. "Moreover, CMS already has a well-defined process in place to ensure protection of various types of information, including limited data sets, identifiable data, and claims data in general, and this includes adherence to specific information technology requirements, as well as HIPAA and FISMA. As we have noted, our goal in expanding the access is, in part, to ensure appropriate oversight and managem" . . .