74 FR 122 pgs. 30606-30608 - Privacy Act of 1974; Addition of a New Routine Use

Type: NOTICEVolume: 74Number: 122Pages: 30606 - 30608
FR document: [FR Doc. E9-15192 Filed 6-25-09; 8:45 am]
Agency: Health and Human Services Department
Sub Agency: Centers for Medicare Medicaid Services
Official PDF Version:  PDF Version

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Medicare Medicaid Services

Privacy Act of 1974; Addition of a New Routine Use

AGENCY:

Department of Health and Human Services (HHS), Centers for Medicare Medicaid Services (CMS).

ACTION:

Notice to add a new routine use to all CMS systems of records (SOR).

SUMMARY:

CMS proposes to add a new routine use to its inventory of SOR subject to the Privacy Act of 1974 (Title 5 United States Code (U.S.C.) 552a) authorizing disclosure of individually identifiable information to assist in efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in these systems of records. The new routine use will be prioritized in the next consecutive numbered order of routine uses in each system notice and will be included in the next published notice as part of our normal SOR review process. The new routine use will read as follows:

1. To appropriate Federal agencies, Department officials and Agency contractors that need access to identifiable information to provide assistance to the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information. In order to receive the information, CMS must:

a. Determines that the use or disclosure does not violate legal limitations under which the record was provided, collected, or obtained;

b. Determines that the purpose for which the disclosure is to be made:

(1) Cannot be reasonably accomplished unless the record is provided in individually identifiable form,

(2) is of sufficient importance to warrant the effect and/or risk on the privacy of the individual that additional exposure of the record might bring, and

(3) there is reasonable probability that the objective for the use would be accomplished;

c. Requires the recipient of the information to:

(1) Establish reasonable administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of the record, and

(2) remove or destroy the information that allows the individual to be identified at the earliest time at which removal or destruction can be accomplished consistent with the purpose of the disclosure, and

(3) Make no further use or disclosure of the record except:

(a) In emergency circumstances affecting the health or safety of any individual, or

(b) When required by law.

d. Secures a written statement attesting to the information recipient's understanding of and willingness to abide by these provisions and complete a Data Use Agreement (CMS Form 0235) in accordance with current CMS policies.

The reason for this routine use is as follows:

Other Federal agencies, Department officials and contractors, as well as CMS contractors may need access to identifiable information that is both relevant and necessary to provide assistance to all efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in these systems of records.

DATES:

Effective Date: The new routine use will be effective on DATE .

ADDRESSES:

The public should address comments to: CMS Privacy Officer, Division of Privacy Compliance, Enterprise Architecture and Strategy Group, Office of Information Services, CMS, Room N2-04-27, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. The telephone number is (410) 786-5357. Comments received will be available for review at this location, by appointment, during regular business hours, Monday through Friday from 9 a.m.-3 p.m., Eastern Time zone.

SUPPLEMENTARY INFORMATION:

On May 22, 2007, the Office of Management and Budget (OMB) released Memoranda (M) 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information. HHS convened a leadership committee composed of members from the Office of the Chief Information Officer (OICO), the Office of Assistant Secretary for Public Affairs (ASPA), and the Office of the Assistant Secretary for Planning and Evaluation (ASPE) in order to formulate a response plan for the newly established requirements. The final response plan was signed by the HHS Chief Information Officer (CIO), Mike Carleton and submitted to OMB on September 19, 2007. As required by the memoranda, to comply with the "Incident Reporting and Handling Requirements," all Operations and Staff Divisions are instructed to incorporate the suggested routine use language as part of their normal SOR review process.

Dated: June 16, 2009.

Michelle Snyder,

Deputy Chief Operating Officer, Centers for Medicare Medicaid Services.

SOR No. Title FR published
09-70-0500 Health Plan Management System (HPMS) 71 FR 60718, 10/16/2006
09-70-0501 Medicare Multi-Carrier Claims Systems (MCS) 71 FR 64968, 11/06/2006
09-70-0502 Enrollment Data Base (EDB) 73 FR 10249, 02/26/2008
09-70-0503 Fiscal Intermediary Shared System (FISS) 71 FR 64961, 11/06/2006
09-70-0514 Medicare Provider Analysis and Review (MEDPAR) 71 FR 17470, 04/06/2006
09-70-0519 Medicare Current Beneficiary Survey (MCBS) 71 FR 60722, 10/16/2006
09-70-0520 ESRD Program Management and Medical Information System (PMMIS) 72 FR 26126, 5/8/2007
09-70-0521 Inpatient Rehabilitation Facilities-Patient Assessment Instrument (IRF-PAI) 71 FR 67143, 11/20/2006
09-70-0522 Home Health Agency Outcome and Assessment Information Set (OASIS) 72 FR 63906, 11/13/2007
09-70-0526 Common Working File (CWF) 71 FR 64955, 11/06/2006
09-70-0528 Long Term Care-Minimum Data Set (LTC MDS) 72 FR 12801, 3/19/2007
09-70-0532 Provider Enrollment Chain and Ownership System (PECOS) 71 FR 60536, 10/13/2006
09-70-0536 Medicare Beneficiary Database (MBD) 71 FR 11420, 03/07/2006
09-70-0538 Individuals Authorized Access to the CMS Computer Services (IACS) 72 FR 63902, 11/13/2007
09-70-0541 Medicaid Statistical Information System (MSIS) 71 FR 65527, 11/08/2006
09-70-0550 Retiree Drug Subsidy Program (RDSP) 70 FR 41035, 7/15/2005
09-70-0553 Medicare Drug Data Processing System (DDPS) 70 FR 58436, 10/06/2005
09-70-0558 National Claims History File (NCH) 71 FR 67137, 11/20/2006
09-70-0568 One Program Integrity Data Repository (ODR) 71 FR64530, 11/02/2006
09-70-0569 Post Acute Care Payment Reform/Continuity Assessment Report Demonstration and Evaluation (PAC-CARE) 72 FR 55225, 09/28/2007
09-70-0571 Medicare Integrated Data Repository (IDR) 71 FR 64530, 11/02/2006
09-70-0573 Chronic Condition Data Repository (CCDR) 71 FR 54495, 09/15/2006
09-70-4001 Medicare Advantage Prescription Drug (MARx) 70 FR 60530, 10/18/2005
09-70-0575 Organ Procurement Organizations System (OPOS) 71 FR 29336, 05/22/2006
09-70-0594 Minimum Data Set (MDS) for Home and Community Based Alternatives (CBA) to Psychiatric Residential Treatment) Facilities (PRTF) (CBA-PRTF) 72 FR 72733, 12/21/2007

[FR Doc. E9-15192 Filed 6-25-09; 8:45 am]

BILLING CODE 4120-03-P