TMCnet News
Privacy Act of 1974; Addition of a New Routine UseJun 26, 2009 (Health and Human Services Department Documents and Publications/ContentWorks via COMTEX) -- SUMMARY: CMS proposes to add a new routine use to its inventory of SOR subject to the Privacy Act of 1974 (Title 5 United States Code (U.S.C.) 552a) authorizing disclosure of individually identifiable information to assist in efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in these systems of records. The new routine use will be prioritized in the next consecutive numbered order of routine uses in each system notice and will be included in the next published notice as part of our normal SOR review process. The new routine use will read as follows: 1. To appropriate Federal agencies, Department officials and Agency contractors that need access to identifiable information to provide assistance to the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information. In order to receive the information, CMS must: a. Determines that the use or disclosure does not violate legal limitations under which the record was provided, collected, or obtained; b. Determines that the purpose for which the disclosure is to be made: (1) Cannot be reasonably accomplished unless the record is provided in individually identifiable form, (2) is of sufficient importance to warrant the effect and/or risk on the privacy of the individual that additional exposure of the record might bring, and (3) there is reasonable probability that the objective for the use would be accomplished; c. Requires the recipient of the information to: (1) Establish reasonable administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of the record, and (2) remove or destroy the information that allows the individual to be identified at the earliest time at which removal or destruction can be accomplished consistent with the purpose of the disclosure, and (3) Make no further use or disclosure of the record except: (a) In emergency circumstances affecting the health or safety of any individual, or (b) When required by law. d. Secures a written statement attesting to the information recipient's understanding of and willingness to abide by these provisions and complete a Data Use Agreement (CMS Form 0235) in accordance with current CMS policies. The reason for this routine use is as follows: Other Federal agencies, Department officials and contractors, as well as CMS contractors may need access to identifiable information that is both relevant and necessary to provide assistance to all efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in these systems of records. DATES: Effective Date: The new routine use will be effective on < DATE >. ADDRESSES: The public should address comments to: CMS Privacy Officer, Division of Privacy Compliance, Enterprise Architecture and Strategy Group, Office of Information Services, CMS, Room N2-04-27, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. The telephone number is (410) 786-5357. Comments received will be available for review at this location, by appointment, during regular business hours, Monday through Friday from 9 a.m.-3 p.m., Eastern Time zone. SUPPLEMENTARY INFORMATION: On May 22, 2007, the Office of Management and Budget (OMB) released Memoranda (M) 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information. HHS convened a leadership committee composed of members from the Office of the Chief Information Officer (OICO), the Office of Assistant Secretary for Public Affairs (ASPA), and the Office of the Assistant Secretary for Planning and Evaluation (ASPE) in order to formulate a response plan for the newly established requirements. The final response plan was signed by the HHS Chief Information Officer (CIO), Mike Carleton and submitted to OMB on September 19, 2007. As required by the memoranda, to comply with the "Incident Reporting and Handling Requirements," all Operations and Staff Divisions are instructed to incorporate the suggested routine use language as part of their normal SOR review process. Dated: June 16, 2009. Michelle Snyder, Deputy Chief Operating Officer, Centers for Medicare & Medicaid Services. .... Attachment A SOR No................... Title.................... FR published 09-70-0500................Health Plan Management....71 FR 60718, 10/16/2006 ..........................System (HPMS) 09-70-0501................Medicare Multi-Carrier....71 FR 64968, 11/06/2006 ..........................Claims Systems (MCS) 09-70-0502................Enrollment Data Base......73 FR 10249, 02/26/2008 ..........................(EDB) 09-70-0503................Fiscal Intermediary...... 71 FR 64961, 11/06/2006 ..........................Shared System (FISS) 09-70-0514................Medicare Provider........ 71 FR 17470, 04/06/2006 ..........................Analysis and Review ..........................(MEDPAR) 09-70-0519................Medicare Current..........71 FR 60722, 10/16/2006 ..........................Beneficiary Survey (MCBS) 09-70-0520................ESRD Program Management.. 72 FR 26126, 5/8/2007 ..........................and Medical Information ..........................System (PMMIS) 09-70-0521................Inpatient Rehabilitation..71 FR 67143, 11/20/2006 ..........................Facilities--Patient ..........................Assessment Instrument ..........................(IRF-PAI) 09-70-0522................Home Health Agency........72 FR 63906, 11/13/2007 ..........................Outcome and Assessment ..........................Information Set (OASIS) 09-70-0526................Common Working File (CWF) 71 FR 64955, 11/06/2006 09-70-0528................Long Term Care-Minimum....72 FR 12801, 3/19/2007 ..........................Data Set (LTC MDS) 09-70-0532................Provider Enrollment Chain 71 FR 60536, 10/13/2006 ..........................and Ownership System ..........................(PECOS) 09-70-0536................Medicare Beneficiary......71 FR 11420, 03/07/2006 ..........................Database (MBD) 09-70-0538................Individuals Authorized....72 FR 63902, 11/13/2007 ..........................Access to the CMS ..........................Computer Services (IACS) 09-70-0541................Medicaid Statistical......71 FR 65527, 11/08/2006 ..........................Information System (MSIS) 09-70-0550................Retiree Drug Subsidy......70 FR 41035, 7/15/2005 ..........................Program (RDSP) 09-70-0553................Medicare Drug Data........70 FR 58436, 10/06/2005 ..........................Processing System (DDPS) 09-70-0558................National Claims History.. 71 FR 67137, 11/20/2006 ..........................File (NCH) 09-70-0568................One Program Integrity.... 71 FR64530, 11/02/2006 ..........................Data Repository (ODR) 09-70-0569................Post Acute Care Payment.. 72 FR 55225, 09/28/2007 ..........................Reform/Continuity ..........................Assessment Report ..........................Demonstration and ..........................Evaluation (PAC-CARE) 09-70-0571................Medicare Integrated Data..71 FR 64530, 11/02/2006 ..........................Repository (IDR) 09-70-0573................Chronic Condition Data....71 FR 54495, 09/15/2006 ..........................Repository (CCDR) 09-70-4001................Medicare Advantage........70 FR 60530, 10/18/2005 ..........................Prescription Drug (MARx) 09-70-0575................Organ Procurement........ 71 FR 29336, 05/22/2006 ..........................Organizations System ..........................(OPOS) 09-70-0594................Minimum Data Set (MDS)....72 FR 72733, 12/21/2007 ..........................for Home and Community ..........................Based Alternatives (CBA) ..........................to Psychiatric ..........................Residential Treatment) ..........................Facilities (PRTF) ..........................(CBA-PRTF) Notice to add a new routine use to all CMS systems of records (SOR). Citation: "74 FR 30606" Federal Register Page Number: "30606" "Notices" |