[Federal Register Volume 78, Number 78 (Tuesday, April 23, 2013)]
[Notices]
[Pages 23938-23939]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-09511]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Medicare & Medicaid Services
Privacy Act of 1974; Report of a New Routine Use for Selected CMS
Systems of Records
AGENCY: Centers for Medicare & Medicaid Services (CMS), Department of
Health and Human Services (HHS).
ACTION: Altered Systems Notice, Adding a New Routine Use to Selected
CMS Systems of Records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of 1974
(5 U.S.C. 552a), CMS is adding a new routine use for emergency
preparedness and response to eight CMS systems of records. The new
routine use will authorize CMS to disclose beneficiary-identifiable
records to public health authorities and entities acting under a
delegation of authority of a public health authority requesting such
information for the purpose of identifying vulnerable individuals who
may need health assistance in the event of an incident, emergency or
disaster, and for purposes of planning and providing such assistance.
Disclosures made pursuant to the new routine use will be limited to the
minimum data necessary to carry out statutorily-authorized public
health-related emergency preparedness and response activities, as
provided in Section 1106 of the Social Security Act (42 U.S.C. 1306)
and the HIPAA Privacy Rule at 45 CFR Sec. Sec. 154.502, 164.512(b),
164.502(b) and 164.514(d)(3)(iii)(A). Requests and disclosures made
pursuant to the routine use will be coordinated through HHS' Office of
the Assistant Secretary for Preparedness and Response (ASPR). The eight
systems of records that will include the new routine use are: the
National Claims History (NCH), System No. 09-70-0558; Medicare
Integrated Data Repository (IDR), System No. 09-70-0571; Common Working
Files (CWF), System No. 09-70-0526; Enrollment Database (EDB), System
No. 09-70-0502; Medicare Beneficiary Database (MBD), System No. 09-70-
0536; Medicare Drug Data Processing System (DDPS), System No. 09-70-
0553; Long Term Care-Minimum Data Set (MDS), System No. 09-70-0528; and
Home Health Agency (HHA) Outcome and Assessment Information Set
(OASIS), System No. 09-70-0522.
DATES: Effective Date: The new routine use described in this notice
will become effective without further notice 30 days after publication
of this notice in the Federal Register, unless comments received on or
before that date result in revisions to this notice.
ADDRESSES: The public should send comments to: CMS Privacy Officer,
Division of Privacy Policy, Privacy Policy and Compliance Group, Office
of E-Health Standards & Services, Office of Enterprise Management, CMS,
Room S2-24-25, 7500 Security Boulevard, Baltimore, Maryland 21244-1850.
Comments received will be available for review at this location, by
appointment, during regular business hours, Monday through Friday from
9:00 a.m.-3:00 p.m., Eastern Time zone.
FOR FURTHER INFORMATION CONTACT: Kristen P. Finne, Senior Program
Analyst U.S. Department of Health and Human Services, Office of the
Assistant Secretary for Preparedness and Response (ASPR), Office of
Policy and Planning, Division of Health System Policy (HSP), Patriots
Plaza, 375 E Street SW., Office 11-1701, Washington DC 20024, Office
telephone: 202-691-2013, Blackberry: 202-439-1140, Email:
[email protected].
SUPPLEMENTARY INFORMATION: The new routine use will improve the
ability of HHS' Assistant Secretary for Preparedness and Response
(ASPR), in partnership with HHS' Centers for Medicare & Medicaid
Services, to assist public health authorities and entities acting under
a delegation of authority of a public health authority in identifying
vulnerable individuals who may need health assistance prior to, during,
and in the aftermath of an incident, emergency or disaster that poses
an adverse health
[[Page 23939]]
and/or public health impact, and in planning and providing such
assistance. Disclosing beneficiary-identifiable records for public
health-related emergency preparedness and response purposes is a
necessary and proper use of the information in the systems of records
being modified; the new routine use is compatible with the health care
purposes for which the information was collected in the CMS systems of
records. Disclosure purposes could include emergency planning for
outreach to at-risk populations and individuals during a public health
emergency. For example, a public health agency could match the records
with publicly available power outage data from another department or
agency. In the event of a public health emergency that involves power
outages, the public health agency would then be able to use the results
of the matched data to identify individuals in the affected community
who are dependent on energy for meeting their medical needs, for
example individuals living in the community who are dependent on
dialysis. The term ``public health authority'' and the concepts of
``public health activity'' and ``minimum necessary'' disclosures are
defined in the HIPAA Privacy Rule at 45 CFR Sec. Sec. 154.502,
164.512(b), 164.502(b) and 164.514(d)(3)(iii)(A).
For the reasons described above, the following routine use is added
to the eight systems of records listed below:
To disclose beneficiary-identifiable information to public
health authorities, and those entities acting under a delegation of
authority from a public health authority, when requesting such
information to carry out statutorily-authorized public health
activities pertaining to emergency preparedness and response.
Disclosures under this routine use will be limited to ``public
health authorities,'' ``public health activities,'' and ``minimum
necessary data'' as defined in the HIPAA Privacy Rule (45 CFR
Sec. Sec. 154.502, 164.512(b), 164.502(b) and
164.514(d)(3)(iii)(A)).
1. National Claims History (NCH), System No. 09-70-0588, published
at 71 Federal Register (Fed. Reg.), 67137 (November 20, 2006).
2. Medicare Integrated Data Repository (IDR), System No. 09-70-
0571, published at 71 Fed. Reg., 74915 (December 13, 2006).
3. Common Working Files (CWF), System No. 09-70-0526, published at
71 Fed. Reg., 64955 (November 6, 2006).
4. Enrollment Database (EDB), System No. 09-70-0502, published at
73 Fed. Reg., 10249 (February 26, 2008).
5. Medicare Beneficiary Database (MBD), System No. 09-70-0536,
published at 71 Fed. Reg., 70396 (December 4, 2006).
6. Medicare Drug Data Processing System (DDPS), System No. 09-70-
0553, published at 73 Fed. Reg., 30943 (May 29, 2008).
7. Long Term Care (LTC)-Minimum Data Set (MDS), System No. 09-70-
0528, published at 72 Fed. Reg., 12801 (March 19, 2007).
8. Home Health Agency (HHA) Outcome and Assessment Information Set
(OASIS), System No. 09-70-0522, published at 72 Fed. Reg. 63906
(November 13, 2007).
Dated: April 11, 2013.
Michelle Snyder,
Deputy Chief Operating Officer, Centers for Medicare & Medicaid
Services.
[FR Doc. 2013-09511 Filed 4-22-13; 8:45 am]
BILLING CODE 4120-01-P