Notices. Notice of a New System of Records (SOR)
15,369 words·~70 min read·
/register/2008/03/04/08-924·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
BILLING CODE 6750-07-M DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Disease Control and Prevention National Center for Health Statistics (NCHS), Classifications and Public Health Data Standards Staff, Announces the Following Meeting *Name:* ICD-9-CM Coordination and Maintenance Committee Meeting. *Time and Date:* 8:30 a.m.-6 p.m., March 19, 2008. 8:30 a.m.-6 p.m., March 20, 2008. *Place:* Centers for Medicare and Medicaid Services
(CMS)Auditorium, 7500 Security Boulevard, Baltimore, Maryland 21244. *Status:* Open to the public. *Purpose:* The ICD-9-CM Coordination and Maintenance (C&M) Committee will hold its first meeting of the 2008 calendar year cycle on Wednesday and Thursday, March 19-20, 2008. The C&M meeting is a public forum for the presentation of proposed modifications to the International Classification of Diseases, Ninth Revision, Clinical Modification. *Matters To Be Discussed:* Tentative agenda items include: Antidepressant poisonings Gastroschisis and omphalocele History of t-PA Methicillin resistant staphylococcus aureus Military-related external cause of injury codes and activity codes Premature birth status Venous complications in pregnancy and the puerperium Venous thromboembolism Addenda (diagnoses) Bilateral ventricular assist devices Collateral air flow assessment Episiotomy and repair of spontaneous lacerations Fenestrated endograft repair of infrarenal abdominal aortic aneurysms Laparoscopic robotic assisted surgery Spinal fusion robotic assisted surgery Total breast reconstruction Addenda (procedures) *Contact Person for Additional Information:* Amy Blum, Medical Systems Specialist, Classifications and Public Health Data Standards Staff, NCHS, 3311 Toledo Road, Room 2402, Hyattsville, Maryland 20782, e-mail *alb8@cdc.gov* , telephone 301-458-4106 (diagnosis), Mady Hue, Health Insurance Specialist, Division of Acute Care, CMS, 7500 Security Blvd., Baltimore, Maryland 21244, e-mail *marilu.hue@cms.hhs.gov* , telephone 410-786-4510 (procedures). *Notice:* Because of increased security requirements, CMS has instituted stringent procedures for entrance into the building by non-government employees. Persons without a government I.D. will need to show an official form of picture I.D., (such as a driver's license), and sign in at the security desk upon entering the building. Those who wish to attend a specific ICD-9-CM C&M meeting in the CMS auditorium must submit their name and organization for addition to the meeting visitor's list. Those wishing to attend the March 19-20, 2008 meeting must submit their name and organization by March 12, 2008 for inclusion on the visitor's list. This visitor's list will be maintained at the front desk of the CMS building and be used by the guards to admit visitors to the meeting. Those who attended previous ICD-9-CM C&M meetings will no longer be automatically added to the visitor's list. You must request inclusion of your name prior to each meeting you attend. Register to attend the meeting on-line at: *http://www.cms.hhs.gov/apps/events/* . *Notice:* This is a public meeting. However, because of fire code requirements, should the number of attendants meet the capacity of the room, the meeting will be closed. The Director, Management Analysis and Services Office, has been delegated the authority to sign **Federal Register** notices pertaining to announcements of meetings and other committee management activities, for both CDC and the Agency for Toxic Substances and Disease Registry. Dated: February 25, 2008. Elaine L. Baker, Director, Management Analysis and Services Office, Centers for Disease Control and Prevention (CDC). [FR Doc. E8-4095 Filed 3-3-08; 8:45 am] BILLING CODE 4160-18-P DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Medicare & Medicaid Services Privacy Act of 1974; Report of a New System of Records AGENCY: Department of Health and Human Services (HHS), Centers for Medicare & Medicaid Services (CMS). ACTION: Notice of a New System of Records (SOR). SUMMARY: In accordance with the Privacy Act of 1974, we are proposing to establish a new SOR titled, “Medicaid Integrity Program System (MIPS),” System No. 09-70-0599. With passage of the Deficit Reduction Act
(DRA)of 2005, the Secretary of HHS was directed to establish a Medicaid Integrity Program
(MIP)designed to provide CMS the resources necessary to combat fraud, waste and abuse in the Medicaid program. The DRA takes the partnership between CMS and the State Medicaid agencies to a new level. The MIP represents CMS' first national strategy to combat fraud and abuse in the 41-year history of the Medicaid program. MIP offers a unique opportunity to identify, recover and prevent inappropriate Medicaid payments. It will also support the efforts of State Medicaid agencies through a combination of oversight and technical assistance. Although individual States work to ensure the integrity of their respective Medicaid programs, MIP provides CMS with the ability to more directly ensure the accuracy of Medicaid payments and to deter those who would exploit the program. It advances these goals which are shared by the States and the Federal government. The combined Federal and State resources for preventing fraud will be marshaled more effectively than ever. The primary purpose of this system is to establish an accurate, current, and comprehensive database containing standardized enrollment, eligibility, and paid claims of Medicaid beneficiaries to assist in the detection of fraud, waste and abuse in the Medicare and Medicaid programs. Information retrieved from this system will also be disclosed to:
(1)Support regulatory, reimbursement, and policy functions performed within the agency or by a contractor, consultant or a CMS grantee;
(2)assist another Federal or state agency with information to enable such agency to administer a Federal health benefits program, or to enable such agency to fulfill a requirement of Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds;
(3)support a research or evaluation project;
(4)support litigation involving the agency; and
(5)combat fraud, waste, and abuse in a federally-funded health benefit program. We have provided background information about the new system in the “Supplementary Information” section below. Although the Privacy Act requires only that CMS provide an opportunity for interested persons to comment on the routine uses, CMS invites comments on all portions of this notice. See “Effective Dates” section for comment period. DATES: *Effective Dates:* CMS filed a new system report with the Chair of the House Committee on Oversight and Government Reform, the Chair of the Senate Committee on Homeland Security & Governmental Affairs, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget
(OMB)on February 26, 2008. To ensure that all parties have adequate time in which to comment, the new system, including routine uses, will become effective 30 days from the publication of the notice, or 40 days from the date it was submitted to OMB and Congress, whichever is later, unless CMS receives comments that require alterations to this notice. ADDRESSES: The public should address comments to: CMS Privacy Officer, Division of Privacy Compliance, Enterprise Architecture and Strategy Group, Office of Information Services, CMS, Room N2-04-27, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. Comments received will be available for review at this location, by appointment, during regular business hours, Monday through Friday from 9 a.m.-3 p.m., Eastern Time zone. FOR FURTHER INFORMATION CONTACT: James Gorman, Director, Division of Medicaid Integrity Contracting, Program Integrity Group, Center for Medicaid and State Operations, CMS, Mail Stop B2-2923, 7111 Security Boulevard, Baltimore, Maryland 21244-1850. He can also be reached by telephone at 410-786-1417, or via e-mail at *james.gorman@cms.hhs.gov.* SUPPLEMENTARY INFORMATION: With passage of the Deficit Reduction Act
(DRA)of 2005 the Department of Health and Human Services was directed to establish a Medicaid Integrity Program
(MIP)designed to provide CMS the resources necessary to combat fraud, waste and abuse in Medicaid. Section 6034 of the DRA requires that a comprehensive plan be developed every five years by a collective group including the Secretary of Health and Human Services (HHS), the United States Attorney General, the Director of the Federal Bureau of Investigation, the Comptroller General of the United States, the Inspector General of HHS, and state officials with responsibility for controlling provider fraud and abuse under Medicaid. The MIP planning group has broadly interpreted “state officials” to represent directors from State Medicaid programs, their program integrity units, and Medicaid Fraud Control Units. CMS' Center for Medicaid and State Operations
(CMSO)is responsible for agency activities related to Medicaid and will be organizationally responsible for the administration of the MIP. I. Description of the Proposed System of Records A. Statutory and Regulatory Basis for SOR Authority for maintenance of the system is given under § 6034 of the Deficient Reduction Act of 2005 Act (Pub. L. 109-171) (revising Title XIX of the Social Security Act (42 U.S.C. 1396 et seq.) which establishes the Medicaid Integrity Program under which the Secretary shall provide CMS the resources necessary to combat fraud, waste and abuse in the Medicaid program. B. Collection and Maintenance of Data in the System MIPS contain information on Medicaid beneficiaries, and physicians and other providers involved in furnishing services to Medicaid beneficiaries. Information contained in this system includes, but is not limited to: assigned Medicaid identification number, name, address, social security number, health insurance claim number, date of birth, gender, ethnicity and race, medical services, equipment, and supplies for which Medicaid reimbursement is requested, and materials used to determine amount of benefits allowable under Medicaid. Information on physicians and other providers of services to the beneficiary consist of an assigned provider identification number, and information used to determine whether a sanction or suspension is warranted. II. Agency Policies, Procedures, and Restrictions on Routine Uses A. Agency Policies, Procedures, and Restrictions on the Routine Use The Privacy Act permits us to disclose information without an individual's consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such disclosure of data is known as a “routine use.” The government will only release MIPS information that can be associated with an individual as provided for under “Section III. Proposed Routine Use Disclosures of Data in the System.” Both identifiable and non-identifiable data may be disclosed under a routine use. We will only collect the minimum personal data necessary to achieve the purpose of MIPS. CMS has the following policies and procedures concerning disclosures of information that will be maintained in the system. Disclosure of information from this system will be approved only to the extent necessary to accomplish the purpose of the disclosure and only after CMS: 1. Determines that the use or disclosure is consistent with the reason that the data is being collected, e.g., to establish an accurate, current, and comprehensive database containing standardized enrollment, eligibility, and paid claims of Medicaid beneficiaries to be used for the administration of Medicaid at the Federal level, produce statistical reports, support Medicaid related research, and assist in the detection of fraud and abuse in the Medicare and Medicaid programs. 2. Determines that: a. The purpose for which the disclosure is to be made can only be accomplished if the record is provided in individually identifiable form; b. The purpose for which the disclosure is to be made is of sufficient importance to warrant the effect and/or risk on the privacy of the individual that additional exposure of the record might bring; and c. There is a strong probability that the proposed use of the data would in fact accomplish the stated purpose(s). 3. Requires the information recipient to: a. Establish administrative, technical, and physical safeguards to prevent unauthorized use of disclosure of the record; b. Remove or destroy at the earliest time all patient-identifiable information; and c. Agree to not use or disclose the information for any purpose other than the stated purpose under which the information was disclosed. 4. Determines that the data are valid and reliable. III. Proposed Routine Use Disclosures of Data In the System A. The Privacy Act allows us to disclose information without an individual's consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such compatible use of data is known as a “routine use.” The proposed routine uses in this system meet the compatibility requirement of the Privacy Act. We are proposing to establish the following routine use disclosures of information maintained in the system: 1. To support agency contractors, or consultants, or to a grantee of a CMS-administered grant program who have been engaged by the agency to assist in the accomplishment of a CMS function relating to the purposes for this system and who need to have access to the records in order to assist CMS. We contemplate disclosing this information under this routine use only in situations in which CMS may enter into a contractual or similar agreement with a third party to assist in accomplishing a CMS function relating to purposes for this system. CMS occasionally contracts out certain of its functions when doing so would contribute to effective and efficient operations. CMS must be able to give a contractor, consultant or grantee whatever information is necessary for the contractor, or consultant to fulfill its duties. In these situations, safeguards are provided in the contract prohibiting the contractor, consultant or grantee from using or disclosing the information for any purpose other than that described in the contract and requires the contractor, consultant or grantee to return or destroy all information at the completion of the contract. 2. To assist another Federal or state agency to: a. Contribute to the accuracy of CMS' proper payment of Medicare/Medicaid benefits; and/or b. Enable such agency to administer a Federal health benefits program, or as necessary to enable such agency to fulfill a requirement of a Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds; and/or c. Assist Federal/state Medicaid programs within the state. Other Federal or state agencies in their administration of a Federal health program may require MIPS information for the purposes of determining, evaluating, and/or assessing cost, effectiveness, and/or the quality of health care services provided in the state. CMS may require MIPS data to enable them to assist in the implementation and maintenance of the Medi-Medi program. Disclosure under this routine use shall be used by state Medicaid agencies pursuant to agreements with HHS for determining Medicaid and Medicare eligibility, for quality control studies, for determining eligibility of recipients of assistance under Title IV, XVIII, XIX and XXI of the Act, and for the administration of the Medicaid program. Data will be released to the state only on those individuals who are eligible enrollees, and beneficiaries under the services of a Medicaid program within the state or who are residents of that state. We also contemplate disclosing information under this routine use in situations in which state auditing agencies require MIPS information for auditing state Medicaid eligibility considerations. CMS may enter into an agreement with state auditing agencies to assist in accomplishing functions relating to purposes for this system of records. 3. To support an individual or organization for a research project or in support of an evaluation project related to the prevention of disease or disability, the restoration or maintenance of health, or payment related projects. The MIPS data will provide for research or in support of evaluation projects, a broader, national perspective of the status of Medicare beneficiaries. CMS anticipates that many researchers will have legitimate requests to use these data in projects that could ultimately improve the care provided to Medicare beneficiaries and the policy that governs the care. 4. To support the Department of Justice (DOJ), court or adjudicatory body when: a. The agency or any component thereof, or b. Any employee of the agency in his or her official capacity, or c. Any employee of the agency in his or her individual capacity where the DOJ has agreed to represent the employee, or d. The United States Government is a party to litigation or has an interest in such litigation, and by careful review, CMS determines that the records are both relevant and necessary to the litigation and that the use of such records by the DOJ, court or adjudicatory body is compatible with the purpose for which the agency collected the records. Whenever CMS is involved in litigation, and occasionally when another party is involved in litigation and CMS' policies or operations could be affected by the outcome of the litigation, CMS would be able to disclose information to the DOJ, court or adjudicatory body involved. 5. To assist a CMS contractor (including, but not necessarily limited to fiscal intermediaries and carriers) that assists in the administration of a CMS-administered health benefits program, or to a grantee of a CMS-administered grant program, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud or abuse in such program. We contemplate disclosing information under this routine use only in situations in which CMS may enter into a contractual relationship or grant with a third party to assist in accomplishing CMS functions relating to the purpose of combating fraud and abuse. CMS occasionally contracts out certain of its functions and makes grants when doing so would contribute to effective and efficient operations. CMS must be able to give a contractor or grantee whatever information is necessary for the contractor or grantee to fulfill its duties. In these situations, safeguards are provided in the contract prohibiting the contractor or grantee from using or disclosing the information for any purpose other than that described in the contract and requiring the contractor or grantee to return or destroy all information. 6. To assist another Federal agency or to assist an instrumentality of any governmental jurisdiction within or under the control of the United States (including any State or local governmental agency), that administers, or that has the authority to investigate potential fraud or abuse in, a health benefits program funded in whole or in part by Federal funds, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud or abuse in such programs. Other agencies may require MIPS information for the purpose of combating fraud and abuse in such Federally-funded programs. B. Additional Provisions Affecting Routine Use Disclosures To the extent this system contains Protected Health Information
(PHI)as defined by HHS regulation “Standards for Privacy of Individually Identifiable Health Information” (45 CFR Parts 160 and 164, 65 FR 82462 (12-28-00), Subparts A and E) disclosures of such PHI that are otherwise authorized by these routine uses may only be made if, and as, permitted or required by the “Standards for Privacy of Individually Identifiable Health Information.” In addition, our policy will be to prohibit release even of data not directly identifiable, except pursuant to one of the routine uses or if required by law, if we determine there is a possibility that an individual can be identified through implicit deduction based on small cell sizes (instances where the patient population is so small that individuals who are familiar with the enrollees could, because of the small size, use this information to deduce the identity of the beneficiary). IV. Safeguards CMS has safeguards in place for authorized users and monitors such users to ensure against excessive or unauthorized use. Personnel having access to the system have been trained in the Privacy Act and information security requirements. Employees who maintain records in this system are instructed not to release data until the intended recipient agrees to implement appropriate management, operational and technical safeguards sufficient to protect the confidentiality, integrity and availability of the information and information systems and to prevent unauthorized access. This system will conform to all applicable Federal laws and regulations and Federal, HHS, and CMS policies and standards as they relate to information security and data privacy. These laws and regulations may apply but are not limited to: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability and Accountability Act of 1996; the E-Government Act of 2002, the Clinger-Cohen Act of 1996; the Medicare Modernization Act of 2003, and the corresponding implementing regulations. OMB Circular A-130, Management of Federal Resources, Appendix III, Security of Federal Automated Information Resources also applies. Federal, HHS, and CMS policies and standards include but are not limited to: All pertinent National Institute of Standards and Technology publications; the HHS Information Systems Program Handbook and the CMS Information Security Handbook. V. Effects of the Proposed System of Records on Individual Rights CMS proposes to establish this system in accordance with the principles and requirements of the Privacy Act and will collect, use, and disseminate information only as prescribed therein. Data in this system will be subject to the authorized releases in accordance with the routine uses identified in this system of records. CMS will take precautionary measures (see item IV above) to minimize the risks of unauthorized access to the records and the potential harm to individual privacy or other personal or property rights of patients whose data are maintained in the system. CMS will collect only that information necessary to perform the system's functions. In addition, CMS will make disclosure from the proposed system only with consent of the subject individual, or his/her legal representative, or in accordance with an applicable exception provision of the Privacy Act. CMS, therefore, does not anticipate an unfavorable effect on individual privacy as a result of information relating to individuals. Dated: February 25, 2008. Charlene Frizzera, Chief Operating Officer, Centers for Medicare & Medicaid Services. SYSTEM NO. 09-70-0599 SYSTEM NAME: “Medicaid Integrity Program System (MIPS),” HHS/CMS/CMSO. SECURITY CLASSIFICATION: Level Three Privacy Act Sensitive Data. SYSTEM LOCATION: The Centers for Medicare & Medicaid Services
(CMS)Data Center, 7500 Security Boulevard, North Building, First Floor, Baltimore, Maryland 21244-1850 and at various contractor sites and at CMS Regional Offices. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: MIPS contain information on Medicaid beneficiaries, and physicians and other providers involved in furnishing services to Medicaid beneficiaries. CATEGORIES OF RECORDS IN THE SYSTEM: Information contained in this system includes, but is not limited to: Assigned Medicaid identification number, name, address, social security number (SSN), health insurance claim number (HICN), date of birth, gender, ethnicity and race, medical services, equipment, and supplies for which Medicaid reimbursement is requested, and materials used to determine amount of benefits allowable under Medicaid. Information on physicians and other providers of services to the beneficiary consist of an assigned provider identification number, and information used to determine whether a sanction or suspension is warranted. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Authority for maintenance of the system is given under section 6034 of the Deficient Reduction Act of 2005 Act (Pub. L. 109-171) (revising Title XIX of the Social Security Act (42 U.S.C. 1396 et seq.)) which establishes the Medicaid Integrity Program under which the Secretary shall provide CMS the resources necessary to combat fraud, waste and abuse in the Medicaid program. PURPOSE(S) OF THE SYSTEM: The primary purpose of this system is to establish an accurate, current, and comprehensive database containing standardized enrollment, eligibility, and paid claims of Medicaid beneficiaries to assist in the detection of fraud, waste and abuse in the Medicare and Medicaid programs. Information retrieved from this system will also be disclosed to:
(1)Support regulatory, reimbursement, and policy functions performed within the agency or by a contractor, consultant or a CMS grantee;
(2)assist another Federal or state agency with information to enable such agency to administer a Federal health benefits program, or to enable such agency to fulfill a requirement of Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds;
(3)support a research or evaluation project;
(4)support litigation involving the agency; and
(5)combat fraud, waste, and abuse in a federally-funded health benefit program. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OR USERS AND THE PURPOSES OF SUCH USES: A. The Privacy Act allows us to disclose information without an individual's consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such compatible use of data is known as a “routine use.” The proposed routine uses in this system meet the compatibility requirement of the Privacy Act. We are proposing to establish the following routine use disclosures of information maintained in the system: 1. To agency contractors, or consultants, or to a grantee of a CMS-administered grant program who have been engaged by the agency to assist in the accomplishment of a CMS function relating to the purposes for this system and who need to have access to the records in order to assist CMS. 2. To another Federal or state agency to: a. Contribute to the accuracy of CMS' proper management of Medicare/Medicaid benefits; and/or b. Enable such agency to administer a Federal health benefits program, or as necessary to enable such agency to fulfill a requirement of a Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds; and/or c. Assist Federal/state Medicaid programs within the state. 3. To an individual or organization for a research project or in support of an evaluation project related to the prevention of disease or disability, the restoration or maintenance of health, or payment related projects. 4. To the Department of Justice (DOJ), court or adjudicatory body when: a. The agency or any component thereof, or b. any employee of the agency in his or her official capacity, or c. any employee of the agency in his or her individual capacity where the DOJ has agreed to represent the employee, or d. the United States Government is a party to litigation or has an interest in such litigation, and by careful review, CMS determines that the records are both relevant and necessary to the litigation and that the use of such records by the DOJ, court or adjudicatory body is compatible with the purpose for which the agency collected the records. 5. To a CMS contractor (including, but not necessarily limited to fiscal intermediaries and carriers) that assists in the administration of a CMS-administered health benefits program, or to a grantee of a CMS-administered grant program, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud or abuse in such program. 6. To another Federal agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States (including any State or local governmental agency), that administers, or that has the authority to investigate potential fraud or abuse in, a health benefits program funded in whole or in part by Federal funds, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud or abuse in such programs. B. Additional Provisions Affecting Routine Use Disclosures To the extent this system contains Protected Health Information
(PHI)as defined by HHS regulation “Standards for Privacy of Individually Identifiable Health Information” (45 CFR Parts 160 and 164, 65 FR 82462 (12-28-00), Subparts A and E) disclosures of such PHI that are otherwise authorized by these routine uses may only be made if, and as, permitted or required by the “Standards for Privacy of Individually Identifiable Health Information.” In addition, our policy will be to prohibit release even of data not directly identifiable, except pursuant to one of the routine uses or if required by law, if we determine there is a possibility that an individual can be identified through implicit deduction based on small cell sizes (instances where the patient population is so small that individuals who are familiar with the enrollees could, because of the small size, use this information to deduce the identity of the beneficiary). POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: All records are stored on computer diskette and magnetic media. RETRIEVABILITY: Information can be retrieved by the assigned beneficiary identification number, SSN, HICN, and the assigned physician or other providers of services identification number. SAFEGUARDS: CMS has safeguards in place for authorized users and monitors such users to ensure against excessive or unauthorized use. Personnel having access to the system have been trained in the Privacy Act and information security requirements. Employees who maintain records in this system are instructed not to release data until the intended recipient agrees to implement appropriate management, operational and technical safeguards sufficient to protect the confidentiality, integrity and availability of the information and information systems and to prevent unauthorized access. This system will conform to all applicable Federal laws and regulations and Federal, HHS, and CMS policies and standards as they relate to information security and data privacy. These laws and regulations may apply but are not limited to: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability and Accountability Act of 1996; the E-Government Act of 2002; the Clinger-Cohen Act of 1996; the Medicare Modernization Act of 2003; and the corresponding implementing regulations. OMB Circular A-130, Management of Federal Resources, Appendix III, Security of Federal Automated Information Resources also applies. Federal, HHS, and CMS policies and standards include but are not limited to: All pertinent National Institute of Standards and Technology publications; the HHS Information Systems Program Handbook and the CMS Information Security Handbook. RETENTION AND DISPOSAL: CMS will retain identifiable MIPS data for a total period not to exceed 5 years after the final determination of the case is completed. SYSTEM MANAGER(S) AND ADDRESS: Director, Division of Medicaid Integrity Contracting, Program Integrity Group, Center for Medicaid and State Operations, CMS, Mail Stop B2-2923, 7111 Security Boulevard, Baltimore, Maryland 21244-1850. NOTIFICATION PROCEDURE: For purpose of access, the subject individual should write to the system manager who will require the system name, HICN, address, date of birth, and gender, and for verification purposes, the subject individual's name (woman's maiden name, if applicable), and SSN. Furnishing the SSN is voluntary, but it may make searching for a record easier and prevent delay. RECORD ACCESS PROCEDURE: For purpose of access, use the same procedures outlined in Notification Procedures above. Requestors should also specify the record contents being sought. (These procedures are in accordance with department regulation 45 CFR 5b.5(a)(2)). CONTESTING RECORDS PROCEDURES: The subject individual should contact the system manager named above, and reasonably identify the records and specify the information to be contested. State the corrective action sought and the reasons for the correction with supporting justification. (These Procedures are in accordance with Department regulation 45 CFR 5b.7). RECORDS SOURCE CATEGORIES: CMS obtains the identifying information contained in this system from state Medicaid agencies, or Medicaid Management Information Systems maintained by the individual states, and information contained on CMS Form 2082. SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: None. [FR Doc. E8-4069 Filed 3-3-08; 8:45 am] BILLING CODE 4120-03-P DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Medicare & Medicaid Services Privacy Act of 1974; Report of a Modified or Altered System of Records AGENCY: Department of Health and Human Services (HHS), Centers for Medicare & Medicaid Services (CMS). ACTION: Notice of a Modified or Altered System of Records (SOR). SUMMARY: In accordance with the requirements of the Privacy Act of 1974, we are proposing to modify or alter an existing system of records titled “Links of Social Security Administration
(SSA)and Health Care Financing Administration
(HCFA)Data (LOD), System No. 09-70-0069, established at 65 **Federal Register** 50544 (August 18, 2000). The system name reflects the former name of the Agency—the Health Care Financing Administration. For this reason, we propose to change the name of the system to read: the “Links of Social Security Administration
(SSA)and the Centers for Medicare & Medicaid Services Data (LOD).” We propose to assign a new CMS identification number to this system to simplify the obsolete and confusing numbering system originally designed to identify the Bureau, Office, or Center that maintained information in the Health Care Financing Administration systems of records. The new assigned identifying number for this system should read: System No. 09-70-0512. We propose to modify existing routine use number 2 that permits disclosure to agency contractors and consultants to include disclosure to CMS grantees who perform a task for the agency. CMS grantees, charged with completing projects or activities that require CMS data to carry out that activity, are classified separate from CMS contractors and/or consultants. The modified routine use will be renumbered as routine use number 1. We will delete routine use number 3 authorizing disclosure to support constituent requests made to a congressional representative. If an authorization for the disclosure has been obtained from the data subject, then no routine use is needed. We propose to broaden the scope of the disclosure provisions of this system by adding a routine use to permit the release of information to another Federal and state agencies to:
(1)Allow such agency to comply with Title XI, Part C of the Act;
(2)enable such agency to administer a Federal health benefits program, and/or as necessary to enable such agency to fulfill a requirement of a Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds; and
(3)support data exchanges between the cooperating agencies. The new routine use will be numbered as routine use number 2. We will broaden the scope of this system by including the section titled “Additional Circumstances Affecting Routine Use Disclosures,” that addresses “Protected Health Information (PHI)” and “small cell size.” The requirement for compliance with HHS regulation “Standards for Privacy of Individually Identifiable Health Information” apply whenever the system collects or maintains PHI. This system may contain PHI. In addition, our policy to prohibit release if there is a possibility that an individual can be identified through “small cell size” will apply to the data disclosed from this system. We are modifying the language in the remaining routine uses to provide a proper explanation as to the need for the routine use and to provide clarity to CMS's intention to disclose individual-specific information contained in this system. The routine uses will then be prioritized and reordered according to their usage. We will also take the opportunity to update any sections of the system that were affected by the recent reorganization or because of the impact of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003
(MMA)(Pub. L. 108-173) provisions and to update language in the administrative sections to correspond with language used in other CMS SORs. The primary purpose of the LOD is to collect and maintain information that will be used to conduct research, perform policy analysis, and improve program management for populations served by both SSA and CMS. Information maintained in this system will also be disclosed to:
(1)Support regulatory, reimbursement, and policy functions performed within the Agency or by a contractor, consultant or grantee;
(2)assist another Federal or state agency, agency of a state government, an agency established by state law, or its fiscal agent;
(3)facilitate research on the quality and effectiveness of care provided, as well as epidemiological projects; and
(4)support litigation involving the Agency. We have provided background information about the new system in the “Supplementary Information” section below. Although the Privacy Act requires only that CMS provide an opportunity for interested persons to comment on the proposed routine uses, CMS invites comments on all portions of this notice. See “Effective Dates” section for comment period. *Effective Dates:* CMS filed a modified or altered system report with the Chair of the House Committee on Government Reform and Oversight, the Chair of the Senate Committee on Homeland Security & Governmental Affairs, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget
(OMB)on *February 26, 2008.* To ensure that all parties have adequate time in which to comment, the modified system, including routine uses, will become effective 30 days from the publication of the notice, or 40 days from the date it was submitted to OMB and Congress, whichever is later, unless CMS receives comments that require alterations to this notice. ADDRESSES: The public should address comments to: CMS Privacy Officer, Division of Privacy Compliance, Enterprise Architecture and Strategy Group, Office of Information Services, CMS, Room N2-04-27, 7500 Security Boulevard, Baltimore, Maryland 21244- 1850. Comments received will be available for review at this location, by appointment, during regular business hours, Monday through Friday from 9 a.m.-3 p.m., Eastern Time zone. FOR FURTHER INFORMATION CONTACT: Dave Baugh, Senior Technical Advisor, Research and Evaluation Group, Office of Research, Development and Information, CMS, Mail Stop Room C3-20-17, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. He can be reached by telephone at 410-786-7716, or via e-mail at *David.Baugh@cms.hhs.gov.* SUPPLEMENTARY INFORMATION: I. Description of the Modified or Altered System of Records A. Statutory and Regulatory Basis for SOR Authority for maintenance of this system is given under Section 1875(a) [42 U.S.C. 1395II(a)] and 1110 of the Social Security Act [42 U.S.C. 1310]. B. Collection and Maintenance of Data in the System Information maintained in this system contains samples of the United States population served by programs administered by CMS and SSA. The system includes the following information for each: Name, social security number, Medicaid identification number, health insurance claim number, eligibility for SSA and CMS programs, and benefit record information. II. Agency Policies, Procedures, and Restrictions on the Routine Use A. Agency Policies, Procedures, and Restrictions on the Routine Use The Privacy Act permits us to disclose information without an individual's consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such disclosure of data is known as a “routine use.” The government will only release LOD information that can be associated with an individual as provided for under “Section III. Proposed Routine Use Disclosures of Data in the System.” Both individually identifiable and non-individually-identifiable data may be disclosed under a routine use. We will only disclose the minimum personal data necessary to achieve the purpose of LOD. CMS has the following policies and procedures concerning disclosures of information that will be maintained in the system. Disclosure of information from the system will be approved only to the extent necessary to accomplish the purpose of the disclosure and only after CMS: 1. Determines that the use or disclosure is consistent with the reason that the data is being collected; e.g., to collect and maintain information that will be used to conduct research, perform policy analysis, and improve program management for populations served by both SSA and CMS. 2. Determines that: a. The purpose for which the disclosure is to be made can only be accomplished if the record is provided in individually identifiable form; b. The purpose for which the disclosure is to be made is of sufficient importance to warrant the effect and/or risk on the privacy of the individual that additional exposure of the record might bring; and c. There is a strong probability that the proposed use of the data would in fact accomplish the stated purpose(s). 3. Requires the information recipient to: a. Establish administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of the record; b. Remove or destroy at the earliest time all individually-identifiable information; and c. Agree to not use or disclose the information for any purpose other than the stated purpose under which the information was disclosed. 4. Determines that the data are valid and reliable. III. Proposed Routine Use Disclosures of Data in the System A. The Privacy Act allows us to disclose information without an individual's consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such compatible use of data is known as a “routine use.” The proposed routine uses in this system meet the compatibility requirement of the Privacy Act. We are proposing to establish the following routine use disclosures of information maintained in the system: 1. To support Agency contractors, consultants, or grantees that have been contracted by the Agency to assist in accomplishment of a CMS function relating to the purposes for this system and who need access to the records in order to assist CMS. We contemplate disclosing information under this routine use only in situations in which CMS may enter into a contractual or similar agreement with a third party to assist in accomplishing a CMS function relating to purposes for this system. CMS occasionally contracts out certain of its functions when doing so would contribute to effective and efficient operations. CMS must be able to give a contractor, consultant, or grantee whatever information is necessary for the contractor, consultant, or grantee to fulfill its duties. In these situations, safeguards are provided in the contract prohibiting the contractor, consultant, or grantee from using or disclosing the information for any purpose other than that described in the contract and requires the contractor, consultant, or grantee to return or destroy all information at the completion of the contract. 2. To assist another Federal or state agency, agency of a state government, an agency established by state law, or its fiscal agent to: a. Allow such agency to comply with Title XI, Part C of the Act, b. Enable such agency to administer a Federal health benefits program, or as necessary to enable such agency to fulfill a requirement of a Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds, and/or c. Support data exchanges between the cooperating agencies. In addition, other state agencies in their administration of a Federal health program may require LOD information for the purposes of determining, evaluating and/or assessing cost, effectiveness, and /or the quality of health care services provided in the state. Disclosure under this routine use shall be used by state Medicaid agencies pursuant to agreements with the HHS for administration of Titles IV, XVIII, and XIX of the Act, and for the administration of the Medicaid program. 3. To support an individual or organization for a research, evaluation, or epidemiological project related to the prevention of disease or disability or the restoration or maintenance of health. LOD data may be able to provide for research, evaluation, and epidemiological projects a broader longitudinal national perspective of the status of health care patients. CMS anticipates that many researchers will have legitimate requests to use these data in projects that could ultimately improve the care provided to patients and the policy that governs the care. 4. To assist the Department of Justice (DOJ), court or adjudicatory body when: a. The Agency or any component thereof, or b. Any employee of the Agency in his or her official capacity, or c. Any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee, or d. The United States Government is a party to litigation or has an interest in such litigation, and by careful review, CMS determines that the records are both relevant and necessary to the litigation and that the use of such records by the DOJ, court or adjudicatory body is compatible with the purpose for which the agency collected the records. Whenever CMS is involved in litigation, or occasionally when another party is involved in litigation and CMS's policies or operations could be affected by the outcome of the litigation, CMS would be able to disclose information to the DOJ, court, or adjudicatory body involved. B. Additional Provisions Affecting Routine Use Disclosures To the extent this system contains Protected Health Information
(PHI)as defined by HHS regulation “Standards for Privacy of Individually Identifiable Health Information” (45 CFR parts 160 and 164, subparts A and E) 65 FR 82462 (12-28-00). Disclosures of such PHI that are otherwise authorized by these routine uses may only be made if, and as, permitted or required by the “Standards for Privacy of Individually Identifiable Health Information.” (See 45 CFR 164-512 (a)(1)). In addition, our policy will be to prohibit release even of data not directly identifiable, except pursuant to one of the routine uses or if required by law, if we determine there is a possibility that an individual can be identified through implicit deduction based on small cell sizes (instances where the patient population is so small that individuals could, because of the small size, use this information to deduce the identity of the beneficiary). IV. Safeguards CMS has safeguards in place for authorized users and monitors such users to ensure against unauthorized use. Personnel having access to the system have been trained in the Privacy Act and information security requirements. Employees who maintain records in this system are instructed not to release data until the intended recipient agrees to implement appropriate management, operational and technical safeguards sufficient to protect the confidentiality, integrity and availability of the information and information systems and to prevent unauthorized access. This system will conform to all applicable Federal laws and regulations and Federal, HHS, and CMS policies and standards as they relate to information security and data privacy. These laws and regulations may apply but are not limited to: the Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability and Accountability Act of 1996; the E-Government Act of 2002, the Clinger-Cohen Act of 1996; the Medicare Modernization Act of 2003, and the corresponding implementing regulations. OMB Circular A-130, Management of Federal Resources, Appendix III, Security of Federal Automated Information Resources also applies. Federal, HHS, and CMS policies and standards include but are not limited to: All pertinent National Institute of Standards and Technology publications; the HHS Information Systems Program Handbook and the CMS Information Security Handbook. V. Effects of the Modified System of Records on Individual Rights CMS proposes to modify this system in accordance with the principles and requirements of the Privacy Act and will collect, use, and disseminate information only as prescribed therein. Data in this system will be subject to the authorized releases in accordance with the routine uses identified in this system of records. CMS will take precautionary measures to minimize the risks of unauthorized access to the records and the potential harm to individual privacy or other personal or property rights of patients whose data are maintained in the system. CMS will collect only that information necessary to perform the system's functions. In addition, CMS will make disclosure from the proposed system only with consent of the subject individual, or his/her legal representative, or in accordance with an applicable exception provision of the Privacy Act. CMS, therefore, does not anticipate an unfavorable effect on individual privacy as a result of information relating to individuals. Dated: February 25, 2008. Charlene Frizzera, Chief Operating Officer, Centers for Medicare & Medicaid Services. SYSTEM NO. 09-70-0512 SYSTEM NAME: “Links To Social Security Administration and Centers For Medicare & Medicaid Services Data (LOD),” HHS/CMS/ORDI SECURITY CLASSIFICATION: Level Three Privacy Act Sensitive Data SYSTEM LOCATION: Centers for Medicare & Medicaid Services
(CMS)Data Center, 7500 Security Boulevard, North Building, First Floor, Baltimore, Maryland 21244-1850 and at various other locations. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: The system includes samples of the United States population served by Social Security Administration
(SSA)and CMS programs. CATEGORIES OF RECORDS IN THE SYSTEM: The collected information will include, but is not limited to name, social security number (SSN), Medicaid identification number, health insurance claim number (HICN), eligibility for SSA and CMS programs, and benefit record information. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Authority for maintenance of this system is given under Section 1875(a) [42 U.S.C. 1395II(a)] and 1110 of the Social Security Act [42 U.S.C. 1310]. PURPOSE(S) OF THE SYSTEM: The primary purpose of the LOD is to collect and maintain information that will be used to conduct research, perform policy analysis, and improve program management for populations served by both SSA and CMS. Information maintained in this system will also be disclosed to:
(1)Support regulatory, reimbursement, and policy functions performed within the Agency or by a contractor, consultant or grantee;
(2)assist another Federal or state agency, agency of a state government, an agency established by state law, or its fiscal agent;
(3)facilitate research on the quality and effectiveness of care provided, as well as epidemiological projects; and
(4)support litigation involving the Agency. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OR USERS AND THE PURPOSES OF SUCH USES: A. The Privacy Act allows us to disclose information without an individual's consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such compatible use of data is known as a “routine use.” The proposed routine uses in this system meet the compatibility requirement of the Privacy Act. We are proposing to establish the following routine use disclosures of information maintained in the system: 1. To agency contractors, consultants or grantees, who have been engaged by the agency to assist in the performance of a service related to this collection and who need to have access to the records in order to perform the activity. 2. To assist another Federal or state agency, agency of a state government, an agency established by state law, or its fiscal agent to: a. Allow such agency to comply with Title XI, Part C of the Act, b. Enable such agency to administer a Federal health benefits program, or as necessary to enable such agency to fulfill a requirement of a Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds, and/or c. Support data exchanges between the cooperating agencies. 3. To an individual or organization for a research project or in support of an evaluation project related to the prevention of disease, disability, or quality care projects, the restoration or maintenance of health, and payment related projects. 4. To the Department of Justice (DOJ), court or adjudicatory body when: a. The agency or any component thereof, or b. Any employee of the agency in his or her official capacity, or c. Any employee of the agency in his or her individual capacity where the DOJ has agreed to represent the employee, or d. The United States Government, is a party to litigation or has an interest in such litigation, and, by careful review, CMS determines that the records are both relevant and necessary to the litigation and that the use of such records by the DOJ, court or adjudicatory body is compatible with the purpose for which the agency collected the records. *B. Additional Provisions Affecting Routine Use Disclosures* To the extent this system contains Protected Health Information
(PHI)as defined by HHS regulation “Standards for Privacy of Individually Identifiable Health Information” (45 CFR Parts 160 and 164, Subparts A and E) 65 FR 82462 (12-28-00). Disclosures of such PHI that are otherwise authorized by these routine uses may only be made if, and as, permitted or required by the “Standards for Privacy of Individually Identifiable Health Information.” (See 45 CFR 164-512
(a)(1).) In addition, our policy will be to prohibit release even of data not directly identifiable, except pursuant to one of the routine uses or if required by law, if we determine there is a possibility that an individual can be identified through implicit deduction based on small cell sizes (instances where the patient population is so small that individuals could, because of the small size, use this information to deduce the identity of the beneficiary). POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: All records are stored on electronic media. RETRIEVABILITY: The collected data are retrieved by an individual identifier; e.g., beneficiary name, health insurance claim number, State assigned personal identifier, or social security number. SAFEGUARDS: CMS has safeguards in place for authorized users and monitors such users to ensure against unauthorized use. Personnel having access to the system have been trained in the Privacy Act and information security requirements. Employees who maintain records in this system are instructed not to release data until the intended recipient agrees to implement appropriate management, operational and technical safeguards sufficient to protect the confidentiality, integrity and availability of the information and information systems and to prevent unauthorized access. This system will conform to all applicable Federal laws and regulations and Federal, HHS, and CMS policies and standards as they relate to information security and data privacy. These laws and regulations may apply but are not limited to: The Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability and Accountability Act of 1996; the E-Government Act of 2002; the Clinger-Cohen Act of 1996; the Medicare Modernization Act of 2003; and the corresponding implementing regulations. OMB Circular A-130, Management of Federal Resources, Appendix III, Security of Federal Automated Information Resources also applies. Federal, HHS, and CMS policies and standards include but are not limited to: All pertinent National Institute of Standards and Technology publications; the HHS Information Systems Program Handbook and the CMS Information Security Handbook. RETENTION AND DISPOSAL: CMS will retain information for a total period not to exceed 25 years. All claims-related records are encompassed by the document preservation order and will be retained until notification is received from DOJ. SYSTEM MANAGER AND ADDRESS: Director, Information and Methods Group, Office of Research, Development & Information, Mail Stop C3-16-07, Centers for Medicare & Medicaid Services, 7500 Security Boulevard, Baltimore, MD 21244-1849. NOTIFICATION PROCEDURE: For purpose of access, the subject individual should write to the system manager who will require the system name, employee identification number, tax identification number, national provider number, and for verification purposes, the subject individual's name (woman's maiden name, if applicable), HICN, and/or SSN (furnishing the SSN is voluntary, but it may make searching for a record easier and prevent delay). RECORD ACCESS PROCEDURE: For purpose of access, use the same procedures outlined in Notification Procedures above. Requestors should also reasonably specify the record contents being sought. (These procedures are in accordance with Department regulation 45 CFR 5b.5(a)(2).) CONTESTING RECORD PROCEDURES: The subject individual should contact the system manager named above, and reasonably identify the record and specify the information to be contested. State the corrective action sought and the reasons for the correction with supporting justification. (These procedures are in accordance with Department regulation 45 CFR 5b.7.) RECORDS SOURCE CATEGORIES: Sources of information contained in this records system include data collected from SSA systems of records, e.g., Supplemental Security Record (09-60-0103), Master Beneficiary Record (09-60-0090), Disability Determination Files (09-60-0044), and Social Security Account Number Identification File (09-60-0058) and LOD systems of records, e.g., Medicaid Statistical Information System (09-70-0541), Current Beneficiary Survey (09-70-0519), Common Working Files (09-70-0526), National Claims History Files (09-70-0558) and Enrollment Data Base (09-70-0502). SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: None. [FR Doc. E8-4070 Filed 3-3-08; 8:45 am] BILLING CODE 4120-03-P DEPARTMENT OF HEALTH AND HUMAN SERVICES
(HHS)Centers for Medicare & Medicaid Services Notice of Hearing: Reconsideration of Disapproval of Ohio State Plan Amendment
(SPA)07-014 AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS. ACTION: Notice of Hearing. SUMMARY: This notice announces an administrative hearing to be held on April 4, 2008, at the CMS Chicago Regional Office, 233 N. Michigan Avenue, Suite 600, the Illinois Room, Chicago, IL 60601-5519, to reconsider CMS' decision to disapprove Ohio SPA 07-014. *Closing Date:* Requests to participate in the hearing as a party must be received by the presiding officer by March 19, 2008. FOR FURTHER INFORMATION CONTACT: Kathleen Scully-Hayes, Presiding Officer, CMS, 2520 Lord Baltimore Drive, Suite L, Baltimore, Maryland 21244, Telephone:
(410)786-2055. SUPPLEMENTARY INFORMATION: This notice announces an administrative hearing to reconsider CMS' decision to disapprove Ohio SPA 07-014, which was submitted on September 28, 2007, and disapproved on December 20, 2007. Under this SPA, the State proposed to expand Medicaid eligibility by excluding all family income that is between 201 percent of the Federal poverty level
(FPL)and 300 percent of the FPL in calculating income for purposes of determining eligibility. As a result, although the plan nominally provides for eligibility of optional targeted low-income children only for those with family income through 200 percent of the FPL, in effect, the eligibility level would rise to 300 percent of the FPL. The amendment was disapproved because it indicated that the State will claim Federal matching funds at a rate other than the rate set forth in the Social Security Act (the Act), and thus, is not consistent with methods of administration necessary for proper and efficient operation of the plan, as required by section 1902(a)(4) of the Act. *At the hearing:* • The disapproval of this SPA will be discussed. The SPA was disapproved because the State declared its intent and was unwilling to change its intent to claim Federal matching funds at the regular matching rate, rather than the enhanced matching rate set forth in the Act, for the expanded population optional targeted low-income children, with income between 201 percent and 300 percent of the FPL. • Section 1903(a)(1) of the Act requires that the Secretary pay the Federal medical assistance percentage
(FMAP)of claimed State expenditures under the approved plan. The FMAP is defined at section 1905(b) of the Act. This section provides that the Federal matching rate for children described in section 1905(u)(2)(B) or (u)(3) of the Act “is equal to the enhanced FMAP described in section 2105(b)” of the Act, unless the State has exhausted its allotment under section 2104 of the Act, under the State Children's Health Insurance Program, or failed to comply with maintenance of effort and proper reporting requirements. Since none of those conditions appear to apply, and the expansion group is comprised of individuals who are described in section 1905(u)(2)(B) of the Act, the enhanced FMAP is the applicable FMAP rate, and claims at any other rate would not be consistent with proper and efficient administration of the State plan. • The State's proposal was not consistent with methods of administration necessary for proper and efficient operation of the plan, as required by section 1902(a)(4) of the Act, because the State indicated in its overall submission that the State did not plan to submit claims at the statutorily indicated FMAP rate. Section 1116 of the Act and Federal regulations at 42 CFR part 430 establish Department procedures that provide an administrative hearing for reconsideration of a disapproval of a State plan or plan amendment. CMS is required to publish a copy of the notice to a State Medicaid agency that informs the agency of the time and place of the hearing, and the issues to be considered. If we subsequently notify the agency of additional issues that will be considered at the hearing, we will also publish that notice. Any individual or group that wants to participate in the hearing as a party must petition the presiding officer within 15 days after publication of this notice, in accordance with the requirements contained at 42 CFR 430.76(b)(2). Any interested person or organization that wants to participate as *amicus curiae* must petition the presiding officer before the hearing begins in accordance with the requirements contained at 42 CFR 430.76(c). If the hearing is later rescheduled, the presiding officer will notify all participants. The notice to Ohio announcing an administrative hearing to reconsider the disapproval of its SPA reads as follows: Ara Mekhjian, Esq., Assistant Attorney General, State of Ohio, Health and Human Services Section, 30 E. Broad Street, 26th Floor, Columbus, OH 43215-3400. Dear Mr. Mekhjian: I am responding to your request for reconsideration of the decision to disapprove the Ohio State plan amendment
(SPA)07-014, which was submitted on September 28, 2007, and disapproved on December 20, 2007. Under this SPA, the State proposed to expand Medicaid eligibility by excluding all family income that is between 201 percent of the Federal poverty level
(FPL)and 300 percent of the FPL in calculating income for purposes of determining eligibility. As a result, although the plan nominally provides for eligibility of optional targeted low-income children only for those with family income through 200 percent of the FPL, in effect, the eligibility level would rise to 300 percent of the FPL. The amendment was disapproved because it indicated that the State will claim Federal matching funds at a rate other than the rate set forth in the Social Security Act (the Act), and thus, is not consistent with methods of administration necessary for proper and efficient operation of the plan, as required by section 1902(a)(4) of the Act. *At the hearing:* • The disapproval of this SPA will be discussed. The SPA was disapproved because the State declared its intent and was unwilling to change its intent to claim Federal matching funds at the regular matching rate, rather than the enhanced matching rate set forth in the Act, for the expanded population optional targeted low-income children, with income between 201 percent and 300 percent of the FPL. • Section 1903(a)(1) of the Act requires that the Secretary pay the Federal medical assistance percentage
(FMAP)of claimed State expenditures under the approved plan. The FMAP is defined at section 1905(b) of the Act. This section provides that the Federal matching rate for children described in section 1905(u)(2)(B) or (u)(3) of the Act “is equal to the enhanced FMAP described in section 2105(b)” of the Act, unless the State has exhausted its allotment under section 2104 of the Act, under the State Children's Health Insurance Program, or failed to comply with maintenance of effort and proper reporting requirements. Since none of those conditions appear to apply, and the expansion group is comprised of individuals who are described in section 1905(u)(2)(B) of the Act, the enhanced FMAP is the applicable FMAP rate, and claims at any other rate would not be consistent with proper and efficient administration of the State plan. • The State's proposal was not consistent with methods of administration necessary for proper and efficient operation of the plan, as required by section 1902(a)(4) of the Act, because the State indicated in its overall submission that the State did not plan to submit claims at the statutorily indicated FMAP rate. I am scheduling a hearing at your request for reconsideration to be held on April 4, 2008, at the Centers for Medicare & Medicaid Services' Chicago Regional Office, 233 N. Michigan Avenue, Suite 600, the Illinois Room, Chicago, IL 60601-5519, to reconsider the decision to disapprove SPA 07-014. If this date is not acceptable, we would be glad to set another date that is mutually agreeable to the parties. The hearing will be governed by the procedures prescribed by Federal regulations at 42 CFR Part 430. I am designating Ms. Kathleen Scully-Hayes as the presiding officer. If these arrangements present any problems, please contact the presiding officer at
(410)786-2055. In order to facilitate any communication which may be necessary between the parties to the hearing, please notify the presiding officer to indicate acceptability of the hearing date that has been scheduled and provide names of the individuals who will represent the State at the hearing. Sincerely, Kerry Weems, *Acting Administrator.* (Section 1116 of the Social Security Act (42 U.S.C. 1316); 42 CFR 430.18). (Catalog of Federal Domestic Assistance program No. 13.714, Medicaid Assistance Program.) Dated: February 25, 2008. Kerry Weems, Acting Administrator, Centers for Medicare & Medicaid Services. [FR Doc. E8-4068 Filed 3-3-08; 8:45 am] BILLING CODE 4120-01-P DEPARTMENT OF HEALTH AND HUMAN SERVICES Food and Drug Administration [Docket No. FDA-2008-N-0132] Agency Information Collection Activities; Proposed Collection; Comment Request; State Petitions for Exemption From Preemption AGENCY: Food and Drug Administration, HHS. ACTION: Notice. SUMMARY: The Food and Drug Administration
(FDA)is announcing an opportunity for public comment on the proposed collection of certain information by the agency. Under the Paperwork Reduction Act of 1995 (the PRA), Federal agencies are required to publish notice in the **Federal Register** concerning each proposed collection of information, including each proposed extension of an existing collection of information, and to allow 60 days for public comment in response to the notice. This notice solicits comments on reporting requirements contained in existing FDA regulations governing State petitions for exemption from preemption. DATES: Submit written or electronic comments on the collection of information by May 5, 2008. ADDRESSES: Submit electronic comments on the collection of information to *http://www.regulations.gov* . Submit written comments on the collection of information to the Division of Dockets Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852. All comments should be identified with the docket number found in brackets in the heading of this document. FOR FURTHER INFORMATION CONTACT: Jonna Capezzuto, Office of the Chief Information Officer (HFA-250), Food and Drug Administration, 5600 Fishers Lane, Rockville, MD 20857, 301-827-4659. SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501-3520), Federal agencies must obtain approval from the Office of Management and Budget
(OMB)for each collection of information they conduct or sponsor. “Collection of information” is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) and includes agency requests or requirements that members of the public submit reports, keep records, or provide information to a third party. Section 3506(c)(2)(A) of the PRA (44 U.S.C. 3506(c)(2)(A)) requires Federal agencies to provide a 60-day notice in the **Federal Register** concerning each proposed collection of information, including each proposed extension of an existing collection of information, before submitting the collection to OMB for approval. To comply with this requirement, FDA is publishing notice of the proposed collection of information set forth in this document. With respect to the following collection of information, FDA invites comments on these topics:
(1)Whether the proposed collection of information is necessary for the proper performance of FDA's functions, including whether the information will have practical utility;
(2)the accuracy of FDA's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
(3)ways to enhance the quality, utility, and clarity of the information to be collected; and
(4)ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques, when appropriate, and other forms of information technology. State Petitions for Exemption From Preemption—21 CFR 100.1(d) (OMB Control No. 0910-0277) —Extension Under section 403A(b) of the Federal Food, Drug, and Cosmetic Act (the act) (21 U.S.C. 343-1(b)), States may petition FDA for exemption from Federal preemption of State food labeling and standard of identity requirements. Section 100.1(d) (21 CFR 100.1(d)) sets forth the information a State is required to submit in such a petition. The information required under § 100.1(d) enables FDA to determine whether the State food labeling or standard of identity requirement satisfies the criteria of section 403A(b) of the act for granting exemption from Federal preemption. FDA estimates the burden of this collection of information as follows: **Table 1.—Estimated Annual Reporting Burden** 1 21 CFR Section No. of Respondents Annual Frequency per Response Total Annual Responses Hours per Response Total Hours 100.1(d) 1 1 1 40 40 1 There are no capital costs or operating and maintenance costs associated with this collection of information. The reporting burden for § 100.1(d) is minimal because petitions for exemption from preemption are seldom submitted by States. In the last 3 years, FDA has not received any new petitions for exemption from preemption; therefore, the agency estimates that one or fewer petitions will be submitted annually. Although FDA has not received any new petitions for exemption from preemption in the last 3 years, it believes these information collection provisions should be extended to provide for the potential future need of a State or local government to petition for an exemption from preemption under the provisions of section 403(A) of the act. Please note that on January 15, 2008, the FDA Web site transitioned to the Federal Dockets Management System (FDMS). FDMS is a Government-wide, electronic docket management system. Electronic submissions will be accepted by FDA through FDMS only. Dated: February 26, 2008. Jeffrey Shuren, Assistant Commissioner for Policy. [FR Doc. E8-4066 Filed 3-3-08; 8:45 am] BILLING CODE 4160-01-S DEPARTMENT OF HEALTH AND HUMAN SERVICES Food and Drug Administration [Docket No. FDA-2008-N-0129] Agency Information Collection Activities; Proposed Collection; Comment Request; Food Canning Establishment Registration, Process Filing, and Recordkeeping for Acidified Foods and Thermally Processed Low-Acid Foods in Hermetically Sealed Containers AGENCY: Food and Drug Administration, HHS. ACTION: Notice. SUMMARY: The Food and Drug Administration
(FDA)is announcing an opportunity for public comment on the proposed collection of certain information by the agency. Under the Paperwork Reduction Act of 1995 (the PRA), Federal agencies are required to publish notice in the **Federal Register** concerning each proposed collection of information, including each proposed extension of an existing collection of information, and to allow 60 days for public comment in response to the notice. This notice solicits comments on reporting and recordkeeping requirements for firms that process acidified foods and thermally processed low-acid foods in hermetically sealed containers. DATES: Submit written or electronic comments on the collection of information by May 5, 2008. ADDRESSES: Submit electronic comments on the collection of information to *http://www.regulations.gov* . Submit written comments on the collection of information to the Division of Dockets Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852. All comments should be identified with the docket number found in brackets in the heading of this document. FOR FURTHER INFORMATION CONTACT: Jonna Capezzuto, Office of the Chief Information Officer (HFA-250), Food and Drug Administration, 5600 Fishers Lane, Rockville, MD 20857, 301-827-4659. SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501-3520), Federal agencies must obtain approval from the Office of Management and Budget
(OMB)for each collection of information they conduct or sponsor. “Collection of information” is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) and includes agency requests or requirements that members of the public submit reports, keep records, or provide information to a third party. Section 3506(c)(2)(A) of the PRA (44 U.S.C. 3506(c)(2)(A)) requires Federal agencies to provide a 60-day notice in the **Federal Register** concerning each proposed collection of information, including each proposed extension of an existing collection of information, before submitting the collection to OMB for approval. To comply with this requirement, FDA is publishing notice of the proposed collection of information set forth in this document. With respect to the following collection of information, FDA invites comments on these topics:
(1)Whether the proposed collection of information is necessary for the proper performance of FDA's functions, including whether the information will have practical utility;
(2)the accuracy of FDA's estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
(3)ways to enhance the quality, utility, and clarity of the information to be collected; and
(4)ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques, when appropriate, and other forms of information technology. Food Canning Establishment Registration, Process Filing, and Recordkeeping for Acidified Foods and Thermally Processed Low-Acid Foods in Hermetically Sealed Containers—21 CFR 108.25 and 108.35, and Parts 113 and 114 (OMB Control Number 0910-0037)—Extension Under the Federal Food, Drug, and Cosmetic Act (the act), FDA is authorized to prevent the interstate distribution of food products that may be injurious to health or that are otherwise adulterated, as defined in section 402 of the act (21 U.S.C. 342). Under the authority granted to FDA by section 404 of the act (21 U.S.C. 344), FDA regulations require registration of food processing establishments, filing of process or other data, and maintenance of processing and production records for acidified foods and thermally processed low-acid foods in hermetically sealed containers. These requirements are intended to ensure safe manufacturing, processing, and packing procedures and to permit FDA to verify that these procedures are being followed. Improperly processed low-acid foods present life-threatening hazards if contaminated with foodborne microorganisms, especially *Clostridium botulinum* . The spores of *C. botulinum* must be destroyed or inhibited to avoid production of the deadly toxin that causes botulism. This is accomplished with good manufacturing procedures, which must include the use of adequate heat processes or other means of preservation. To protect the public health, FDA regulations require that each firm that manufactures, processes, or packs acidified foods or thermally processed low-acid foods in hermetically sealed containers for introduction into interstate commerce register the establishment with FDA using Form FDA 2541 (§§ 108.25(c)(1) and 108.35(c)(2) (21 CFR 108.25(c)(1) and 108.35(c)(2))). In addition to registering the plant, each firm is required to provide data on the processes used to produce these foods, using Form FDA 2541a for all methods except aseptic processing, or Form FDA 2541c for aseptic processing of low-acid foods in hermetically sealed containers (§§ 108.25(c)(2) and 108.35(c)(2)). Plant registration and process filing may be accomplished simultaneously. Process data must be filed prior to packing any new product, and operating processes and procedures must be posted near the processing equipment or made available to the operator (§ 113.87(a) (21 CFR 113.87(a))). Regulations in parts 108, 113, and 114 (21 CFR parts 108, 113, and 114) require firms to maintain records showing adherence to the substantive requirements of the regulations. These records must be made available to FDA on request. Firms are also required to document corrective actions when process controls and procedures do not fall within specified limits (§§ 113.89, 114.89, and 114.100(c)); to report any instance of potential health-endangering spoilage, process deviation, or contamination with microorganisms where any lot of the food has entered distribution in commerce (§§ 108.25(d) and 108.35(d) and (e)); and to develop and keep on file plans for recalling products that may endanger the public health (§§ 108.25(e) and 108.35(f)). To permit lots to be traced after distribution, acidified foods and thermally processed low-acid foods in hermetically sealed containers must be marked with an identifying code (§§ 113.60(c) (thermally processed foods) and 114.80(b) (acidified foods)). FDA estimates the burden of this collection of information as follows: **Table 1.—Estimated Annual Reporting Burden** 1 Form No. 21 CFR Section No. of Respondents Annual Frequency per Response Total Annual Responses Hours per Response Total Hours Form FDA 2541 (Registration) 108.25 and 108.35 515 1 515 .17 88 Form FDA 2541a (Process Filing) 108.25 and 108.35 1,489 8.62 12,835 .333 4,274 Form FDA 2541c (Process Filing) 108.35 84 7.77 653 .75 490 Total 4,852 1 There are no capital costs or operating and maintenance costs associated with this collection of information. **Table 2.—Estimated Annual Recordkeeping Burden** 1 21 CFR Part No. of Recordkeepers Annual Frequency of Recordkeeping Total Annual Records Hours per Recordkeeper Total Hours 113 and 114 8,950 1 8,950 250 2,237,500 1 There are no capital costs or operating and maintenance costs associated with this collection of information. FDA based its estimate on registrations and process filings received over the past 3 years. The reporting burden for §§ 108.25(d) and 108.35(d) and
(e)is minimal because notification of spoilage, process deviation or contamination of product in distribution occurs less than once a year. Most firms discover these problems before the product is distributed and, therefore, are not required to report the occurrence. To avoid double-counting, estimates for §§ 108.25(g) and 108.35(h) have not been included because they merely cross-reference recordkeeping requirements contained in parts 113 and 114. Please note that on January 15, 2008, the FDA Web site transitioned to the Federal Dockets Management System (FDMS). FDMS is a Government-wide, electronic docket management system. Electronic submissions will be accepted by FDA through FDMS only. Dated: February 26, 2008. Jeffrey Shuren, Assistant Commissioner for Policy. [FR Doc. E8-4067 Filed 3-3-08; 8:45 am] BILLING CODE 4160-01-S DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of Inspector General Privacy Act of 1974; Revisions to OIG's Privacy Act System of Records: Criminal Investigative Files AGENCY: Office of Inspector General (OIG), HHS. ACTION: Notice of proposed revisions to existing Privacy Act systems of records. SUMMARY: The Office of Inspector General
(OIG)proposes to revise and update the existing system of records, entitled “Criminal Investigative Files” (09-90-0003). This proposed notice is in accordance with the Privacy Act requirement that agencies publish their amended systems of records in the **Federal Register** when there is a revision, change, or addition. This system of records, maintained by OIG, was last revised and updated on December 8, 2006. DATES: *Effective Date:* These revisions will become effective without further notice on April 18, 2008 unless comments received on or before that date result in a contrary determination. *Comment Date:* Comments on these revisions will be considered if we receive them at the addresses provided below no later than 5 p.m. on April 3, 2008. Interested parties may submit written comments on this proposed revision to the addresses indicated below. ADDRESSES: In commenting, please refer to file code OIG-793-PN. Because of staff and resource limitations, we cannot accept comments by facsimile
(FAX)transmission. You may submit comments in one of three ways (no duplicates, please): 1. *Electronically.* You may submit electronic comments on specific recommendations and proposals through the Federal eRulemaking Portal at *http://www.regulations.gov* . (Attachments should be in Microsoft Word, if possible.) 2. *By regular, express, or overnight mail* . You may send written comments to the following address: Office of Inspector General, Department of Health and Human Services, Attention: OIG-793-PN, Room 5246, Cohen Building, 330 Independence Avenue, SW., Washington, DC 20201. Please allow sufficient time for mailed comments to be received before the close of the comment period. 3. *By hand or courier* . If you prefer, you may deliver, by hand or courier, your written comments before the close period to Office of Inspector General, Department of Health and Human Services, Cohen Building, 330 Independence Avenue, SW., Washington, DC 20201. Because access to the interior of the Cohen Building is not readily available to persons without Federal Government identification, commenters are encouraged to schedule their delivery with one of our staff members at
(202)358-3141. FOR FURTHER INFORMATION CONTACT: Joel Schaer, Regulations Officer, Office of External Affairs,
(202)619-0089. SUPPLEMENTARY INFORMATION: In accordance with the Inspector General Act of 1978, 5 U.S.C. App. 3, the Criminal Investigative Files system of records is maintained for the purpose of
(1)conducting, documenting, and tracking investigations conducted by OIG or other investigative agencies regarding HHS programs and operations;
(2)documenting the outcome of OIG reviews of allegations and complaints received concerning HHS programs and operations;
(3)aiding in prosecutions brought against the subjects of OIG investigations;
(4)maintaining a record of the activities that were the subject of investigations;
(5)reporting the results of OIG investigations to other departmental components for their use in operating and evaluating their programs and the imposition of civil or administrative sanctions; and
(6)acting as a repository and source for information necessary to fulfill the reporting requirements of 5 U.S.C. App. 3. In accordance with the Privacy Act requirement, agencies are to publish their amended systems of records in the **Federal Register** when there is a revision, change, or addition. This system of records was last revised and updated on December 8, 2006 (71 FR 71180), by updating the “Systems Location” section of that document. OIG has reviewed and is now proposing to revise the criminal investigative file system of records by
(1)amending the “Routine Uses of Records Maintained in the System” section by adding a new paragraph o. to address the requirement for a routine use for the disclosure of information in the investigation of data breaches of Personally Identifiable Information, in accordance with Office of Management and Budget Memorandum M-07-16; and
(2)amending the “Policies and Practices for Storing, Retrieving, Reviewing, Retaining, and Disposing of Records in the Storage System” portion of the system of records to update the discussion on access methods for the mainframe and the storage location of data so that it is consistent with current technology. OIG will accept and consider comments and feedback in response to only the specific revisions to the current system of records addressed in this notice. This proposed change will not otherwise increase access to these records. Dated: February 27, 2008. Daniel R. Levinson, Inspector General. SYSTEM NAME: Criminal Investigative Files of the Inspector General HHS/OS/OIG. SECURITY CLASSIFICATION: None. SYSTEM LOCATION: Office of Inspector General, HHS, Room 5409, Wilbur J. Cohen Bldg., 330 Independence Avenue, SW., Washington, DC 20201. Region 1, Office of Investigations (OI), OIG, JFK Federal Building, Room 2475, Boston, Massachusetts 02203. Region 2, OI, OIG, 26 Federal Plaza, Room 13-124, New York, New York 10278. Region 3, OI, OIG, Public Ledger Bldg., 150 South Independence Mall West, Suite 326, Philadelphia, Pennsylvania 19106. Region 4, OI, OIG, Atlanta Federal Office, 61 Forsyth Street, SW., Suite 5T18, Atlanta, Georgia 30303. Region 5, OI, OIG, 233 North Michigan Avenue, Suite 1330, Chicago, Illinois 60601. Region 6, OI, OIG, 1100 Commerce Street, Room 629, Dallas, Texas 75242. Region 7, OI, OIG, 1201 Walnut, Suite 920, Kansas City, Missouri 64106. Region 9, OI, OIG, 50 United Nations Plaza, Room 174, San Francisco, California 94102. Los Angeles Region, OI, OIG, 600 West Santa Ana Blvd., Suite 1100, Santa Ana, California 92701. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals relevant to a criminal investigation, including but not limited to the subjects of an investigation, complainants, and key witnesses where necessary for future retrieval. CATEGORIES OF RECORDS IN THE SYSTEM: Criminal investigative files and extracts from that file consisting of computerized case management and tracking files. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: The Inspector General Act of 1978, 5 U.S.C. App. 3, authorizes Inspectors General to conduct, supervise, and coordinate investigations relating to the programs and operations of their respective agencies. PURPOSE(S): Pursuant to the Inspector General Act of 1978, 5 U.S.C. App. 3, this system is maintained for the purpose of conducting, documenting, and tracking investigations conducted by OIG or other investigative agencies regarding HHS programs and operations, documenting the outcome of OIG reviews of allegations and complaints received concerning HHS programs and operations, aiding in prosecutions brought against the subjects of OIG investigations, maintaining a record of the activities that were the subject of investigations, reporting the results of OIG investigations to other departmental components for their use in operating and evaluating their programs and the imposition of civil or administrative sanctions, and acting as a repository and source for information necessary to fulfill the reporting requirements of 5 U.S.C. App. 3. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSE OF SUCH USES: a. Information from this system of records may be disclosed to any other Federal agency or any foreign, State, or local government agency responsible for enforcing, investigating, or prosecuting violations of administrative, civil, or criminal law or regulation where that information is relevant to an enforcement proceeding, investigation, or prosecution within the agency's jurisdiction. b. Information from this system of records may be disclosed to
(1)The Department of Justice in connection with requests for legal advice and in connection with actual or potential criminal prosecutions or civil litigation pertaining to the Office of Inspector General, and
(2)a Federal or State grand jury, a Federal or State court, administrative tribunal, opposing counsel, or witnesses in the course of civil or criminal proceedings pertaining to the Office of Inspector General. c. Information in this system of records may be disclosed to a Federal, State, or local agency maintaining civil, criminal or other relevant enforcement records or other pertinent records, such as current licenses, if necessary to obtain a record relevant to an agency decision concerning the hiring or retention of an employee, the issuance of a license, grant or other benefit. d. Information in this system of records may be disclosed to a Federal agency in response to its request in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license grant, or other benefit by the requesting agency, to the extent that the record is relevant and necessary to the requesting agency's decision on the matter. e. Relevant information may be disclosed from this system of records to the news media and general public where there exists a legitimate public interest, e.g., to provide information on events in the criminal process, such as indictments, and where necessary, for protection from imminent threat to life or property. f. Where Federal agencies having the power to subpoena other Federal agencies' records, such as the Internal Revenue Service, or issue a subpoena to the department for records in this system or records, the department will make such records available. g. When the department contemplates that it will contract with a private firm for the purpose of collating, analyzing, aggregating or otherwise refining records in this system, relevant records will be disclosed to such contractor. The contractor shall be required to maintain Privacy Act safeguards with respect to such records. h. Disclosures may be made to organizations deemed qualified by the Secretary to carry out quality assessments. i. Information from this system of records may be disclosed in the course of employee discipline of competence determination proceedings. j. Disclosures may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of the individual. k. Information from this system of records may be disclosed to the Department of Justice, to a judicial or administrative tribunal, opposing counsel, and witnesses, in the course of proceedings involving HHS, an HHS employee (where the matter pertains to the employee's official duties), or the United States, or any agency thereof where the litigation is likely to affect HHS, or HHS is a party or has an interest in the litigation and the use of the information is relevant and necessary to the litigation. l. Information of this system of records may be disclosed to a Federal, State or local agency maintaining pertinent records, if necessary, to obtain a record relevant to a department decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit. m. Information from this system of records may be disclosed to third party contacts, including public and private organizations, in order to obtain information relevant and necessary to the investigation of potential violations in HHS programs and operations, or where disclosure would enable the OIG to identify violations in HHS programs or operations or otherwise assist the OIG in pursuing on-going investigations. n. A record may be disclosed to any official charged with the responsibility to conduct qualitative assessment reviews of internal safeguards and management procedures employed in investigative operations. This disclosure category includes members of the President's Council on Integrity and Efficiency and officials and administrative staff within their investigative chain of command, as well as authorized officials of the Department of Justice and the Federal Bureau of Investigation. o. A record may be disclosed to appropriate Federal agencies and Department contractors that have a need to know the information for the purpose of assisting the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, and the information disclosed is relevant and necessary for that assistance. POLICIES AND PRACTICES FOR STORING, RETRIEVING, REVIEWING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM STORAGE: The records, which take the form of index cards, investigative reports, microcomputer disks, drives and/or CDs, files and printed listings are maintained under secure conditions in limited access areas. Written documents and computer disks are maintained in secure rooms, in security type safes or in lock bar file cabinets with manipulation proof combination locks. Computer servers containing files are locked in controlled-access rooms. Laptops that may contain files are protected with whole-disk encryption. RETRIEVABILITY: Records are retrievable by manual or computer search of indices containing the name or Social Security number of the individual to whom the record applies. Records may be cross-referenced by case or complaint number. SAFEGUARDS: Records are maintained in a restricted area and accessed only by Department personnel. Access within OIG is strictly limited to authorized staff members. All employees are given instructions on the sensitivity of such files and the restrictions on disclosure. Access within HHS is strictly limited to the Secretary, Under-Secretary, and other officials and employees on a need-to-know basis. All files and printed materials are safeguarded in accordance with the provisions of the National Institute of Standards and Technology, OMB Memoranda, and HHS Information Security policies and guidelines. RETENTION AND DISPOSAL: Investigative files are retained for 10 years after completion of the investigation and/or action based thereon. Paper and computer indices are retained permanently. The records control schedule and disposal standards may be obtained by writing to the Systems Manager at the address below. SYSTEM MANAGER(S) AND ADDRESS: Inspector General, Room 5250, Wilbur J. Cohen Building, Department of Health and Human Services, 330 Independence Avenue, SW., Washington, DC 20201. NOTIFICATION PROCEDURES: Exempt. However, consideration will be given requests addressed to the system manager. For general inquiries, it would be helpful if the request included date of birth and Social Security number, as well as the name of the individual. RECORDS ACCESS PROCEDURE: Same as notification procedures. Requestors should also reasonably specify the record contents being sought. CONTESTING RECORD PROCEDURES: Contact the system manager at the address specified above, and reasonably identify the record, specify the information to be contested, and the corrective action sought with supporting justification. RECORD SOURCE CATEGORIES: OIG collects information from a wide variety of sources, including information from the Department and other Federal, State, and local agencies, witnesses, complaints and other nongovernmental sources. SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: In accordance with subsection (j)(2) of the Privacy Act, 5 U.S.C. 552a(j)(2), the Secretary has exempted this system from the access, amendment, correction, and notification provisions of the Act, 5 U.S.C. 552a(c)(3), (d)(1)-(4), (e)(3), and (e)(4)(G) and (H). [FR Doc. E8-4105 Filed 3-3-08; 8:45 am] BILLING CODE 4152-01-P DEPARTMENT OF HEALTH AND HUMAN SERVICES National Institutes of Health National Institute on Drug Abuse; Notice of Closed Meetings Pursuant to section 10(d) of the Federal Advisory Committee Act, as amended (5 U.S.C. Appendix 2), notice is hereby given of the following meetings. The meetings will be closed to the public in accordance with the provisions set forth in section 552b(c)(4) and 552b(c)(6), Title 5 U.S.C., as amended. The grant applications and the discussions could disclose confidential trade secrets or commercial property such as patentable material, and personal information concerning individuals associated with the grant applications, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy. *Name of Committee:* National Institute on Drug Abuse Special Emphasis Panel, Pathway to Independence Award. *Date:* March 18, 2008. *Time:* 1:30 p.m. to 4:30 p.m. *Agenda:* To review and evaluate grant applications. *Place:* National Institutes of Health, 6101 Executive Boulevard, Rockville, MD 20852. *Contact Person:* Jose F. Ruiz, PhD., Scientific Review Administrator, Office of Extramural Affairs, National Institute on Drug Abuse, NIH, 6102 Executive Blvd., Rm. 213, MSC 8401, Bethesda, MD 20892, 301-451-3086, *ruizjf@nida.nih.gov.* *Name of Committee:* National Institute on Drug Abuse Special Emphasis Panel, International Collaborations for HIV and Drug Abuse. *Date:* April 2, 2008. *Time:* 8:30 a.m. to 6 p.m. *Agenda:* To review and evaluate grant applications. *Place:* Doubletree Washington DC, 1515 Rhode Island Avenue, NW., Washington, DC 20005. *Contact Person:* Nadine Rogers, PhD., Scientific Review Administrator, Office of Extramural Affairs, National Institute on Drug Abuse, NIH, DHHS, Room 220, MSC 8401, 6101 Executive Boulevard, Bethesda, MD 20892-8401, 301-402-2105, *rogersn2@nida.nih.gov.* (Catalogue of Federal Domestic Assistance Program Nos. 93.279, Drug Abuse and Addiction Research Programs, National Institutes of Health, HHS) Dated: February 26, 2008. Jennifer Spaeth, Director, Office of Federal Advisory Committee Policy. [FR Doc. 08-924 Filed 3-3-08; 8:45 am]
Connectionstraces to 12
Traces to 12 documents
U.S. Code
- Medicaid and CHIP Payment and Access Commission§ 1396
- Cooperative research or demonstration projects§ 1310
- Administrative and judicial review of public assistance determinations§ 1316
- Definitions§ 3502
- Federal agency responsibilities§ 3506
- National uniform nutrition labeling§ 343–1
- Adulterated food§ 342
- Emergency permit control§ 344
- Records maintained on individuals§ 552a
11 references not yet in our index
- Pub. L. 109-171
- 45 CFR 5
- Pub. L. 108-173
- 42 USC 1395II(a)
- 45 CFR 164
- 42 CFR 430
- 42 CFR 430.76(b)(2)
- 42 CFR 430.76(c)
- 42 CFR 430.18
- 44 USC 3501-3520
- 5 CFR 1320.3(c)
Citation graph
cites case law
Notices
Notice of a New System of Records (SOR)
Pub. L.Pub. L. 109-171
Cite45 CFR 5
Pub. L.Pub. L. 108-173
Cites 23 · showing 12Cited by 0 across 0 sources