In accordance with the Privacy Act of 1974, the Office of Personnel Management (OPM) proposes to modify and republish in full a system of records previously titled "OPM/Central-...
Healthcare and Insurance, Office of Personnel Management.
ACTION:
Notice of a modified system of records.
SUMMARY:
In accordance with the Privacy Act of 1974, the Office of Personnel Management (OPM) proposes to modify and republish in full a system of records previously titled “OPM/Central-15, Health Claims Data Warehouse Records” which will be renamed “OPM/Central-15, Health Benefits Claims and Cost Records.” The modification is necessary to include Postal Service Health Benefits Program records in the system, to provide notice of additional data fields collected to support the Federal Employees Health Benefits (FEHB) Program, as well as to provide notice of additional routine uses to the system. The system of records contains health benefits service use and cost data about enrollees and their family members, who are or have been covered under the FEHB Program. As in previous notices for this system of records, the term “service use and cost data” includes, but is not limited to, medical claims data, pharmacy claims data, encounter data, and provider data. The system of records also includes Medicare service use and cost data about FEHB- covered individuals who are enrolled in Medicare. This notice clarifies that references in the system of records to the “FEHB Program” or “FEHB” include the Postal Service Health Benefits Program (“PSHB Program” or “PSHB”) within the FEHB Program.
DATES:
Please submit comments on or before July 23, 2026. This modified system is effective upon publication in the
Federal Register
, with the exception of the routine uses, which become effective July 23, 2026.
ADDRESSES:
You may submit written comments through the
Federal Rulemaking Portal
(
https://www.regulations.gov). Follow the instructions for submitting comments. All submissions received must include the agency name and docket number for this
Federal Register
document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing at
https://www.regulations.gov
as they are received, without change, including any personal identifiers or contact information.
FOR FURTHER INFORMATION CONTACT:
For general questions, please contact Cameron Stokes, Senior Policy Analyst at
Cameron.Stokes@opm.gov
or 202-936-2847.
SUPPLEMENTARY INFORMATION:
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Office of Personnel Management proposes to modify a system of records that was previously titled “OPM/Central-15, Health Claims Data Warehouse Records.” The system of records is renamed “OPM/Central-15, Health Benefits Claims and Cost Records,” and is a repository for health benefits service use and cost data about Federal Employees Health Benefits (FEHB) Program enrollees and their family members.
Established in 1960 through the Federal Employees Health Benefits Act of 1959, 5 U.S.C. 8901et seq.,
the FEHB Program is the largest employer-based health insurance program in the United States, covering over 8 million individuals. Covered individuals, as defined in 5 CFR 890.101, include employees of the Federal government, annuitants, members of their families, former spouses, and miscellaneous groups, enumerated in 5 U.S.C. 8901; Postal Service employees, Postal Service annuitants, and their family members, pursuant to 39 U.S.C. 1005; tribal employees, pursuant to 25 U.S.C. 1647b; and separated employees and former family members who are eligible for Temporary Continuation of Coverage under 5 U.S.C. 8905a.
Under FEHB law at 5 U.S.C. 8910(a), OPM “shall make a continuing study of the operation and administration of [the FEHB Program], including surveys and reports on health benefits plans available to employees and on the experience of the plans.” Pursuant to this statutory authority and relevant contractual provisions, OPM may direct
( printed page 37440)
carriers and their affiliates to disclose service use and cost data. Accordingly, carriers and their affiliates are listed as a source of records.
Section 101 of the Postal Service Reform Act of 2022 (PSRA), Public Law 117-108, added a new section 8903c to Chapter 89 of title 5, United States Code. The statute directs OPM to establish the Postal Service Health Benefits (PSHB) Program within the FEHB Program. Beginning in 2025, Postal Service employees, Postal Service annuitants, and their eligible family members obtain health benefits coverage through PSHB plans. Accordingly, OPM proposes to modify this system of records notice to indicate that references to the “FEHB Program” or “FEHB” include the “PSHB Program” or “PSHB.”
OPM is a “health oversight agency” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule definition at 45 CFR 164.501. The HIPAA Privacy Rule permits covered entities, including carriers, to disclose protected health information (PHI), including service use and cost data, to health oversight agencies, such as OPM, for “oversight activities authorized by law.” [1]
Therefore, disclosures are permitted to the system without individual authorization because OPM is acting as a health oversight agency conducting activities authorized by law.
The collection, maintenance, analysis, and disclosure of records described in this notice are conducted solely in furtherance of OPM's statutory responsibilities to administer and oversee the FEHB and PSHB Programs and pursuant to its authority as a health oversight agency under 45 CFR 164.501 and 45 CFR 164.512(d)(1), including activities related to program integrity, payment oversight, fraud, waste, and abuse prevention, quality assessment, and evaluation of health benefits program performance. OPM collects and maintains only those data elements reasonably necessary to carry out its authorized oversight, program administration, payment integrity, and fraud prevention functions.
Given OPM's status as a “health oversight agency” under HIPAA, the system of records may also contain service use and cost data about FEHB-covered individuals who are enrolled in Medicare. The Centers for Medicare & Medicaid Services (CMS) or its contractors may provide service use and cost data about FEHB covered individuals who are also enrolled in Medicare. Accordingly, CMS or its contractors are also listed as a source of records.
OPM utilizes service use and cost data from this system of records to evaluate the effectiveness of the FEHB Program by evaluating the cost of care, utilization of services, and quality of care, comparing these across specific population groups, geographic areas, health plans, health care providers, disease conditions, and to conduct statistical analyses of health service use risk and costs for dual FEHB and Medicare enrollees. OPM also utilizes the service use and cost data to detect patterns indicative of fraud, waste, and abuse, including, but not limited to, identifying potential overpayments and improperly disbursed amounts, and may make referrals to OPM's Office of the Inspector General (OIG) or other law enforcement entities when such patterns are detected.
For the “Categories of Records in the System,” as before, the term “service use and cost data” includes, but is not limited to, medical claims data, pharmacy claims data, encounter data, and provider data. Other updates to the “Categories of Records in the System” include changing “gender” to “sex” to conform with the requirements of E.O. 14168; [2]
adding “National Drug Codes” and “J-Codes” as specific types of prescribed drug codes that may be maintained; indicating that “provider charges” may include “. . .any amounts paid by other payers as applicable, including coordination of benefits information and pharmacy rebate information”; and finally, “dates of service” has also been added as a category of records.
In the section “Record Source Categories,” OPM has included the Centers for Medicare & Medicaid Services (CMS) or its contractors to indicate the potential collection and maintenance of records about dual FEHB and Medicare enrollees. Also, OPM is clarifying that OPM's OIG remains a source of information for claims information that it maintains in OPM's Central-18 SORN. OPM's OIG was included as a source of records since the establishment of the Central-15 SORN in 2011. Although the updates to Central-15 in 2013 erroneously removed the reference to OPM OIG from the “Record Source Categories” section of the
Federal Register
notice, the Supplementary Information of the same notice explained that data would also still be collected from OPM OIG. Therefore, the current modifications to Central-15 include a correction of this error. OPM has also added a category to indicate that it may receive information from Federal agencies, including the Department of the Treasury, that provide data for program integrity, eligibility verification, payment integrity, fraud prevention, or related oversight purposes.
Out of an abundance of caution, and in order to address privacy related concerns with OPM's collection and use of health benefits cost and claims data, OPM will take measures to pseudonymize [3]
records in the following manner: The OPM OIG will provide an encrypted copy of the data in its original format that OPM OIG receives from carriers and pharmacy benefit managers, but personally identifiable information (PII) fields for beneficiaries, such as name, SSN, Subscriber ID (this is the same as Member ID for primary insurance holders), and address (except zip code), will be replaced by null values. Date of birth will be reduced to just the year. The only beneficiary-PII field transmitted as-is will be Member ID, which allows records to be distinguished. Upon receipt, OPM technical staff will utilize a salted cryptographic hashing process on Member ID to generate pseudonymous identifiers for use by OPM analysts. Analysts will conduct routine analysis only on this pseudonymized dataset. Access to the actual Member ID will be strictly limited to authorized personnel and only for approved data quality validation purposes, such as validating automated workflows, troubleshooting hash formatting failures, or entity resolution. Similar pseudonymization protections will be utilized with respect to data collected from carriers and any CMS records maintained in the system,
( printed page 37441)
and may be used with respect to information obtained from the Department of Treasury and other Federal agencies, as appropriate.
In sum, Central-15 consists of a restricted-access operational environment that may contain identifiable records for ingestion, validation, linkage, and quality assurance purposes, and a separate analytical environment in which records are pseudonymized for routine analytical use. Pseudonymization is employed as a privacy-enhancing safeguard; however, records remain subject to the Privacy Act because OPM retains the ability to re-identify records for authorized operational purposes. OPM will apply pseudonymization wherever practicable, and routine disclosures ordinarily will be made using pseudonymized records unless identifiable information is reasonably necessary to accomplish an authorized purpose.
The previous routine use that permitted the sharing of de-identified FEHBP data with analysts inside and outside the Federal Government to conduct data analysis has been eliminated as no longer needed. Instead, routine uses (a)-(h) have been added to reflect the basic routine uses that are listed in OPM's Prefatory Statement and most of its other internal, governmentwide, and central systems of records notices. OPM has determined that these routine uses address disclosures that are compatible with the purpose for which the records were collected, and are therefore appropriate to add to this system of records. Upon comprehensive review of this system of records since its establishment, the agency's privacy office determined that it was appropriate to add these routine uses to Central-15 so that there is a consistent approach to disclosures from SORNs within the agency for compelling and necessary uses.
Routine use (i) is a new routine use that permits OPM to share information with a Federal agency or contractor, to enable the administration of a Federal health benefits program, or to fulfill a requirement of a Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds.
Routine use (j) has been added to permit OPM to share information from this system of records when reasonably necessary to its efforts to eliminate fraud, waste, and abuse in the FEHB Program.[4]
As a corollary to routine use (j), routine use (k) has also been added to enable disclosures to another Federal agency or Federal entity when OPM determines that the information is reasonably necessary to its efforts to identify and eliminate fraud, waste, and abuse in programs under its purview. Finally, routine use (l) is a new routine use prescribed by OMB pursuant to Memorandum M-25-32 which implements E.O. 14249,
Protecting America's Bank Account Against Fraud, Waste, and Abuse
(March 25, 2025). Routine use (l) has been added to permit disclosures to the U.S. Department of the Treasury when reasonably necessary to support payment integrity, fraud prevention, and improper payment recovery activities conducted through the Do Not Pay Working System, which are compatible with the purposes for which these records are collected and maintained, including OPM's administration and oversight of the FEHB and PSHB Programs.
This modified system of records replaces the previous OPM/Central-15 SORN that was established to support the Health Claim Data Warehouse. Health benefits service use and cost data records will now be maintained through this modified system of records known as OPM/Central-15, Health Benefits Claims and Cost Records. This modified system of records will be included in OPM's inventory of records systems. In accordance with 5 U.S.C. 552a(r), OPM has provided a report of modifications to this system of records to Congress and to the Office of Management and Budget.
Office of Personnel Management.
Alexys Stanley,
Federal Register Liaison Officer.
SYSTEM NAME AND NUMBER:
Health Benefits Claims and Cost Records, OPM/Central-15.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Healthcare and Insurance, Office of Personnel Management, 1900 E Street NW, Washington, DC 20415.
SYSTEM MANAGER(S):
Associate Director, Healthcare and Insurance, Office of Personnel Management, 1900 E Street NW, Washington, DC 20415.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Generally, OPM has authority for maintenance of the system under 5 U.S.C. 8901et seq.
and more specifically at 5 U.S.C. 8910. OPM also has authority through its role as a health oversight agency under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule at 45 CFR 164.501 and 164.512(d)(1). Finally, the Payment Integrity Information Act of 2019 (PIIA), 31 U.S.C. 3351-3358 provides legal authority for agency overpayment detection, payment recovery, fraud analytics, and Treasury Do Not Pay activities.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of this system of records is to collect health benefits service use and cost data, which allows OPM, in its role as program administrator and a health oversight agency, to carry out its administrative and oversight activities to ensure program integrity and fiscal responsibilities of the FEHB Program. OPM receives and uses health benefits service use and cost data pursuant to its authority as a health oversight agency under 45 CFR 164.501 and 45 CFR 164.512(d)(1), and uses such information solely for authorized oversight, program administration, payment integrity, fraud prevention, and related activities authorized by law. In addition, OPM uses this system of records to evaluate the cost of care; utilization of services across geographic areas, health plans, health care providers, and health conditions. OPM also uses this system of records to conduct statistical analyses of health benefits service use and cost for FEHB enrollees. Information contained in the system of records assists OPM in conducting robust contract negotiations, health plan accountability, performance management, and program evaluation, as well as detecting overpayments, fraud, waste, and abuse. OPM will report or refer evidence of waste, fraud, and abuse to appropriate law enforcement agencies for handling. OPM uses identifiable data to create person-level longitudinal records. Access to Personally Identifiable Information (PII) is restricted to OPM personnel needed to create person-level longitudinal records and to select OPM analysts using the data for the analytical purposes described in this notice.
All references to the “FEHB Program” or “FEHB” in this system of records also encompass the Postal Service Health Benefits Program (“PSHB Program” or “PSHB”) within the FEHB Program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system contains records on enrollees and their family members, who are or have been covered under the FEHB Program. As defined in 5 CFR
( printed page 37442)
890.101, FEHB Program covered individuals include employees of the Federal government, annuitants, members of their families, former spouses, and miscellaneous groups enumerated in 5 U.S.C. 8901; Postal Service employees, Postal Service annuitants, and their family members, pursuant to 39 U.S.C. 1005; tribal employees, pursuant to 25 U.S.C. 1647b; and separated employees and former family members who are eligible for Temporary Continuation of Coverage under 5 U.S.C. 8905a. The system also covers health care providers that are independent contractors.
CATEGORIES OF RECORDS IN THE SYSTEM:
a. Unique member identifier, such as pseudonymized Member ID, or other unique identifier;
b. Health Insurance Claim Number;
c. Year of birth;
d. Sex;
e. Home or mailing zipcode;
f. Name of health care provider;
g. Health care provider address;
h. Health care provider taxpayer identification number (TIN), National Provider Identifier (NPI), or other identifier that a Carrier uses for a provider;
i. Health care benefit coverage, including secondary payer information;
j. Medical coding data related to health procedures and diagnoses, in the form of International Statistical Classification of Diseases and Related Health Problems (ICD), Current Procedural Terminology (CPT), National Drug Codes (NDC), J-codes, and other appropriate codes;
k. Provider charges, amounts paid by the plan, amounts paid by the enrollee and any amounts paid by other payers as applicable, including coordination of benefits information and pharmacy rebate information, for benefits coverage, procedures, diagnoses, and treatments.
l. Dates of service.
m. Information relating to an individual's or provider's sanctions, disciplinary actions, debarments, suspensions, disqualifications, licensure status, death, or other information reasonably necessary to support program or payment integrity, fraud prevention, or eligibility determinations.
RECORD SOURCE CATEGORIES:
OPM obtains information from carriers and their affiliates to manage the FEHB Program as well as from OPM's Office of the Inspector General (OIG), which maintains FEHB Program records in a separate system of records (OPM/Central-18) under its own authorities. OPM obtains records from OPM's OIG pursuant to a data sharing agreement. OPM may also obtain records about dual FEHB and Medicare enrollees from the Centers for Medicare & Medicaid Services or its contractors. OPM may also receive information from Federal agencies, including the Department of the Treasury, that provide data for program integrity, eligibility verification, payment integrity, fraud prevention, or related oversight purposes.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside OPM as a routine use pursuant to 5 U.S.C. 552a(b)(3),[5]
as follows:
a. In an appropriate proceeding before a court, grand jury, or administrative or adjudicative body, when OPM or another agency representing OPM determines that the records are relevant and necessary to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant and necessary to the proceeding.
b. To the Department of Justice when (a) OPM, or any component thereof; (b) any OPM employee in their official capacity; (c) any OPM employee in their individual capacity where the Department of Justice has agreed to represent the employee; or (d) the United States, where OPM determines that litigation is likely to affect OPM or any of its components, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice is deemed by OPM to be relevant and necessary to the litigation.
c. Where a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature—the relevant records may be referred to the appropriate federal, state, local, territorial, tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility for investigating or prosecuting such violation or charged with enforcing or implementing such law.
d. To a member of Congress from the record of an individual in response to an inquiry made on behalf of, and at the request of, the individual to whom the record pertains.
e. To the National Archives and Records Administration (NARA) for records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.
f. To appropriate agencies, entities, and persons when (1) OPM suspects or has confirmed that there has been a breach of the system of records; (2) OPM has determined that as a result of the suspected or confirmed breach, there is a risk of harm to individuals, OPM (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OPM's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
g. To another Federal agency or Federal entity, when OPM determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
h. To OPM contractors when OPM determines that it is necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to OPM employees.
i. To another Federal agency, or its contractor, to enable such agency to administer a Federal health benefits program, or as necessary to enable such agency to fulfill a requirement of a Federal statute or regulation that implements a health benefits program funded in whole or in part with Federal funds.
j. To appropriate agencies, entities, and persons when (1) OPM suspects or has confirmed that fraud, waste, or abuse is occurring with respect to services rendered or payments made in connection with the FEHB Program; and (2) the disclosure made to such agencies, entities, and persons is
( printed page 37443)
relevant and necessary to assist with OPM's efforts to identify or eliminate such occurrences. Disclosures shall be limited to information reasonably necessary to support identification, prevention, investigation, recovery, or remediation activities.
k. To another Federal agency or Federal entity, when (1) OPM determines that the information is relevant and necessary to assist the recipient agency or entity in its efforts to address suspected or confirmed fraud, waste, and abuse occurring in a program under the recipient agency's or entity's purview, provided that any disclosure is limited to the information reasonably necessary to accomplish such purposes.
l. To the U.S. Department of the Treasury when disclosure of the information is relevant to review payment and award eligibility through the Do Not Pay Working System for the purposes of identifying, preventing, or recouping improper payments to an applicant for, or recipient of, Federal funds, including funds disbursed by a state (meaning a state of the United States, the District of Columbia, a territory or possession of the United States, or a federally recognized Indian tribe) in a state administered, federally funded program.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The records in this system of records are stored electronically. If any paper records are received, then they are imaged, stored electronically, and securely shredded. Access to the electronic systems is restricted to authorized users with appropriate security or suitability clearances, and a need to access the information in the performance of their official duties.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved primarily by pseudonymized Member ID. Authorized personnel may retrieve records using Member ID or other identifiers in restricted-access operational environments when necessary for approved linkage, validation, or data quality activities.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained pursuant to NARA Records Schedule Number DAA-0478-2017-0006.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in this system are protected from unauthorized access and misuse through layered administrative, technical, and physical security measures. OPM security measures are in compliance with the Federal Information Security Modernization Act of 2014, associated OMB policies, and applicable standards and guidance from the National Institute of Standards and Technology (NIST). Access to such information is limited to OPM employees, contractors, and other personnel who have an official need for access in order to perform their duties. Records are maintained in an access-controlled area, with direct access permitted to only authorized personnel. Electronic records are accessed only by authorized personnel with accounts on OPM's network. Additionally, direct access to certain information may be restricted depending on a user's role and responsibility within the organization and system. Paper records are safeguarded in accordance with appropriate laws, rules, and policies. Direct identifiers and pseudonymization keys are maintained in segregated, access-restricted environments and are available only to personnel with an authorized operational need.
RECORD ACCESS PROCEDURES:
Individuals seeking notification of and access to their records in this system of records may do so by submitting a request in writing to the Office of Personnel Management, Office of the General Counsel—FOIA, 1900 E Street NW, Washington, DC 20415-7900 or by emailing
foia@opm.gov;
ATTN: Healthcare and Insurance. Individuals must furnish the following information for their records to be located:
1. Full name, including any former name.
2. Year of birth.
4. Name and address of employing agency or retirement system.
5. Reasonable specification of the requested information.
6. The address to which the information should be sent.
7. Signature.
OPM may use information supplied by the requester to identify corresponding pseudonymized records maintained in the system. Individuals requesting access must also comply with OPM's Privacy Act regulations regarding verification of identity and access to records (5 CFR 297). Enrollees who request access to their records will have access only to their own information and not to that of covered family members. Similarly, family members who request access to their records may have access only to their own information and not to that of the enrollee or other covered family members.
CONTESTING RECORD PROCEDURES:
Individuals wishing to request amendment of their records in this system of records may do so by writing to the to the Office of Personnel Management, Office of the General Counsel—FOIA, 1900 E Street NW, Washington, DC 20415-7900 or by emailing
foia@opm.gov;
ATTN: Healthcare and Insurance. Requests for amendment of records should include the words “PRIVACY ACT AMENDMENT REQUEST” in capital letters at the top of the request letter; if emailed, please include those words in the subject line. Individuals must furnish the following information for their records to be located:
1. Full name, including any former name, and address.
2. Year of birth.
4. Name and address of employing agency or retirement system.
5. Precise identification of the information to be amended.
6. Signature.
OPM may use information supplied by the requester to identify corresponding pseudonymized records maintained in the system. Individuals requesting amendment of their records must also comply with OPM's Privacy Act regulations regarding verification of identity and access to records (5 CFR part 297). OPM may refer amendment requests to other entities when those entities are the original source of the record.
1.
Under 45 CFR 164.512(d)(1), disclosures are permitted for “oversight activities authorized by law, including audits; civil, administrative, or criminal investigations; inspections. . .or other activities necessary for appropriate oversight of: (i) The health care system; (ii) Government benefit programs for which health information is relevant to beneficiary eligibility; (iii) Entities subject to government regulatory programs for which health information is necessary for determining compliance with program standards; or (iv) Entities subject to civil rights laws for which health information is necessary for determining compliance.”
2.
President Trump, Executive Order 14168,
Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government,
Section 3(c) (January 20, 2025) (“When administering or enforcing sex-based distinctions, every agency and all Federal employees acting in an official capacity on behalf of their agency shall use the term `sex' and not `gender' in all applicable Federal policies and documents.”).
3.
As defined by the National Institute of Standards and Technology, pseudonymization is a de-identification technique that replaces an identifier (or identifiers) for a data principal with a pseudonym in order to hide the identity of that data principal.
See
NIST Special Publication 800-188 (Sept. 2023).
5.
Any records containing Medicare service use and cost data, where the Centers for Medicare & Medicaid Services (CMS) is the source, will be disclosed only after prior written approval from CMS.
Use this for formal legal and research references to the published document.
91 FR 37439
Web Citation
Suggested Web Citation
Use this when citing the archival web version of the document.
“Privacy Act of 1974; System of Records,” thefederalregister.org (June 23, 2026), https://thefederalregister.org/documents/2026-12596/privacy-act-of-1974-system-of-records.