[Federal Register: June 17, 2004 (Volume 69, Number 116)]
[Rules and Regulations]
[Page 33866-33869]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr17jn04-16]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
Office of Inspector General
45 CFR Part 61
RIN 0991-AB31
Health Care Fraud and Abuse Data Collection Program: Technical
Revisions to Healthcare Integrity and Protection Data Bank Data
Collection Activities
AGENCY: Office of Inspector General (OIG), HHS.
ACTION: Interim final rule with comment period.
-----------------------------------------------------------------------
SUMMARY: The rule makes technical changes to the Healthcare Integrity
and Protection Data Bank (HIPDB) data collection reporting requirements
set forth in 45 CFR part 61 by clarifying the types of personal numeric
identifiers that may be reported to the data bank in connection with
adverse actions. Specifically, the rule clarifies that in lieu of a
Social Security Number (SSN), an individual taxpayer identification
number (ITIN) may be reported to the data bank when, in those limited
situations, an individual does not have an SSN.
DATES: Effective date: These regulations are effective on July 19,
2004.
Comment date: We will consider comments if we receive them at the
appropriate address, as provided in the address section below, no later
than 5 p.m. on July 19, 2004.
ADDRESSES: In commenting, please refer to file code OIG-55-FC. Because
of staff and resource limitations, we cannot accept comments by
facsimile (FAX) transmission. Please mail or deliver your written
comments to the following address: Office of Inspector General,
Department of Health and Human Services, Attention: OIG-55-FC, Room
5246, Cohen Building, 330 Independence Avenue, SW., Washington, DC
20201.
Please allow sufficient time for us to receive mailed comments by
the due date in the event of delivery delays. Because access to the
Cohen Building is not readily available to persons without Federal
government identification, commenters are encouraged to leave their
comments in the OIG drop box located in the main lobby of the building.
For information on viewing public comments, see section IV in the
SUPPLEMENTARY INFORMATION section.
FOR FURTHER INFORMATION CONTACT: Joel Schaer, Office of Management and
Policy, (202) 619-0089; or Anne MacArthur, Office of Counsel to the
Inspector General, (202) 619-0335.
SUPPLEMENTARY INFORMATION:
I. The Healthcare Integrity and Protection Data Bank (HIPDB)
Section 221(a) of the Health Insurance Portability and
Accountability Act (HIPAA) of 1996, Public Law 104-91, required the
Department, acting through the Office of Inspector General, to
establish a health care fraud and abuse control program to combat
health care fraud and abuse (section 1128C of the Social Security Act
(the Act)). Among the major steps in this program has been the
establishment of a national data bank to receive and disclose certain
final adverse actions against health care providers, suppliers, or
practitioners, as required by section 1128E of the Act, in accordance
with section 221(a) of HIPAA. The data bank, known as the Healthcare
Integrity and Protection Data Bank (HIPDB), is designed to collect and
disseminate the following types of information regarding final adverse
actions: (1) Civil judgments against health care providers, suppliers,
or practitioners in Federal or State court that are related to the
delivery of a health care item or service; (2) Federal or State
criminal convictions against a health care provider, supplier, or
practitioner related to the delivery of a health care item or service;
(3) final adverse actions by Federal or State agencies responsible for
the licensing and certification of health care providers, suppliers, or
practitioners; (4) exclusion of a health care provider, supplier, or
practitioner from participation in Federal or State health care
programs; and (5) any other adjudicated actions or decisions that the
Secretary establishes by regulation.
Data Elements To Be Reported to the HIPDB
Section 1128E(b)(2) of the Act cited a number of required elements
or types of data that must be reported to the HIPDB. These elements
include: (1) The name of the individual or entity; (2) a taxpayer
identification number; (3) the name of any affiliated or associated
health care entity; (4) the nature of the final adverse action and
whether the action is on appeal; (5) a description of the acts or
omissions, or injuries, upon which a final adverse action is based; and
(6) any other additional information deemed appropriate by the
Secretary. With respect to this last element, we have exercised this
discretion to add additional reportable data elements reflecting much
of the information that is already routinely collected by the Federal
and State reporting agencies.
Final regulations implementing the HIPDB were published in the
Federal Register on October 26, 1999 (64 FR 57740). In those final
regulations, for an individual (1) who is the subject of a civil
judgment or criminal conviction related to the delivery of a health
care item or service; or (2) who is the subject of a licensure action
taken by Federal or State licensing and certification agencies, an
adjudicated action or decision, or an individual excluded from
participation in a Federal or State health care program, the current
HIPDB systems of records contains, among other things, the individual's
full name, other names used (if known), and his or her SSN. We
specifically indicated that use of personal identifiers, such as SSNs
and Federal Employer Identification Numbers (FEINs), in the collection
and reporting to the HIPDB:
Provides explicit matching of specific adverse action
reports to and from the data bank;
Provides a greater confidence level in the system's
matching algorithm and maximizes the system's ability to prevent the
erroneous reporting and disclosure of health care providers, suppliers
and practitioners; and
Strengthens States' ability to detect individuals who move
from State to State without disclosure or discovery of previous
damaging performance.
[[Page 33867]]
However, in addressing the list of ``mandatory'' data elements that
must be reported to the data bank in connection with adverse actions,
the final regulations inadvertently omitted reference to the reporting
of an ITIN to the data bank when, in those limited situations, an
individual does not have a SSN.
Tax Identification Numbers as Defined by the Internal Revenue Code
As indicated above, HIPAA requires ``the name and TIN (as defined
in section 7701(a)(41) of the Internal Revenue Code (IRC) of 1986) of
any health care provider, supplier, or practitioner who is the subject
of a final adverse action'' to be reported to the data bank. Section
7701(a)(41) of the IRC does not specifically define TIN, but instead
refers to section 6109 of the Code. Section 6109(d) states that an
individual's SSN is the tax identifying number for an individual,
except as otherwise specified in regulations by the Secretary of the
Treasury. In turn, the Department of the Treasury regulations set forth
at 26 CFR 301.6109-1(a)(ii)(B) provides for the issuance of an ITIN for
individuals who are not eligible for a SSN.
II. Technical Revisions to 45 CFR Part 61
The HIPDB regulations at 45 CFR part 61 currently require the SSN
on reports of adverse actions on individuals. Although the SSN meets
the statutory requirement of a TIN, we believe that the inclusion of
the ITIN, which is also a TIN, is consistent with the statutory
requirements of HIPAA. Most reportable final adverse actions are taken
against individual health care practitioners who are permitted to work
in the United States. Non-citizens in the United States with permission
to work are eligible for SSNs. However, we have become aware that there
are non-citizens who do not have permission to work in the United
States, but who do have ITINs assigned by the Internal Revenue Service
(IRS) for tax purposes \1\ and hold valid State health care licenses.
One example would be a foreign physician who does not practice in the
United States, but desires to have a State license as a qualification
of his or her ability to practice medicine. We believe that there may
be very limited incidences where reportable adverse actions,
particularly licensing actions, may be taken against these health care
practitioners, such as an adverse licensing action taken by a medical
licensing authority in a foreign country that is then reported to a
State medical licensing board which then revokes the State medical
license of the foreign physician. However, if the physician does not
have a SSN, the State medical licensing authority is currently unable
to report the action. We believe that the revision of the HIPDB
regulations to include the collection of the ITIN for individuals who
do not have SSNs, but have been assigned an ITIN, will enable the data
bank to receive reports that presently it cannot receive.
---------------------------------------------------------------------------
\1\ These individuals can use previously IRS assigned ITINs,
although they cannot qualify for an ITIN solely for licensing
purposes.
---------------------------------------------------------------------------
As a result, in order to allow for the collection and dissemination
of all appropriate information to and from the data bank, we are
revising Sec. Sec. 61.7, 61.8, and 61.10 of the HIPDB regulations at
45 CFR part 61 to indicate that for the reporting of (1) licensure
actions taken by Federal and State licensing and certification
agencies, (2) Federal or State criminal convictions related to the
delivery of a health care item or service, or (3) exclusions from
participation in Federal or State health care programs:
If the subject is an individual, entities must report
either the SSN or ITIN;
If the subject is an organization, entities must report
the FEIN, or SSN or ITIN when used by the subject as a TIN; and
If the subject is an organization, entities should report,
if known, any FEINs, SSNs or ITINs used.
These revisions will also allow the reporting of ITINs, by
reference, to the reports required in Sec. Sec. 61.9 and 61.11.
We note that while the inclusion of a SSN or ITIN is a necessary
reporting element in reporting adverse actions to the HIPDB, the Social
Security Administration and the Internal Revenue Service are not
required to assign a SSN or an ITIN, respectively, to those individuals
who do not otherwise qualify for such identification numbers.
III. Regulatory Impact Statement
A. Regulatory Analysis
We have examined the impacts of this technical rule revision as
required by Executive Order 12866, the Regulatory Flexibility Act (RFA)
of 1980, the Unfunded Mandates Reform Act of 1995, and Executive Order
13132.
1. Executive Order 12866
Executive Order 12866 directs agencies to assess all costs and
benefits of available regulatory alternatives and, if regulations are
necessary, to select regulatory approaches that maximize net benefits
(including potential economic, environmental, public health, and safety
effects; distributive impacts; and equity). A regulatory impact
analysis must be prepared for major rules with economically significant
effects ($100 million or more in any given year). This is not a major
rule as defined at 5 U.S.C. 804(2), and it is not economically
significant since this technical revision will not have a significant
effect on program expenditures and there will be no additional
substantive cost through codification of this change. Specifically, the
revisions to 45 CFR part 61 set forth in this rule are technical in
nature and are designed to further clarify statutory requirements. The
economic effect of these revisions will impact only those limited few
individuals or organizations that are that subject of an adverse action
reportable to the data bank. As such, we believe that the aggregate
economic impact of this technical revision to the regulations will be
minimal and have no appreciable effect on the economy or on Federal or
State expenditures.
2. Regulatory Flexibility Act
The RFA and the Small Business Regulatory Enforcement and Fairness
Act of 1996, which amended the RFA, require agencies to analyze options
for regulatory relief of small businesses. For purposes of the RFA,
small entities include small businesses, nonprofit organizations, and
government agencies. Most providers are considered to be small entities
by having revenues of $6 million to $29 million or less in any one
year. For purposes of the RFA, most physicians and suppliers are
considered to be small entities. In addition, section 1102(b) of the
Social Security Act requires us to prepare a regulatory impact analysis
if a rule may have a significant impact on the operations of a
substantial number of small rural providers. This analysis must conform
to the provisions of section 604 of the RFA.
We anticipate that the number of individuals who do not have
permission to work in the United States but who have ITINs, who hold
valid State health care licenses, and who will be the subject of a
report to the HIPDB will be minimal. Even in those very limited
incidences where reportable adverse actions, such as licensing actions,
may be taken against a health care practitioner, we believe that the
aggregate economic impact of this technical revision will be minimal
since it is the nature of the conduct and not the size or type of the
entity that would result in the violation and the need to report the
adverse action to the HIPDB. As a result, we have concluded that this
technical rule should not have a
[[Page 33868]]
significant impact on the operations of a substantial number of small
or rural providers, and that a regulatory flexibility analysis is not
required for this rulemaking.
3. Unfunded Mandates Reform Act
Section 202 of the Unfunded Mandates Reform Act of 1995 (Pub. L.
104-4) also requires that agencies assess anticipated costs and
benefits before issuing any rule that may result in expenditure in any
one year by State, local, or tribal governments, in the aggregate, or
by the private sector, of $110 million. As indicated, these technical
revisions comport with statutory intent and clarify the legal
authorities for reporting information to the data bank against those
who have acted improperly against the Federal and State health care
programs. As a result, we believe that there are no significant costs
associated with these revisions that would impose any mandates on
State, local, or tribal governments, or the private sector that will
result in an expenditure of $110 million or more (adjusted for
inflation) in any given year, and that a full analysis under the
Unfunded Mandates Reform Act is not necessary.
4. Executive Order 13132
Executive Order 13132, Federalism, establishes certain requirements
that an agency must meet when it promulgates a rule that imposes
substantial direct requirements or costs on State and local
governments, preempts State law, or otherwise has Federalism
implications. In reviewing this rule under the threshold criteria of
Executive Order 13132, we have determined that this rule will not
significantly affect the rights, roles, and responsibilities of State
or local governments.
The Office of Management and Budget (OMB) has reviewed this final
rule in accordance with Executive Order 12866.
B. Paperwork Reduction Act
The provisions of this rulemaking impose no express new reporting
or recordkeeping requirements on reporting entities. As indicated, this
additional reportable data element reflects information that is already
routinely collected by the Federal and State reporting agencies on
health care providers, suppliers and practitioners, and imposes no new
reporting burden beyond the data element fields already approved by
OMB.
IV. Response to Public Comments
Comments will be available for public inspection beginning on July
6, 2004, in Room 5518 of the Office of Inspector General at 330
Independence Avenue, SW., Washington, DC, on Monday and through Friday
of each week from 8 a.m. to 4 p.m., (202) 619-0089. Because of the
large number of comments we normally receive on regulations, we cannot
acknowledge or respond to comments individually. However, we will
consider all timely and appropriate comments when developing any
revised final rulemaking.
V. Waiver of Proposed Rulemaking
We ordinarily publish a proposed rule in the Federal Register and
provide a period for public comment before we publish a final rule. We
may waive this procedure, however, for good cause if we find that the
notice and comment procedure is impracticable, unnecessary, or contrary
to the public interest and if we incorporate a statement of this
finding and its reasons in the rule issued. We find it unnecessary to
undertake notice and comment rulemaking in this instance because we
believe that it is in the public interest to comply with the statutory
requirement in section 1128E of the Act that this information be
included with respect to subjects of adverse actions reported to the
data bank. Therefore, in accordance with MPDIMA and the Administrative
Procedure Act (APA) (5 U.S.C. 553(b)(B)), for good cause, we waive
notice and comment procedures. We are, however, providing a 30-day
public comment period.
List of Subjects in 45 CFR Part 61
Billing and transportation services, Durable medical equipment
suppliers and manufacturers, Health care insurers, Health maintenance
organizations, Health professions, Home health care agencies,
Hospitals, Penalties, Pharmaceutical suppliers and manufacturers,
Privacy, Reporting and recordkeeping requirements, Skilled nursing
facilities.
0
Accordingly, 45 CFR part 61 is amended to read as follows:
PART 61--HEALTHCARE INTEGRITY AND PROTECTION DATA BANK FOR FINAL
ADVERSE INFORMATION ON HEALTH CARE PROVIDERS, SUPPLIERS AND
PRACTITIONERS
0
1. The authority citation for part 61 continues to read as follows:
Authority: 42 U.S.C. 1320a-7e.
0
2. Section 61.7 is amended by republishing the introductory text for
paragraphs (b) and (b)(1) and revising paragraph (b)(1)(ii);
republishing introductory paragraph (b)(3) and revising paragraph
(b)(3)(iii); and by republishing introductory paragraph (c) and (c)(3)
and revising paragraph (c)(3)(iii) to read as follows:
Sec. 61.7 Reporting licensure actions taken by Federal or State
licensing and certification agencies.
* * * * *
(b) Entities described in paragraph (a) of this section must report
the following information:
(1) If the subject is an individual, personal identifiers,
including:
* * * * *
(ii) Social Security Number (or Individual Taxpayer Identification
Number (ITIN));
* * * * *
(3) If the subject is an organization, identifiers, including:
* * * * *
(iii) Federal Employer Identification Number (FEIN), or Social
Security Number (or ITIN) when used by the subject as a Taxpayer
Identification Number (TIN);
* * * * *
(c) Entities described in paragraph (a) of this section should
report, if known, the following information:
* * * * *
(3) If the subject is an organization, identifiers, including:
* * * * *
(iii) Other FEIN(s) or Social Security Numbers (or ITIN) used;
* * * * *
0
3. Section 61.8 is amended by republishing the introductory text for
paragraphs (b) and (b)(1) and revising paragraph (b)(1)(ii);
republishing introductory paragraph (b)(3) and revising paragraph
(b)(3)(iii); and by republishing introductory paragraph (c) and (c)(3)
and revising paragraph (c)(3)(iii) to read as follows:
Sec. 61.8 Reporting Federal or State criminal convictions related to
the delivery of a health care item or service.
* * * * *
(b) Entities described in paragraph (a) of this section must report
the following information:
(1) If the subject is an individual, personal identifiers,
including:
* * * * *
(ii) Social Security Number (or ITIN);
* * * * *
(3) If the subject is an organization, identifiers, including:
* * * * *
(iii) Federal Employer Number (FEIN), or Social Security Number (or
ITIN) when used by the subject as a Taxpayer Identification Number
(TIN);
* * * * *
[[Page 33869]]
(c) Entities described in paragraph (a) of this section should
report, if known, the following information:
* * * * *
(3) If the subject is an organization, identifiers, including:
* * * * *
(iii) Other FEIN(s) or Social Security Numbers(s) (or ITINs) used;
* * * * *
0
4. Section 61.10 is amended by republishing the introductory text for
paragraphs (b) and (b)(1) and revising paragraph (b)(1)(ii);
republishing introductory paragraph (b)(3) and revising paragraph
(b)(3)(iii); and by republishing introductory paragraph (c) and (c)(3)
and revising paragraph (c)(3)(iii) to read as follows:
Sec. 61.10 Reporting exclusions from participation in Federal or
State health care programs.
* * * * *
(b) Entities described in paragraph (a) of this section must report
the following information:
(1) If the subject is an individual, personal identifiers,
including:
* * * * *
(ii) Social Security Number (or ITIN);
* * * * *
(3) If the subject is an organization, identifiers, including:
* * * * *
(iii) Federal Employer Identification Number (FEIN), or Social
Security Number (or ITIN) when used by the subject as a Taxpayer
Identification Number (TIN);
* * * * *
(c) Entities described in paragraph (a) of this section should
report, if known, the following information:
* * * * *
(3) If the subject is an organization, identifiers, including:
* * * * *
(iii) Other FEIN(s) or Social Security Numbers(s) (or ITINs) used;
* * * * *
Dated: April 1, 2004.
Dara Corrigan,
Acting Principal Deputy Inspector General.
Approved: April 19, 2004.
Tommy G. Thompson,
Secretary.
[FR Doc. 04-13675 Filed 6-16-04; 8:45 am]
BILLING CODE 4152-01-P