provider 
of medical and other health care services as described in section 
1861(s) of the Social Security Act; or any individual or entity, other 
than a provider, who furnishes, whether directly or indirectly, or 
provides access to, health care services, supplies, items, or ancillary 
services (including, but not limited to, durable medical equipment 
suppliers, manufacturers of health care items, pharmaceutical suppliers 
and manufacturers, health record services [such as medical, dental, and 
patient records], health data suppliers, and billing and transportation 
service suppliers). The term also includes any individual or entity 
under contract to provide such supplies, items, or ancillary services; 
health plans as defined in this section (including employers that are 
self-insured); and health insurance producers (including but not 
limited to agents, brokers, solicitors, consultants, and reinsurance 
intermediaries).

[[Page 20486]]

    Health plan means, for purposes of this part, a plan, program or 
organization that provides health benefits, whether directly, through 
insurance, reimbursement or otherwise, and includes but is not limited 
to:
    (1) A policy of health insurance;
    (2) A contract of a service benefit organization;
    (3) A membership agreement with a health maintenance organization 
or other prepaid health plan;
    (4) A plan, program, agreement, or other mechanism established, 
maintained, or made available by a self-insured employer or group of 
self-insured employers, a health care practitioner, provider, or 
supplier group, third-party administrator, integrated health care 
delivery system, employee welfare association, public service group or 
organization or professional association;
    (5) An insurance company, insurance service or insurance 
organization that is licensed to engage in the business of selling 
health care insurance in a state and which is subject to state law 
which regulates health insurance; and
    (6) An organization that provides benefit plans whose coverage is 
limited to outpatient prescription drugs.
    Hospital means, for purposes of this part, an entity described in 
paragraphs (1) and (7) of section 1861(e) of the Social Security Act.
    Medical malpractice action or claim means a written complaint or 
claim demanding payment based on a health care practitioner's provision 
of or failure to provide health care services, and includes the filing 
of a cause of action based on the law of tort, brought in any state or 
Federal court or other adjudicative body.
    Negative action or finding by a Federal or State licensing or 
certification authority, peer review organization, or private 
accreditation entity means:
    (1) A final determination of denial or termination of an 
accreditation status from a private accreditation entity that indicates 
a risk to the safety of a patient(s) or quality of health care 
services;
    (2) Any recommendation by a peer review organization to sanction a 
health care practitioner; or
    (3) Any negative action or finding that, under the state's law, is 
publicly available information and is rendered by a licensing or 
certification authority, including but not limited to, limitations on 
the scope of practice, liquidations, injunctions, and forfeitures. This 
definition also includes final adverse actions rendered by a Federal or 
state licensing or certification authority, such as exclusions, 
revocations, or suspension of license or certification, that occur in 
conjunction with settlements in which no finding of liability has been 
made (although such a settlement itself is not reportable under the 
statute). This definition excludes administrative fines or citations 
and corrective action plans and other personnel actions, unless they 
are:
    (i) Connected to the delivery of health care services, or
    (ii) Taken in conjunction with other adverse licensure or 
certification actions such as revocation, suspension, censure, 
reprimand, probation, or surrender.
    Organization name means the subject's business or employer at the 
time the underlying acts occurred. If more than one business or 
employer is applicable, the one most closely related to the underlying 
acts should be reported as the ``organization name,'' with the others 
being reported as ``affiliated or associated health care entities.''
    Organization type means a description of the nature of that 
business or employer.
    Other adjudicated actions or decisions means formal or official 
final actions taken against a health care practitioner, provider, or 
supplier by a Federal governmental agency, a state law or fraud 
enforcement agency, or a health plan, which include the availability of 
a due process mechanism, and are based on acts or omissions that affect 
or could affect the payment, provision, or delivery of a health care 
item or service. For example, a formal or official final action taken 
by a Federal governmental agency, a state law or fraud enforcement 
agency, or a health plan may include, but is not limited to, a 
personnel-related action such as suspensions without pay, reductions in 
pay, reductions in grade for cause, terminations, or other comparable 
actions. A hallmark of any valid adjudicated action or decision is the 
availability of a due process mechanism. The fact that the subject 
elects not to use the due process mechanism provided by the authority 
bringing the action is immaterial, as long as such a process is 
available to the subject before the adjudicated action or decision is 
made final. In general, if an ``adjudicated action or decision'' 
follows an agency's established administrative procedures (which ensure 
that due process is available to the subject of the final adverse 
action), it would qualify as a reportable action under this definition. 
This definition specifically excludes clinical privileging actions 
taken by Federal Government agencies or state law and fraud enforcement 
agencies and similar paneling decisions made by health plans. This 
definition does not include overpayment determinations made by Federal 
or state government programs, their contractors or health plans, and it 
does not include denial of claims determinations made by Federal 
Government agencies, state law or fraud enforcement agencies, or health 
plans. This definition also does not include business or administrative 
decisions taken by health plans that result in contract terminations 
unrelated to health care fraud or abuse or quality of care (e.g., when 
a practitioner's contract is terminated because the practitioner no 
longer practices at a facility in the health plan's network, or a 
health plan terminates all provider contracts in a certain geographic 
area because it ceases business operations in that area). For health 
plans that are not government entities, an action taken following 
adequate notice and the opportunity for a hearing that meets the 
standards of due process set out in section 412(b) of the HCQIA (42 
U.S.C. 11112(b)) also would qualify as a reportable action under this 
definition.
    Peer review organization means, for purposes of this part, an 
organization with the primary purpose of evaluating the quality of 
patient care practices or services ordered or performed by health care 
practitioners measured against objective criteria which define 
acceptable and adequate practice through an evaluation by a sufficient 
number of health care practitioners in such an area to ensure adequate 
peer review. The organization has due process mechanisms available to 
health care practitioners. This definition excludes utilization and 
quality control peer review organizations described in Part B of Title 
XI of the Social Security Act (referred to as QIOs) and other 
organizations funded by the Centers for Medicare & Medicaid Services 
(CMS) to support the QIO program.
    Physician means, for purposes of this part, a doctor of medicine or 
osteopathy legally authorized to practice medicine or surgery by a 
state (or who, without authority, holds himself or herself out to be so 
authorized).
    Private accreditation entity means an entity or organization that:
    (1) Evaluates and seeks to improve the quality of health care 
provided by a health care entity, provider, or supplier;
    (2) Measures a health care entity's, provider's, or supplier's 
performance based on a set of standards and assigns a level of 
accreditation;
    (3) Conducts ongoing assessments and periodic reviews of the 
quality of health care provided by a health care entity, provider, or 
supplier; and

[[Page 20487]]

    (4) Has due process mechanisms available to health care entities, 
providers, or suppliers.
    Professional review action means an action or recommendation of a 
health care entity:
    (1) Taken in the course of professional review activity;
    (2) Based on the professional competence or professional conduct of 
an individual health care practitioner which affects or could affect 
adversely the health or welfare of a patient or patients; and
    (3) Which adversely affects or may adversely affect the clinical 
privileges or membership in a professional society of the health care 
practitioner.
    (4) This term excludes actions which are primarily based on:
    (i) The health care practitioner's association, or lack of 
association, with a professional society or association;
    (ii) The health care practitioner's fees or the health care 
practitioner's advertising or engaging in other competitive acts 
intended to solicit or retain business;
    (iii) The health care practitioner's participation in prepaid group 
health plans, salaried employment, or any other manner of delivering 
health services whether on a fee-for-service or other basis;
    (iv) A health care practitioner's association with, supervision of, 
delegation of authority to, support for, training of, or participation 
in a private group practice with, a member or members of a particular 
class of health care practitioner or professional; or
    (v) Any other matter that does not relate to the competence or 
professional conduct of a health care practitioner.
    Professional review activity means an activity of a health care 
entity with respect to an individual health care practitioner:
    (1) To determine whether the health care practitioner may have 
clinical privileges with respect to, or membership in, the entity;
    (2) To determine the scope or conditions of such privileges or 
membership; or
    (3) To change or modify such privileges or membership.
    Quality Improvement Organization means a utilization and quality 
control peer review organization (as defined in part B of title XI of 
the Social Security Act) that:
    (1)(i) Is composed of a substantial number of the licensed doctors 
of medicine and osteopathy engaged in the practice of medicine or 
surgery in the area and who are representative of the practicing 
physicians in the area, designated by the Secretary under section 1153, 
with respect to which the entity shall perform services under this 
part, or
    (ii) Has available to it, by arrangement or otherwise, the services 
of a sufficient number of licensed doctors of medicine or osteopathy 
engaged in the practice of medicine or surgery in such area to assure 
that adequate peer review of the services provided by the various 
medical specialties and subspecialties can be assured;
    (2) Is able, in the judgment of the Secretary, to perform review 
functions required under section 1154 in a manner consistent with the 
efficient and effective administration of this part and to perform 
reviews of the pattern of quality of care in an area of medical 
practice where actual performance is measured against objective 
criteria which define acceptable and adequate practice; and
    (3) Has at least one individual who is a representative of 
consumers on its governing body.
    Secretary means the Secretary of Health and Human Services and any 
other officer or employee of the Department of Health and Human 
Services to whom the authority involved has been delegated.
    State means the fifty states, the District of Columbia, Puerto 
Rico, the Virgin Islands, Guam, American Samoa, and the Northern 
Mariana Islands.
    State law or fraud enforcement agency includes, but is not limited 
to:
    (1) A state law enforcement agency;
    (2) A state Medicaid fraud control unit (as defined in section 
1903(q) of the Social Security Act); and
    (3) A state agency administering (including those providing payment 
for services) or supervising the administration of a government health 
care program (as defined in section 1128(h) of the Social Security 
Act).
    State licensing or certification agency includes, but is not 
limited to, any authority of a state (or of a political subdivision 
thereof) responsible for the licensing or certification of health care 
practitioners (or any peer review organization or private accreditation 
entity reviewing the services provided by health care practitioners), 
health care entities, providers, or suppliers. Examples of such state 
agencies include Departments of Professional Regulation, Health, Social 
Services (including State Survey and Certification and Medicaid Single 
State agencies), Commerce, and Insurance.
    Voluntary surrender of license or certification means a surrender 
made after a notification of investigation or a formal official request 
by a Federal or state licensing or certification authority for a health 
care practitioner, health care entity, provider, or supplier to 
surrender the license or certification (including certification 
agreements or contracts for participation in government health care 
programs). The definition also includes those instances where a health 
care practitioner, health care entity, provider, or supplier 
voluntarily surrenders a license or certification (including program 
participation agreements or contracts) in exchange for a decision by 
the licensing or certification authority to cease an investigation or 
similar proceeding, or in return for not conducting an investigation or 
proceeding, or in lieu of a disciplinary action.

Subpart B--Reporting of Information


Sec.  60.4  How information must be reported.

    Information must be reported to the NPDB as required under 
Sec. Sec.  60.7, 60.8, 60.9, 60.10, 60.11, 60.12, 60.13, 60.14, 60.15 
and 60.16 in such form and manner as the Secretary may prescribe.


Sec.  60.5  When information must be reported.

    Information required under Sec. Sec.  60.7, 60.8, and 60.12 must be 
submitted to the NPDB within 30 days following the action to be 
reported, beginning with actions occurring on or after September 1, 
1990; information required under Sec.  60.11 must be submitted to the 
NPDB within 30 days following the action to be reported, beginning with 
actions occurring on or after January 1, 1992; and information required 
under Sec. Sec.  60.9, 60.10, 60.13, 60.14, 60.15, and 60.16 must be 
submitted to the NPDB within 30 days following the action to be 
reported, beginning with actions occurring on or after August 21, 1996. 
Persons or entities responsible for submitting reports of malpractice 
payments (Sec.  60.7), negative actions or findings (Sec.  60.11), or 
adverse actions (Sec.  60.12) must additionally provide to their 
respective state authorities a copy of the report they submit to the 
NPDB. Following is the list of reportable actions:
    (a) Malpractice payments (Sec.  60.7);
    (b) Licensure and certification actions (Sec. Sec.  60.8, 60.9, and 
60.10);
    (c) Negative actions or findings (Sec.  60.11);
    (d) Adverse actions (Sec.  60.12);
    (e) Health Care-related Criminal Convictions (Sec.  60.13);
    (f) Health Care-related Civil Judgments (Sec.  60.14);
    (g) Exclusions from government health care programs (Sec.  60.15); 
and
    (h) Other adjudicated actions of decisions (Sec.  60.16).

[[Page 20488]]

Sec.  60.6  Reporting errors, omissions, revisions or whether an action 
is on appeal.

    (a) Persons and entities are responsible for the accuracy of 
information which they report to the NPDB. If errors or omissions are 
found after information has been reported, the person or entity which 
reported it must send an addition or correction to the NPDB and in the 
case of reports made under Sec.  60.12 of this part, also to the Board 
of Medical Examiners, as soon as possible. The NPDB will not accept 
requests for readjudication of the case by the NPDB, and will not 
examine the underlying merits of a reportable action.
    (b) An individual or entity which reports information on licensure 
or certification, negative actions or findings, clinical privileges, 
criminal convictions, civil or administrative judgments, exclusions, or 
adjudicated actions or decisions under Sec. Sec.  60.8, 60.9, 60.10, 
60.11, 60.12, 60.13, 60.14, 60.15, or 60.16 must also report any 
revision of the action originally reported. Revisions include, but are 
not limited to, reversal of a professional review action or 
reinstatement of a license. In the case of actions reported under 
Sec. Sec.  60.9, 60.10, 60.13, 60.14, 60.15 or 60.16, revisions also 
include whether an action is on appeal. Revisions are subject to the 
same time constraints and procedures of Sec. Sec.  60.5, 60.8, 60.9, 
60.10, 60.11, 60.12, 60.13, 60.14, 60.15, or 60.16 as applicable to the 
original action which was reported.
    (c) The subject will be sent a copy of all reports, including 
revisions and corrections to the report.
    (d) Upon receipt of a report, the subject:
    (1) Can accept the report as written;
    (2) May provide a statement to the NPDB that will be permanently 
appended to the report, either directly or through a designated 
representative; (The NPDB will distribute the statement to queriers, 
where identifiable, and to the reporting entity and the subject of the 
report. Only the subject can, upon request, make changes to the 
statement. The NPDB will not edit the statement; however the NPDB 
reserves the right to redact personal identifying and offensive 
language that does not change the factual nature of the statement.) or
    (3) May follow the dispute process in accordance with Sec.  60.21.


Sec.  60.7  Reporting medical malpractice payments.

    (a) Who must report. Each entity, including an insurance company, 
which makes a payment under an insurance policy, self-insurance, or 
otherwise, for the benefit of a health care practitioner in settlement 
of or in satisfaction in whole or in part of a claim or a judgment 
against such health care practitioner for medical malpractice, must 
report information as set forth in paragraph (b) of this section to the 
NPDB and to the appropriate state licensing board(s) in the state in 
which the act or omission upon which the medical malpractice claim was 
based. For purposes of this section, the waiver of an outstanding debt 
is not construed as a ``payment'' and is not required to be reported.
    (b) What information must be reported. Entities described in 
paragraph (a) of this section must report the following information:
    (1) With respect to the health care practitioner for whose benefit 
the payment is made:
    (i) Name,
    (ii) Work address,
    (iii) Home address, if known,
    (iv) Social Security Number, if known, and if obtained in 
accordance with section 7 of the Privacy Act of 1974 (5 U.S.C. 552a 
note),
    (v) Date of birth,
    (vi) Name of each professional school attended and year of 
graduation,
    (vii) For each professional license: the license number, the field 
of licensure, and the name of the state or territory in which the 
license is held,
    (viii) Drug Enforcement Administration registration number, if 
known,
    (ix) Name of each hospital with which he or she is affiliated, if 
known;
    (2) With respect to the reporting entity:
    (i) Name and address of the entity making the payment,
    (ii) Name, title, and telephone number of the responsible official 
submitting the report on behalf of the entity, and
    (iii) Relationship of the reporting entity to the health care 
practitioner for whose benefit the payment is made;
    (3) With respect to the judgment or settlement resulting in the 
payment:
    (i) Where an action or claim has been filed with an adjudicative 
body, identification of the adjudicative body and the case number,
    (ii) Date or dates on which the act(s) or omission(s) which gave 
rise to the action or claim occurred,
    (iii) Date of judgment or settlement,
    (iv) Amount paid, date of payment, and whether payment is for a 
judgment or a settlement,
    (v) Description and amount of judgment or settlement and any 
conditions attached thereto, including terms of payment,
    (vi) A description of the acts or omissions and injuries or 
illnesses upon which the action or claim was based,
    (vii) Classification of the acts or omissions in accordance with a 
reporting code adopted by the Secretary, and
    (viii) Other information as required by the Secretary from time to 
time after publication in the Federal Register and after an opportunity 
for public comment.
    (c) Sanctions. Any entity that fails to report information on a 
payment required to be reported under this section is subject to a 
civil money penalty not to exceed the amount specified at 42 CFR 
1003.103(c).
    (d) Interpretation of information. A payment in settlement of a 
medical malpractice action or claim shall not be construed as creating 
a presumption that medical malpractice has occurred.


Sec.  60.8  Reporting licensure actions taken by Boards of Medical 
Examiners.

    (a) What actions must be reported. Each Board of Medical Examiners 
must report to the NPDB any action based on reasons relating to a 
physician's or dentist's professional competence or professional 
conduct:
    (1) Which revokes or suspends (or otherwise restricts) a 
physician's or dentist's license,
    (2) Which censures, reprimands, or places on probation a physician 
or dentist, or
    (3) Under which a physician's or dentist's license is surrendered.
    (b) Information that must be reported. The Board must report the 
following information for each action:
    (1) The physician's or dentist's name,
    (2) The physician's or dentist's work address,
    (3) The physician's or dentist's home address, if known,
    (4) The physician's or dentist's Social Security number or 
Individual Tax Identification Number (ITIN), if known, and if obtained 
in accordance with section 7 of the Privacy Act of 1974 (5 U.S.C. 552a 
note),
    (5) National Provider Identifier (NPI),
    (6) The physician's or dentist's date of birth,
    (7) Name of each professional school attended by the physician or 
dentist and year of graduation,
    (8) For each professional license, the physician's or dentist's 
license number, the field of licensure and the name of the state or 
territory in which the license is held,
    (9) The physician's or dentist's Drug Enforcement Administration 
registration number, if known,
    (10) A description of the acts or omissions or other reasons for 
the action taken,

[[Page 20489]]

    (11) A description of the Board action, the date the action was 
taken, its effective date and duration,
    (12) Classification of the action in accordance with a reporting 
code adopted by the Secretary, and
    (13) Other information as required by the Secretary from time to 
time after publication in the Federal Register and after an opportunity 
for public comment.
    (c) Sanctions. If, after notice of noncompliance and providing 
opportunity to correct noncompliance, the Secretary determines that a 
Board has failed to submit a report as required by this section, the 
Secretary will designate another qualified entity for the reporting of 
information under Sec.  60.12 of this part.


Sec.  60.9  Reporting licensure and certification actions taken by 
states.

    (a) What actions must be reported. Each state is required to adopt 
a system of reporting to the NPDB actions, as listed below, which are 
taken against a health care practitioner, health care entity, provider, 
or supplier (all as defined in Sec.  60.3 of this part). The actions 
taken must be as a result of formal proceedings (as defined in Sec.  
60.3). The actions which must be reported are:
    (1) Any adverse action taken by the licensing or certification 
authority of the state as a result of a formal proceeding, including 
revocation or suspension of a license, or certification agreement or 
contract for participation in a government health care program (and the 
length of any such suspension), reprimand, censure, or probation;
    (2) Any dismissal or closure of the formal proceeding by reason of 
the health care practitioner, health care entity, provider, or supplier 
surrendering the license or certification agreement or contract for 
participation in a government health care program, or leaving the state 
or jurisdiction;
    (3) Any other loss of license or loss of the certification 
agreement or contract for participation in a government health care 
program, or the right to apply for, or renew, a license or 
certification agreement or contract of the health care practitioner, 
health care entity, provider or supplier, whether by operation of law, 
voluntary surrender, nonrenewal (excluding non-renewals due to 
nonpayment of fees, retirement, or change to inactive status), or 
otherwise;
    (4) Any negative action or finding by such authority, organization, 
or entity regarding the health care practitioner, health care entity, 
provider, or supplier.
    (b) What information must be reported. Each state must report the 
following information (not otherwise reported under Sec.  60.8 of this 
part):
    (1) If the subject is an individual, personal identifiers, 
including:
    (i) Name,
    (ii) Social Security Number or ITIN, if known, and if obtained in 
accordance with section 7 of the Privacy Act of 1974 (5 U.S.C. 552a 
note),
    (iii) Home address or address of record,
    (iv) Sex, and
    (v) Date of birth.
    (2) If the subject is an individual, employment or professional 
identifiers, including:
    (i) Organization name and type,
    (ii) Occupation and specialty, if applicable,
    (iii) National Provider Identifier (NPI),
    (iv) Name of each professional school attended and year of 
graduation, and
    (v) With respect to the professional license (including 
professional certification and registration) on which the reported 
action was taken, the license number, the field of licensure, and the 
name of the state or territory in which the license is held.
    (3) If the subject is an organization, identifiers, including:
    (i) Name,
    (ii) Business address,
    (iii) Federal Employer Identification Number (FEIN), or Social 
Security Number when used by the subject as a Taxpayer Identification 
Number (TIN),
    (iv) The NPI,
    (v) Type of organization, and
    (vi) With respect to the license (including certification and 
registration) on which the reported action was taken, the license and 
the name of the state or territory in which the license is held.
    (4) For all subjects:
    (i) A narrative description of the acts or omissions and injuries 
upon which the reported action was based,
    (ii) Classification of the acts or omissions in accordance with a 
reporting code adopted by the Secretary,
    (iii) Classification of the action taken in accordance with a 
reporting code adopted by the Secretary, and the amount of any monetary 
penalty resulting from the reported action,
    (iv) The date the action was taken, its effective date and 
duration,
    (v) Name of the agency taking the action,
    (vi) Name and address of the reporting entity, and
    (vii) The name, title and telephone number of the responsible 
official submitting the report on behalf of the reporting entity.
    (c) What information may be reported, if known. Reporting entities 
described in paragraph (a) of this section may voluntarily report, if 
known, the following information:
    (1) If the subject is an individual, personal identifiers, 
including:
    (i) Other name(s) used,
    (ii) Other address,
    (iii) FEIN, when used by the individual as a TIN, and
    (iv) If deceased, date of death.
    (2) If the subject is an individual, employment or professional 
identifiers, including:
    (i) Other state professional license number(s), field(s) of 
licensure, and the name(s) of the state or territory in which the 
license is held,
    (ii) Other numbers assigned by Federal or state agencies, 
including, but not limited to DEA registration number(s), Unique 
Physician Identification Number(s) (UPIN), and Medicaid and Medicare 
provider number(s),
    (iii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated, and
    (iv) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (3) If the subject is an organization, identifiers, including:
    (i) Other name(s) used,
    (ii) Other address(es) used,
    (iii) Other FEIN(s) or Social Security Number(s) used,
    (iv) Other NPI(s) used,
    (v) Other state license number(s) and the name(s) of the state or 
territory in which the license is held,
    (vi) Other numbers assigned by Federal or state agencies, 
including, but not limited to DEA registration number(s), Clinical 
Laboratory Improvement Act (CLIA) number(s), Food and Drug 
Administration (FDA) number(s), and Medicaid and Medicare provider 
number(s),
    (vii) Names and titles of principal officers and owners,
    (viii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated, and
    (ix) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (4) For all subjects:
    (i) Whether the subject will be automatically reinstated.
    (ii) The date of appeal, if any.
    (d) Access to documents. Each state must provide the Secretary (or 
an entity designated by the Secretary) with access to the documents 
underlying the actions described in paragraphs (a)(1) through (4) of 
this section, as may be necessary for the Secretary to determine the 
facts and circumstances concerning the actions and determinations for 
the purpose of carrying out section 1921.

[[Page 20490]]

    (e) Sanctions for failure to report. The Secretary will provide for 
a publication of a public report that identifies failures to report 
information on adverse actions as required to be reported under this 
section.


Sec.  60.10  Reporting Federal licensure and certification actions.

    (a) What actions must be reported. Federal licensing and 
certification agencies must report to the NPDB the following final 
adverse actions that are taken against a health care practitioner, 
physician, dentist, provider, or supplier (regardless of whether the 
final adverse action is the subject of a pending appeal):
    (1) Formal or official actions, such as revocation or suspension of 
a license or certification agreement or contract for participation in 
government health care programs (and the length of any such 
suspension), reprimand, censure or probation,
    (2) Any dismissal or closure of the proceedings by reason of the 
health care practitioner, provider, or supplier surrendering their 
license or certification agreement or contract for participation in 
government health care programs, or leaving the state or jurisdiction,
    (3) Any other loss of the license or loss of the certification 
agreement or contract for participation in government health care 
programs, or the right to apply for, or renew, a license or 
certification agreement or contract of the health care practitioner, 
provider, or supplier, whether by operation of law, voluntary 
surrender, nonrenewal (excluding non-renewals due to nonpayment of 
fees, retirement, or change to inactive status), or otherwise, and
    (4) Any other negative action or finding by such Federal agency 
that is publicly available information.
    (b) What information must be reported. Each Federal agency 
described in paragraph (a) of this section must report the following 
information:
    (1) If the subject is an individual, personal identifiers, 
including:
    (i) Name,
    (ii) Social Security Number or ITIN,
    (iii) Home address or address of record,
    (iv) Sex, and
    (v) Date of birth.
    (2) If the subject is an individual, employment or professional 
identifiers, including:
    (i) Organization name and type,
    (ii) Occupation and specialty, if applicable,
    (iii) National Provider Identifier (NPI),
    (iv) Name of each professional school attended and year of 
graduation, and
    (v) With respect to the state professional license (including 
professional certification and registration) on which the reported 
action was taken, the license number, the field of licensure, and the 
name of the state or territory in which the license is held.
    (3) If the subject is an organization, identifiers, including:
    (i) Name,
    (ii) Business address,
    (iii) Federal Employer Identification Number (FEIN), or Social 
Security Number (or ITIN) when used by the subject as a Taxpayer 
Identification Number (TIN),
    (iv) The NPI,
    (v) Type of organization, and
    (vi) With respect to the state license (including certification and 
registration) on which the reported action was taken, the license and 
the name of the state or territory in which the license is held.
    (4) For all subjects:
    (i) A narrative description of the acts or omissions and injuries 
upon which the reported action was based,
    (ii) Classification of the acts or omissions in accordance with a 
reporting code adopted by the Secretary,
    (iii) Classification of the action taken in accordance with a 
reporting code adopted by the Secretary, and the amount of any monetary 
penalty resulting from the reported action,
    (iv) The date the action was taken, its effective date and 
duration,
    (v) Name of the agency taking the action,
    (vi) Name and address of the reporting entity, and
    (vii) The name, title, and telephone number of the responsible 
official submitting the report on behalf of the reporting entity.
    (c) What information may be reported, if known. Reporting entities 
described in paragraph (a) of this section may voluntarily report, if 
known, the following information:
    (1) If the subject is an individual, personal identifiers, 
including:
    (i) Other name(s) used,
    (ii) Other address,
    (iii) FEIN, when used by the individual as a TIN, and
    (iv) If deceased, date of death.
    (2) If the subject is an individual, employment or professional 
identifiers, including:
    (i) Other state professional license number(s), field(s) of 
licensure, and the name(s) of the state or territory in which the 
license is held,
    (ii) Other numbers assigned by Federal or state agencies, 
including, but not limited to DEA registration number(s), Unique 
Physician Identification Number(s) (UPIN), and Medicaid and Medicare 
provider number(s),
    (iii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated, and
    (iv) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (3) If the subject is an organization, identifiers, including:
    (i) Other name(s) used,
    (ii) Other address(es) used,
    (iii) Other FEIN(s) or Social Security Number(s) used,
    (iv) Other NPI(s) used,
    (v) Other state license number(s) and the name(s) of the state or 
territory in which the license is held,
    (vi) Other numbers assigned by Federal or state agencies, 
including, but not limited to DEA registration number(s), Clinical 
Laboratory Improvement Act (CLIA) number(s), Food and Drug 
Administration (FDA) number(s), and Medicaid and Medicare provider 
number(s),
    (vii) Names and titles of principal officers and owners,
    (viii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated, and
    (ix) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (4) For all subjects:
    (i) Whether the subject will be automatically reinstated.
    (ii) The date of appeal, if any.
    (d) Sanctions for failure to report. The Secretary will provide for 
a publication of a public report that identifies those agencies that 
have failed to report information on adverse actions as required to be 
reported under this section.


Sec.  60.11  Reporting negative actions or findings taken by peer 
review organizations or private accreditation entities.

    (a) What actions must be reported. Peer review organizations and 
private accreditation entities are required to report any negative 
actions or findings (as defined in Sec.  60.3 of this part) which are 
taken against a health care practitioner, health care entity, provider, 
or supplier to the NPDB and provide a copy to the appropriate state 
licensing or certification agency. The health care practitioner, health 
care entity, provider, or supplier must be licensed or otherwise 
authorized by the state to provide health care services. The actions 
taken must be as a result of formal proceedings (as defined in Sec.  
60.3).
    (b) What information must be reported. Each peer review 
organization

[[Page 20491]]

and private accreditation entity must report the information as 
required in Sec.  60.9(b) of this part.
    (c) What information may be reported, if known. Each peer review 
organization and private accreditation entity should report, if known, 
the information as described in Sec.  60.9(c).
    (d) Access to documents. Each peer review organization and private 
accreditation entity must provide the Secretary (or an entity 
designated by the Secretary) with access to the documents underlying 
the actions described in this section as may be necessary for the 
Secretary to determine the facts and circumstances concerning the 
actions and determinations for the purpose of carrying out section 
1921.


Sec.  60.12  Reporting adverse actions taken against clinical 
privileges.

    (a) Reporting by health care entities to the NPDB. (1) Actions that 
must be reported and to whom the report must be made. Each health care 
entity must report to the NPDB and provide a copy of the report to the 
Board of Medical Examiners in the state in which the health care entity 
is located the following actions:
    (i) Any professional review action that adversely affects the 
clinical privileges of a physician or dentist for a period longer than 
30 days,
    (ii) Acceptance of the surrender of clinical privileges or any 
restriction of such privileges by a physician or dentist:
    (A) While the physician or dentist is under investigation by the 
health care entity relating to possible incompetence or improper 
professional conduct, or
    (B) In return for not conducting such an investigation or 
proceeding, or
    (iii) In the case of a health care entity which is a professional 
society, when it takes a professional review action concerning a 
physician or dentist.
    (2) Voluntary reporting on other health care practitioners. A 
health care entity may report to the NPDB information as described in 
paragraph (a)(3) of this section concerning actions described in 
paragraph (a)(1) in this section with respect to other health care 
practitioners.
    (3) What information must be reported. The health care entity must 
report the following information concerning actions described in 
paragraph (a)(1) of this section with respect to a physician or 
dentist:
    (i) Name,
    (ii) Work address,
    (iii) Home address, if known,
    (iv) Social Security Number, if known, and if obtained in 
accordance with section 7 of the Privacy Act of 1974,
    (v) Date of birth,
    (vi) Name of each professional school attended and year of 
graduation,
    (vii) For each professional license: the license number, the field 
of licensure, and the name of the state or territory in which the 
license is held,
    (viii) DEA registration number, if known,
    (ix) A description of the acts or omissions or other reasons for 
privilege loss, or, if known, for surrender,
    (x) Action taken, date the action was taken, and effective date of 
the action, and
    (xi) Other information as required by the Secretary from time to 
time after publication in the Federal Register and after an opportunity 
for public comment.
    (b) Reporting by the Board of Medical Examiners to the NPDB. Each 
Board must report any known instances of a health care entity's failure 
to report information as required under paragraph (a)(1) of this 
section. In addition, each Board of Medical Examiners must 
simultaneously report this information to the appropriate state 
licensing board in the state in which the health care entity is 
located, if the Board of Medical Examiners is not such licensing board.
    (c) Sanctions. (1) Health care entities. If the Secretary has 
reason to believe that a health care entity has substantially failed to 
report information in accordance with this section, the Secretary will 
conduct an investigation. If the investigation shows that the health 
care entity has not complied with this section, the Secretary will 
provide the entity with a written notice describing the noncompliance, 
giving the health care entity an opportunity to correct the 
noncompliance, and stating that the entity may request, within 30 days 
after receipt of such notice, a hearing with respect to the 
noncompliance. The request for a hearing must contain a statement of 
the material factual issues in dispute to demonstrate that there is 
cause for a hearing. These issues must be both substantive and 
relevant. The hearing will be held in the Washington, DC, metropolitan 
area. The Secretary will deny a hearing if:
    (i) The request for a hearing is untimely,
    (ii) The health care entity does not provide a statement of 
material factual issues in dispute, or
    (iii) The statement of factual issues in dispute is frivolous or 
inconsequential.
    In the event that the Secretary denies a hearing, the Secretary 
will send a written denial to the health care entity setting forth the 
reasons for denial. If a hearing is denied, or, if as a result of the 
hearing the entity is found to be in noncompliance, the Secretary will 
publish the name of the health care entity in the Federal Register. In 
such case, the immunity protections provided under section 411(a) of 
HCQIA will not apply to the health care entity for professional review 
activities that occur during the 3-year period beginning 30 days after 
the date of publication of the entity's name in the Federal Register.
    (2) Board of Medical Examiners. If, after notice of noncompliance 
and providing opportunity to correct noncompliance, the Secretary 
determines that a Board of Medical Examiners has failed to report 
information in accordance with paragraph (b) of this section, the 
Secretary will designate another qualified entity for the reporting of 
this information.


Sec.  60.13  Reporting Federal or state criminal convictions related to 
the delivery of a health care item or service.

    (a) Who must report. Federal and state prosecutors must report 
criminal convictions against health care practitioners, providers, and 
suppliers related to the delivery of a health care item or service 
(regardless of whether the conviction is the subject of a pending 
appeal).
    (b) What information must be reported. Entities described in 
paragraph (a) of this section must report the following information:
    (1) If the subject is an individual, personal identifiers, 
including:
    (i) Name,
    (ii) Social Security Number (or ITIN) (states must report this 
information, if known, and if obtained in accordance with section 7 of 
the Privacy Act of 1974),
    (iii) Home address or address of record,
    (iv) Sex, and
    (v) Date of birth.
    (2) If the subject is an individual, that individual's employment 
or professional identifiers, including:
    (i) Organization name and type,
    (ii) Occupation and specialty, if applicable, and
    (iii) National Provider Identifier (NPI).
    (3) If the subject is an organization, identifiers, including:
    (i) Name,
    (ii) Business address,
    (iii) Federal Employer Number (FEIN), or Social Security Number (or 
ITIN) when used by the subject as a Taxpayer Identification Number 
(TIN),
    (iv) The NPI, and
    (v) Type of organization.
    (4) For all subjects:

[[Page 20492]]

    (i) A narrative description of the acts or omissions and injuries 
upon which the reported action was based,
    (ii) Classification of the acts or omissions in accordance with a 
reporting code adopted by the Secretary,
    (iii) Name and location of court or judicial venue in which the 
action was taken,
    (iv) Docket or court file number,
    (v) Type of action taken,
    (vi) Statutory offense(s) and count(s),
    (vii) Name of primary prosecuting agency (or the plaintiff in civil 
actions),
    (viii) Date of sentence or judgment,
    (ix) Length of incarceration, detention, probation, community 
service, or suspended sentence,
    (x) Amounts of any monetary judgment, penalty, fine, assessment, or 
restitution,
    (xi) Other sentence, judgment, or orders,
    (xii) If the action is on appeal,
    (xiii) Name and address of the reporting entity, and
    (xiv) The name, title, and telephone number of the responsible 
official submitting the report on behalf of the reporting entity.
    (c) What information may be reported, if known. Entities described 
in paragraph (a) of this section and each state should report, if 
known, the following information:
    (1) If the subject is an individual, personal identifiers, 
including:
    (i) Other name(s) used,
    (ii) Other address(es), and
    (iii) FEIN, when used by the individual as a TIN.
    (2) If the subject is an individual, that individual's employment 
or professional identifiers, including:
    (i) State professional license (including professional 
certification and registration) number(s), field(s) of licensure, and 
the name(s) of the state or territory in which the license is held,
    (ii) Other numbers assigned by Federal or state agencies, to 
include, but not limited to DEA registration number(s), Unique 
Physician Identification Number(s) (UPIN), and Medicaid and Medicare 
provider number(s);
    (iii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated, and
    (iv) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (3) If the subject is an organization, identifiers, including:
    (i) Other name(s) used,
    (ii) Other address(es) used,
    (iii) Other FEIN(s) or Social Security Numbers(s) (or ITINs) used,
    (iv) Other NPI(s) used,
    (v) State license (including certification and registration) 
number(s) and the name(s) of the state or territory in which the 
license is held,
    (vi) Other numbers assigned by Federal or state agencies, to 
include, but not limited to DEA registration number(s), Clinical 
Laboratory Improvement Act (CLIA) number(s), Food and Drug 
Administration (FDA) number(s), and Medicaid and Medicare provider 
number(s),
    (vii) Names and titles of principal officers and owners,
    (viii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated, and
    (ix) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (4) For all subjects:
    (i) Prosecuting agency's case number,
    (ii) Investigative agencies involved,
    (iii) Investigative agencies case or file number(s), and
    (iv) The date of appeal, if any.
    (d) Access to documents. Each state must provide the Secretary (or 
an entity designated by the Secretary) with access to the documents 
underlying the actions described in paragraphs (a)(1) through (4) of 
this section, as may be necessary for the Secretary to determine the 
facts and circumstances concerning the actions and determinations for 
the purpose of carrying out section 1921.
    (e) Sanctions for failure to report. The Secretary will provide for 
publication of a public report that identifies those agencies that have 
failed to report information on criminal convictions as required to be 
reported under this section.


Sec.  60.14  Reporting civil judgments related to the delivery of a 
health care item or service.

    (a) Who must report. Federal and state attorneys and health plans 
must report civil judgments against health care practitioners, 
providers, or suppliers related to the delivery of a health care item 
or service (regardless of whether the civil judgment is the subject of 
a pending appeal). If a government agency is party to a multi-claimant 
civil judgment, it must assume the responsibility for reporting the 
entire action, including all amounts awarded to all the claimants, both 
public and private. If there is no government agency as a party, but 
there are multiple health plans as claimants, the health plan which 
receives the largest award must be responsible for reporting the total 
action for all parties.
    (b) What information must be reported. Entities described in 
paragraph (a) of this section must report the information as required 
in Sec.  60.13(b) of this part.
    (c) What information may be reported, if known. Entities described 
in paragraph (a) of this section should report, if known the 
information as described in Sec.  60.13(c) of this part.
    (d) Access to documents. Each state must provide the Secretary (or 
an entity designated by the Secretary) with access to the documents 
underlying the actions described in paragraphs (a)(1) through (4) of 
this section, as may be necessary for the Secretary to determine the 
facts and circumstances concerning the actions and determinations for 
the purpose of carrying out section 1921.
    (e) Sanctions for failure to report. Any health plan that fails to 
report information on a civil judgment required to be reported under 
this section will be subject to a civil money penalty (CMP) of not more 
than $25,000 for each such adverse action not reported. Such penalty 
will be imposed and collected in the same manner as CMPs under 
subsection (a) of section 1128A of the Social Security Act. The 
Secretary will provide for publication of a public report that 
identifies those government agencies that have failed to report 
information on civil judgments as required to be reported under this 
section.


Sec.  60.15  Reporting exclusions from participation in government 
health care programs.

    (a) Who must report. Federal Government agencies and state law and 
fraud enforcement agencies must report health care practitioners, 
providers, or suppliers excluded from participating in government 
health care programs, including exclusions that were made in a matter 
in which there was also a settlement that is not reported because no 
findings or admissions of liability have been made (regardless of 
whether the exclusion is the subject of a pending appeal).
    (b) What information must be reported. Entities described in 
paragraph (a) of this section must report the following information:
    (1) If the subject is an individual, personal identifiers, 
including:
    (i) Name,
    (ii) Social Security Number (or ITIN) (state law and fraud 
enforcement agencies must report this information if known, and if 
obtained in accordance with section 7 of the Privacy Act of 1974),
    (iii) Home address or address of record,
    (iv) Sex, and
    (v) Date of birth.

[[Page 20493]]

    (2) If the subject is an individual, that individual's employment 
or professional identifiers, including:
    (i) Organization name and type,
    (ii) Occupation and specialty, if applicable, and
    (iii) National Provider Identifier (NPI).
    (3) If the subject is an organization, identifiers, including:
    (i) Name,
    (ii) Business address,
    (iii) Federal Employer Identification Number (FEIN) or Social 
Security Number (or ITIN) when used by the subject as a Taxpayer 
Identification Number (TIN),
    (iv) The NPI, and
    (v) Type of organization.
    (4) For all subjects:
    (i) A narrative description of the acts or omissions and injuries 
upon which the reported action was based,
    (ii) Classification of the acts or omissions in accordance with a 
reporting code adopted by the Secretary,
    (iii) Classification of the action taken in accordance with a 
reporting code adopted by the Secretary, and the amount of any monetary 
penalty resulting from the reported action,
    (iv) The date the action was taken, its effective date and 
duration,
    (v) If the action is on appeal,
    (vi) Name of the agency taking the action,
    (vii) Name and address of the reporting entity, and
    (viii) The name, title, and telephone number of the responsible 
official submitting the report on behalf of the reporting entity.
    (c) What information may be reported, if known. Entities described 
in paragraph (a) of this section should report, if known, the following 
information:
    (1) If the subject is an individual, personal identifiers, 
including:
    (i) Other name(s) used,
    (ii) Other address(es),
    (iii) FEIN, when used by the individual as a TIN,
    (iv) Name of each professional school attended and year of 
graduation, and
    (v) If deceased, date of death.
    (2) If the subject is an individual, that individual's employment 
or professional identifiers, including:
    (i) State professional license (including professional registration 
and certification) number(s), field(s) of licensure, and the name(s) of 
the state or territory in which the license is held,
    (ii) Other numbers assigned by Federal or state agencies, to 
include, but not limited to DEA registration number(s), Unique 
Physician Identification Number(s) (UPIN), and Medicaid and Medicare 
provider number(s),
    (iii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated, and
    (iv) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (3) If the subject is an organization, identifiers, including:
    (i) Other name(s) used,
    (ii) Other address(es) used,
    (iii) Other FEIN(s) or Social Security Numbers(s) (or ITINs) used,
    (iv) Other NPI(s) used,
    (v) State license (including registration and certification) 
number(s) and the name(s) of the state or territory in which the 
license is held,
    (vi) Other numbers assigned by Federal or state agencies, to 
include, but not limited to DEA registration number(s), Clinical 
Laboratory Improvement Act (CLIA) number(s), Food and Drug 
Administration (FDA) number(s), and Medicaid and Medicare provider 
number(s),
    (vii) Names and titles of principal officers and owners,
    (viii) Name(s) and address(es) of any health care entity with which 
the subject is affiliated or associated, and
    (ix) Nature of the subject's relationship to each associated or 
affiliated health care entity.
    (4) For all subjects:
    (i) If the subject will be automatically reinstated, and
    (ii) The date of appeal, if any.
    (d) Access to documents. Each state must provide the Secretary (or 
an entity designated by the Secretary) with access to the documents 
underlying the actions described in paragraphs (a)(1) through (4) of 
this section, as may be necessary for the Secretary to determine the 
facts and circumstances concerning the actions and determinations for 
the purpose of carrying out section 1921.
    (e) Sanctions for failure to report. The Secretary will provide for 
publication of a public report that identifies those government 
agencies that have failed to report information on exclusions or 
debarments as required to be reported under this section.


Sec.  60.16  Reporting other adjudicated actions or decisions.

    (a) Who must report. Federal Government agencies, state law or 
fraud enforcement agencies, and health plans must report other 
adjudicated actions or decisions as defined in Sec.  60.3 of this part 
related to the delivery, payment or provision of a health care item or 
service against health care practitioners, providers, and suppliers 
(regardless of whether the other adjudicated action or decision is 
subject to a pending appeal).
    (b) What information must be reported. Entities described in 
paragraph (a) of this section must report the information as required 
in Sec.  60.15(b) of this part.
    (c) What information may be reported, if known. Entities described 
in paragraph (a) of this section should report, if known, the 
information as described in Sec.  60.15(c) of this part.
    (d) Access to documents. Each state must provide the Secretary (or 
an entity designated by the Secretary) with access to the documents 
underlying the actions described in paragraphs (a)(1) through (4) of 
this section, as may be necessary for the Secretary to determine the 
facts and circumstances concerning the actions and determinations for 
the purpose of carrying out section 1921.
    (e) Sanctions for failure to report. Any health plan that fails to 
report information on another adjudicated action or decision required 
to be reported under this section will be subject to a civil money 
penalty (CMP) of not more than $25,000 for each such action not 
reported. Such penalty will be imposed and collected in the same manner 
as CMPs under subsection (a) of section 1128A of the Social Security 
Act. The Secretary will provide for publication of a public report that 
identifies those government agencies that have failed to report 
information on other adjudicated actions as required to be reported 
under this section.

Subpart C--Disclosure of Information by the National Practitioner 
Data Bank


Sec.  60.17  Information which hospitals must request from the National 
Practitioner Data Bank.

    (a) When information must be requested. Each hospital, either 
directly or through an authorized agent, must request information from 
the NPDB concerning a health care practitioner, as follows:
    (1) At the time a health care practitioner, applies for a position 
on its medical staff (courtesy or otherwise), or for clinical 
privileges at the hospital; and
    (2) Every 2 years concerning any health care practitioner, who is 
on its medical staff (courtesy or otherwise) or has clinical privileges 
at the hospital.
    (b) Failure to request information. Any hospital which does not 
request the information as required in paragraph (a) of this section is 
presumed to have knowledge of any information reported to the NPDB 
concerning this health care practitioner.
    (c) Reliance on the obtained information. Each hospital may rely 
upon the information provided by the NPDB to the hospital. A hospital 
shall not be held liable for this reliance

[[Page 20494]]

unless the hospital has knowledge that the information provided was 
false.


Sec.  60.18  Requesting information from the National Practitioner Data 
Bank.

    (a) Who may request information and what information may be 
available. Information in the NPDB will be available, upon request, to 
the persons or entities, or their authorized agents, as described 
below:
    (1) Information reported under Sec. Sec.  60.7, 60.8, and 60.12 of 
this part is available to:
    (i) A hospital that requests information concerning a health care 
practitioner who is on its medical staff (courtesy or otherwise) or has 
clinical privileges at the hospital,
    (ii) A health care practitioner who requests information concerning 
himself or herself,
    (iii) A State Medical Board of Examiners or other state authority 
that licenses health care practitioners,
    (iv) A health care entity which has entered or may be entering into 
an employment or affiliation relationship with a health care 
practitioner, or to which the health care practitioner has applied for 
clinical privileges or appointment to the medical staff,
    (v) An attorney, or individual representing himself or herself, who 
has filed a medical malpractice action or claim in a state or Federal 
court or other adjudicative body against a hospital, and who requests 
information regarding a specific health care practitioner who is also 
named in the action or claim. This information will be disclosed only 
upon the submission of evidence that the hospital failed to request 
information from the NPDB, as required by Sec.  60.17(a) of this part, 
and may be used solely with respect to litigation resulting from the 
action or claim against the hospital,
    (vi) A health care entity with respect to professional review 
activity, and
    (vii) A person or entity requesting statistical information, in a 
form which does not permit the identification of any individual or 
entity.
    (2) Information reported under Sec. Sec.  60.9, 60.10, 60.11, 
60.13, 60.14, 60.15, and 60.16 of this part is available to the 
agencies, authorities, and officials listed below that request 
information on licensure or certification actions, any other negative 
actions or findings, or final adverse actions concerning an individual 
practitioner, health care entity, provider, or supplier. These 
agencies, authorities, and officials may obtain data for the purposes 
of determining the fitness of individuals to provide health care 
services, protecting the health and safety of individuals receiving 
health care through programs administered by the requesting agency, and 
protecting the fiscal integrity of these programs.
    (i) Agencies administering (including those providing payment for 
services) government health care programs, including private entities 
administering such programs under contract,
    (ii) State licensing or certification agencies and Federal agencies 
responsible for the licensing and certification of health care 
practitioners, providers, or suppliers,
    (iii) State agencies administering or supervising the 
administration of government health care programs (as defined in 42 
U.S.C. 1128(h)),
    (iv) State law or fraud enforcement agencies,
    (v) Law enforcement officials and agencies such as:
    (A) United States Attorney General,
    (B) United States Chief Postal Inspector,
    (C) United States Inspectors General;
    (D) United States Attorneys,
    (E) United States Comptroller General,
    (F) United States Drug Enforcement Administration,
    (G) United States Nuclear Regulatory Commission, or
    (H) Federal Bureau of Investigation,
    (vi) Utilization and quality control peer review organizations 
described in part B of title XI and to appropriate entities with 
contracts under section 1154(a)(4)(C) of the Social Security Act with 
respect to eligible organizations reviewed under the contracts, but 
only with respect to information provided pursuant to Sec. Sec.  60.9 
and 60.11 of this part, as well as information provided pursuant to 
Sec. Sec.  60.13, 60.14, 60.15, and 60.16 of this part by Federal 
agencies and health plans,
    (vii) Hospitals and other health care entities (as defined in 
section 431 of the Health Care Quality Improvement Act of 1986), with 
respect to health care practitioners who have entered (or may be 
entering) into employment or affiliation relationships with, or have 
applied for clinical privileges or appointments to the medical staff of 
such hospitals or other health care entities, but only with respect to 
information provided pursuant to Sec. Sec.  60.9 and 60.11, as well as 
information provided pursuant to Sec. Sec.  60.13, 60.14, 60.15, and 
60.16 by Federal agencies and health plans,
    (viii) Health plans,
    (ix) A health care practitioner, health care entity, provider, or 
supplier who requests information concerning himself, herself, or 
itself, and
    (x) A person or entity requesting statistical information, in a 
form which does not permit the identification of any individual or 
entity. (For example, researchers may use statistical information to 
identify the total number of nurses with adverse licensure actions in a 
specific state. Similarly, researchers may use statistical information 
to identify the total number of health care entities denied 
accreditation.)
    (b) Procedures for obtaining National Practitioner Data Bank 
information. Persons and entities may obtain information from the NPDB 
by submitting a request in such form and manner as the Secretary may 
prescribe. These requests are subject to fees as described in Sec.  
60.19 of this part.


Sec.  60.19  Fees applicable to requests for information.

    (a) Policy on fees. The fees described in this section apply to all 
requests for information from the NPDB. The amount of such fees will be 
sufficient to recover the full costs of operating the NPDB. The actual 
fees will be announced by the Secretary in periodic notices in the 
Federal Register. However, for purposes of verification and dispute 
resolution at the time the report is accepted, the NPDB will provide a 
copy--at the time a report has been submitted, automatically, without a 
request and free of charge, of the record to the health care 
practitioner, entity, provider, or supplier who is the subject of the 
report and to the reporter.
    (b) Criteria for determining the fee. The amount of each fee will 
be determined based on the following criteria:
    (1) Direct and indirect personnel costs, including salaries and 
fringe benefits such as medical insurance and retirement,
    (2) Physical overhead, consulting, and other indirect costs 
(including materials and supplies, utilities, insurance, travel, and 
rent and depreciation on land, buildings, and equipment),
    (3) Agency management and supervisory costs,
    (4) Costs of enforcement, research, and establishment of 
regulations and guidance,
    (5) Use of electronic data processing equipment to collect and 
maintain information--the actual cost of the service, including 
computer search time, runs and printouts, and
    (6) Any other direct or indirect costs related to the provision of 
services.
    (c) Assessing and collecting fees. The Secretary will announce 
through notice in the Federal Register from time to time the methods of 
payment of NPDB fees. In determining these methods, the Secretary will 
consider efficiency, effectiveness, and convenience for the

[[Page 20495]]

NPDB users and the Department. Methods may include: credit card, 
electronic fund transfer, and other methods of electronic payment.


Sec.  60.20  Confidentiality of National Practitioner Data Bank 
information.

    (a) Limitations on disclosure. Information reported to the NPDB is 
considered confidential and shall not be disclosed outside the 
Department of Health and Human Services, except as specified in 
Sec. Sec.  60.17, 60.18, and 60.21 of this part. Persons and entities 
receiving information from the NPDB, either directly or from another 
party, must use it solely with respect to the purpose for which it was 
provided. The Data Bank report may not be disclosed, but nothing in 
this section will prevent the disclosure of information by a party from 
its own files used to create such reports where disclosure is otherwise 
authorized under applicable state or Federal law.
    (b) Penalty for violations. Any person who violates paragraph (a) 
of this section shall be subject to a civil money penalty of up to 
$11,000 for each violation. This penalty will be imposed pursuant to 
procedures at 42 CFR part 1003.


Sec.  60.21  How to dispute the accuracy of National Practitioner Data 
Bank information.

    (a) Who may dispute the NPDB information. The NPDB will routinely 
mail or transmit electronically to the subject a copy of the report 
filed in the NPDB. In addition, as indicated in Sec.  60.18, the 
subject may also request a copy of such report. The subject of the 
report or a designated representative may dispute the accuracy of a 
report concerning himself, herself, or itself as set forth in paragraph 
(b) of this section.
    (b) Procedures for disputing a report with the reporting entity. 
(1) If the subject disagrees with the reported information, the subject 
must request in the format as determined by the Secretary that the NPDB 
enter the report into ``disputed status.''
    (2) The NPDB will send the report, with a notation that the report 
has been placed in ``disputed status,'' to queriers (where 
identifiable), the reporting entity and the subject of the report.
    (3) The subject must attempt to enter into discussion with the 
reporting entity to resolve the dispute. If the reporting entity 
revises the information originally submitted to the NPDB, the NPDB will 
notify the subject and all entities to whom reports have been sent that 
the original information has been revised. If the reporting entity does 
not revise the reported information, or does not respond to the subject 
within 60 days, the subject may request that the Secretary review the 
report for accuracy. The Secretary will decide whether to correct the 
report within 30 days of the request. This time frame may be extended 
for good cause. The subject also may provide a statement to the NPDB, 
either directly or through a designated representative that will 
permanently append the report.
    (c) Procedures for requesting a review of a disputed report. (1) 
The subject must request, in the format as determined by the Secretary, 
that the Secretary review the report for accuracy. The subject must 
return this request to the NPDB along with appropriate materials that 
support the subject's position. The Secretary will only review the 
accuracy of the reported information, and will not consider the merits 
or appropriateness of the action or the due process that the subject 
received.
    (2) After the review, if the Secretary:
    (i) Concludes that the information is accurate and reportable to 
the NPDB, the Secretary will inform the subject and the NPDB of the 
determination. The Secretary will include a brief statement 
(Secretarial Statement) in the report that describes the basis for the 
decision. The report will be removed from ``disputed status.'' The NPDB 
will distribute the corrected report and statement(s) to previous 
queriers (where identifiable), the reporting entity and the subject of 
the report.
    (ii) Concludes that the information contained in the report is 
inaccurate, the Secretary will inform the subject of the determination 
and direct the NPDB or the reporting entity to revise the report. The 
Secretary will include a brief statement (Secretarial Statement) in the 
report describing the findings. The NPDB will distribute the corrected 
report and statement(s) to previous queriers (where identifiable), the 
reporting entity and the subject of the report.
    (iii) Determines that the disputed issues are outside the scope of 
the Department's review, the Secretary will inform the subject and the 
NPDB of the determination. The Secretary will include a brief statement 
(Secretarial Statement) in the report describing the findings. The 
report will be removed from ``disputed status.'' The NPDB will 
distribute the report and the statement(s) to previous queriers (where 
identifiable), the reporting entity and the subject of the report.
    (iv) Determines that the adverse action was not reportable and 
therefore should be removed from the NPDB, the Secretary will inform 
the subject and direct the NPDB to void the report. The NPDB will 
distribute a notice to previous queriers (where identifiable), the 
reporting entity and the subject of the report that the report has been 
voided.


Sec.  60.22  Immunity.

    Individuals, entities or their authorized agents, and the NPDB 
shall not be held liable in any civil action filed by the subject of a 
report unless the individual, entity, or authorized agent submitting 
the report has actual knowledge of the falsity of the information 
contained in the report.

PART 61--[REMOVED]

0
2. Under the authority of 42 U.S.C. 1320a-7e, remove part 61.
[FR Doc. 2013-07521 Filed 4-4-13; 8:45 am]
BILLING CODE 4165-15-P