Anda di halaman 1dari 4

Federal Register / Vol. 72, No.

45 / Thursday, March 8, 2007 / Notices 10537

By the Office of Thrift Supervision. DEPARTMENT OF HEALTH AND the system that were affected by the
John M. Reich, HUMAN SERVICES recent reorganization or because of the
Director. impact of the Medicare Prescription
Centers for Medicare & Medicaid Drug, Improvement, and Modernization
By the National Credit Union Services Act of 2003 (MMA) (Pub. L. 108–173)
Administration on February 28, 2007. provisions and to update language in
JoAnn M. Johnson, Privacy Act of 1974; Report of a the administrative sections to
Chairman. Modified System of Records correspond with language used in other
[FR Doc. 07–1083 Filed 3–7–07; 8:45 am] AGENCY: Department of Health and CMS SORs.
The primary purpose of the system of
BILLING CODE 4810–33–P; 6210–01–P; 6714–01–P; Human Services (HHS), Center for
6720–01–P; 7535–01–P records is to collect and maintain
Medicare & Medicaid Services (CMS).
information on health care providers,
ACTION: Notice of a Modified System of and other individuals ordering provider
Records (SOR). educational materials who voluntarily
DEPARTMENT OF HEALTH AND SUMMARY: In accordance with the
register for computer/web-based
HUMAN SERVICES requirements of the Privacy Act of 1974, training courses, satellite broadcasts and
we are proposing to modify an existing train-the-trainer sessions. Information in
Centers for Medicare & Medicaid system titled, ‘‘Medicare Learning this system will also be used to: (1)
Services support regulatory and policy functions
Network (MLN) Registration and
performed within the Agency or by a
Product Ordering System (REPOS),’’ No.
Privacy Act of 1974; Retraction of a contractor, consultant, or grantee; and
09–70–0542, most recently modified at
Modified System of Records (2) to support litigation involving the
68 FR 35897 (June 17, 2003). We
Agency related to this system. We have
propose to modify existing routine use
AGENCY: Department of Health and provided background information about
number 1 that permits disclosure to
Human Services (HHS), Centers for the modified system in the
agency contractors and consultants to
Medicare & Medicaid Services (CMS). SUPPLEMENTARY INFORMATION section
include disclosure to CMS grantees who
below. Although the Privacy Act
ACTION:Notice of Retraction of a perform a task for the agency. CMS
requires only that CMS provide an
Modified System of Records. grantees, charged with completing
opportunity for interested persons to
projects or activities that require CMS comment on the proposed routine uses,
SUMMARY: The Centers for Medicare & data to carry out that activity, are CMS invites comments on all portions
Medicaid Services CMS inadvertently classified separate from CMS of this notice. See EFFECTIVE DATES
published a modification to its existing contractors and/or consultants. The section for comment period.
modified routine use will remain as
system of records titled ‘‘Medicare Drug DATES: Effective Date: CMS filed a
routine use number 1. We will delete
Data Processing System (DDPS)’’ System modified SOR report with the Chair of
routine use number 2 authorizing
No. 09–70–0553 in the Federal Register the House Committee on Government
disclosure to support constituent
on Thursday, February 22, 2007 (72 FR requests made to a congressional Reform and Oversight, the Chair of the
7993). CMS is withdrawing the February representative. If an authorization for Senate Committee on Homeland
22, 2007 modification to the DDPS the disclosure has been obtained from Security & Governmental Affairs, and
system of records pending the the data subject, then no routine use is the Administrator, Office of Information
conclusion of rulemaking that will needed. The Privacy Act allows for and Regulatory Affairs, Office of
support the routine uses of data disclosures with the ‘‘prior written Management and Budget (OMB) on
contained in the system of records. The consent’’ of the data subject. February 7, 2007. To ensure that all
existing notice established at 70 FR Finally, we will delete the section parties have adequate time in which to
58436 (October 6, 2005) will remain the titled ‘‘Additional Circumstances comment, the modified system will
effective notice for the DDPS system of Affecting Routine Use Disclosures,’’ that become effective 30 days from the
records. addresses ‘‘Protected Health Information publication of the notice, or 40 days
(PHI)’’ and ‘‘small cell size.’’ The from the date it was submitted to OMB
FOR FURTHER INFORMATION CONTACT: and the Congress, whichever is later. We
requirement for compliance with HHS
Inquiries may be directed to: CMS may defer implementation of this
regulation ‘‘Standards for Privacy of
Privacy Officer, Division of Privacy Individually Identifiable Health system or one or more of the routine use
Compliance, Enterprise Architecture Information’’ does not apply because statements listed below if we receive
and Strategy Group, Office of this system does not collect or maintain comments that persuade us to defer
Information Services, CMS, Room N2– PHI. In addition, our policy to prohibit implementation.
04–27, 7500 Security Boulevard, release if there is a possibility that an ADDRESSES: The public should address
Baltimore, Maryland 21244–1850. He individual can be identified through comments to: CMS Privacy Officer,
can also be reached at 410–786–5357 or ‘‘small cell size’’ is not applicable to the Division of Privacy Compliance,
by e-mail at walter.stone@cms.hhs.gov. data maintained in this system. Enterprise Architecture and Strategy
Dated: February 28, 2007. We are modifying the language in the Group, Office of Information Services,
routine uses to provide a proper CMS, Room N2–04–27, 7500 Security
William Saunders,
explanation as to the need for the Boulevard, Baltimore, Maryland 21244–
Acting Deputy Director, Office of Information routine use and to provide clarity to 1850. Comments received will be
Services, Centers for Medicare & Medicaid available for review at this location, by
CMS’s intention to disclose individual-
sroberts on PROD1PC70 with NOTICES

Services. appointment, during regular business


specific information contained in this
[FR Doc. E7–4133 Filed 3–7–07; 8:45 am] hours, Monday through Friday from 9
system. The routine uses will then be
BILLING CODE 4120–03–P prioritized and reordered according to a.m.–3 p.m., Eastern Time zone.
their usage. We will also take the FOR FURTHER INFORMATION CONTACT:
opportunity to update any sections of Mary Case, Technical Advisor, Division

VerDate Aug<31>2005 18:53 Mar 07, 2007 Jkt 211001 PO 00000 Frm 00049 Fmt 4703 Sfmt 4703 E:\FR\FM\08MRN1.SGM 08MRN1
10538 Federal Register / Vol. 72, No. 45 / Thursday, March 8, 2007 / Notices

of Provider Information Planning and information that will be maintained in under this routine use only in situations
Development (DPIPD), Providers the system. Disclosure of information in which CMS may enter into a
Communications Group, Center for from the system will be approved only contractual or similar agreement with a
Medicare Management, CMS, Mail Stop to the extent necessary to accomplish third party to assist in accomplishing
C4–13–07, 7500 Security Boulevard, the purpose of the disclosure and only CMS functions relating to purposes for
Baltimore, Maryland 21244–1850. She after CMS: this system.
can be reached by telephone at 410– 1. Determines that the use or CMS occasionally contracts out
786–0021 or e-mail disclosure is consistent with the reason certain of its functions when this would
mary.case@cms.hhs.gov. that the data is being collected; e.g., to contribute to effective and efficient
collect and maintain information on operations. CMS must be able to give a
SUPPLEMENTARY INFORMATION:
health care providers, and other contractor, consultants, or grantees
I. Description of the Modified System of individuals ordering provider whatever information is necessary for
Records educational materials who voluntarily the contractor to fulfill its duties. In
register for computer/Web-based these situations, safeguards are provided
A. Statutory and Regulatory Basis for
training courses, satellite broadcasts and in the contract prohibiting the
SOR
train-the-trainer sessions. contractor, consultants, or grantees from
Authority for this collection is given 2. Determines that: using or disclosing the information for
under the provisions of Title IV of the a. The purpose for which the any purpose other than that described in
Benefits Improvement Protection Act of disclosure is to be made can only be the contract and to return or destroy all
2000 (Public Law (Pub. L.) 106–554, accomplished if the record is provided information at the completion of the
Appendix F), Title IV of the Balanced in individually identifiable form; contract.
Budget Act of 1997 (Pub. L. 105–33), b. The purpose for which the 2. To the Department of Justice (DOJ),
and §§ 1816(a) and 1842(a)(3) of the disclosure is to be made is of sufficient court or adjudicatory body when
Social Security Act. importance to warrant the effect and/or a. The Agency or any component
risk on the privacy of the individual that thereof; or
B. Collection and Maintenance of Data b. Any employee of the Agency in his
in the System additional exposure of the record might
bring; and or her official capacity; or
This system will collect and maintain c. There is a strong probability that c. Any employee of the Agency in his
individually identifiable information the proposed use of the data would in or her individual capacity where the
and other data collected on health care fact accomplish the stated purpose(s). DOJ has agreed to represent the
providers, and other individuals 3. Requires the information recipient employee; or
ordering provider educational materials to: d. The United States Government;
who voluntarily register for computer/ a. Establish administrative, technical, is a party to litigation or has an interest
Web-based training courses, satellite and physical safeguards to prevent in such litigation, and by careful review,
broadcasts and train-the-trainer unauthorized use of disclosure of the CMS determines that the records are
sessions. Information collected will record; both relevant and necessary to the
include, but is not limited to, the health b. Remove or destroy, at the earliest litigation and that the use of such
care provider’s first and last name, time, all patient-identifiable records by the DOJ, court or
mailing address, provider type, facility information; and adjudicatory body is compatible with
type, telephone number, fax number c. Agree to not use or disclose the the purpose for which the agency
and e-mail address. If CMS becomes an information for any purpose other than collected the records.
accredited provider of continuing the stated purpose under which the Whenever CMS is involved in
education credits, this system may also information was disclosed. litigation, or occasionally when another
contain social security number, provider 4. Determines that the data are valid party is involved in litigation and CMS’s
identification number (UPIN/NPI), or and reliable. policies or operations could be affected
tax identification number. by the outcome of the litigation, CMS
III. Modified Routine Use Disclosures of
would be able to disclose information to
II. Agency Policies, Procedures, and Data in the System
the DOJ, court or adjudicatory body
Restrictions on the Routine Use A. The Privacy Act allows us to involved. A determination would be
A. The Privacy Act permits us to disclose information without an made in each instance that, under the
disclose information without an individual’s consent if the information circumstances involved, the purposes
individual’s consent if the information is to be used for a purpose that is served by the use of the information in
is to be used for a purpose that is compatible with the purpose(s) for the particular litigation is compatible
compatible with the purpose(s) for which the information was collected. with a purpose for which CMS collects
which the information was collected. Any such compatible use of data is the information.
Any such disclosure of data is known as known as a ‘‘routine use.’’ The proposed
a ‘‘routine use.’’ The Government will routine uses in this system meet the IV. Safeguards
only release REPOS information that compatibility requirement of the Privacy CMS has safeguards in place for
can be associated with an individual as Act. We are proposing to establish the authorized users and monitors such
provided for under ‘‘Section III. following routine use disclosures of users to ensure against unauthorized
Proposed Routine Use Disclosures of information maintained in the system: use. Personnel having access to the
Data in the System.’’ Both identifiable 1. To Agency contractors, consultants, system have been trained in the Privacy
and non-identifiable data may be or CMS grantees who have been Act and information security
disclosed under a routine use. We will contracted by the Agency to assist in requirements. Employees who maintain
sroberts on PROD1PC70 with NOTICES

only collect the minimum personal data accomplishment of a CMS function records in this system are instructed not
necessary to achieve the purpose of relating to the purposes for this system to release data until the intended
REPOS. and who need to have access to the recipient agrees to implement
CMS has the following policies and records in order to assist CMS. We appropriate management, operational
procedures concerning disclosures of contemplate disclosing information and technical safeguards sufficient to

VerDate Aug<31>2005 18:53 Mar 07, 2007 Jkt 211001 PO 00000 Frm 00050 Fmt 4703 Sfmt 4703 E:\FR\FM\08MRN1.SGM 08MRN1
Federal Register / Vol. 72, No. 45 / Thursday, March 8, 2007 / Notices 10539

protect the confidentiality, integrity and Dated: February 7, 2007. (2) to support litigation involving the
availability of the information and Charlene Frizzera, Agency related to this system.
information systems and to prevent Acting Chief Operating Officer, Centers for
ROUTINE USES OF RECORDS MAINTAINED IN THE
unauthorized access. Medicare & Medicaid Services.
SYSTEM, INCLUDING CATEGORIES OR USERS AND
This system will conform to all SYSTEM NO. 09–70–0542 THE PURPOSES OF SUCH USES:
applicable Federal laws and regulations A. The Privacy Act allows us to
SYSTEM NAME:
and Federal, HHS, and CMS policies disclose information without an
and standards as they relate to ‘‘Medicare Learning Network (MLN) individual’s consent if the information
information security and data privacy. Registration and Product Ordering is to be used for a purpose that is
These laws and regulations include but System (REPOS),’’ HHS/CMS/CMM. compatible with the purpose(s) for
are not limited to: the Privacy Act of SECURITY CLASSIFICATION: which the information was collected.
1974; the Federal Information Security Level Three Privacy Act Sensitive Any such compatible use of data is
Management Act of 2002; the Computer Data. known as a ‘‘routine use.’’ The proposed
Fraud and Abuse Act of 1986; the routine uses in this system meet the
SYSTEM LOCATION: compatibility requirement of the Privacy
Health Insurance Portability and
Accountability Act of 1996; the E- The Centers for Medicare & Medicaid Act. We are proposing to establish the
Government Act of 2002, the Clinger- Services (CMS) Data Center, 7500 following routine use disclosures of
Cohen Act of 1996; the Medicare Security Boulevard, North Building, information maintained in the system:
Modernization Act of 2003, and the First Floor, Baltimore, Maryland 21244– 1. To Agency contractors, or
1850 and at various contractor locations. consultants, or grantees who have been
corresponding implementing
contracted by the Agency to assist in
regulations. OMB Circular A–130, CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
accomplishment of a CMS function
Management of Federal Resources,
relating to the purposes for this system
Appendix III, Security of Federal This system will collect and maintain and who need to have access to the
Automated Information Resources also individually identifiable information records in order to assist CMS.
applies. Federal, HHS, and CMS and other data collected on health care 2. To the Department of Justice (DOJ),
policies and standards include but are providers, and other individuals court or adjudicatory body when
not limited to: All pertinent National ordering provider educational materials a. The Agency or any component
Institute of Standards and Technology who voluntarily register for computer/ thereof; or
publications; HHS Information Systems Web-based training courses, satellite b. Any employee of the Agency in his
Program Handbook and the CMS broadcasts and train-the-trainer or her official capacity; or
Information Security Handbook. sessions. c. Any employee of the Agency in his
CATEGORIES OF RECORDS IN THE SYSTEM: or her individual capacity where the
V. Effects of the Modified System of
Information collected will include, DOJ has agreed to represent the
Records on Individual Rights
but is not limited to, the health care employee; or
CMS proposes to establish this system provider’s first and last name, mailing d. The United States Government is a
in accordance with the principles and address, provider type, facility type, party to litigation or has an interest in
requirements of the Privacy Act and will telephone number, fax number and such litigation, and by careful review,
collect, use, and disseminate e-mail address. If CMS becomes an CMS determines that the records are
information only as prescribed therein. accredited provider of continuing both relevant and necessary to the
Data in this system will be subject to the education credits, this system may also litigation and that the use of such
contain social security number, provider records by the DOJ, court or
authorized releases in accordance with
identification number (UPIN/NPI), or adjudicatory body is compatible with
the routine uses identified in this
tax identification number. the purpose for which the agency
system of records.
collected the records.
CMS will take precautionary AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
measures to minimize the risks of Authority for this collection is given POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
unauthorized access to the records and under the provisions of Title IV of the
DISPOSING OF RECORDS IN THE SYSTEM:
the potential harm to individual privacy Benefits Improvement Protection Act of
or other personal or property rights of 2000 (Public Law (Pub. L.) 106–554, STORAGE:
patients whose data are maintained in Appendix F), Title IV of the Balanced All records are stored on electronic
the system. CMS will collect only that Budget Act of 1997 (Pub. L. 105–33), media.
information necessary to perform the and §§ 1816(a) and 1842(a)(3) of the
Social Security Act. RETRIEVABILITY:
system’s functions. In addition, CMS
will make disclosure from the proposed The collected data are retrieved by an
PURPOSE(S) OF THE SYSTEM:
individual identifier; e.g., provider
system only with consent of the subject The primary purpose of the system of name or unique provider identification
individual, or his/her legal records is to collect and maintain number.
representative, or in accordance with an information on health care providers,
applicable exception provision of the and other individuals ordering provider SAFEGUARDS:
Privacy Act. CMS, therefore, does not educational materials who voluntarily CMS has safeguards in place for
anticipate an unfavorable effect on register for computer/web-based authorized users and monitors such
individual privacy as a result of the training courses, satellite broadcasts and users to ensure against unauthorized
sroberts on PROD1PC70 with NOTICES

disclosure of information relating to train-the-trainer sessions. Information in use. Personnel having access to the
individuals. this system will also be used to: (1) system have been trained in the Privacy
support regulatory and policy functions Act and information security
performed within the Agency or by a requirements. Employees who maintain
contractor, consultant, or grantee; and records in this system are instructed not

VerDate Aug<31>2005 18:53 Mar 07, 2007 Jkt 211001 PO 00000 Frm 00051 Fmt 4703 Sfmt 4703 E:\FR\FM\08MRN1.SGM 08MRN1
10540 Federal Register / Vol. 72, No. 45 / Thursday, March 8, 2007 / Notices

to release data until the intended is voluntary, but it may make searching Reduction Act of 1995, this notice seeks
recipient agrees to implement for a record easier and prevent delay). comments concerning the collection of
appropriate management, operational information, which is necessary for
RECORD ACCESS PROCEDURE:
and technical safeguards sufficient to assessment and improvement of the
protect the confidentiality, integrity and For purpose of access, use the same delivery of disaster assistance. The form
availability of the information and procedures outlined in Notification serves as a survey tool used to evaluate
information systems and to prevent Procedures above. Requestors should customer perceptions of effectiveness,
unauthorized access. also reasonably specify the record timeliness and satisfaction with FEMA
This system will conform to all contents being sought. (These Housing Inspection Services.
applicable Federal laws and regulations procedures are in accordance with
and Federal, HHS, and CMS policies Department regulation 45 CFR SUPPLEMENTARY INFORMATION: This
and standards as they relate to 5b.5(a)(2).) collection is in accordance with
information security and data privacy. Executive Order 12862 (September 11,
CONTESTING RECORD PROCEDURES: 1993), that requires all Federal agencies
These laws and regulations may apply
The subject individual should contact to survey customers to determine the
but are not limited to: the Privacy Act
the system manager named above, and kind and quality of services they want
of 1974; the Federal Information
reasonably identify the record and and their level of satisfaction with
Security Management Act of 2002; the
specify the information to be contested. existing services. In addition, the
Computer Fraud and Abuse Act of 1986;
State the corrective action sought and Government Performance and Results
the Health Insurance Portability and
the reasons for the correction with Act (GPRA) requires agencies to set
Accountability Act of 1996; the E-
supporting justification. (These missions and goals and measure
Government Act of 2002, the Clinger-
procedures are in accordance with performance against them. FEMA will
Cohen Act of 1996; the Medicare
Department regulation 45 CFR 5b.7.) fulfill these requirements, in part, by
Modernization Act of 2003, and the
corresponding implementing RECORDS SOURCE CATEGORIES:
collecting customer service information
regulations. OMB Circular A–130, through a survey of the FEMA Recovery
The data collected and maintained in
Management of Federal Resources, Division’s external customers.
this is voluntary submitted and/or is self
Appendix III, Security of Federal reported by the health care provider. Collection of Information
Automated Information Resources also
applies. Federal, HHS, and CMS SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS Title: Federal Emergency Management
OF THE ACT: Agency Housing Inspection Services
policies and standards include but are
not limited to: all pertinent National None. Customer Satisfaction Survey.
Institute of Standards and Technology [FR Doc. E7–4177 Filed 3–7–07; 8:45 am] Type of Information Collection: New.
publications; the HHS Information BILLING CODE 4120–03–P OMB Number: 1660–NW31.
Systems Program Handbook and the Form Numbers: FEMA Form 86–26
CMS Information Security Handbook. (MW), SEP 04.
DEPARTMENT OF HOMELAND
RETENTION AND DISPOSAL: Abstract: FEMA Housing Inspection
SECURITY
CMS will retain information for a total Services contracts inspectors to assess
period not to exceed 8 years. Federal Emergency Management dwelling damage and verify personal
Agency information of applicants for FEMA
SYSTEM MANAGER AND ADDRESS:
disaster assistance in federally declared
Director, Division of Provider Agency Information Collection disasters areas. Because FEMA needs to
Information Planning and Development, Activities: Proposed Collection; evaluate the inspectors’ performance,
Providers Communications Group, Comment Request FEMA conducts surveys to measure the
Center for Medicare Management, CMS, satisfaction level of the applicants with
Mail Stop C4–10–07, 7500 Security AGENCY: Federal Emergency their inspection experience. FEMA
Boulevard, Baltimore, Maryland 21244– Management Agency, DHS. Inspection Services Managers and Task
1850. ACTION: Notice and request for Monitors generally use the survey
comments. results to gauge and make
NOTIFICATION PROCEDURE:
For purpose of access, the subject SUMMARY: The Federal Emergency
improvements to disaster services that
individual should write to the system Management Agency (FEMA), as part of increase customer satisfaction and
manager who will require the system its continuing effort to reduce program effectiveness. The information
name, employee identification number, paperwork and respondent burden, is shared with Regional staff specific to
tax identification number, national invites the general public and other the federal declaration for which the
provider number, and for verification Federal agencies to take this survey is conducted.
purposes, the subject individual’s name opportunity to comment on a proposed Affected Public: Individuals or
(woman’s maiden name, if applicable), new information collection. In Households.
HICN, and/or SSN (furnishing the SSN accordance with the Paperwork Estimated Total Annual Hour Burden:

ANNUAL HOUR BURDEN


Number of Frequency of Hour burden per Total annual hour
Project/activity Annual responses
respondents responses response (hours) burden (hours)
sroberts on PROD1PC70 with NOTICES

(A) (B) (C) (D) = (A × B) (E) = (C × D)

Survey .................................................... 10,608 1 .25 10,608 2,652

Total ................................................ 10,608 1 .25 10,608 2,652

VerDate Aug<31>2005 18:53 Mar 07, 2007 Jkt 211001 PO 00000 Frm 00052 Fmt 4703 Sfmt 4703 E:\FR\FM\08MRN1.SGM 08MRN1