Privacy Act of 1974; Report of an Altered CMS System of Records Notice

AGENCY:

Centers for Medicare & Medicaid Services (CMS), Department of Health and Human Services (HHS).

ACTION:

Altered System of Records Notice (SORN).

SUMMARY:

In accordance with the requirements of the Privacy Act of 1974 (5 U.S.C. 552a), CMS proposes several alterations to the existing system of records titled, “Health Insurance Exchanges (HIX) Program” (No. 09-70-0560), published at 78 FR 8538 (February 6, 2013) and amended and published at 78 FR 32256 (May 29, 2013). The alterations affect the “Purposes of the System”, “Categories of Individuals Covered by the System”, “Categories of Records in the System”, “Authority for Maintenance of the System”, “System Location”, “Retention and Disposal”, “System Manager and Address”, “Routine Uses of Records Maintained in the System”, and “Record Source Categories” sections of the accompanying System of Records Notice, as more fully explained in the Supplementary Information section.

DATES:

The proposed modifications will be effective immediately, with exception of the new and revised Routine Uses which will be effective 30 days after publication of this notice in the Federal Register unless comments received on or before that date result in revisions to this notice.

ADDRESSES:

The public should send comments to: CMS Privacy Officer, Division of Privacy Policy, Privacy Policy and Compliance Group, Office of E-Health Standards & Services, Office of Enterprise Management, CMS, Room S2-24-25, 7500 Security Boulevard, Baltimore, Maryland 21244-1850. Comments received will be available for review at this location, by appointment, during regular business hours, Monday through Friday from 9:00 a.m.-3:00 p.m., Eastern Time zone.

For Information on Health Insurance Exchanges Contact: Karen Mandelbaum, JD, MHA, Office of Health Insurance Exchanges, Exchange Policy and Operations Group, Center for Consumer Information and Insurance Oversight, 7210 Ambassador Road, Baltimore, MD 21244, Office Phone: (410) 786-1762, Facsimile: (301) 492-4353, Email: karen.mandelbaum@cms.hhs.gov.

SUPPLEMENTARY INFORMATION:

I. Proposed Alterations

By way of background, this system of records was established to be a global system of records to cover all data activities in support of the HIX Program at the Federal level. The Health Insurance Exchanges (HIX) Program is a new way to find health insurance coverage for people who do not currently have coverage or who want to find options for health insurance coverage. The HIX Program includes Federally-facilitated Exchanges (FFEs) operated by CMS, CMS support and services provided to all Exchanges and state agencies administering Medicaid programs, Children's Health Insurance Programs (CHIPs) and Basic Health Programs (BHPs), and CMS administration of advance payments of the premium tax credit and cost-sharing reductions associated with enrollment in QHPs through an Exchange. The system stores personal, financial, employment and demographic information about individuals who participate in or are involved with the HIX Program. The proposed modifications to the system of records and the affected sections of the System of Records Notice are identified and described below.

Use Limitations on Federal Tax Return Information

CMS proposes to amend item No. 1 in the Categories of Records section to clarify that Federal tax return information may be used or disclosed only as authorized by 26 U.S.C. 6103.

Discussion of Reporting

CMS proposes to amend the Purpose of the System section to explicitly mention the oversight and reporting functions required by the Patient Protection and Affordable Care Act (PPACA) (Pub. L. 111-148) as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-152), collectively referred to as the Affordable Care Act.

Individuals Providing Consumer Assistance

CMS proposes to include, in the Purpose and Categories of Records sections, a description of the information resulting from registering, training and/or certifying individuals who will assist consumers, applicants and enrollees in states where an FFE and/or an FF-SHOP will operate. Such individuals include Navigators (as defined by 45 CFR155.210), non-Navigator Assistance Personnel (as allowed for under 45 CFR155.205; also known as In-Person Assisters), Certified application counselors (as defined by 45 CFR155.225), Agents and Brokers, and any other individuals that are required to register with an Exchange prior to assisting qualified individuals, employees and employers to enroll in QHPs through the Exchange. Upon completing the registration form and successfully completing the training and testing program and certification process, CMS will certify these individuals to provide consumers, applicants, and enrollees with outreach, education, and assistance in obtaining access to health care coverage through an FFE or FF-SHOP.

CMS proposes to amend Routine Use No. 2 to clarify that CMS may disclosure information about Navigators, non-Navigator Assistance Personnel, Certified application counselors, and Agents and Brokers to the appropriate state agency or agencies in the state in which they have registered and will provide outreach, education and assistance to consumers, applicants and enrollees through the FFE or FF-SHOP.

Additionally, CMS proposes a new Routine Use, Number 11, specifically related to the information of Agents and Brokers who have completed registration and training. Pursuant to 45 CFR 155.220(b), CMS proposes Routine Use number 11 so that CMS may display on the FFE and FF-SHOP Web sites information regarding these Agents and Brokers who have completed registration and training for the convenience of consumers looking for assistance from an Agent or Broker that is familiar with the Exchange policies and application process.

Identity Proofing

CMS proposes to include a description of the identity proofing process within the Purpose of the System section. Identity proofing refers to a process through which the Exchange, state Medicaid agency, or state CHIP agency obtains a level of assurance through a third party data verification source regarding an individual's identity that is sufficient to allow access to electronic systems that include sensitive state and Federal data. This process will be performed at the time (A) an application for an eligibility determination in the individual market and Small Business Health Options Program (SHOP) is submitted to an Exchange and (B) an Agent or Broker registers with the Federally-facilitated Exchange (FFE) and completes the FFE training and certification processes.

Identity proofing must be completed by several categories of individuals. Each adult application filer (as defined at 45 CFR 155.20) submitting either an on-line application or a telephonic application for an eligibility determination or enrollment in a QHP through an Exchange in the individual market, advance payments of the premium tax credit, cost-sharing reductions, Medicaid and CHIP must complete the identity proofing process. The adult application filer is required to complete identity proofing prior to filing an on-line or telephonic application and prior to the disclosure of any information covered under this system of records back to the application filer. Application filers submitting paper applications regardless of type (including exemptions) will be identity proofed only if they elect to move into an electronic process. In addition, for the FF-SHOP Employer applications, the primary employer contact must complete identity proofing and if a secondary employer contacts is identified on the application, the secondary employer contact may have to complete identity proofing as well. Identity proofing will also be performed on Agents and Brokers when they register with the FFE to become certified to assist consumers, individuals, applicants and enrollees in the individual market Marketplace and SHOP Marketplace in a state in which the Agent or Broker is licensed to sell health insurance.

Clarification of Meanings of Terms

CMS also proposes to clarify the intended meaning of the term “application filer” as it is used in the current version of the SORN. CMS also proposes to add a new Category of Records describing the information maintained about this group of individuals. As used in the existing Category of Records and Routine Use Number 8, this terms was intended to be inclusive of the following: an application filer, as defined by 45 CFR155.20 (which includes authorized representatives); individuals or their authorized representative applying for exemption from the individual shared responsibility payment; a SHOP application filer as defined by 45 CFR155.700; Agents and Brokers; and QHP issuers performing application assistance functions.

To ensure clarity of the meaning of terms used with the SORN, beginning with this version of the SORN, CMS proposes to align the use of terms with the definitions provided within HIX program regulations. Therefore, CMS is proposing changes to the Categories of Records and Routine Use number 8 to itemize all of the populations included within the meaning of the current use of the term application filer. In general, additional small wording adjustments have been made throughout all sections to provide consistent use of terms and more specificity throughout the SORN.

Health Insurance Casework System (HICS)

CMS proposes to update the Purpose of the System, the Authority for Maintenance of the System, and Categories of Records sections and add a new Routine Use to include a description of the consumer complaint tracking system known as the Health Insurance Casework System (HICS). Section 1311(c)(3) of the Affordable Care Act requires HHS to “develop a rating system that would rate qualified health plans offered through an Exchange in each benefits level on the basis of the relative quality and price.” Additionally, Section 1321(c) of the Affordable Care Act authorizes HHS to ensure that states with Exchanges are substantially enforcing the federal standards to be set for the Exchanges. Sections 2723 and 2761 of the Public Health Service Act (PHS Act) authorize HHS to enforce PHS Act provisions that apply to non-Federal governmental plans and to enforce PHS Act provisions that apply to other health insurance coverage in states that HHS has determined are not substantially enforcing those provisions. By collecting consumer complaint information, HICS will help HHS carry out all of the above mentioned functions.

Routine Uses

CMS proposes the following Routine Use modifications.

▪ Routine Use No. 2: Modify to permit CMS to disclose information to an Appeals Entity as defined under 45 CFR 155.500 in the event that an applicant or enrollee exercises his or her appeal right under 45 CFR 155.505. Modify to permit CMS to disclose information about Navigators, non-Navigator Assistance Personnel, Certified application counselors, and Agents and Brokers who have been trained and certified by CMS to provide consumer assistance to the appropriate state agency or agencies for oversight and monitoring of these individuals.

▪ Routine Use No. 4: Modify to remove unnecessary example related to contractors.

▪ Routine Use No. 8: Modify to clarify the meaning intended with the use of term application filer to allow information about applicants and Relevant Individuals to be disclosed to Agents, Brokers, and QHP issuers.

▪ Routine Use No. 9: Modify to expand the disclosure of information to QHP issuers to include the disclosure of (A) applicant/enrollee and Relevant Individual information as necessary for individuals to be enrolled in a QHP, regardless of eligibility for advance payments of the premium tax credit or cost-sharing reductions and (B) consumer information for those that contact CMS to file a complaint or to seek resolution of an issue with the QHP issuer.

CMS proposes adding the following Routine Uses.

▪ Routine Use No. 10: Provide for disclosures of employee information to employers when an employee submitting an application for an eligibility determination has been determined eligible for advance payments of the premium tax credit and cost-sharing reductions, or as needed to verify whether an applicant is enrolled in an eligible employer sponsored plan.

Routine Use No.11: Permit the public disclosure of information to the appropriate state agency, and members of the public, about Agents and Brokers that have registered with, successfully completed CMS training, and are certified by an FFE or FF-SHOP, and to disclose Agent and Broker information to the appropriate state agency to assist states with oversight, monitoring and enforcement activities over agents and brokers and allow states to provide outreach and education resources to consumers about obtaining health care coverage in their states.

Routine Use No. 12: Permit the disclosure of information from the HICS system to other government agencies for the purposes of resolving complaints and assisting states with issuer oversight and monitoring.

Routine Use No. 13: To assist a CMS contractor that is engaged to perform a function or provide administrative, technical or physical support to the FFEs (including FF-SHOPs) or to a grantee of a CMS-administered grant program, when the disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud, waste or abuse in such program.

II. The Privacy Act

The Privacy Act (5 U.S.C. 552a) governs the means by which the United States Government collects, maintains, and uses PII in a system of records. A “system of records” is a group of any records under the control of a Federal agency from which information about individuals is retrieved by name or other personal identifier. The Privacy Act requires each agency to publish in the Federal Register a system of records notice (SORN) identifying and describing each system of records the agency maintains, including the purposes for which the agency uses PII in the system, the routine uses for which the agency discloses such information outside the agency, and how individual record subjects can exercise their rights under the Privacy Act (e.g., to determine if the system contains information about them).

SYSTEM NUMBER:

09-70-0560.

SYSTEM NAME:

Health Insurance Exchanges (HIX) Program, HHS/CMS/CCIIO.

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

CMS Data Center, 7500 Security Boulevard, North Building, First Floor, Baltimore, Maryland 21244-1850, Health Insurance Exchanges Program (HIX) locations, and at various contractor sites.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The system will contain personally identifiable information (PII) about the following categories of individuals who participate in or are involved with the CMS Health Insurance Exchanges (HIX) Program: (1) Any applicant/enrollee who applies and any application filer (an application filer, as defined by 45 CFR155.20 (which includes authorized representatives); individuals or their authorized representative applying for exemption from the individual shared responsibility payment; a SHOP application filer as defined by 45 CFR155.700; Agents and Brokers; and QHP issuers performing application assistance functions) who files an application on behalf of an applicant/enrollee, for an eligibility determination for enrollment in a qualified health plan (QHP) through an Exchange, for one or more insurance affordability programs, for a certificate of exemption from the shared responsibility requirement, or an appeal; (2) Navigators, non-Navigator Assistance Personnel (also known as In-Person Assisters), Certified application counselors, Agents and Brokers, and all other individuals or entities that are required to register with an Exchange prior to assisting qualified individuals, employees and employers to enroll in QHPs through the Exchange; (3) officers, employees and contractors of the Exchange; (4) employees and contractors of CMS (e.g. eligibility support workers, appeals staff, etc.); (5) contact information and business identifying information of representatives, officers, agents, and employees of QHPs seeking certification; (6) persons employed by or contracted with an Exchange organization who provide home or personal contact information; (7) any qualified employer and the qualified employees whose enrollment in a QHP is facilitated through a Small Business Health Options Program (SHOP), including authorized representatives of such individuals; and (8) Individuals, including non-applicant household members/family members, non-applicant tax payers or tax filers, and spouses and parents of applicants, who are listed on the application and whose PII may bear upon a determination of the eligibility of an individual for an insurance affordability program and for certifications of exemption from the individual responsibility requirement. Such individuals will hereafter be referred to as “Relevant Individual(s)”.

CATEGORIES OF RECORDS IN THE SYSTEM:

Information maintained in this system for individual applicant/enrollees includes, but may not be limited to, the applicant's first name, last name, middle initial, mailing address or permanent residential address (if different from the mailing address), date of birth, Social Security Number (if the applicant/enrollee has one), taxpayer status, gender, ethnicity, residency, email address, telephone number, employment status and employer if applicable. The system will also maintain information from the verification process of the information provided by the applicant/enrollee or by the application filer (an application filer, as defined by 45 CFR 155.20 (which includes authorized representatives); individuals or their authorized representative applying for exemption from the individual shared responsibility payment; a SHOP application filer as defined by 45 CFR 155.700; Agents and Brokers; and QHP issuers performing application assistance functions) on behalf of the applicant that will enable a determination about the applicant's or enrollee's eligibility. The system will collect and maintain information that the applicant/enrollee or the application filer (an application filer, as defined by 45 CFR 155.20 (which includes authorized representatives); individuals or their authorized representative applying for exemption from the individual shared responsibility payment; a SHOP application filer as defined by 45 CFR 155.700; Agents and Brokers; and QHP issuers performing application assistance functions) on behalf of the applicant submits, information that is obtained from other federal agencies through the computer matching programs verifying applicant information and information obtained from federal and state sources through the Information Exchange Agreements with IRS and State Medicaid and CHIP agencies and State-based Exchanges pertaining to (1) the applicant or enrollee's citizenship or immigration status, because only individuals who are citizens or nationals of the U.S. or lawfully present are eligible to enroll; (2) enrollment in Federally funded minimum essential health coverage (e.g. Medicare, Medicaid, Federal Employees Health Benefit Program (FEHBP), Veterans Health Administration (Champ VA), Children's Health Insurance Program (CHIP), Department of Defense (TRICARE), Peace Corps); (3) incarceration status; (4) Indian status; (5) enrollment in employer-sponsored coverage; (6) requests for and accompanying documentation to justify receipt of individual responsibility exemptions, including membership in a certain type of recognized religious sect or health care sharing ministry; (7) employer information; (8) status as a veteran; (9) pregnancy status; (10) blindness and/or disability status; (11) smoking status; and (12) household income, including tax return information from the IRS, income information from the Social Security Administration, and financial information from other third party sources. Federal tax return information can only be used or disclosed as authorized by 26 U.S.C. 6103.

Information will also be maintained with respect to the applicant's enrollment in a QHP through the Exchange, the premium amounts and payment history. The system will collect and maintain information pertaining to Relevant Individual(s) that includes the following: First name, last name, middle initial, permanent residential address, date of birth, SSN (if the Relevant Individual has one or is required to provide it as specified in 45 CFR 155.305(f)(6)), taxpayer status, gender, residency, relationship to applicant, employer information, and household income, including tax information from the IRS, income information from the Social Security Administration, and financial information from other third party sources. Additionally, should an applicant file an appeal, information related to the appeal and any associated documentation and decision will be maintained in the system.

With respect to qualified employers and qualified employees utilizing the SHOP, the information maintained in the system includes but may not be limited to the name and address of the employer, number of employees, Employer Identification Number (EIN), and list of qualified employees and their Social Security Numbers.

Information maintained in this system for application filers (an application filer, as defined by 45 CFR 155.20 (which includes authorized representatives); individuals or their authorized representative applying for exemption from the individual shared responsibility payment; a SHOP application filer as defined by 45 CFR 155.700; Agents and Brokers; and QHP issuers performing application assistance functions) may include, but not be limited to, the individual's first name, middle name, last name, address, city, state, zip code, telephone number, organization name, identification number, and association with or relationship to an applicant.

Information maintained in this system for Agents and Brokers includes, but may not be limited to, the Agent or Broker's log-in ID, password, first name, middle name, last name, email address, user type, National Producer Number, occupation type, organization type, job title, manager, primary language, region, time zone, state, zip code, phone number. Information maintained in this system for assisters such as Navigators, non-Navigator Assistance Personnel (including In-Person Assisters), and Certified application counselors, includes, but may not be limited to, the assister individual's or entity's user name (user name/ID), first name, last name, email address, phone number, state, zip code, user type, employer or grantee organization (if applicable).

Information in the Health Insurance Casework System (HICS) includes but is not limited to, complainant's contact information, such as, name, telephone number, email address, state of residence, zip code; demographic information, such as, age, gender, ethnicity, family status, employment status, income level, veteran's status and health insurance status, health insurance background and recent history, and available health insurance options. The PII in HICS will include but not be limited to, the consumers, applicants/enrollees, and/or their authorized representatives that have contacted CMS to file a complaint about a QHP offered through the FFE or the issuer of such a QHP, or to seek resolution of a particular issue with such a QHP or issuer. Therefore, we anticipate that in addition to the PII listed above, to the extent complainants share health information with CMS as part of their complaints, PHI may also be included in HICS. Any HICS data published will be in aggregate form and will not contain any personally identifiable data elements.

Information maintained in this system for (i) officers, employees and contractors of the Exchange; (ii) employees and contractors of CMS; (iii) representatives, officers, agents, and employees of QHPs seeking certification; and (iv) persons employed by or contracted with an Exchange organization will include contact and identifying information (such as first and last name, address, telephone number, email address, employer, or similar information), relationship to the Exchange or CMS (such as status as contractor, employee, etc.), and, as applicable, log-in IDs and passwords.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The HIX program implements health care reform provisions of the Patient Protection and Affordable Care Act (PPACA) (Pub. L. 111-148) as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-152) collectively referred to as the Affordable Care Act. Title 42 U.S.C. 18031, 18041, 18081, 18083, and sections 2723, 2761 of the Public Health Service Act (PHS Act).

PURPOSE(S) OF THE SYSTEM:

Health Insurance Exchanges are established by the Patient Protection and Affordable Care Act of 2010 as amended by the Health Care and Education Reconciliation Act of 2010. They provide competitive marketplaces for individuals and small employers to directly compare available private health insurance options on the basis of price, quality, and other factors. The Exchanges will help enhance competition in the health insurance market, improve choice of affordable health insurance, and give small businesses the same purchasing clout as large businesses.

The purpose of this system is to collect, create, use and disclose PII about individuals who apply for eligibility determinations or appeal eligibility determinations for enrollment in a QHP, including stand-alone dental plans, through an Exchange, for insurance affordability programs, and for certifications of exemption from the individual responsibility requirement. The purpose of this system is also to collect, create, use and disclose PII about Relevant Individual(s) whose PII may bear upon a determination of the eligibility of an individual for an insurance affordability program or for certifications of exemption from the individual responsibility requirement. An additional purpose of the system is to collect, create, use and disclose PII for the identity proofing of application filers as defined in 45 CFR 155.20, primary and secondary employer contacts filing applications to a FF-SHOP, and Agents and Brokers registering with the FFE.

The system will collect, create, use and disclose PII about individuals and entities that register with and are certified by CMS. The CMS-registered and -certified individuals include, but are not limited to, Agents and Brokers, Navigators, non-Navigator Assistance personnel (also known as In-Person Assisters), and Certified application counselors. CMS may display the contact information of Agents and Brokers that register, and successfully complete the CMS training and are certified by CMS, on the FFE and on the FF-SHOP Web sites for the convenience of consumers looking for an agent or broker that is familiar with the FFE policies, the QHPs being offered, the eligibility determination application process and who are active in the FFE market. Because CMS training is optional for Agents and Brokers offering assistance in the FF-SHOP, only the contact information of those Agents and Brokers who have successfully completed CMS developed training and testing, will be made available to the public (e.g. displayed on a CMS Web site).

Another purpose of the system is tracking and compiling consumer complaints about QHPs offered through an FFE or FF-SHOP or issuers that offer such QHPs. This enables the program to ensure that consumers receive timely assistance and to build a QHP rating system based on complaints. An additional purpose of the system is to perform required legal functions related to oversight and reporting for the HIX Program and its components and to provide necessary analysis and reporting capabilities. The PII described within this SORN will be used for these purposes.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM

A. Entities Who May Receive Disclosures Under Routine Uses

These routine uses specify circumstances, in addition to those provided by statute in the Privacy Act of 1974, under which CMS may release information from the HIX SOR without the affirmative consent of the individual to whom such information pertains. Each proposed disclosure of information under these routine uses will be evaluated to ensure that the disclosure is legally permissible, including but not limited to ensuring that the purpose of the disclosure is compatible with the purpose for which the information was collected. We are establishing the following routine use disclosures of information maintained in the system:

1. To support Agency contractors, consultants, or CMS grantees who have been engaged by the Agency to assist in accomplishment of a CMS function relating to the purposes for this collection and who need to have access to the records in order to assist CMS.

2. To disclose information to another Federal agency, agency of a State government, a non-profit entity operating an Exchange for a State, an agency established by State law, or its fiscal agent, or an Appeals Entity as defined by 45 CFR 155.500 to (A) make eligibility determinations for enrollment in a QHP through an Exchange, insurance affordability programs, certifications of exemption from the individual responsibility requirement, and to coordinate and resolve requests for appeals; (B) to carry out the HIX Program; (C) to perform functions of an Exchange described in 45 CFR 155.200, including notices to employers under section 1411(f) of the Affordable Care Act; and (D) permit the disclosure of Navigator, non-Navigator Assistance Personnel, Certified application counselor, and Agent and Broker information who have completed CMS training, testing and certification to provide consumer assistance to the appropriate state agency or agencies to assist states with oversight, monitoring and enforcement activities, because both CMS and states will be responsible for overseeing, monitoring and regulating these individuals.

3. To disclose information about applicants and Relevant Individual(s) in order to obtain information from other Federal agencies and State agencies and third party data sources that provide information to CMS, pursuant to agreements with CMS, for purposes of determining the eligibility of applicants to enroll in QHPs through an Exchange, in insurance affordability programs, or for a certification of exemption from the individual responsibility requirement.

4. To assist a CMS contractor that assists in the administration of a CMS administered health benefits program, or to a grantee of a CMS-administered grant program, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud, waste or abuse in such program or to provide oversight of FFE operations.

5. To assist another Federal agency or an instrumentality of any governmental jurisdiction within or under the control of the United States (including any state or local governmental agency), that administers, or that has the authority to investigate potential fraud, waste or abuse in a health benefits program funded in whole or in part by Federal funds, when disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud, waste or abuse in such programs.

6. To assist appropriate Federal agencies and CMS contractors and consultants that have a need to know the information for the purpose of assisting CMS' efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, provided that the information disclosed is relevant and necessary for that assistance.

7. To assist the U.S. Department of Homeland Security (DHS) cyber security personnel, if captured in an intrusion detection system used by HHS and DHS pursuant to the Einstein 2 program.

8. To provide information about applicants, enrollees, appellants, and Relevant Individual(s) to applicants/enrollees, application filers as defined by 45 CFR 155.20, individuals or their authorized representative applying for exemption from the individual shared responsibility payment; a SHOP application filer as defined by 45 CFR 155.700; appellants, Agents Brokers, and QHP issuers who are authorized or certified by CMS to assist applicants/enrollees, when relevant and necessary to determine eligibility for enrollment in a QHP, insurance affordability programs, or a certification of exemption from the individual responsibility requirement through the FFEs.

9. To provide applicant/enrollee and Relevant Individual information to QHP issuers for purposes of enrollment in a qualified health plan and for the administration of the advance payments of premium tax credit and cost-sharing reductions. To provide information about consumers that contact CMS to file a complaint or to seek resolution of a particular issue (that is, to initiate a “case”) to the issuer of a QHP in an FFE or FF-SHOP, which issuer or which issuer's QHP is the subject of the case.

10. To assist employers identified on applications for eligibility determinations submitted to an Exchange to provide (A) notification to the employer that an employee has been determined eligible for advanced payments of the premium tax credit or cost sharing reductions, (B) notice to the applicant indicating that the Exchange will be contacting any employer identified on the application for the applicant and the members of his or her household, as defined in 26 CFR 1.36B-1(d), to verify whether the applicant is enrolled in an eligible employer-sponsored plan or is eligible for qualifying coverage in an eligible employer-sponsored plan for the benefit year for which coverage is requested, and (C) notice to the employer requesting verification of an employee's eligibility or enrollment in an eligible employer-sponsored plan for the benefit year for which coverage is requested.

11. To permit the public disclosure of information to the appropriate state agency, and members of the public, about Agents and Brokers that have registered with, successfully completed CMS training, and are certified by an FFE or FF-SHOP to provide outreach and education resources to consumers about obtaining health care coverage in their states,.

12. To provide information regarding complaints to other Federal agencies and agencies of a state government for the purpose of resolving complaints and identifying insurer non-compliance with Federal, state, and other applicable law.

13. To assist a CMS contractor that is engaged to perform a function or provide administrative, technical or physical support to the FFEs (including FF-SHOPs) or to a grantee of a CMS-administered grant program, when the disclosure is deemed reasonably necessary by CMS to prevent, deter, discover, detect, investigate, examine, prosecute, sue with respect to, defend against, correct, remedy, or otherwise combat fraud, waste or abuse in such program.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM

STORAGE:

Electronic records will be stored on both tape cartridges (magnetic storage media) and in a relational database management environment (DASD data storage media). Any hard copies of program related records containing PII at CMS and contractor locations will be kept in secure hard-copy file folders locked in secure file cabinets during non-duty hours.

RETRIEVABILITY:

The records will be retrieved electronically by a variety of fields, including but not limited to first name, last name, middle initial, date of birth, or Social Security Number (SSN).

SAFEGUARDS:

Personnel having access to the system have been trained in the Privacy Act and information security requirements. Employees who maintain records in this system are instructed not to release data until the intended recipient agrees to implement appropriate management, operational and technical safeguards sufficient to protect the confidentiality, integrity and availability of the information and information systems and to prevent unauthorized access. Access to records in the HIX Program system will be limited to authorized CMS personnel and contractors through password security, encryption, firewalls, and secured operating system. Any electronic or hard copies of records containing PII at CMS, Exchanges and contractor locations will be kept in secure electronic files or in hard-copy file folders locked in secure file cabinets during non-duty hours.

RETENTION AND DISPOSAL:

These records will be maintained until they become inactive, at which time they will be retired or destroyed in accordance with published records schedules of the Centers for Medicare & Medicaid Services as approved by the National Archives and Records Administration.

SYSTEM MANAGER AND ADDRESS:

Director of Operations, Center for Consumer Information and Insurance Oversight, 7501 Wisconsin Avenue, Bethesda, Maryland 20814.

NOTIFICATION PROCEDURE:

An individual record subject who wishes to know if this system contains records about him or her should write to the system manager who will require the system name, and for verification purposes, the subject individual's name (individual's former name(s) name, if applicable), and SSN (furnishing the SSN is voluntary, but it may make searching for a record easier and prevent delay).

RECORD ACCESS PROCEDURE:

An individual seeking access to records about him or her in this system should use the same procedures outlined in Notification Procedures above. The requestor should also reasonably specify the record contents being sought. (These procedures are in accordance with Department regulation 45 CFR 5b.5(a)(2).)

CONTESTING RECORD PROCEDURES:

To contest a record, the subject individual should contact the system manager named above, and reasonably identify the record and specify the information being contested. The individual should state the corrective action sought and the reasons for the correction with supporting justification. (These procedures are in accordance with Department regulation 45 CFR 5b.7.)

RECORD SOURCE CATEGORIES:

Personally identifiable information in this database is obtained from the application submitted by or on behalf of applicants, enrollees, and appellants seeking eligibility determinations, from qualified employers and other employers who provide employer-sponsored coverage, from CMS and other Federal and state agencies as part of verifications and information retrievals to make eligibility determinations, from Marketplace assisters facilitating the eligibility and enrollment processes, from QHPs, from State-based Exchanges that provide information to perform the statutory functions, from states participating in State Partnership Exchanges pursuant to Conditional Approval Decision letters, and from third party data sources to determine eligibility as described in this notice.

EXEMPTIONS CLAIMED FOR THIS SYSTEM:

None.