AHRQ Privacy Act System of Records Notice - Medical Expenditure Panel Survey (MEPS)
SYSTEM NUMBER: 09-35-0002
Medical Expenditure Panel Survey (MEPS) and National Medical Expenditure Survey 2 (NMES 2), HHS/AHRQ/CFACT
Agency for Healthcare Research and Quality (AHRQ), Center for Financing, Access, and Cost Trends, 540 Gaither Road, Rockville, MD, 20850
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
(1) Individuals and members of households selected by probability sampling techniques to be representative of the civilian non-institutionalized population of the United States; health care providers, staff responding on behalf of health insurers and the employers of members of sampled households; (2) residents and next-of-kin of such residents of nursing and personal care homes, selected by probability sampling techniques to be representative of residents of such homes, and facilities and the staff responding on behalf of such facilities.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records containing information on: (1) The incidence of illness and accidental injuries, prevalence of diseases and impairments, the extent of disability, the use, expenditures and sources of payment for health care services, and other characteristics of individuals obtained in household interviews (demographic and socioeconomic characteristics such as age, marital status, education, occupation and family income) and the names, telephone numbers and addresses of the responding staffs of health care providers, health insurers, and employers; (2) the utilization of long-term care, nursing home care, care in personal care homes through data on residents (demographic and social characteristics, health status and charges and sources of payment for care); through data facility characteristics (general characteristics, certification, services offered and corresponding expenses), and through data on next-of-kin or representative of residents (demographic and social characteristics, health status, and expenditures for health care of residents); and (3) Medicare claims records of members of sampled households and of sampled residents of nursing and personal care homes.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Section 913 and 306 of the Public Health Service (PHS) Act (42 U.S.C. 299b-2 and 242k(b)). Sections 924(c) and 308(d) of the PHS Act (42 U.S.C. 299c-3(c) and 242m(d)) provide authority for protecting restrictions on identifiable information about individuals.
The data are used in aggregated form for statistical and health services research purposes respecting analysis and evaluation of health care costs, and the accessibility, planning, organization, distribution, technology, utilization, quality, and financing of health services and systems.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
The Department has contracted with private firms for the purpose of collecting, analyzing, aggregating, or otherwise refining records in this system. Relevant records are collected by and/or disclosed to such contractors. The contractors are required to maintain Privacy Act safeguards with respect to such records.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
File folders, magnetic tapes, CD-ROM and secure network servers.
Information can be retrieved by respondent name and address. However, this information is not stored in routinely used analytic files.
AHRQ and its contractors implement personnel, physical, and procedural safeguards as follows:
- Authorized Users: Access is limited to persons authorized and needing to use the records, including project directors, contract officers, interviewers, health care researchers and analysts, statisticians, statistical clerks and data entry staff on the staffs of AHRQ and the MEPS contractors.
- Physical safeguards: The hard-copy records are stored in locked safes, locked files, and locked offices when not in use. Computer terminals used to process identifiable data are located in secured areas and are accessible only to authorized users. Automated back-up files are stored in locked, fire proof safes.
- Procedural safeguards: All employees of AHRQ and contractor personnel with access to AHRQ records are required, as a condition of employment, to sign an affidavit, acknowledging AHRQ's confidentiality statute and penalty provision and binding themselves to nondisclosure of individually identifiable information. Periodic training sessions are conducted to reinforce the statutorily-based confidentiality restrictions. Actual identifiers are maintained in separate files linked only if there is a specific need as authorized by the System Manager. Data stored in computers both at AHRQ and the contractor sites are accessed through the use of passwords/keywords unique to each user and changed at least every 45 days. An automated audit trail will be maintained. Contractors who maintain records in this system are instructed to make no further disclosure of the records other than those requested by AHRQ/CFACT. Privacy Act requirements and the restrictions of 42 U.S.C. 242m(d) are specifically included in contracts for survey, research and data processing activities related to this system. The Department of Health and Human Services (HHS) project directors, contract officers and project officers oversee compliance with these confidentially and security requirements.
- These safeguards are in accordance with chapter 45-13, "Safeguarding Records Contained in Systems of Records," of the HHS General Administration Manual, supplementary chapter PHS hf. 45-13; Part 6, "ADP Systems Security," of the HHS ADP Systems Manual, and the National Bureau of Standards Federal Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
RETENTION AND DISPOSAL:
Hard-copy records will be burned or shredded following verification that such data were correctly entered into a machine readable format.
SYSTEM MANAGER(S) AND ADDRESS:
Director, Division of Survey Operations, CFACT/AHRQ, 540 Gaither Road, Rockville, MD. 20850
To determine if a record exists, write to the System Manager, giving your full name and address.
RECORD ACCESS PROCEDURES:
The system is exempt from the requirements of the Privacy Act; however, a subject individual may be granted access to his/her records at the System's Manager's discretion. Positive identification is required from anyone seeking such access.
CONTESTING RECORD PROCEDURES:
If access has been granted and some information is being contested, contact the System Manager and reasonably identify the record, specify the contested information, and state the corrective action sought, with supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.
RECORD SOURCE CATEGORIES:
Respondents in the survey samples including: members of households, physicians, hospitals, health insurers, employers, staff of nursing and personal care homes, the next-of-kin of residents of such homes and facilities, and Systems 09-70-0005, Medicare Bill File (Statistics), HHS/HCFA/BDMS.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
With respect to this system of records, exemption has been granted from the requirements contained in subsections 552a(c) (3), (d) (1) through (4) and (e) (4) (G) and (H), in accordance with the provisions of subsection 552a(k) (4) of the Privacy Act of 1974.