DEPARTMENT OF HEALTH AND HUMAN SERVICES
CENTERS FOR MEDICARE & MEDICAID SERVICES
MEDICARE SUPPLIER ENROLLMENT APPLICATION PRIVACY ACT STATEMENT
The Authority for maintenance of the system is given under provisions of sections 1102(a) (Title 42 U.S.C. 1302(a)), 1128 (42 U.S.C. 1320a–7), 1814(a)) (42 U.S.C. 1395f (a)(1), 1815(a) (42 U.S.C. 1395g(a)), 1833(e) (42 U.S.C. 1395I(3)),1871 (42 U.S.C. 1395hh), and 1886(d)(5)(F), (42 U.S.C. 1395ww(d)(5)(F) of the Social Security Act; 1842(r) (42 U.S.C.1395u(r)); section 1124(a)(1) (42 U.S.C. 1320a–3(a)(1), and 1124A (42 U.S.C. 1320a–3a), section 4313, as amended, of the BBA of 1997; and section 31001(i) (31 U.S.C. 7701) of the DCIA (Pub. L. 04–134), as amended.
The information collected here will be entered into the Provider Enrollment, Chain and Ownership System (PECOS).
PECOS will collect information provided by an applicant related to identity, qualifications, practice locations, ownership, billing agency information, reassignment of benefits, electronic funds transfer, the NPI and related organizations. PECOS will also maintain information on business owners, chain home offices and provider/chain associations, managing/ directing employees, partners, authorized and delegated officials, supervising physicians of the supplier, ambulance vehicle information, and/or interpreting physicians and related technicians. This system of records will contain the names, social security numbers (SSN), date of birth (DOB), and employer identification numbers (EIN) and NPI’s for each disclosing entity, owners with 5 percent or more ownership or control interest, as well as managing/directing employees. Managing/directing employees include general manager, business managers, administrators, directors, and other individuals who exercise operational or managerial control over the provider/ supplier. The system will also contain Medicare identification numbers (i.e., CCN, PTAN and the NPI), demographic data, professional data, past and present history as well as information regarding any adverse legal actions such as exclusions, sanctions, and felonious behavior.
The Privacy Act permits CMS to disclose information without an individual’s consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such disclosure of data is known as a “routine use.” The CMS will only release PECOS information that can be associated with an individual as provided for under Section III “Proposed Routine Use Disclosures of Data in the System.” Both identifiable and non-identifiable data may be disclosed under a routine use. CMS will only collect the minimum personal data necessary to achieve the purpose of PECOS. Below is an abbreviated summary of the six routine uses. To view the routine uses in their entirety go to: https://www.cms.gov/Research-Statistics-Data- and-Systems/Computer-Data-and-Systems/Privacy/Downloads/0532-PECOS.pdf.
1.To support CMS contractors, consultants, or grantees, who have been engaged by CMS to assist in the performance of a service related to this collection and who need to have access to the records in order to perform the activity.
2.To assist another Federal or state agency, agency of a state government or its fiscal agent to:
a.Contribute to the accuracy of CMS’s proper payment of Medicare benefits,
b.Enable such agency to administer a Federal health benefits program that implements a health benefits program funded in whole or in part with federal funds, and/or
c.Evaluate and monitor the quality of home health care and contribute to the accuracy of health insurance operations.
3.To assist an individual or organization for research, evaluation or epidemiological projects related to the prevention of disease or disability, or the restoration or maintenance of health, and for payment related projects.
4.To support the Department of Justice (DOJ), court or adjudicatory body when:
a.The agency or any component thereof, or
b.Any employee of the agency in his or her official capacity, or
c.Any employee of the agency in his or her individual capacity where the DOJ has agreed to represent the employee, or
d.The United States Government, is a party to litigation and that the use of such records by the DOJ, court or adjudicatory body is compatible with the purpose for which CMS collected the records.
5.To assist a CMS contractor that assists in the administration of a CMS administered health benefits program, or to combat fraud, waste, or abuse in such program.
6.To assist another Federal agency to investigate potential fraud, waste, or abuse in, a health benefits program funded in whole or in part by Federal funds.
The applicant should be aware that the Computer Matching and Privacy Protection Act of 1988 (P.L. 100-
503)amended the Privacy Act, 5 U.S.C. section 552a, to permit the government to verify information through computer matching.