42 U.S.C. 1320a-7e.
(a) Section 1128E of the Social Security Act (the Act) authorizes the Secretary of Health and Human Services (the Secretary) to implement a national health care fraud and abuse data collection program for the reporting and disclosing of certain final adverse actions taken against health care providers, suppliers, or practitioners. Section 1128E of the Act also directs the Secretary to maintain a database of final adverse actions taken against health care providers, suppliers or practitioners. This data bank will be known as the Healthcare Integrity and Protection Data Bank (HIPDB). Settlements in which no findings or admissions of liability have been made will be excluded from being reported. However, if another action is taken against the provider, supplier or practitioner of a health care item or service as a result of or in conjunction with the settlement, that action is reportable to the HIPDB.
(b) Section 1128E of the Act also requires the Secretary to implement the HIPDB in such a manner as to avoid duplication with the reporting requirements established for the National Practitioner Data Bank (NPDB) (See 45 CFR part 60). In accordance with the statute, the reporter responsible for reporting the final adverse actions to both the HIPDB and the NPDB will be required to submit only one report, provided that reporting is made through the Department's consolidated reporting mechanism that will sort the appropriate actions into the HIPDB, NPDB, or both.
(c) The regulations in this part set forth the reporting and disclosure requirements for the HIPDB.
The regulations in this part establish reporting requirements applicable to Federal and State Government agencies and to health plans, as the terms are defined under § 61.3.
The following definitions apply to this part:
(1) The U.S. Department of Justice;
(2) The U.S Department of Health and Human Services;
(3) Any other Federal agency that either administers or provides payment for the delivery of health care services, including, but not limited to, the U.S. Department of Defense and the U.S. Department of Veterans Affairs;
(4) Federal and State law enforcement agencies, including States Attorneys General and law enforcement investigators;
(5) State Medicaid Fraud Control Units; and
(6) Federal or State agencies responsible for the licensing and certification of health care providers, suppliers or licensed health care practitioners. Examples of such State agencies include Departments of Professional Regulation, Health, Social Services (including State Survey and Certification and Medicaid Single State agencies), Commerce and Insurance.
(1) A policy of health insurance;
(2) A contract of a service benefit organization;
(3) A membership agreement with a health maintenance organization or other prepaid health plan;
(4) A plan, program, agreement or other mechanism established, maintained or made available by a self insured employer or group of self insured employers, a practitioner, provider or supplier group, third party administrator, integrated health care delivery system, employee welfare association, public service group or organization or professional association; and
(5) An insurance company, insurance service or insurance organization that is licensed to engage in the business of selling health care insurance in a State and which is subject to State law which regulates health insurance.
Information must be reported to the HIPDB as required under §§ 61.6, 61.7, 61.8, 61.9, 61.10, 61.11 and 61.15 in such form and manner as the Secretary may prescribe.
(a) Information required under §§ 61.7, 61.8, 61.9, 61.10 and 61.11 must be submitted to the HIPDB—
(1) Within 30 calendar days from the date the final adverse action was taken or the date when the reporting entity became aware of the final adverse action; or
(2) By the close of the entity's next monthly reporting cycle, whichever is later.
(b) The date the final adverse action was taken, its effective date and duration of the action would be contained in the information reported to the HIPDB under §§ 61.7, 61.8, 61.9, 61.10 and 61.11.
(a) If errors or omissions are found after information has been reported, the reporter must send an addition or correction to the HIPDB. The HIPDB will not accept requests for readjudication of the case.
(b) A reporter that reports information on licensure, criminal convictions, civil or administrative judgments, exclusions, or adjudicated actions or decisions under §§ 61.7, 61.8, 61.9, 61.10 or 61.11 also must report any revision of the action originally reported. Revisions include, but are not limited to, reversal of a criminal conviction, reversal of a judgment or other adjudicated decisions or whether the action is on appeal, and reinstatement of a license.
(c) The subject will receive a copy of all reports, including revisions and corrections to the report.
(d) Upon receipt of a report, the subject—
(1) Can accept the report as written;
(2) May provide a statement to the HIPDB that will be permanently appended to the report, either directly or through a designated representative (The HIPDB will distribute the statement to queriers, where identifiable, and to the reporting entity and the subject of the report. The HIPDB will not edit the statement; only the subject can, upon request, make changes to the statement); or
(3) May follow the dispute process in accordance with § 61.15.
(a)
(1) Formal or official actions, such as revocation or suspension of a license or certification agreement or contract for participation in Federal or State health care programs (and the length of any such suspension), reprimand, censure or probation;
(2) Any other loss of the license or loss of the certification agreement or contract for participation in Federal or State health care programs, or the right to apply for, or renew, a license or certification agreement or contract of the provider, supplier, or practitioner, whether by operation of law, voluntary surrender, non-renewal (excluding nonrenewals due to nonpayment of fees, retirement, or change to inactive status), or otherwise; and
(3) Any other negative action or finding by such Federal or State agency that is publicly available information.
(b) Entities described in paragraph (a) of this section must report the following information:
(1) If the subject is an individual, personal identifiers, including:
(i) Name;
(ii) Social Security Number (or Individual Taxpayer Identification Number (ITIN));
(iii) Home address or address of record;
(iv) Sex; and
(v) Date of birth.
(2) If the subject is an individual, that individual's employment or professional identifiers, including:
(i) Organization name and type;
(ii) Occupation and specialty, if applicable;
(iii) National Provider Identifier (NPI), when issued by theCenters for Medicare & Medicaid Services (CMS);
(iv) Name of each professional school attended and year of graduation; and
(v) With respect to the State professional license (including professional certification and registration) on which the reported action was taken, the license number, the field of licensure, and the name of the State or territory in which the license is held.
(3) If the subject is an organization, identifiers, including:
(i) Name;
(ii) Business address;
(iii) Federal Employer Identification Number (FEIN), or Social Security Number (or ITIN) when used by the subject as a Taxpayer Identification Number (TIN);
(iv) The NPI, when issued by CMS;
(v) Type of organization; and
(vi) With respect to the State license (including certification and registration) on which the reported action was taken, the license and the name of the State or territory in which the license is held.
(4) For all subjects:
(i) A narrative description of the acts or omissions and injuries upon which the reported action was based;
(ii) Classification of the acts or omissions in accordance with a reporting code adopted by the Secretary;
(iii) Classification of the action taken in accordance with a reporting code adopted by the Secretary, and the amount of any monetary penalty resulting from the reported action;
(iv) The date the action was taken, its effective date and duration;
(v) If the action is on appeal;
(vi) Name of the agency taking the action;
(vii) Name and address of the reporting entity; and
(viii) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity.
(c) Entities described in paragraph (a) of this section should report, if known, the following information:
(1) If the subject is an individual, personal identifiers, including:
(i) Other name (s) used;
(ii) Other address;
(iii) FEIN, when used by the individual as a TIN; and
(iv) If deceased, date of death.
(2) If the subject is an individual, that individual's employment or professional identifiers, including:
(i) Other State professional license number(s), field(s) of licensure, and the name(s) of the State or territory in which the license is held;
(ii) Other numbers assigned by Federal or State agencies, to include, but not limited to Drug Enforcement Administration (DEA) registration number(s), Unique Physician Identification Number(s) (UPIN), and Medicaid and Medicare provider number(s);
(iii) Name(s) and address(es) of any health care entity with which the subject is affiliated or associated; and
(iv) Nature of the subject's relationship to each associated or affiliated health care entity.
(3) If the subject is an organization, identifiers, including:
(i) Other name(s) used;
(ii) Other address(es) used;
(iii) Other FEIN(s) or Social Security Numbers (or ITIN) used;
(iv) Other NPI(s) used;
(v) Other State license number(s) and the name(s) of the State or territory in which the license is held;
(vi) Other numbers assigned by Federal or State agencies, to include, but
(vii) Names and titles of principal officers and owners;
(viii) Name(s) and address(es) of any health care entity with which the subject is affiliated or associated; and
(ix) Nature of the subject's relationship to each associated or affiliated health care entity.
(4) For all subjects:
(i) If the subject will be automatically reinstated; and
(ii) The date of appeal, if any.
(d)
(a)
(b) Entities described in paragraph (a) of this section must report the following information:
(1) If the subject is an individual, personal identifiers, including:
(i) Name;
(ii) Social Security Number (or ITIN);
(iii) Home address or address of record;
(iv) Sex; and
(v) Date of birth.
(2) If the subject is an individual, that individual's employment or professional identifiers, including:
(i) Organization name and type;
(ii) Occupation and specialty, if applicable; and
(iii) National Provider Identifier (NPI), when issued by theCenters for Medicare & Medicaid Services (CMS).
(3) If the subject is an organization, identifiers, including:
(i) Name;
(ii) Business address;
(iii) Federal Employer Number (FEIN), or Social Security Number (or ITIN) when used by the subject as a Taxpayer Identification Number (TIN);
(iv) The NPI, when issued by CMS; and
(v) Type of organization.
(4) For all subjects:
(i) A narrative description of the acts or omissions and injuries upon which the reported action was based;
(ii) Classification of the acts or omissions in accordance with a reporting code adopted by the Secretary;
(iii) Name and location of court or judicial venue in which the action was taken;
(iv) Docket or court file number;
(v) Type of action taken;
(vi) Statutory offense(s) and count(s);
(vii) Name of primary prosecuting agency (or the plaintiff in civil actions);
(viii) Date of sentence or judgment;
(ix) Length of incarceration, detention, probation, community service or suspended sentence;
(x) Amounts of any monetary judgment, penalty, fine, assessment or restitution;
(xi) Other sentence, judgment or orders;
(xii) If the action is on appeal;
(xiii) Name and address of the reporting entity; and
(xiv) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity.
(c) Entities described in paragraph (a) of this section should report, if known, the following information:
(1) If the subject is an individual, personal identifiers, including:
(i) Other name (s) used;
(ii) Other address; and
(iii) FEIN, when used by the individual as a TIN.
(2) If the subject is an individual, that individual's employment or professional identifiers, including:
(i) State professional license (including professional certification and registration) number(s), field(s) of licensure, and the name(s) of the State or territory in which the license is held;
(ii) Other numbers assigned by Federal or State agencies, to include, but not limited to Drug Enforcement Administration (DEA) registration number(s), Unique Physician Identification Number(s) (UPIN), and Medicaid and Medicare provider number(s);
(iii) Name(s) and address(es) of any health care entity with which the subject is affiliated or associated; and
(iv) Nature of the subject's relationship to each associated or affiliated health care entity.
(3) If the subject is an organization, identifiers, including:
(i) Other name(s) used;
(ii) Other address(es) used;
(iii) Other FEIN(s) or Social Security Numbers(s) (or ITINs) used;
(iv) Other NPI(s) used;
(v) State license (including certification and registration) number(s) and the name(s) of the State or territory in which the license is held;
(vi) Other numbers assigned by Federal or State agencies, to include, but not limited to Drug Enforcement Administration (DEA) registration number(s), Clinical Laboratory Improvement Act (CLIA) number(s), Food and Drug Administration (FDA) number(s), and Medicaid and Medicare provider number(s);
(vii) Names and titles of principal officers and owners;
(viii) Name(s) and address(es) of any health care entity with which the subject is affiliated or associated; and
(ix) Nature of the subject's relationship to each associated or affiliated health care entity.
(4) For all subjects:
(i) Prosecuting agency's case number;
(ii) Investigative agencies involved;
(iii) Investigative agencies case of file number(s); and
(iv) The date of appeal, if any.
(d)
(a)
(b) Entities described in paragraph (a) of this section must report the information as required in § 61.8(b).
(c) Entities described in paragraph (a) of this section should report, if known the information as described in § 61.8(c).
(d)
(a)
(b) Entities described in paragraph (a) of this section must report the following information:
(1) If the subject is an individual, personal identifiers, including:
(i) Name;
(ii) Social Security Number (or ITIN);
(iii) Home address or address of record;
(iv) Sex; and
(v) Date of birth.
(2) If the subject is an individual, that individual's employment or professional identifiers, including:
(i) Organization name and type;
(ii) Occupation and specialty, if applicable; and
(iii) National Provider Identifier (NPI), when issued by theCenters for Medicare & Medicaid Services (CMS).
(3) If the subject is an organization, identifiers, including:
(i) Name;
(ii) Business address;
(iii) Federal Employer Identification Number (FEIN), or Social Security Number (or ITIN) when used by the subject as a Taxpayer Identification Number (TIN);
(iv) The NPI, when issued by CMS; and
(v) Type of organization.
(4) For all subjects:
(i) A narrative description of the acts or omissions and injuries upon which the reported action was based;
(ii) Classification of the acts or omissions in accordance with a reporting code adopted by the Secretary;
(iii) Classification of the action taken in accordance with a reporting code adopted by the Secretary, and the amount of any monetary penalty resulting from the reported action;
(iv) The date the action was taken, its effective date and duration;
(v) If the action is on appeal;
(vi) Name of the agency taking the action;
(vii) Name and address of the reporting entity; and
(viii) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity.
(c) Entities described in paragraph (a) of this section should report, if known, the following information:
(1) If the subject is an individual, personal identifiers, including:
(i) Other name(s) used;
(ii) Other address;
(iii) FEIN, when used by the individual as a TIN;
(iv) Name of each professional school attended and year of graduation; and
(v) If deceased, date of death.
(2) If the subject is an individual, that
(i) State professional license (including professional registration and certification) number(s), field(s) of licensure, and the name(s) of the State or Territory in which the license is held;
(ii) Other numbers assigned by Federal or State agencies, to include, but not limited to Drug Enforcement Administration (DEA) registration number(s), Unique Physician Identification Number(s) (UPIN), and Medicaid and Medicare provider number(s);
(iii) Name(s) and address(es) of any health care entity with which the subject is affiliated or associated; and
(iv) Nature of the subject's relationship to each associated or affiliated health care entity.
(3) If the subject is an organization, identifiers, including:
(i) Other name(s) used;
(ii) Other address(es) used;
(iii) Other FEIN(s) or Social Security Numbers(s) (or ITINs) used;
(iv) Other NPI(s) used;
(v) State license (including registration and certification) number(s) and the name(s) of the State or territory in which the license is held;
(vi) Other numbers assigned by Federal or State agencies, to include, but not limited to Drug Enforcement Administration (DEA) registration number(s), Clinical Laboratory Improvement Act (CLIA) number(s), Food and Drug Administration (FDA) number(s), and Medicaid and Medicare provider number(s);
(vii) Names and titles of principal officers and owners;
(viii) Name(s) and address(es) of any health care entity with which the subject is affiliated or associated; and
(ix) Nature of the subject's relationship to each associated or affiliated health care entity.
(4) For all subjects:
(i) If the subject will be automatically reinstated; and
(ii) The date of appeal, if any.
(d)
(a)
(b) Entities described in paragraph (a) of this section must report the information as required in § 61.10(b).
(c) Entities described in paragraph (a) of this section should report, if known the information as described in § 61.10(c).
(d)
(a)
(1) Federal and State Government agencies;
(2) Health plans;
(3) A health care practitioner, provider, or supplier requesting information concerning himself, herself or itself; and
(4) A person or entity requesting statistical information, which does not permit identification of any individual or entity. (For example, researchers can use statistical information to identify the total number of practitioners excluded from the Medicare and Medicaid programs. Similarly, health plans can use statistical information to develop outcome measures in their efforts to monitor and improve quality care.)
(b)
(c)
(i) Any report(s) in the HIPDB specific to them; and
(ii) A disclosure history from the HIPDB of the name(s) of any entity (or entities) that have previously received the report(s).
(2) The disclosure history will be restricted in accordance with the Privacy Act regulations set forth in 45 CFR part 5b.
(a)
(b)
(1) Direct and indirect personnel costs;
(2) Physical overhead, consulting, and other indirect costs including rent and depreciation on land, buildings and equipment;
(3) Agency management and supervisory costs;
(4) Costs of enforcement, research and establishment of regulations and guidance;
(5) Use of electronic data processing equipment to collect and maintain information—the actual cost of the service, including computer search time, runs and printouts; and
(6) Any other direct or indirect costs related to the provision of services.
(c)
Information reported to the HIPDB is considered confidential and will not be disclosed outside the Department, except as specified in §§ 61.12 and 61.15. Persons and entities receiving information from the HIPDB, either directly or from another party, must use it solely with respect to the purpose for which it was provided. Nothing in this section will prevent the disclosure of information by a party from its own files used to create such reports where disclosure is otherwise authorized under applicable State or Federal law.
(a)
(b)
(2) The HIPDB will send the report, with a notation that the report has been placed in “disputed status,” to queriers (where identifiable), the reporting entity and the subject of the report.
(3) The subject must attempt to enter into discussion with the reporting entity to resolve the dispute. If the reporting entity revises the information originally submitted to the HIPDB, the HIPDB will notify the subject and all entities to whom reports have been sent that the original information has been revised. If the reporting entity does not revise the reported information, or does not respond to the subject within 60 days, the subject may request that the Secretary review the report for accuracy. The Secretary will decide
(c)
(2) After the review, if the Secretary—
(i) Concludes that the information is accurate and reportable to the HIPDB, the Secretary will inform the subject and the HIPDB of the determination. The Secretary will include a brief statement (Secretarial Statement) in the report that describes the basis for the decision. The report will be removed from “disputed status.” The HIPDB will distribute the corrected report and statement(s) to previous queriers (where identifiable), the reporting entity and the subject of the report.
(ii) Concludes that the information contained in the report is inaccurate, the Secretary will inform the subject of the determination and direct the HIPDB or the reporting entity to revise the report. The Secretary will include a brief statement (Secretarial Statement) in the report describing the findings. The HIPDB will distribute the corrected report and statement (s) to previous queriers (where identifiable), the reporting entity and the subject of the report.
(iii) Determines that the disputed issues are outside the scope of the Department's review, the Secretary will inform the subject and the HIPDB of the determination. The Secretary will include a brief statement (Secretarial Statement) in the report describing the findings. The report will be removed from “disputed status.” The HIPDB will distribute the report and the statement(s) to previous queriers (where identifiable), the reporting entity and the subject of the report.
(iv) Determines that the adverse action was not reportable and therefore should be removed from the HIPDB, the Secretary will inform the subject and direct the HIPDB to void the report. The HIPDB will distribute a notice to previous queriers (where identifiable), the reporting entity and the subject of the report that the report has been voided.
Individuals, entities or their authorized agents and the HIPDB shall not be held liable in any civil action filed by the subject of a report unless the individual, entity or authorized agent submitting the report has actual knowledge of the falsity of the information contained in the report.