Health care programs; fraud and abuse: Health Insurance Portability and Accountability Act Data collection program; final adverse actions reporting,

As Enacted ( Federal Register)

Cited authorities 5

Cited in

[Federal Register: October 30, 1998 (Volume 63, Number 210)]

[Proposed Rules]

[Page 58341-58358]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr30oc98-37]

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary

Office of Inspector General

45 CFR Part 61

RIN 0991-AA98

Health Care Fraud and Abuse Data Collection Program: Reporting of Final Adverse Actions

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Notice of proposed rulemaking.

SUMMARY: This proposed rule would establish a new 45 CFR part 61 to implement the statutory requirements of section 1128E of the Social Security Act, as added by section 221(a) of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Section 221(a) of HIPAA specifically directed the Secretary to establish a national health care fraud and abuse data collection program for the reporting and disclosing of certain final adverse actions taken against health care providers, suppliers, or practitioners, and maintain a data base of final adverse actions taken against health care providers, suppliers and practitioners.

DATES: To assure consideration, public comments must be delivered to the address provided below by no later than 5 p.m. on December 29, 1998.

ADDRESSES: Please mail or deliver your written comments to the following address: Health Resources and Services Administration, Bureau of Health Professions, Division of Quality Assurance, Room 8A-55, Attention: OIG-46-P, 5600 Fishers Lane, Rockville, Maryland 20857.

Because of staffing and resource limitations, we cannot accept comments by facsimile (FAX) transmission. In commenting, please refer to file code OIG-46-P.

FOR FURTHER INFORMATION CONTACT: Thomas C. Croft, (301) 443-2300, Director, Division of Quality Assurance/BHPr/HRSA.

SUPPLEMENTARY INFORMATION:

Background

The National Practitioner Data Bank

The National Practitioner Data Bank (NPDB) was established under the Health Care Quality Improvement Act (HCQIA) of 1986, as amended (42 U.S.C. 11101). The NPDB contains adverse licensure action reports on physician and dentists (including revocations, suspensions, reprimands, censures, probations and surrenders for quality purposes); adverse clinical privilege actions against physicians and dentists; adverse professional society membership actions against physicians and dentists; and medical malpractice payments made on all health care practitioners. Groups that have access to this data system include hospitals, other health care entities that conduct peer review and provide or arrange for care, State Boards of Medical or Dental examiners and other health care practitioner State boards. Individual practitioners are able to self-query. The reporting of information under the NPDB is limited to medical malpractice payers, State licensing medical boards and dental examiners, professional societies with formal peer review and hospitals and health care entities.

Establishment of the Healthcare Integrity and Protection Data Bank

The Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104-191, requires the Secretary, acting through the Office of Inspector General (OIG) and the United States Attorney General, to establish a new health care fraud and abuse control program to combat health care fraud and abuse (see section 1128C of the Act, as enacted by section 201(a) of HIPAA). Among the major steps in this program is the establishment of a national data bank to receive and disclose certain final adverse actions against health care providers, suppliers, or practitioners (see section 1128C(a)(1)(E) of the Act). The data bank is specifically provided for by section 1128E of the Act (added by section 221(a) of HIPAA), which directs the Secretary to maintain a data base of such final adverse actions. Final adverse actions include: (1) civil judgments against a health care provider, supplier, or practitioner in Federal or State court related to the delivery of a health care item or service; (2) Federal or State criminal convictions against a health care provider, supplier, or practitioner related to the delivery of a health care item or service; (3) actions by Federal or State agencies responsible for the licensing and certification of health care providers, suppliers, or practitioners; (4) exclusion of a health care provider, supplier, or practitioner from participation in Federal or State health care programs; and (5) any other adjudicated actions or decisions that the Secretary establishes by regulations. Settlements in which no findings or admissions of liability have been made will be excluded from reporting. However, any final adverse action that emanates from such settlements and consent judgments, and that would otherwise be reportable under the statute, is to be reported to the data bank. Final adverse actions are to be reported, regardless of whether such actions are being appealed by the subject of the report (see section 1128E(b)(2)(C) of the Act). Groups that have access to this new data bank system include Federal and State government agencies; health plans; and self queries from health care suppliers, providers and practitioners. Reporting is limited to the same groups that have access to the information.

The range of reportable final adverse actions specified in the statute clearly indicates that Congress intended a broad interpretation of the terms ``health care fraud and abuse.'' For purposes of the statute, we believe all reportable final adverse actions include actions related to provider, supplier and practitioner practices that are inconsistent with

[[Page 58342]]

accepted sound fiscal, business or medical practices, directly or indirectly, resulting in: (1) unnecessary costs to the program; (2) improper payment; (3) services that fail to meet professionally recognized standards of care or that are medically unnecessary; or (4) adverse patient outcomes, failure to provide covered or needed care in violation of contractual arrangements, or delays in diagnosis or treatment. The statute also requires the Secretary to implement the national health care fraud and abuse data collection program in such a manner as to avoid duplication with the reporting requirements established for the NPDB. This proposed rulemaking is intended to establish such a fraud and abuse data bank, to be known as the Healthcare Integrity and Protection Data Bank (HIPDB).

Coordination and Distinctions Between the HIPDB and the NPDB

With regard to the importation of State licensing board actions reported to the NPDB prior to the enactment of HIPAA, we intend to include in the HIPDB only such NPDB information about licensing actions which were effective on or after August 21, 1996. In accordance with the statute, the reporter responsible for reporting adverse actions to the HIPDB and the NPDB will only be asked to submit the report one time. The system is being designed to sort the appropriate actions into the HIPDB, NPDB, or both. The system is being configured to account for the statutory differences in the type of actions and groups eligible to query the two data banks.

The NPDB does not collect information on Federal criminal convictions and medicare and Medicaid exclusions, except to the extent that they lead to State licensing board, medical malpractice payment or privilege restriction actions. Further, while civil judgments included in the NPDB would be those that resulted in malpractice payments, the HIPDB explicitly does not include medical malpractice civil judgments. As a result, these items will not be part of the NPDB data to be imported into the HIPDB.

Data Elements To Be Reported to the HIPDB

Section 1128E(b)(2) of the Act cites a number of required elements or types of data that must be reported to the HIPDB. These elements include: (1) the name of the individual or entity; (2) a taxpayer identification number; (3) the name of any affiliated or associated health care entity; (4) the nature of the final adverse action, and whether the action is on appeal; (5) a description of the acts or omissions, and injuries, upon which a final adverse action is based; and (6) any other additional information deemed appropriate by the Secretary.

With respect to this last element, we are exercising this discretion and are proposing to add additional reportable data elements. The additional elements reflect much of the information that is already routinely collected by the Federal and State reporting agencies. Therefore, in adding these elements, the Secretary believes this does not impose any additional burden on State government agencies and health plans. Furthermore, the Secretary is protecting health care providers, suppliers and practitioners from being erroneously identified without imposing additional gathering burdens on reporters of information. The addition of this information also will serve to: (1) recognize the multiple purposes to which eligible users will apply the data, such as licensing decisions by professional licensing boards, credentialing and contracting decisions by health plans, and investigation by law enforcement agencies, investigative units and health plan special investigative units of health care fraud perpetrators and schemes; (2) maximize the accuracy of a match between the names of queried practitioners, providers, or suppliers and existing reports in the HIPDB; (3) provide access to information about health care fraud and abuse activities nationwide by promoting efficient coordination of investigative efforts among insurers and law enforcement agencies; (4) support the intent of the statute to address issues related to fraud and abuse, including quality of health care and patient safety; and (5) prevent the erroneous reporting and identifying of health care providers, suppliers and practitioners. Through this proposed rulemaking, we are specifically seeking the views of Federal and State officials and of health plans about whether the proposed information collection requirements will be necessary for the proper performance of the HIPDB system. In addition, we are soliciting comments as to whether the proposed data elements set forth in this rule will be useful in preventing fraud and abuse and in improving the quality of patient care.

Immunity Provisions Under the HIPDB

Immunity provisions in section 1128E(e) of the Act protect individuals and entities from being held liable in civil actions for reports made to the HIPDB unless they have knowledge of the falsity of the information contained in the report. The statute provides similar immunity to the Department in maintaining the HIPDB. We are interpreting the term ``knowledge of falsity'' to require actual knowledge of falsity by the submitting entity.
Provisions of the Proposed Rule

These proposed regulations would implement the requirements for reporting of specific data elements to, and procedures for obtaining information from, the HIPDB (and are applicable to Federal and State government agencies and health plans). Set forth below is a brief description of the major provisions of the proposed rule, including, among other things, proposed definitions for certain terms associated with the HIPDB, a discussion of the specific reporting requirements and when such information must be reported, the fees applicable to requests for information, the issues of the confidentiality of information, and how to dispute the accuracy of information in the HIPDB.
1. Definitions
  
  These proposed regulations would expand on previous regulatory definitions and clarify aspects of definitions set forth in the statute. Congress intended that the HIPDB play a significant role in reducing public and private health care expenditures that result in health care fraud and abuse, by alerting system users to previous relevant adverse actions. Therefore, we believe that the reportable range of activities and the individuals and entities that engage in them should as broadly as possible capture the portion of expenditures lost each year to fraud and abuse. Towards this end, this proposed rule sets forth definitions for certain terms that may appear more expansive than some previous regulatory definitions. One such example would include the definitions of health care provider and supplier. While definitions of these terms existed in other Departmental regulations, we believe it is significant that Congress chose not to use those definitions. In fact, earlier versions of section 1128E of the Act contained some of these previous definitions, but deleted them from the final statute. The absence of these references strongly suggests that Congress intended that these terms be developed based on the breadth of health care expenditures in mind when applied to the HIPDB program. We believe these expanded definitions are fully consistent with congressional intent and accurately reflect the range of subjects and activities currently considered by government agencies and health plans in fraud and abuse prevention efforts. This proposed rule
  
  [[Page 58343]]
  
  also, in certain instances, clarifies existing statutory definitions. These clarifications merely provide additional examples of the scope of the definitions, but do not go beyond the range that Congress intended.
  
  As a result, in Sec. 61.3 of these regulations, we are proposing the inclusion of the following definition of terms-- A. Affiliated or Associated
  
  The term ``affiliated or associated'' would include, but would not be limited to, health care entities such as organizations, associations, corporations, or partnerships that are affiliated or associated with a subject of a final adverse action. It also would include a professional corporation or other business entity composed of a single individual. For example, if the subject is an individual, the affiliated or associated health care entities would include, among other things, the subject's employer, businesses owned or managed by the subject, partnerships, memberships in health maintenance organizations or health care networks, or institutions granting the subject clinical privileges. If the subject is an entity, its affiliated or associated entities would include parent corporations, subsidiaries, and joint ventures, among other things. We believe that this definition supports congressional intent to enable authorized users who are conducting fraud and abuse investigations to identify other business affiliations through which the subject may have committed other acts of wrongdoing and to aid with subject identification. Inclusion of an entity in this category by a reporter would in no way imply that the entity was a party to the act(s) or omission(s) that led to a reportable final adverse action. B. Government Agency
  
  The definition of the term ``government agency'' is set forth in accordance with section 1128E(g)(3) of the Act, and would serve to set out the range of government agencies that are required to report to, and authorized to receive information from, the HIPDB. For purposes of these regulations, the term ``government agency'' would include, but would not be limited to: (1) the Department of Justice; (2) the Department of Health and Human Services; (3) any other Federal or State agency that either administers or provides payment for the delivery of health care services ( including, but not limited to, the Department of Defense and the Department of Veterans Affairs); (4) State law enforcement agencies; (5) State Medicaid Fraud Control Units; and (6) other Federal or State agencies responsible for the licensing and certification of health care providers, suppliers, or licensed health care practitioners. Examples of such State agencies include Departments of Professional Regulation, Health, Social Services (including State Survey and Certification and Medicaid Single State agencies), Commerce, and Insurance.
  
  We believe there are two key aspects each State may need to consider with respect to the data: who will report such information and how the information will be reported to the data bank. First, with respect to who is to report, we invite comments from States delineating specific agencies that are responsible for the licensing and certification of health care providers, suppliers and practitioners that will be subject to the section 1128E reporting requirements. In addition, we invite comments identifying the specific State law enforcement agencies that will be responsible for reporting to the HIPDB.
  
  Second, we also recognize the States' prerogative in determining the manner in which they will report. For example, one option may be that States may elect to have one centralized point for reporting, or elect to have multiple agencies (including, at their option, municipalities, county agencies and local law enforcement agencies such as District and County attorneys ) report independently to the HIPDB. Another option for reducing the reporting burden of State licensing and certification boards would be to have their respective professional organizations serve as their authorized agents for reporting to the HIPDB. It has been brought to our attention that similar data reports are being provided to the professional organizations. The ability to report the same information one time through a designated authorized agent would streamline State reporting. We believe this would be an acceptable option for meeting reporting obligations of State boards and is raised for consideration when meeting their reporting obligations to the HIPDB. We invite comments from each State regarding the manner in which it intends to report to the HIPDB. C. Health Care Provider and Health Care Supplier
  
  The statute does not define the terms ``health care provider'' and ``health care supplier'' for purposes of this data bank. Since there is considerable overlap in the roles of practitioners, providers and suppliers (e.g., a skilled nursing facility is an institutional provider, but also can be a supplier of health care items and equipment), we believe that these terms--as well as the term ``practitioner'' defined below--are not intended to describe distinct, mutually exclusive categories nor are the examples provided in this section intended to be exhaustive. We believe that these overlapping roles do not necessarily represent the categories in which subjects' information will be collected, maintained and disseminated in the HIPDB.
  
  Accordingly, in keeping with congressional intent that the Department coordinate this program closely with the NPDB, we would define the term ``health care provider'' to mean (1) a provider of services as defined in section 1861(u) of the Act; (2) any health care entity (including a health maintenance organization (HMO), preferred provider organization, ambulatory care clinic and group medical practice) that provides health care services and follows a formal peer review process for the purpose of furthering quality health care; and (3) and any other health care entity that, directly or through contracts, provides health care services. That definition encompasses institutional providers such as hospitals, home health care agencies, skilled nursing facilities, and comprehensive outpatient rehabilitation facilities.
  
  ``Health care supplier'' would be defined as a provider of medical and other health care services, as described in section 1861(s) of the Act, and would include Medicare facilities and practitioners as well as medical equipment suppliers (including clinical laboratories, certain licensed or certified health care practitioners, and suppliers of durable medical equipment). In addition, to ensure that this definition captures other entities that may be the subject of health care fraud investigations by the State or Federal Government or health plans, this term would further include any individual or entity, other than a provider, who furnishes or provides access to health care services, supplies, items or ancillary services (including, but not limited to, durable medical equipment suppliers and manufacturers of health care related items; pharmaceutical suppliers and manufacturers; health record services, such as medical, dental and other patient records; health data suppliers; and billing and transportation service suppliers), and any individual or entity under contract to provide health care supplies, items or ancillary services, and any group, organization or company providing health benefits whether directly, or indirectly through insurance, reimbursements or otherwise. The term ``health care
  
  [[Page 58344]]
  
  supplier'' also would include, but would not be limited to, insurance producers, such as agents, brokers, solicitors, consultants and reinsurance intermediaries; insurance companies; self-insured employers; and health care purchasing groups or entities.
  
  This definition of ``health care supplier'' reflects congressional intent that the Government not pay for items and services of untrustworthy individuals and entities, regardless of whether the individual or entity is paid by the programs directly or whether the items and services are reimbursed indirectly through claims of a direct provider. Individuals and entities that provide such indirect services have a significant impact on the cost and quality of health care, and have been the subject of final adverse actions related to health care fraud and abuse. D. Health Plan
  
  The definition of the term ``health plan'' in section 1128E of the Act is not meant to be exclusive or exhaustive. Rather, by using the word ``includes,'' the statutory definition contemplates that additional entities may be recognized as ``health plans'' if they meet the basic definition of ``providing health benefits.'' Thus, health plans may include those plans funded by Federal and State governments, including Medicare, Medicaid, the Department of Defense, the Department of Veterans Affairs, the Federal Employees Health benefits Plan of the Office of Personnel Management, and the Bureau of Indian Affairs programs. Under these regulations, the term ``health plan'' would be defined as a plan, program or organization that provides health benefits, whether directly or through insurance, reimbursement or otherwise. The term would include, but would not be limited to: (1) a policy of health insurance; (2) a contract of a service benefit organization; (3) a membership agreement with an HMO or other prepaid health plan; (4) a plan, program or agreement established, maintained or made available by an employer or group of employers, a practitioner, provider or supplier group, third-party administrator, integrated health care delivery system, employee welfare association, public service group or organization, or professional association; and (5) an insurance company, insurance service, self-insured employer or insurance organization which is licensed to engage in the business of selling health care insurance in a State and which is subject to State law which regulates health insurance. We have added the word ``organization'' to the description of the term ``health plan'' since health plans are generally offered by organizations, and we believe that Congress intended those organizations to be users of the HIPDB. In addition, credential reviews and fraud investigations are often conducted at the corporate level by organizations offering and managing managed care plans or other health benefit plans or services.
  
  We also are including in this definition additional examples of other health plans which reflect both the wide variety of health benefit plans that are currently offered and the wide range of organizations that provide them. These examples include employers or other organizations that provide health care benefits for their employees or members, provider/supplier/practitioner groups that offer health care benefit plans under contract with an organization, and organizations that sell health care insurance. We invite public comment on the inclusion of additional examples in this listing for purposes of clarification and guidance.
  
  In addition, to more clearly define this term, we are including two clarifying phrases in the regulatory definition. First, we would add the word ``reimbursement'' to the description of the methods by which health plans provide benefits. For example, some employers directly reimburse employees for their health care expenditures through a voucher system. We also propose including the phrase ``but is not limited to'' to the description of types of arrangements included in the definition. We believe that this clarification of the statutory language is important to ensure that, as arrangements and mechanisms used by health plans to provide health care benefits evolve, they will not be excluded by the language in the definition. E. Licensed Health Care Practitioner, Licensed Practitioner, and Practitioner
  
  While section 1128E of the Act refers to the terms health care ``provider, practitioner or supplier'' as the subject of reports to the HIPDB, the statute only provides a definition of ``practitioner.'' We are proposing to define ``practitioner'' consistent with section 1128E(g)(2) of the Act. As a result, for purposes of these regulations, with respect to a State, a ``licensed health care practitioner,'' a ``licensed practitioner'' or ``practitioner'' would mean an individual who is licensed or otherwise authorized by the State to provide health care services (or any individual who, without authority, holds himself or herself out to be so licensed or authorized). This definition includes, but is not limited to, physicians, nurses, chiropractors, podiatrists, emergency medical technicians, physical therapists, pharmacists, clinical psychologists, acupuncturists, dieticians, aides, and licensed or certified alternative medicine practitioners such as homeopaths and naturopaths. F. Other Adjudicated Actions or Decisions
  
  We are including a definition to clarify the types of ``other adjudicated actions or decisions'' that Congress authorized the Department to collect under section 1128E(g)(A)(v) of the Act. We believe that this term should encompass actions that are consistent with the characteristics of the specific final adverse actions already listed in the statute. Accordingly, the term ``other adjudicated actions or decisions'' would refer to an official action taken by a Federal or State governmental agency or health plan against a health care provider, supplier, or practitioner based on acts or omissions that affect, or could significantly affect, the delivery of a health care item or service. For example, an official action taken by a Federal or State governmental agency includes, but is not limited to, a personnel-related action such as suspensions without pay, reductions in pay, reductions in grade, terminations or other comparable actions. A hallmark of any valid adjudicated action or decision is the existence of a due process mechanism. In general, if an ``adjudicated action or decision'' follows an agency's established administrative procedures (which ensure due process is available to the subject of the final adverse action), it would qualify as a reportable action under this definition. For health plans that are not government entities, an action taken following adequate notice and hearing requirements that meet the standards of due process set out in section 412(b) of the HCQIA (42 U.S.C. 11112(b)) also would qualify as a reportable action under this definition. Under section 412(b) of HCQIA, the procedure should involve provision (or voluntary waiver by the subject) of the notice of the proposed action, notice of a hearing, and conduct of the hearing. The fact that a subject elects not to use the due process mechanism provided by the authority bringing the action is immaterial, as long as such a process is available to the subject before the adjudicated action or decision is made final.
  
  In these regulations, the word ``adjudicated'' is not viewed as a restriction that limits these actions only to those resulting from a governmental
  
  [[Page 58345]]
  
  judicial process. Rather, the word implies that in order for an action or decision to be reportable it must adhere to basic guidelines of due process. Examples of ``other adjudicated actions or decisions'' include administrative agency sanctions and clinical privilege actions.
  
  We believe that any final adverse action included in accordance with this language must be final, have been subject to adjudication, and be related to delivery of a health care item or service. We also believe that the inclusion of actions taken against a practitioner's clinical privileges, including those taken by health plans, should be included if they meet the above tests. Discussions with health plan representatives, and examination of reporting patterns by health plans to the NPDB, indicate that health plans do take final actions against a practitioner's clinical privileges which meet these three criteria. It should be noted that final adverse actions taken against clinical privileges must result from acts of commission or omission related to professional competence or professional conduct. Matters unrelated to the professional competence or professional conduct of a health care practitioner resulting in a final adverse action against clinical privileges should not be reported to the HIPDB. We believe that in the absence of statutory language regarding the definition of ``adjudicated,'' this interpretation recognizes the evolving mechanisms by which final adverse actions are taken by reporting entities, such as State agencies and health plans, to protect the public against health care fraud and abuse. Moreover, it recognizes the substantial shift in care from inpatient facilities to the outpatient arena and the concomitant shift in the meaning of ``clinical privileges'' from that associated with inpatient care, to that associated with outpatient care, especially in the managed care setting.
  
  In addition to proposing these definitions in Sec. 61.3, we also have contemplated including a definition for the term ``health care abuse.'' The statute does not define this term, and we are electing not to define the term at this time. The range of reportable final adverse actions specified in the statute suggests that the Congress intended a broad interpretation of ``health care abuse.'' There is wide variation in the term's meaning within the law enforcement and health care communities. For the purposes of this statute, we believe ``health care abuse'' relates to provider, supplier and practitioner practices that are inconsistent with accepted sound fiscal, business or medical practices which directly or indirectly may result in (1) unnecessary costs to the program; (2) improper payment; (3) services that fail to meet professionally recognized standards of care or are medically unnecessary; or (4) services that directly or indirectly result in adverse patient outcomes or delays in appropriate diagnosis or treatment. We believe health care abuse also would include verbal, sexual, physical or mental abuse, corporal punishment, involuntary seclusion or patient neglect, or misappropriation of patient property or funds. We specifically invite comments on whether a definition of the term ``health care abuse'' should be included in the regulations and, if so, what definition would most clearly capture the range of reportable final adverse actions specified by Congress.
  
  For health plans that are not government entities, an action taken following adequate notice and hearing requirements that meet the standards of due process set out in section 412(b) of the HCQIA also would qualify as a reportable action under this definition. Under section 412(b) of the HCQIA, the procedure should involve provision (or voluntary waiver by the subject) of notice of the proposed action, notice of a hearing and conduct of the hearing.
2. When Information Must be Reported
  
  The statute requires that Federal and State government agencies and health plans report final adverse actions ``regularly but not less often than monthly.'' Because an exclusion or licensing action may be effectuated at a later date than when the action is actually taken, we are proposing giving maximum flexibility to agencies in reporting final adverse actions in a timely manner. According, we are proposing in Sec. 61.5 that information be submitted to the HIPDB within 30 calendar days from (1) the date the final adverse action was taken, (2) the date when the reporting entity became aware of the final adverse action, or (3) by the close of the entity's next monthly reporting cycle, whichever is later. To capture any differing dates, the date of the final adverse action was taken, its effective date and duration would all be contained in the information reported to the HIPDB to be set forth in our discussion of the specific reporting requirements in proposed Secs. 61.7, 61.8, 61.9, 61.10 and 61.11 below.
  
  We acknowledge that reporters currently may not be able to provide all of the proposed data elements. We are proposing to set forth in Secs. 61.7, 61.8, 61.9, 61.10, and 61.11 a list of mandatory data elements. In addition, in these sections, we also would list data elements that should be reported to the data bank when known.
  
  It should be noted, however, that the statute requires the reporting and disclosure of Social Security numbers and Federal Employer Identification numbers. Specifically, section 1128E(b)(2)(A) of the Act mandates that Federal and State government agencies and health care plans collect and report Social Security numbers and Federal Employer Identification numbers for the purposes of reporting to the HIPDB. As a result, the Secretary intends to request Social Security numbers and Federal Employer Identification numbers for all reporters and queriers requiring explicit matching of specific names to HIPDB adverse action reports. We recognize the possibility that providing these identifiers for purposes of requesting information may present a burden for some classes of users. However, the collection of Social Security numbers and Federal Employer Identification numbers will provide a greater confidence level in the system's matching algorithm of health care providers, suppliers and practitioners. It also will maximize the system's ability to prevent the erroneous reporting and disclosure of health care providers, suppliers and practitioners. The proper matching of individuals based on personal identifiers, such as Social Security numbers, strengthens the State's ability to detect individuals who move from State to State without disclosure or discovery of previous damaging performance.
3. Reporting Errors, Omissions, Revisions and Actions on Appeal
  
  Section 1128E (c)(2) of the Act requires that each government agency and health plan report corrections to information previously submitted to the HIPDB in such form and manner as the Secretary prescribes by regulation. Accordingly, the HIPDB has been designed to comply with the statutory requirements and the Department's principles of fair information practice. In proposed Sec. 61.6 of these regulations, we are indicating that if any errors or omissions in the final adverse action are discovered after the information has been reported, the person or entity that reported such information must send an addition or correction to the HIPDB within 60 calendar days of the discovery. Any revision to the action or to appeal status must similarly be reported within 30 calendar days after the reporting entity learns of such revision. In turn, as indicated above, each subject of a report will receive a copy when it is entered into the HIPDB
  
  [[Page 58346]]
  
  and a copy of all revisions and corrections to the report. It should be noted that this is not an opportunity for the subjects to request readjudication of their cases; it is only for the reporting entity to correct any errors or omissions in the information.
4. Reporting Licensure Actions Taken by Federal or State Licensing and Certification Agencies
  
  Under section 1128E(g)(1)(A)(iii) of the Act, Federal and State licensing and certification agencies must report to the HIPDB all of the following final adverse actions that are taken against a health care provider, supplier, or practitioner--
  
  (1) Formal or official actions, such as revocation or suspension of a license (and the length of any such suspension), reprimand, censure, or probation;
  
  (2) Any other loss of the license or the right to apply for, or renew, a license of the provider, supplier, or practitioner, whether by operation of law, voluntary surrender, non-renewability, or otherwise; and
  
  (3) Any other negative action or finding by such Federal or State agency that is publicly available information.
  
  Proposed Sec. 61.7 is intended to address these reporting licensure actions taken by Federal and State licensing and certification agencies. In Sec. 61.7, the phrase ``other negative action or finding'' by a Federal or State licensing and certification authority would mean any action or finding that is publicly available and rendered by a licensing or certification authority. These actions or findings include, but are not limited to, imposition of civil money penalties (CMPs) and administrative fines, limitations on the scope of practice, injunctions and forfeitures.
  
  This definition also would include final adverse actions occurring in conjunction with settlements in which no findings or admissions of liability have been made, and that would otherwise be reportable under the statute. By defining ``other negative action or finding'' in this way, we believe that Federal or State licensing and certification authorities will accommodate State to State variation when determining adverse actions in reporting negative actions or findings to the HIPDB, provided that those actions or findings are available publicly.
  
  The statute specifically requires reporting of a health care provider, supplier or practitioner who voluntarily surrenders a license or certification. Based on extensive discussions with various State agencies, we have been advised that voluntary surrender and non-renewal of licensure and provider participation agreements are used as means to exclude questionable health care providers, suppliers and practitioners from participating in Federal and State health care programs. These voluntary surrenders and non-renewal actions result in allowing health care providers, suppliers or practitioners to move from State to State without detection. Therefore, for reporting purposes, the term ``voluntary surrender'' is defined to include a surrender made after a notification of investigation or a formal official request by Federal or State licensing or certification authorities for a health care provider, supplier or practitioner to surrender the license or certification (including certification agreements or contracts for participation in Federal or State health care programs). The definition also includes those instances where a health care provider, supplier or practitioner voluntarily surrenders a license or certification (including program participation agreements or contracts) in exchange for a decision by the licensing or certification authority to cease an investigation or similar proceeding, or in return for not conducting an investigation or proceeding, or in lieu of a disciplinary action. We are seeking guidance and public comment on the frequency of such actions taken in lieu of sanctions, as well as the utility of such information to eligible queriers of the HIPDB.
  
  We recognize that many voluntary surrenders are not a result of the type of adverse action that are intended for inclusion in the HIPDB. Therefore, we are proposing that voluntary surrenders and licensure non-renewals due to nonpayment of licensure fees, changes to inactive status and retirements be excluded from reporting to the HIPDB unless they are taken in combination with one or more of the circumstances listed above, in which case they would be reportable.
  
  In addition, we note that the NPDB currently receives adverse action reports on sanction and disciplinary actions concerning physicians and dentists related to professional competence or conduct. Under section 1128E of the Act, however, the only limitation on a reportable disciplinary action is that it must be a formal or official action; it need not be specifically related to professional competence or conduct. The Department recognizes that licensure actions reported by Boards of Medical and Dental Examiners concerning physicians and dentists in the NPDB overlap with the reportable actions under this statute. Therefore, we are proposing to implement this section in a manner to avoid duplication with the reporting requirements established for the NPDB under the HCQIA. Consistent with congressional intent, we will ensure that the reports required under both Acts will only be required to be reported once.
5. Reporting Federal or State Criminal Convictions Related to the Delivery of a Health Care Item or Service
  
  Under section 1128E(g)(i)(A)(ii) of the Act, Federal and State law enforcement and investigative agencies must report criminal convictions against health care providers, suppliers, or practitioners. Because the statute requires that a criminal conviction must be related to the delivery of a health care item or service to be reportable, we believe that the congressional intent is to limit the types of convictions reported to the HIPDB. Thus, under proposed Sec. 61.8, we are indicating that criminal convictions unrelated to the delivery of health care items or services would not be reported under this section.
6. Reporting of Civil Judgments in Federal or State Court Related to the Delivery of a Health Care Item or Service
  
  In accordance with section 1128E(g)(1)(A)(i) of the Act, proposed Sec. 61.9 would indicate that Federal and State law enforcement and investigative agencies, and health plans must report civil judgments related to the delivery of a health care item or service (except those resulting from medical malpractice) against health care providers, suppliers or practitioners. Civil judgments must be entered or approved by a Federal or State court. This reporting requirement does not include Consent Judgments that have been agreed upon and entered to provide security for civil settlements in which there was no finding or admission of liability.
7. Reporting Exclusion From Participation in Federal or State Health Care Programs
  
  Proposed Sec. 61.10, in accordance with section 1128E(g)(1)(A)(iv) of the Act, states that the Office of Inspector General (OIG) must report health care providers, suppliers or practitioners excluded from participating in Federal or State health care programs. This includes exclusions that were made in a matter in which there also was a settlement that is not reported because no findings or admissions of liability had been made.
8. Reporting Other Adjudicated Actions or Decisions
  
  Proposed Sec. 61.11 would address the reporting of other adjudicated actions or
  
  [[Page 58347]]
  
  decisions. Although not specifically required by the statute, we believe that ``any other adjudicated actions or decisions'' should relate to the delivery of a health care item or service, as do criminal convictions and civil judgments collected under the statute. In addition, we are proposing in this section that a due process mechanism is available with all adjudicated actions or decisions. Examples of an adjudicated action or decision would include, but would not be limited to, orders by an administrative law judge, CMPs and assessments, revocations, debarments or other restrictions from participating in Federal or State government contracts or programs, liquidation, dissolution, license cancellation, or revocations or limitations on clinical privileges or staff privileges by a health plan. We believe that this definition encompasses actions that are consistent with the characteristics of the specific final adverse actions already defined by statute.
9. Fees Applicable to Requests for Information
  
  Section 61.13 proposes fees that would apply to all requests for information from the HIPDB. However, for purposes of verification and dispute resolution, the HIPDB does intend to provide a copy-- automatically, without a request and free of charge--of every record to the health care provider, supplier or practitioner who is the subject of the report. The Act exempts Federal agencies from these fees.
  
  The fees to be charged would be based on the full costs of operating the database, as authorized in section 1128E(d)(2) of the Act; criteria for assessing fees would be based on the guidelines set forth in OMB Circular A-25. These costs would encompass all direct and indirect costs of disclosure and of providing such information, including but not limited to, (1) direct and indirect personnel costs; (2) physical overhead, consulting, and other indirect costs; (3) agency management and supervisory costs; and (4) costs of enforcement, collection, research, establishment, regulations and guidance. For maximum efficiency, we intend for the HIPDB to be an all-electronic system, with all fees collected through the most cost-effective methods (such as credit card and electronic funds transfer).
  
  While these regulations are intended to set forth the criteria for establishing the fees and the procedures for establishing and collecting fees, the actual amounts of the fees will be published in periodic notices issued by the Department in the Federal Register.
10. Confidentiality of HIPDB Information
  
  Proposed Sec. 61.14 addresses the confidentiality requirements that would apply to all information obtained from the HIPDB. We believe that these confidentiality requirements are clearly specified in sections 1128E(b)(3) and (d)(1) and 1128C(a)(3)(B)(ii) of the Act. Specifically, section 1128E(b)(3) of the Act requires the Secretary to protect the privacy of individuals receiving health care services when determining what information is required. Section 1128E(d)(1) of the Act provides that information in the HIPDB will be available to Federal and State government agencies and health plans. Section 1128C(a)(3)(B)(ii) of the Act requires the Secretary to assure that HIPDB information is provided and utilized in a manner that appropriately protects the confidentiality of the information. As a result, we are proposing that information from this system be confidential and disclosed only for the purpose for which it was provided. Appropriate uses of the information would include the prevention of fraud and abuse activities and improving the quality of patient care.
  
  We believe that this proposed provision does not go beyond the requirements set forth in the Act. The requirements would not prevent an authorized user from sharing information from the HIPDB within the entity that requested it, as long as the information is used solely for the purpose for which it was provided. However, in accordance with section 1128E(b)(3) of the Act, information obtained by a government contractor, e.g., a Medicare carrier, an intermediary or auditor, may only be used in the furtherance of its contractual responsibilities and in conformity with protecting the identity of individuals receiving health care services.
  
  We recognize that this data bank is subject to the Privacy Act (5 U.S.C. 552a), which protects the privacy of individually identifiable records held by a Federal agency that relate to the subject of the final adverse action. We will publish a notice for public comment for purposes of establishing a Privacy Act exception for the HIPDB. We are not including in the data bank any individually identifiable patient records.
11. How To Dispute the Accuracy of HIPDB Information
  
  Section 61.15 of these proposed regulations sets forth the procedures for submitting a statement, filing a dispute, and revising disputed information in a previously submitted report. The subject may dispute only the factual accuracy of the information contained in the HIPDB report concerning the individual or entity. We note that the Secretary will not review issues regarding the merits of the case, or the due process that the subject received. The dispute process affords the subject an opportunity to bring relevant factual information, including reversals of criminal convictions by an appeals court, to the attention of the reporter. If the reporter does not revise the information, the subject can request in writing, within 60 calendar days after receipt of the report, that the Secretary review the matter. After such review, the Secretary can remove the dispute status, correct the information, leave the information unchanged, void the report from the HIPDB or add a statement to the record for reports that are not voided. This dispute process is consistent with that for the NPDB.
12. Sanctions for Failure To Report
  
  In addition to addressing the provisions from section 221(a) of Public Law 104-191, we also are proposing to incorporate into these regulations the new CMP sanctions provision for failure to report information to the data bank, as set forth in section 4331 of Public Law 105-33, the Balanced Budget Act of 1997. As a result, in Secs. 61.9(d) and 61.11(d) we are indicating that any health plan that fails to report information on a final adverse action that is required to be reported will be subject to a CMP of not more than $25,000 for each such adverse action not reported. Such penalty would be imposed and collected in the same manner as CMPs under section 1128A(a) of the Act. We also intend to amend 42 CFR part 1003 in separate rulemaking to reflect this new CMP authority.
Implementation Schedule

Implementation of these regulations will be incremental and will begin by first including the following actions: (1) final adverse licensure actions taken against health care practitioners by Federal or State agencies responsible for the licensing and certification of such practitioners; (2) Federal criminal convictions and civil judgments related to the delivery of health care items or services against health care providers, suppliers or practitioners; and (3) exclusions of health care providers, suppliers or practitioners from participation in Federal and State health care programs. This phased-in process does not exempt reporters from collecting and maintaining information

[[Page 58348]]

required under the statute as of August 21, 1996. It also affords the reporter an opportunity to internally develop a mechanism for collecting all mandatory data elements. The Department will announce through issuance of notice(s) in the Federal Register a schedule when reporters are to begin reporting to, and when information will be available from, the HIPDB. Reporters to both the HIPDB and the NPDB will not be required to report their actions separately to each data bank. A revised reporting form will be used to accommodate both systems, thus only requiring one report of each action that is reportable to both the HIPDB and the NPDB when this form is approved by the Office of Management and Budget in accordance with the Paperwork Reduction Act of 1995.

All final adverse action information as of August 21, 1996 will be reported to the HIPDB.
Regulatory Impact Statement

Executive Order 12866, the Unfunded Mandates Reform Act and the Regulatory Flexibility Act

The Office of Management and Budget (OMB) has reviewed this proposed rule in accordance with the provisions of Executive Order 12866 and the Regulatory Flexibility Act (5 U.S.C. 601-612), and has determined that it does not meet the criteria for a significant regulatory action. Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, when rulemaking is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health, safety, distributive and equity effects). The Unfunded Mandates Reform Act, Public Law 104-4, requires that agencies prepare an assessment of anticipated costs and benefits on any rulemaking that may result in an annual expenditure by State, local or tribal government, or by the private sector of $100 million or more. In addition, under the Regulatory Flexibility Act, if a rule has a significant economic effect on a substantial number of small entities, the Secretary must specifically consider the economic effect of a rule on small entities and analyze regulatory options that could lessen the impact of the rule.

Executive Order 12866 requires that all regulations reflect consideration of alternatives, costs, benefits, incentives, equity, and available information. Regulations must meet certain standards, such as avoiding unnecessary burden. Regulations that are ``significant'' because of cost, adverse effects on the economy, inconsistency with other agency actions, effects on the budget, or novel legal or policy issues, require special analysis. We believe that the resources required to implement the requirements in these regulations would be minimal. Consistent with the statute, these proposed regulations identify certain data elements for reporting that are mandatory and specify other discretionary data elements for reporting. Many of the mandatory and discretionary data elements being set forth in this proposed rulemaking are already collected and maintained on a routine basis for a variety of purposes, and should not result in additional costs or in new and significant burdens on reporting entities. In consultation with States, the Department has been made aware that States routinely collect and maintain much of this information and are already reporting information on health care practitioners to the NPDB. Many licensing boards also routinely collect and report much of this information to national organizations such as the National Council of State Boards of Nursing, Federation of Chiropractic Licensing Boards, American Association of State Social Work Boards, Federation of State Medical Boards and the Association of State and Provincial Psychology Boards. In addition, State Survey and Certification agencies also are required to report adverse information to HCFA on certain health care providers, suppliers and practitioners. Additionally, on a continuous basis, the OIG routinely collects and maintains sanction data on health care providers, suppliers and practitioners excluded from government health care programs. Since we recognize that some classes of reporters may not collect or maintain the full array of data elements contemplated for inclusion into the data bank (e.g., names of affiliated or associated health care entities, or a DEA registration number), we are classifying certain data elements to be reported when known. We intend not to impose new or added burdens on reporters and are proposing to give reporters the option of omitting certain discretionary data elements that they do not maintain or to which they do not have access.

We have determined that this proposed rulemaking would not meet the criteria for a major rule, as defined by Executive Order 12866. As indicated above, these proposed regulations are designed to establish procedures for reporting to and releasing from the HIPDB, information on health care providers, suppliers or practitioners against whom final adverse actions have been taken. According to the National District Attorneys Association, the annual number of criminal convictions is approximately 13 per State and civil judgments are approximately 9 per State each year. Based on the reporting patterns of health plans to the NPDB, we also believe that less than 0.1 percent (19) of the estimated 20,000 health plans will report to the HIPDB each year. As such, we do not anticipate that the data collection process will have a significant impact on State government agencies and health plans, and we believe that this rule would not have a major effect on the economy or on Federal and State expenditures.

Additionally, in accordance with the Unfunded Mandates Reform Act of 1995, we have determined the only costs (which we believe will not be significant) would include the ability to transmit the information electronically (e.g., Internet service) and additional staff hours needed to transmit the information. While we do not have sufficient information at this time to provide estimates of the number of State agencies impacted, the State licensing and certification agencies have estimated that the initial start-up cost will be $5,000 per State licensing and certification agency ($5,000 per State licensing and certification agency x 216 State agencies=$1,080,000). The Department estimates that the initial start-up cost will be less than $100 per health plan ($100 per health plan x 20,000 health plans=$2,000,000). Section 221(a) of HIPAA intends that the Federal government will not incur any costs for the operation and maintenance of the HIPDB; user fees are intended to cover the full costs of the HIPDB. For the reasons stated above, the Department has determined that this rule does not impose any mandates on State, local or tribal governments, or the private sector that will result in an annual expenditure of $100 million or more, and that a full analysis under the Act is not necessary.

In addition, in accordance with the Regulatory Flexibility Act of 1980 (RFA), and the Small Business Regulatory Enforcement Act of 1996, which amended the RFA, we are required to determine if this rule will have a significant economic effect on a substantial number of small entities and, if so, to identify regulatory options that could lessen the impact. For purposes of this rule, we have defined small entities as nonprofit organizations and local government agencies; individuals and States are not included in this definition of small entities. Although the statute does not specify local government agencies as reporters,

[[Page 58349]]

we also have given States the option to decide the manner in which they will report, i.e., having one centralized point for reporting or having multiple agencies such as municipalities and local government agencies (including District and County attorneys) report independently to the HIPDB. If States elect to have multiple agencies reporting independently to the HIPDB, we have determined that both the burden and costs associated with reporting to the HIPDB will be minimal. According to the National District Attorneys Association, there are approximately 2,700 District Attorneys throughout the country and, as indicated above, there are approximately 13 criminal convictions per State each year related to health care violations and 9 civil judgments per State each year related to health care violations. Based on discussions with health plans and examination of reporting patterns of health plans to the NPDB, we also believe that less than 0.1 percent (19) of the estimated 20,000 health plans will report to the HIPDB each year. As a result, we have determined that this rule would affect less than 100 nonprofit and local government agencies overall. Thus, the Secretary certifies that these proposed regulations would not have a significant impact on a substantial number of small entities.

Paperwork Reduction Act

This proposed rule contains information collection requirements necessitating clearance by OMB. As required by the Paperwork Reduction Act (PRA) of 1995 (44 U.S.C. 3507(d)), the Department has submitted a copy of this proposed rule to OMB for its review of these information collection requirements.

Collection of Information: The Healthcare Integrity and Protection Data Bank for Final Adverse Information on Health Care Providers, Suppliers and Practitioners.

Description: Information collected under Secs. 61.6, 61.7, 61.8, 61.9, 61.11, 61.12 and 61.15 of this proposed rule would be used by authorized parties, specified in the proposed rule, to prevent health care fraud and abuse activities and to improve the quality of patient care.

Description of Respondents: Federal and State government agencies and health plans. The reports from Federal agencies are not subject to the PRA.

Estimated Annual Reporting: The Department estimates that the public reporting burden for this proposed rule is 132,733 hours.

The estimated annual reporting and querying burden is as follows:

Hours per Section No.

Number of Responses per Total

response Total burden respondents respond't responses

(min)

hours

Sec. 61.6, Errors & Omissions.. \1\ 1,200

1

1,200

25

500 Sec. 61.6, Revisions/Appeal Status......................... \1\ 1,000

1

1,000

75

1,250 Sec. 61.7:

Licensure Actions: Disclosure by State Licensing Boards........... \2\ 1,836

3

5,500

75

6,875

Reporting by State Licensing Authorities................

216

25.46

5,500

15

1,375 Sec. 61.8, Criminal Convictions

\3\ 54

13

700

75

875 Sec. 61.9, Civil Judgments.....

\4\ 62

8

500

75

625 Sec. 61.11, Other Adjudicated Action or Decision.............

\5\ 66

12

800

75

1,000 Sec. 61.12:

Queries..................... \6\ 5,601

201 1,127,512

5

93,959

Self-queries................

60,000

1

60,000

25

25,000

Entity verification......... \7\ 5,000

1

5,000

10

833

Entity update...............

250

1

250

5

20 Sec. 61.12, Authorized agent designation \8\................

100

1

100

10

16 Sec. 61.12, Authorized agent designation update.............

5

1

5

5

0.42 Sec. 61.15:

Disputed Reports & Secretarial Review

Initial Request.............

\9\ 750

1

750

10

125

Request for Secretarial Review.....................

37

1

37

480

296

Total.......................

76,177

1,208,854

132,749

\1\ Section 61.6 requires each government agency or health plan that reports information to the HIPDB to ensure the accuracy of the information. If there are any errors or omissions to the reports previously submitted to the HIPDB, the individual or entity that submitted the report to the HIPDB is also responsible for making the necessary correction or revision to the original report. If there is any revision to the action or the action is on appeal, the individual or entity that submitted the original report to the HIPDB is also responsible for reporting revisions and whether the action is on appeal. Based on corrections and revisions made to information contained in the NPDB, we have estimated that a total of 1,200 respondents will need to correct their reports each year and that a total of 1,000 respondents will need to revise actions originally reported, or to report whether an action is on appeal each year. Based on experience with the NPDB, a correction is expected to take 25 minutes to complete and submit. A revision is expected to take somewhat longer (75 minutes) because it involves completing a new report form rather that just correcting the individual items that are in error. \2\ Section 61.7 requires Federal and State agencies responsible for the licensing and certification of health care providers, suppliers and practitioners to report all disciplinary licensure actions to the HIPDB. Therefore, we estimate that approximately 34 State licensing boards in each State will report to the State licensing and certification authorities (54 States and territories x 34 licensing boards/per State = 1,836 State licensing and certification boards), and the State licensing and certification authorities (4 per State) will be responsible for reporting information to the HIPDB (54 States and territories x 4 State licensing and certification authorities/per State = 216 State licensing and certification authorities). We estimate that 5,500 reports will be submitted directly to the HIPDB each year, for an average of 25 reports per State licensing and certification authority and 3 reports per State licensing board. Since disciplinary licensure actions by State licensing authorities in the NPDB overlap with this statute, this estimate does not include the licensure actions that will be reported directly to the NPDB and transmitted from there to the HIPDB. The estimates include only those actions which are reported solely to the HIPDB, such as actions taken against certain health care providers and suppliers. The HIPDB will use similar forms and procedures for reporting as the NPDB. As a result, we estimate that it will take a State licensing board 75 minutes to complete and submit an initial report. We also estimate that it will take a State licensing and certification authority 15 minutes to verify the accuracy and completeness of the information contained in the initial report before electronically submitting the information to the HIPDB. \3\ Section 61.8 requires Federal and State prosecutors and investigative agencies to report criminal convictions related to the delivery of a health care item or service. Based on the number of health care providers, suppliers and practitioners convicted by the Federal government, we estimate that there will be an approximate total of 700 State criminal convictions reported to the HIPDB each year, for an average of 13 convictions per State. Based on experience with the NPDB, we estimate that it will take 75 minutes to complete and submit each report.

[[Page 58350]]

\4\ Section 61.9 requires Federal and State attorneys and investigative agencies and health care plans to report civil judgments against health care providers, suppliers and practitioners related to the delivery of a health care item or service. We estimate that there will be an approximate total of 500 civil judgments each year that will be reported by the 54 States Attorneys and an estimated 8 health plans, for a total of 62 reporters. Based on experience with the NPDB, we estimate that it will take 75 minutes to complete and submit each report. \5\ Section 61.11 requires Federal and State governmental agencies and health plans to report any adjudicated action or decision related to the delivery of a health care item or service against health care providers, suppliers and practitioners. We estimate that there will be an approximate total of 800 other adjudicated actions or decision reports submitted to the HIPDB each year by 54 State governmental agencies and an estimated 12 health plans, for a total of 66 reporters. Based on experience with the NPDB, we estimate that it will take 75 minutes to complete and submit each report. \6\ Certain queriers have access to both the NPDB and the HIPDB. When these entities query one data bank, they will automatically receive reports from both. The Department estimates that there will be 1,127,512 queries submitted to the HIPDB per year on health care providers, suppliers and practitioners, including an estimated 60,000 self-queries. These estimates include only queries submitted directly to the HIPDB; it does not include those transferred from the NPDB. The estimates of burden per response are based on experience with similar querying of the NPDB. \7\ To access the HIPDB, entities are required to certify that they meet section 1128E reporting and querying requirements by completing an Entity Registration form and submitting it to the HIPDB. The information collected on this form provides the HIPDB with essential information concerning the entity, such as name, address and entity type. Eligible entities, such as State licensing agencies or certain managed care organizations, that have access to both the NPDB and the HIPDB have already registered for the NPDB and are not required to register separately for the HIPDB. Entities eligible to access only the HIPDB must complete and submit the Entity Registration form. We estimate that it will take an entity 10 minutes to complete and submit the Entity Registration form to the HIPDB. If there are any changes in the entity's name, address, telephone, entity type designation, or query and report point of contact, the entity representative must update the information on the Entity Information Update form and submit it to the HIPDB. Of the 5,000 new registrants, we estimate 250 entities (5 percent of all new registrants) will need to update their organization's information each year. \8\ An eligible entity may elect to have an outside organization query or report to the HIPDB on its behalf. This organization is referred to as an authorized agent. Before an authorized agent acts on behalf of an entity, the eligible entity must complete and submit an Agent Designation form to the HIPDB Help Line. The information collected on this form provides the HIPDB with essential information concerning the agent, such as name address and telephone number. We estimate that 100 entities (2 percent of all new registrants) will elect an authorized agent to query or report to the HIPDB on their behalf. We estimate that it will take an entity 10 minutes to complete and submit the Agent Designation form to the HIPDB. Any changes to the authorized agent designation, such as routing of responses to queries or termination of an authorized agent, the eligible entity must update the information on the Agent Designation Update form and submit it to the HIPDB. We estimate that five of the 100 eligible entities will need to update their agent's information each year. \9\ Section 61.15 describes the process to be followed by a health care provider, supplier or practitioner in disputing the factual accuracy of information in a report and requesting Secretarial review of the disputed report. Based on experience with the NPDB, we estimate that 750 (10 percent of all new reports) will be entered into the ``disputed status.'' We estimate that it will take a health care provider, supplier or practitioner 10 minutes to notify the HIPDB to enter the report into ``disputed status.'' Of the 750 disputed reports, we estimate that only 37 reports (5 percent) will be forwarded to the Secretary for review. We estimate that it will take a health care provider, supplier or practitioner 8 hours to describe in writing which facts are in dispute and to gather supporting documentation related to the dispute.

Forms to be used in the day-to-day management of the HIPDB would include the following:

Hrs. per Total Form name

No. of Respon per Total respon. burden Wage rate Total cost respond respond respons (min)

hours

Account Discrepancy..........................................

2,000

1

2,000

5

166

$ 15 $2,490 Electronic Funds Transfer Authorization......................

850

1

850

5

70

15

1,050 Entity Reactivation..........................................

500

1

500

5

41

15

615

Total....................................................

3,350 ...........

3,350 ...........

277 ........... $4,155

Request for Comment: In accordance with the requirement of section 3506(c)(2)(A) of the PRA for opportunity for public comment on proposed data collection projects, comments are invited on: (1) whether the proposed collection of information is necessary for the proper performance of the functions of the Department, including whether the information will have practical utility; (2) the accuracy of the Department's estimate of the burden of the proposed collection of information; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology.

Written comments and recommendations concerning the proposed information collection requirements should be sent to: Allison Herron Eydt, Human Resources and Housing Branch, Office of Management and Budget, New Executive Office Building, Room 10235, Washington, D.C. 20503. The OMB is required to make a decision concerning the collection of information contained in these proposed regulations between 30 and 60 days after publication of this document in the Federal Register. Therefore, a comment to OMB is best assured of having its full effect if OMB receives it within 30 days of publication. This does not affect the deadline for the public to comment to the Department on the proposed regulations.
Public Inspection of Comments and Response to Comments

Comments will be available for public inspection November 13, 1998 in Room 2A-44, Parklawn Building, Health Resources and Services Administration, Bureau of Health Professions, Division of Quality Assurance at 5600 Fishers Lane, Rockville, Maryland, on Monday through Friday of each week (Federal holidays excepted) between the hours of 10:00 a.m. and 2:00 p.m., (301) 443-2300.

Because of the large number of items of correspondence we normally receive on Federal Register documents published for comment, we are not able to acknowledge or respond to them individually. We will consider all comments we receive by the date and time specified in the DATES section of this preamble, and will respond to the

[[Page 58351]]

comments in the preamble of the final rule.

List of Subjects in 45 CFR Part 61

Health professions, Hospitals, Home health care agencies, Skilled nursing facilities, Durable medical equipment suppliers and manufacturers, Billing and transportation services, Health maintenance organizations, Health care insurers, Pharmaceutical suppliers and manufacturers, Reporting and recordkeeping requirements.

Accordingly, a new 45 CFR part 61 would be added as set forth below:

PART 61--HEALTHCARE INTEGRITY AND PROTECTION DATA BANK FOR FINAL ADVERSE INFORMATION ON HEALTH CARE PROVIDERS, SUPPLIERS AND PRACTITIONERS

Subpart A--General Provisions

Sec. 61.1 The Healthcare Integrity and Protection Data Bank. 61.2 Applicability of these regulations. 61.3 Definitions.

Subpart B--Reporting of Information

61.4 How information must be reported. 61.5 When information must be reported. 61.6 Reporting errors, omissions, revisions, or whether an action is on appeal. 61.7 Reporting licensure actions taken by Federal or State licensing and certification agencies. 61.8 Reporting Federal or State criminal convictions related to the delivery of a health care item or service. 61.9 Reporting civil judgments related to the delivery of a health care item or service. 61.10 Reporting exclusion from participation in Federal or State health care programs. 61.11 Reporting other adjudicated actions or decisions.

Subpart C--Disclosure of Information by the Healthcare Integrity and Protection Data Bank

61.12 Requesting information from the Healthcare Integrity and Protection Data Bank. 61.13 Fees applicable to requests for information. 61.14 Confidentiality of Healthcare Integrity and Protection Data Bank information. 61.15 How to dispute the accuracy of Healthcare Integrity and Protection Data Bank information.

Authority: 42 U.S.C. 1320a-7e.

Subpart A--General Provisions

Sec. 61.1 The Healthcare Integrity and Protection Data Bank.

(a) Section 1128E of the Social Security Act (the Act) authorizes the Secretary of Health and Human Services (the Secretary) to implement a national health care fraud and abuse data collection program for the reporting and disclosing of certain final adverse actions taken against health care providers, suppliers, or practitioners. Section 1128E of the Act also directs the Secretary to maintain a database of final adverse actions taken against health care providers, suppliers, or practitioners. This data bank will be known as the Healthcare Integrity and Protection Data Bank (HIPDB). Settlements in which no findings or admissions of liability have been made will be excluded from being reported. However, any final adverse action that emanates from such settlements, and that would otherwise be reportable under the statute, will be reported to the HIPDB.

(b) Section 1128E of the Act also requires the Secretary to implement the HIPDB in such a manner as to avoid duplication with the reporting requirements established for the National Practitioner Data Bank (NPDB). In accordance with the statute, the reporter responsible for reporting the final adverse actions to both the HIPDB and the NPDB will be required to submit only one report, provided that reporting is made through the Department's consolidated reporting mechanism that will sort the appropriate actions into the HIPDB, NPDB or both.

(c) These regulations set forth the reporting and disclosure requirements for the HIPDB.

Sec. 61.2 Applicability of these regulations.

The regulations in this part establish reporting requirements applicable to Federal and State government agencies and to health plans, as the terms are defined under Sec. 61.3 of this part.

Sec. 61.3 Definitions.

Act means the Social Security Act.

Affiliated or associated means health care entities with which a subject of a final adverse action has a business or professional relationship. This includes, but is not limited to, organizations, associations, corporations, or partnerships. It also includes a professional corporation or other business entity composed of a single individual.

Any other negative action or finding by a Federal or State licensing and certification agency means any action or finding that is a matter of public record and rendered by a licensing or certification authority, including but not limited to, imposition of civil money penalties and administrative fines, limitations on the scope of practice, liquidations, injunctions, forfeitures, and criminal convictions and civil judgments which, under that State's laws, are reportable to that State's boards or agencies which license or certify health care practitioners, providers or suppliers. This definition also includes final adverse actions (such as civil money penalties and administrative fees that occur in conjunction with settlements) in which no findings or admissions of liability have been made, and that would otherwise be reportable under the statute.

Civil judgment means a court-ordered action rendered in a Federal or State court proceeding, other than a criminal proceeding. This reporting requirement does not include consent judgments that have been agreed upon and entered to provide security for civil settlements in which there was no finding or admission of liability.

Clinical privileges includes, as appropriate to the organization, privileges, membership on the medical staff and other circumstances pertaining to the furnishing of medical care under which a physician, dentist or other licensed health care practitioner is permitted to furnish such care by a health plan or by a Federal or State agency that either administers or provides payment for the delivery of health care services.

Criminal conviction means a conviction as described in section 1128(i) of the Act.

Exclusion means a temporary or permanent debarment of an individual or entity from participation in any Federal or State health-related program, and that items or services furnished by such person or entity will not be reimbursed under any Federal or State health-related program.

Government agency includes, but is not limited to--

(1) The U.S. Department of Justice;

(2) The U.S Department of Health and Human Services;

(3) Any other Federal agency that either administers or provides payment for the delivery of health care services, including, but not limited to the U.S. Department of Defense and the U.S. Department of Veterans Affairs;

(4) State law enforcement agencies, which include States Attorneys General;

(5) State Medicaid Fraud Control Units; and

(6) Federal or State agencies responsible for the licensing and certification of health care providers, suppliers or licensed health care practitioners. Examples of such State agencies include Departments of Professional Regulation, Health, Social Services (including State Survey and Certification and Medicaid Single State agencies), Commerce and Insurance.

[[Page 58352]]

Health care fraud means fraud as defined in section 241 of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law 104-191.

Health care provider means a provider of services as defined in section 1861(u) of the Act; any health care entity (including a health maintenance organization, preferred provider organization or group medical practice) that provides health care services and follows a formal peer review process for the purpose of furthering quality health care; or any other health care entity that, directly or through contracts, provides health care services.

Health care supplier means a provider of medical and other health care services as described in section 1861(s) of the Act; or any individual or entity, other than a provider, who furnishes or provides access to health care services, supplies, items or ancillary services (including, but not limited to, durable medical equipment suppliers and manufacturers of health care related items, pharmaceutical suppliers and manufacturers, health record services such as medical, dental and patient records, health data suppliers, and billing and transportation service suppliers). The term also includes any individual or entity under contract to provide such supplies, items or ancillary services, and any group, organization or company providing health benefits whether directly, or indirectly through insurance, reimbursements or otherwise, (including but not limited to, insurance producers such as agents, brokers, solicitors, consultants and reinsurance intermediaries, insurance companies, self-insured employers and health care purchasing groups or entities).

Health plan means a plan, program or organization that provides health benefits, whether directly, through insurance, reimbursement or otherwise, and includes but is not limited to--

(1) A policy of health insurance;

(2) A contract of a service benefit organization;

(3) A membership agreement with a health maintenance organization or other prepaid health plan;

(4) A plan, program, or agreement established, maintained or made available by an employer or group of employers, a practitioner, provider or supplier group, third party administrator, integrated health care delivery system, employee welfare association, public service group or organization or professional association; and

(5) An insurance company, insurance service or insurance organization that is licensed to engage in the business of selling health care insurance in a State and which is subject to State law which regulates health insurance.

Licensed health care practitioner, licensed practitioner, or practitioner mean, with respect to a State, an individual who is licensed or otherwise authorized by the State to provide health care services (or any individual who, without authority, holds himself or herself out to be so licensed or authorized).

Other adjudicated actions or decisions means an official action taken by a Federal or State governmental agency or health plan against a health care provider, supplier or practitioner based on acts or omissions that affect or could significantly affect the delivery or payment of a health care item or service. For example, an official action taken by a Federal or State governmental agency includes, but is not limited to, a personnel-related action such as suspensions without pay, reductions in pay, reductions in grade, terminations or other comparable actions. A hallmark of any valid adjudicated action or decision is the existence of a due process mechanism. In general, if an ``adjudicated action or decision'' follows an agency's established administrative procedures (which ensure that due process is available to the subject of the final adverse action), it would qualify as a reportable action under this definition. For health plans that are not government entities, an action taken following adequate notice and hearing requirement that meets the standards of due process set out in section 412(b) of the HCQIA (42 U.S.C. 11112(b)) also would qualify as a reportable action under this definition. The fact that the subject elects not to use the due process mechanism provided by the authority bringing the action is immaterial, as long as such a process is available to the subject before the adjudicated action or decision is made final.

Secretary means the Secretary of Health and Human Services and any other officer or employee of the Department of Health and Human Services to whom the authority involved has been delegated.

State means any of the fifty States, the District of Columbia, the Commonwealth of Puerto Rico, the Virgin Islands and Guam.

Subpart B--Reporting of Information

Sec. 61.4 How information must be reported.

Information must be reported to the HIPDB as required under Secs. 61.6, 61.7, 61.8, 61.9, 61.10 and 61.11 of this part in such form and manner as the Secretary may prescribe.

Sec. 61.5 When information must be reported.

(a) Information required under Secs. 61.7, 61.8, 61.9, 61.10 and 61.11 of this part must be submitted to the HIPDB within 30 calendar days from the date the final adverse action was taken; the date when the reporting entity became aware of the final adverse action; or by the close of the entity's next monthly reporting cycle, whichever is later.

(b) The date of the final adverse action was taken, its effective date and duration would be contained in the information reported to the HIPDB under Secs. 61.7, 61.8, 61.9, 61.10 and 61.11 of this part.

Sec. 61.6 Reporting errors, omissions, revisions or whether an action is on appeal.

(a) If errors or omissions are found after information has been reported, the reporter must send an addition or correction to the HIPDB. This is an opportunity only for the subjects to request the reporting entity to correct any errors or omissions in the information, and not for requests for readjudication of their cases.

(b) A reporter that reports information on licensure, exclusion, criminal convictions, civil or administrative judgments, or adjudicated actions or decisions under Secs. 61.7, 61.8, 61.9, 61.10 or 61.11 of this part also must report any revision of the action originally reported. Revisions include reversal of a criminal conviction, reversal of a judgment or other adjudicated decisions or whether the action is on appeal, and reinstatement of a license.

(c) The subject will receive a copy of all reports, including revisions and corrections to the report.

(d) Upon receipt of a report, the subject--

(1) Can accept the report as written;

(2) May provide a statement to the HIPDB, either directly or through a designated representative, that will permanently append the report (The statement should be limited to 2,000 characters and will be included in the record. The HIPDB will distribute the statement to queriers (where identifiable), the reporting entity and the subject of the report. The HIPDB will not edit the statement; only the subject can, upon request, make changes to the statement.); or

(3) May follow the dispute process in accordance with Sec. 61.15 of this part.

[[Page 58353]]

Sec. 61.7 Reporting licensure actions taken by Federal and State licensing and certification agencies.

(a) What actions must be reported. Federal and State licensing and certification agencies must report to the HIPDB the following final adverse actions that are taken against a health care provider, supplier or practitioner (regardless of whether the final adverse actions are the subject of a pending appeal)--

(1) Formal or official actions, such as revocation or suspension of a license (and the length of any such suspension), reprimand, censure or probation;

(2) Any other loss of the license or the right to apply for, or renew, a license of the provider, supplier, or practitioner, whether by operation of law, voluntary surrender (including certification agreements or contracts for participation in Federal or State health care programs), non-renewability (excluding those due to nonpayment of fees, retirement, or change to inactive status) or otherwise; and

(3) Any other negative action or finding by such Federal or State agency that is publicly available information.

(b) Information to be reported on individuals. (1) Federal or State licensing and certification agencies must report the following information concerning a practitioner who is the subject of a final adverse action (regardless of whether the final adverse actions are the subject of a pending appeal)--

(i) Name;

(ii) Social Security number, and Federal Employer Identification number for individuals who possess one;

(iii) Sex;

(iv) Date of birth;

(v) Occupation;

(vi) Organization name and type;

(vii) Primary work address;

(viii) Name of each professional school attended and year of graduation;

(ix) With respect to professional license, certification or registration, the license, certification or registration number, the field of licensure, certification or registration and the name(s) of the State or Territory in which the license, certification or registration is held;

(x) Physician specialty, if applicable;

(xi) National Provider Identifier (NPI), when issued by the Health Care Financing Administration (HCFA);

(xii) A description of the acts or omissions or other reasons for the action taken;

(xiii) A description of the action, if applicable, the date the action was taken, its effective date and duration, the amount of any monetary penalty, and whether the action is on appeal;

(xiv) Classification of the action in accordance with a reporting code adopted by the Secretary;

(xv) Name and address of the reporting entity, and the name of the agency taking the action;

(xvi) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity; and

(xvii) Name(s) of any health care entity with which the subject is affiliated or associated.

(2) Federal and State licensing and certification agencies should report, when known, the following concerning a practitioner who is the subject of a final adverse action--

(i) Other name(s) used;

(ii) If deceased, date of death;

(iii) Home address;

(iv) Federal license, certification or registration number(s) (such as a Drug Enforcement Administration (DEA) registration number and Medicare provider number(s));

(v) Type(s) of any health care entity with which the subject is affiliated or associated;

(vi) Address of each associated or affiliated health care entity;

(vii) NPI of each associated or affiliated health care entity, when issued by HCFA; and

(viii) Nature of subject's relationship to each associated or affiliated health care entity.

(c) Information that must be reported on organizations. (1) Federal or State licensing and certification agencies must report the following information concerning a provider or supplier who is the subject of a final adverse action (regardless of whether the final adverse actions are the subject of a pending appeal)--

(i) Name and type of provider or supplier;

(ii) Federal Employer Identification number, and Social Security number (when used as the Tax Identification number (TIN));

(iii) The provider's or supplier's address;

(iv) The provider's or supplier's license, certification, or registration number(s) and name(s) of the State or Territory in which the license, certification or registration is held (the license number against which the action is taken should be specified);

(v) NPI, when issued by HCFA;

(vi) A description of the acts or omissions or other reason for the action;

(vii) A description of the action, if applicable, the date the action was taken, its effective date and duration, the amount of any monetary penalty, and whether the action is on appeal;

(viii) Classification of the action in accordance with a reporting code adopted by the Secretary;

(ix) Name and address of the reporting entity, and the name of the agency taking the action;

(x) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity; and

(xi) Name(s) of any health care entity with which the subject is affiliated or associated.

(2) Federal and State licensing and certification agencies should report, when known, the following information concerning a provider or supplier who is the subject of a final adverse action (regardless of whether the final adverse actions are the subject of a pending appeal)--

(i) Federal license, certification or registration number(s) (such as a DEA registration number, Medicare provider number(s), Clinical Laboratory Improvement Act (CLIA) number);

(ii) Type(s) of any health care entity with which the subject is affiliated or associated;

(iii) Address of each associated or affiliated health care entity;

(iv) NPI of each affiliated or associated health care entity, when issued by HCFA;

(v) Nature of subject's relationship to each associated or affiliated health care entity; and

(vi) Total amount of monetary penalties and fines.

(d) Sanctions for failure to report. The Secretary will provide for publication of a public report that identifies those Government agencies that have failed to report information on adverse actions as required to be reported under this section.

Sec. 61.8 Reporting Federal or State criminal convictions related to the delivery of a health care item or service.

(a) Who must report. Federal and State prosecutors, including law enforcement and investigative agencies, must report criminal convictions against health care providers, suppliers and practitioners related to the delivery of a health care item or service.

(b) Information to be reported on individuals. (1) Entities described in paragraph (a) of this section must report the following information--

(i) With respect to the individual who is the subject of a criminal conviction--

(A) Full name;

(B) Social Security number, and Federal Employer Identification number for individuals who possess one;

(C) Date of birth;

(D) Sex;

[[Page 58354]]

(E) Occupation;

(F) Organization name and type;

(G) Primary work address;

(H) NPI, when issued by HCFA;

(I) Court or judicial venue in which the action was taken;

(J) Docket or court file number;

(K) Name of primary prosecuting agency;

(L) Prosecuting agency's case number;

(M) Length of incarceration, detention, probation, community service or other sentence;

(N) Amount of any monetary penalties, judgment, restitution or other order;

(O) Date of sentence;

(P) Description of acts or omissions and injuries upon which the action was based;

(Q) Nature of the final adverse action and whether such action is on appeal;

(R) Name(s) of affiliated or associated health care entities; and

(S) Statutory offenses and count(s), and

(ii) With respect to the reporting entity--

(A) Name and address of the reporting entity and its file number concerning the subject; and

(B) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity.

(2) Entities described in paragraph (a) of this section should report, when known, the following information--

(i) With respect to the individual who is the subject of a criminal conviction--

(A) Other name(s) used;

(B) Home address;

(C) Physician specialty;

(D) Medicare provider number(s);

(E) Medicaid provider number(s) and State(s);

(F) DEA registration number(s);

(G) Federal Bureau of Investigation (FBI) number;

(H) Name of each professional school attended and year of graduation; and

(I) With respect to each professional license, certification or registration, the license, certification or registration number, the field of licensure, certification or registration, and the name(s) of the State or Territory in which the license, certification or registration is held, if known;

(ii) With respect to health care entities (if known) with which the subject of the criminal conviction is affiliated or associated--

(A) Type(s) of affiliated or associated health care entities;

(B) Address of each associated or affiliated health care entity;

(C) NPI of each associated or affiliated health care entity, when issued by HCFA; and

(D) Nature of subject's relationship to each associated or affiliated health care entity; and

(iii) With respect to the action--

(A) Investigative agencies involved; and

(B) Investigative agencies' case or file number.

(c) Information to be reported on organizations. (1) Entities described in paragraph (a) of this section must report the following information--

(i) With respect to the organization that is the subject of a criminal conviction--

(A) Entity's legal name;

(B) Name entity is doing business as;

(C) Business address;

(D) Federal Employer Identification number, and Social Security number (when used as the TIN);

(E) NPI when issued by the HCFA;

(F) Type of entity;

(G) Court or judicial venue in which the action was taken;

(H) Docket or court file number;

(I) Name of primary prosecuting agency;

(J) Prosecuting agency's case number;

(K) Length of sentence (e.g., for probation);

(L) Amount of any monetary penalty, judgment, restitution, or other orders;

(M) Date of sentence;

(N) Description of acts or omissions and injuries upon which the action was based;

(O) Nature of the final adverse action and whether such action is on appeal;

(P) Name(s) of affiliated or associated health care entities; and

(Q) Statutory offenses and count(s), and

(ii) With respect to the reporting entity--

(A) Name and address of the reporting entity and its file number concerning the subject; and

(B) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity.

(2) Entities described in paragraph (a) of this section should report, when known, the following information--

(i) With respect to the organization that is the subject of a criminal conviction--

(A) Medicare provider number(s);

(B) Medicaid provider number(s) and State(s);

(C) DEA registration number(s);

(D) Health care provider's or supplier's license, certification or registration number(s), and the name(s) of the State or Territory in which the license, certification or registration is held;

(E) Names and titles of principal officers and owners;

(F) Investigative agencies involved; and

(G) Investigative agencies' case or file number; and

(ii) With respect to any health care entities (if known) with which the subject of the criminal conviction is affiliated or associated--

(A) Type(s) of affiliated or associated health care entities;

(B) Address of each associated or affiliated health care entity;

(C) NPI of each associated or affiliated health care entity, when issued by HCFA; and

(D) Nature of subject's relationship to each associated or affiliated health care entity.

(d) Sanctions for failure to report. The Secretary will provide for publication of a public report that identifies those Government agencies that have failed to report information on adverse actions as required to be reported under this section.

Sec. 61.9 Reporting civil judgments related to the delivery of a health care item or service.

(a) Who must report. Federal and States Attorneys, investigative agencies and health plans must report civil judgments against health care providers, suppliers or practitioners related to the delivery of a health care item or service (regardless of whether the civil judgment is the subject of a pending appeal), with the exception of those resulting from medical malpractice.

(b) Information to be reported on individuals. (1) Entities described in paragraph (a) of this section must report the following information--

(i) With respect to the individual who is the subject of a judgment--

(A) Full name;

(B) Social Security number, and Federal Employer Identification number for individuals who possess one;

(C) Date of birth;

(D) Sex;

(E) Occupation;

(F) Organization name and type;

(G) Primary work address;

(H) NPI, when issued by HCFA;

(I) Court or judicial venue in which the action was taken;

(J) Docket or court file number;

(K) Name of primary prosecuting agency or civil plaintiff;

(L) Prosecuting agency's case number;

(M) Date of judgment;

(N) Amount of any monetary penalty, judgment, restitution, or other orders;

(O) Description of acts or omissions and injuries upon which the action was based;

(P) Nature of final adverse action and whether such action is on appeal;

(Q) Name(s) of affiliated or associated health care entities; and

[[Page 58355]]

(R) Statutory offenses and count(s), and

(ii) With respect to the reporting entity--

(A) Name and address of the reporting entity and its file number concerning the subject; and

(B) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity.

(2) Entities described in paragraph (a) of this section should report, when known, the following information--

(i) With respect to the individual who is the subject of a judgment--

(A) Physician specialty, if applicable;

(B) Other name(s) used;

(C) Home address;

(D) Medicare provider number(s);

(E) Medicaid provider number(s) and State(s);

(F) DEA registration number(s);

(G) FBI number;

(H) Name of each professional school attended and year of graduation;

(I) With respect to each professional license, certification or registration, the license, certification, or registration number, the field of licensure, certification, or registration, and the name(s) of the State or Territory in which the license, certification or registration is held;

(J) Investigative agencies involved; and

(K) Investigative agencies' case or file number; and

(ii) With respect to any health care entities (if known) with which the subject of the judgment is affiliated or associated--

(A) Type(s) of affiliated or associated health care entities;

(B) Address of each associated or affiliated health care entity;

(C) NPI of each associated or affiliated health care entity, when issued by HCFA; and

(D) Nature of subject's relationship to each associated or affiliated health care entity.

(c) Information to be reported on organizations. (1) Entities described in paragraph (a) of this section must report the following information--

(i) With respect to the organization that is the subject of a judgment--

(A) Entity's legal name, if known;

(B) Name entity is doing business as;

(C) Business address;

(D) Federal Employer Identification number, and Social Security number (when used as the TIN);

(E) NPI, when issued by HCFA;

(F) Type of entity;

(G) Court or judicial venue in which the action was taken;

(H) Docket or court file number;

(I) Name of primary prosecuting agency or civil plaintiff;

(J) Prosecuting agency's case number;

(K) Date of judgment;

(L) Amount of any monetary penalty, judgment, restitution or other orders;

(M) Description of acts or omissions and injuries upon which the action was based;

(N) Nature of final adverse action and whether such action is on appeal;

(O) Name(s) of affiliated or associated health care entities; and

(P) Statutory offenses and count(s), and

(ii) With respect to the reporting entity--

(A) Name and address of the reporting entity and its file number concerning the subject; and

(B) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity.

(2) Entities described in paragraph (a) of this section should report, when known, the following information--

(i) With respect to the organization that is the subject of a judgment--

(A) Medicare provider number(s);

(B) Medicaid provider number(s) and State(s);

(C) DEA registration number(s);

(D) Health care provider or supplier license, certification or registration number, and the name(s) of the State or Territory in which the license, certification or registration is held;

(E) Names and titles of principal officers and owners;

(F) Investigative agencies involved; and

(G) Investigative agencies' case or file number; and

(ii) With respect to any health care entities (if known) with which the subject of the judgment is affiliated or associated--

(A) Type(s) of affiliated or associated health care entities;

(B) Address of each associated or affiliated health care entity;

(C) NPI of each associated or affiliated health care entity, when issued by HCFA; and

(D) Nature of subject's relationship to each associated or affiliated health care entity.

(d) Sanctions for failure to report. Any health plan that fails to report information on an adverse action required to be reported under this section will be subject to a civil money penalty (CMP) of not more than $25,000 for each such adverse action not reported. Such penalty will be imposed and collected in the same manner as CMPs under subsection (a) of section 1128A of the Act. The Secretary will provide for publication of a public report that identifies those Government agencies that have failed to report information on adverse actions as required to be reported under this section.

Sec. 61.10 Reporting exclusion from participation in Federal or State health care programs.

(a) Who must report. Federal and State government agencies must report health care providers, suppliers or practitioners excluded from participating in Federal or State health care programs, including exclusions that were made in a matter in which there was also a settlement that is not reported because no findings or admissions of liability have been made (regardless of whether the exclusion is the subject of a pending appeal) .

(b) Information to be reported on individuals. (1) The entity described in paragraph (a) of the section must report the following information--

(i) Name;

(ii) Social Security number, and Federal Employer Identification number for individuals who possess one;

(iii) Date of birth;

(iv) Sex;

(v) Occupation;

(vi) Primary work address;

(vii) Organization name and type;

(viii ) NPI, when issued by HCFA;

(ix) Professional school and year of graduation;

(x) With respect to each professional license, certification or registration, the license, certification or registration number, the field of licensure, certification or registration, and the name(s) of the State or Territory in which the license, certification or registration is held;

(xi) Description of the action, the date the action was taken, its effective date and duration, and whether the action is on appeal;

(xii) Classification of the action in accordance with a reporting code adopted by the Secretary;

(xiii) Description of acts or omissions, and injuries, upon which the action was based;

(xiv) Name and address of the reporting entity, and the name of the agency taking the action;

(xv) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity; and

(xvi) Name(s) of any health care entity with which the subject is affiliated or associated.

(2) The entity described in paragraph (a) of this section should report, when known, the following information--

[[Page 58356]]

(i) Other name(s) used;

(ii) Home address;

(iii) Physician specialty;

(iv) Federal license, certification or registration number(s) (such as a DEA registration number, Medicare provider number(s));

(v) Type(s) of any health care entity with which the subject is affiliated or associated;

(vi) Address of each associated or affiliated health care entity;

(vii) NPI of each associated or affiliated health care entity, when issued by HCFA; and

(viii) Nature of subject's relationship to each associated or affiliated health care entity.

(c) Information to be reported on organizations. (1) An entity described in paragraph (a) of this section must report the following information for a health care provider or supplier--

(i) Name and type of provider or supplier;

(ii) Federal Employer Identification number, and Social Security number (when used as the TIN);

(iii) NPI, when issued by HCFA;

(iv) The provider's or supplier's address;

(v) The provider's or supplier's license, certification or registration number(s) and the name of the State or Territory in which the license, certification or registration is held (the license number against which the action is taken should be specified);

(vi) Description of the acts or omissions or other reason for the action;

(vii) Classification of the action in accordance with a reporting code adopted by the Secretary;

(viii) Description of the action, the date the action was taken, its effective date and duration;

(ix) Name and address of the reporting entity, and the name of the agency taking the action;

(x) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity; and

(xi) Name(s) of any health care entity with which the subject is affiliated or associated.

(2) An entity described in paragraph (a) of this section should report, when known, the following information for a health care provider or supplier--

(i) Federal license, certification or registration number(s) (such as a DEA registration number, Medicare provider number(s), CLIA number);

(ii) Type(s) of any health care entity with which the subject is affiliated or associated;

(iii) Address of each associated or affiliated health care entity;

(iv) NPI of each associated or affiliated health care entity, when issued by HCFA; and

(v) Nature of subject's relationship to each associated or affiliated health care entity.

(d) Sanctions for failure to report. The Secretary will provide for publication of a public report that identifies those Government agencies that have failed to report information on adverse actions as required to be reported under this section.

Sec. 61.11 Reporting other adjudicated actions or decisions.

(a) Who must report. Federal and State governmental agencies and health plans must report other adjudicated actions or decisions related to the delivery of a health care item or service against health care providers, suppliers and practitioners (regardless of whether the other adjudicated actions or decisions are subject to a pending appeal).

(b) Information to be reported on individuals. (1) Entities described in paragraph (a) of this section must report the following information on individuals--

(i) Name;

(ii) Social Security number, and Federal Employer Identification number for individuals who possess one;

(iii) Sex;

(iv) Date of birth;

(v) Occupation;

(vi) Primary work address;

(vii) Organization name and type;

(viii) Name of each professional school attended and year of graduation;

(ix) With respect to each professional license, certification or registration, the license, certification or registration number, the field of licensure, certification or registration, and the name of the State or Territory in which the license, certification or registration is held;

(x) NPI, when issued by HCFA;

(xi) Description of the acts or omissions or other reason for the action;

(xii) Classification of the action in accordance with a reporting code adopted by the Secretary;

(xiii) Description of the action, date the action was taken, its effective date and duration, amount of any monetary penalty, and whether the action is on appeal;

(xiv) Name and address of the reporting entity, and the name of the agency taking the action;

(xv) The name, title and telephone number of the responsible official submitting the report on behalf of the reporting entity; and

(xvi) Name(s) of any health care entities with which the subject is affiliated or associated.

(2) Entities described in paragraph (a) of this section should report, when known, the following information on individuals--

(i) Other name(s) used;

(ii) Home address;

(iii) Physician specialty;

(iv) Federal license, certification or registration number(s) (such as a DEA registration number, Medicare provider number(s));

(v) Type(s) of any health care entity with which the subject is affiliated or associated;

(vi) Address of each associated or affiliated health care entity;

(vii) NPI of each associated or affiliated health care entity, when issued by HCFA; and

(viii) Nature of subject's relationship to each associated or affiliated health care entity.

(c) Information to be reported on organizations. (1) Entities described in paragraph (a) of this section must report the following information on organizations--

(i) Name and type of provider or supplier;

(ii) Federal Employer Identification number, and Social Security number (when used as the TIN);

(iii) The provider's or supplier's address;

(iv) NPI, when issued by HCFA;

(v) The provider's or supplier's license, certification or registration number(s) and the name of the State or Territory in which the license, certification or registration is held (the license number against which the action is taken should be specified);

(vi) Description of the acts or omissions or other reason for the action;

(vii) Description of action, date the action was taken, its effective date and duration, and amount of any monetary penalty;

(viii) Classification of the action in accordance with a reporting code adopted by the Secretary;

(ix) Name and address of reporting entity, and the name of the agency taking the action;

(x) The name, title, and telephone number of the responsible official submitting a report on behalf of the reporting entity; and

(xi) Name(s) of any health care entities with which the subject is affiliated or associated.

(2) Entities described in paragraph (a) of this section should report, when known, the following information on organizations--

(i) Federal license, certification or registration number(s) (such as a DEA

[[Page 58357]]

registration number, Medicare provider number(s), CLIA number);

(ii) Type(s) of any health care entity with which the subject is affiliated or associated;

(iii) Address of each associated or affiliated health care entity, if known;

(iv) NPI of each associated or affiliated health care entity, when issued by HCFA;

(v) Nature of subject's relationship to each associated or affiliated health care entity; and

(vi) Name and titles of principal officers and owners.

(d) Sanctions for failure to report. Any health plan that fails to report information on an adverse action required to be reported under this section will be subject to a CMP of not more than $25,000 for each such adverse action not reported. Such penalty will be imposed and collected in the same manner as CMPs under section 1128A(a) of the Act. The Secretary will provide for publication of a public report that identifies those Government agencies that have failed to report information on adverse actions as required to be reported under this section.

Subpart C--Disclosure of Information by the Healthcare Integrity and Protection Data Bank

Sec. 61.12 Requesting information from the Healthcare Integrity and Protection Data Bank.

(a) Who may request information and what information may be available. Information in the HIPDB will be available, upon request, to the following persons or entities, or their authorized agents--

(1) Federal and State government agencies;

(2) Health plans;

(3) A health care practitioner, provider, or supplier requesting information concerning himself, herself or itself; and

(4) A person or entity who requests aggregate information, which does not permit the identification of any particular patient, health care provider, supplier or practitioner. (For example, researchers can use the aggregate information to identify the total number of practitioners excluded from the Medicare and Medicaid programs. Similarly, health plans can use aggregate information to develop outcome measures in their efforts to monitor and improve quality care.)

(b) Procedures for obtaining HIPDB information. Eligible persons and entities may obtain information from the HIPDB by submitting a request in such form and manner as the Secretary may prescribe. These requests are subject to fees set forth in Sec. 61.13 of this part. The HIPDB will comply with the Department's principles of fair information practice by providing each subject of a report with a copy when the report is entered into the HIPDB.

Sec. 61.13 Fees applicable to requests for information.

(a) Policy on fees. The fees described in this section apply to all requests for information from the HIPDB. However, for purposes of verification and dispute resolution, the HIPDB will provide a copy-- automatically, without a request and free of charge--of every record to the health care provider, supplier or practitioner who is the subject of the report. The fees are authorized by section 1128E(d)(2) of the Act, and they reflect the full costs of operating the database. The actual fees will be announced by the Secretary in periodic notices in the Federal Register.

(b) Criteria for determining the fee. The amount of each fee will be determined based on the following criteria--

(1) Direct and indirect personnel costs;

(2) Physical overhead, consulting, and other indirect costs including rent and depreciation on land, buildings and equipment;

(3) Agency management and supervisory costs;

(4) Costs of enforcement, research and establishment of regulations and guidance;

(5) Use of electronic data processing equipment to collect and maintain information--the actual cost of the service, including computer search time, runs and printouts; and

(6) Any other direct or indirect costs related to the provision of services.

(c) Assessing and collecting fees. The Secretary will announce through periodic notice in the Federal Register the method of payment of fees. In determining these methods, the Secretary will consider efficiency, effectiveness and convenience for users and for the Department. Methods may include credit card, electronic funds transfer and other methods of electronic payment.

Sec. 61.14 Confidentiality of Healthcare Integrity and Protection Data Bank information.

Information reported to the HIPDB is considered confidential and will not be disclosed outside the Department, except as specified in Secs. 61.12 and 61.15 of this part. Persons and entities receiving information from the HIPDB, either directly or from another party, must use it solely with respect to the purpose for which it was provided. Nothing in this paragraph will prevent the disclosure of information by a party from its own files used to create such reports where disclosure is otherwise authorized under applicable State or Federal law.

Sec. 61.15 How to dispute the accuracy of Healthcare Integrity and Protection Data Bank information.

(a) Who may dispute the HIPDB information. The HIPDB will routinely mail or transmit electronically to the subject a copy of the report filedin the HIPDB. The subject of the report or a designated representative may dispute the accuracy of a report concerning himself, herself or itself within 60 calendar days of receipt of the report.

(b) Procedures for disputing a report with the reporting entity. (1) If the subject disagrees with the reported information, the subject must request, in writing within 60 calendar days of receipt of the report, that the HIPDB enter the report into ``disputed status.''

(2) The HIPDB will send the report, with a notation that the report has been placed in ``disputed status,'' to queriers (where identifiable), the reporting entity and the subject of the report.

(3) The subject must attempt to enter into discussion with the reporting entity to resolve the dispute. If the reporting entity revises the information originally submitted to the HIPDB, the HIPDB will notify the subject and all entities to whom reports have been sent that the original information has been revised. If the reporting entity does not revise the reported information, the subject may request that the Secretary review the report for accuracy.

(c) Procedures for requesting a Secretarial review. (1) The subject must request, in writing, that the Secretary of the Department review the report for accuracy. The subject must return this request to the HIPDB along with appropriate materials that support the subject's position. The Secretary will only review the accuracy of the reported information, and will not consider the merits or appropriateness of the action or the due process that the subject received.

(2) After the review, if the Secretary--

(i) Concludes that the information is accurate and reportable to the HIPDB, the Secretary will inform the subject and the HIPDB of the determination. The Secretary will include a brief statement (Secretarial Statement) in the report that describes the basis for the decision. The report will be removed from ``disputed status.'' The HIPDB will

[[Page 58358]]

distribute the corrected report and statement(s) to previous queriers (where identifiable), the reporting entity and the subject of the report.

(ii) Concludes that the information contained in the report is inaccurate, the Secretary will inform the subject of the determination and direct the HIPDB or the reporting entity to revise the report. The Secretary will include a brief statement (Secretarial Statement) in the report describing the findings. The HIPDB will distribute the corrected report and statement (s) to previous queriers (where identifiable), the reporting entity and the subject of the report.

(iii) Determines that the disputed issues are outside the scope of the Department's review, the Secretary will inform the subject and the HIPDB of the determination. The Secretary will include a brief statement (Secretarial Statement) in the report describing the findings. The report will be removed from ``disputed status.'' The HIPDB will distribute the report and the statement(s) to previous queriers (where identifiable), the reporting entity and the subject of the report.

(iv) Determines that the adverse action was not reportable and therefore should be removed from the HIPDB, the Secretary will inform the subject and direct the HIPDB to void the report.

The HIPDB will distribute a notice to previous queriers (where identifiable), the reporting entity and the subject of the report that the report has been voided.

Dated: April 10, 1998. June Gibbs Brown, Inspector General.

Approved: June 9, 1998. Donna E. Shalala, Secretary.

[FR Doc. 98-29147Filed10-29-98; 8:45 am]

BILLING CODE 4160-15-P

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Health care programs; fraud and abuse: Health Insurance Portability and Accountability Act Data collection program; final adverse actions reporting,

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Health care programs; fraud and abuse: Health Insurance Portability and Accountability Act Data collection program; final adverse actions reporting,